10 data breaches that stung US consumers in the 2010s
The largest data breaches are always a wake-up call for consumers. They bring data security to the forefront. And in the past decade, there were a number of massive data breaches that exposed the private information of hundreds of millions of people — putting consumers on high alert over the potential for fraud as a result.
“It’s bringing the conversation about our data, the value of our data and of course the risks when that data is compromised — or even abused,” says Eva Velazquez, president and CEO of the Identity Theft Resource Center (ITRC), a non-profit organization.
Malicious cyber activity can seriously hurt the economy too. It’s estimated that cybersecurity threats cost the U.S. economy $57 billion to $109 billion in 2016, according to a February 2018 Council of Economic Advisers report.
Here’s a look at 10 of the biggest data breaches that took place during the 2010s, and why it’s more important than ever to safeguard your personal and financial data.
The Bankrate Daily
2 of 12
Affected: Approximately 106 million individuals, with approximately 100 million in the U.S. and approximately six million in Canada, according to Capital One.
Cost: Between $100 million and $150 million, according to Reuters.
What happened: On July 19, Capital One determined that someone gained unauthorized access to personal information about both its credit card customers and those who applied for its credit cards.
3 of 12
Affected: Earlier in 2019, Marriott believed the number of impacted guests is lower than the 500 million it estimated when first announcing the breach. Information for fewer than 383 million unique guests was involved in the security incident.
Cost: In August 2019, Marriott booked a $126 million charge during that quarter related to the data breach, according to the Wall Street Journal.
Marriott announced the UK Information Commissioner’s Office (ICO) planned to fine it 99,200,396 pounds, according to a July 2019 release.
What happened: An unauthorized party had access to the Starwood network since 2014. This was first discovered on Sept. 8, 2018.
4 of 12
Affected: Approximately 143 million U.S. consumers were impacted in this cybersecurity incident.
Cost: Equifax is making an incremental investment of $1.25 billion from 2018 through 2020 in technology and security. The investment will cover data security.
What happened: During mid-May through July 2017, unauthorized access to certain files occurred. The information accessed included: names, Social Security numbers, dates of birth, addresses and possibly driver’s license numbers in some instances. The credit card numbers of approximately 182,000 U.S. consumers were also accessed.
5 of 12
Affected: Almost 79 million people had their electronic-protected health information compromised. According to the U.S. Department of Health & Human Services, that was the biggest U.S. health data breach ever as of Oct. 15, 2018.
Cost: Anthem paid the Office of Civil Rights (OCR) $16 million in October 2018. The previous largest settlement was the $5.55 million paid to OCR by Advocate Health Care in 2016. This was a record Health Insurance Portability and Accountability Act (HIPAA) settlement and resulted in the largest health data breach in U.S. history.
Anthem also paid a $115 million settlement regarding this breach, according to Reuters.
What happened: In January 2015, health care giant Anthem learned of a cyberattack on its IT systems that occurred over several weeks starting in December 2014. The stolen information may have included personal information, but the company does not believe credit card or banking information was compromised.
6 of 12
Affected: 145 million customer accounts, including personal information.
Cost: Protection Group International estimates the breach will cost the company $200 million.
What happened: A cyber attack occurred between late February and early March 2014, compromising customer names, encrypted passwords, email addresses, physical addresses, phone numbers and dates of birth. No financial information was taken, according to eBay.
7 of 12
Affected: Sensitive financial and personal information of more than 76 million households, according to The Associated Press, and 7 million small businesses.
Cost: Protection Group International estimated that it will cost the banking giant $1 billion.
JP Morgan Chase spent $250 million in 2014 in order to defend against cyberattacks.
What happened: In summer 2014, a cyber attack against Chase compromised usernames, addresses, phone numbers and email addresses. There were no signs that account numbers, passwords, user IDs, dates of birth or Social Security numbers were taken.
8 of 12
Affected: 56 million credit card accounts and 53 million email addresses.
Cost: The data breach cost the company an estimated $80 million before insurance reimbursements, according to Protection Group International.
What happened: In September 2014, Home Depot revealed that hackers had gained access to the company’s computer network using stolen account information from a vendor doing business with the hardware giant.
9 of 12
Affected: 40 million credit and debit card accounts, as well as data on 70-110 million customers, according to The New York Times. There may have been an overlap between members in both of those groups that had their information compromised.
Cost: Through the end of 2014, the data breach cost Target $252 million, according to corporate filings. Target also settled a lawsuit with its customers for $10 million in March 2015, according to The New York Times.
What happened: The breach affected credit and debit card accounts from shoppers during the 2013 holiday season, according to The New York Times. But personal data could have been stolen from more Target shoppers.
10 of 12
Global Payments Inc.
Affected: 1.5 million card accounts.
Cost: The company reported the breach cost to be more than $90 million.
What happened: Global Payments discovered a breach on a “handful” of its servers in North America, with data on credit and debit card information stolen.
11 of 12
Affected: Approximately 360,000 credit card holders.
Cost: $19.4 million (Ponemon Institute estimate)
What happened: Citibank agreed to pay $55,000 to settle with Connecticut after the state’s attorney general’s office alleged that the company had a “known technical vulnerability” in its online banking system.
12 of 12
3 tips if you are impacted by a breach
Realistically, there will almost certainly be more widespread data breaches in the next decade. In its 2018 end-of-year breach report, ITRC found there were a total of 135 financial, credit and bank data breaches recorded during the year.
So it’s important to know how to react to the inevitable next one. Velazquez says these are her top post-breach tips.
1. Make sure you understand what information was compromised: Having your email and your password compromised is different than having your credit card number compromised, Velazquez says.
2. React, but don’t panic about the breach: People get fatigued about data breaches happening so often, Velazquez says.
“They’re going, ‘Well, God, my data information is out there. I’m not going to bother to do anything,’” Velazquez says. “And I always discourage people from that thinking, because I tell them not every thief has every single piece of your data.”
3. Ask for help and use the tools available: There are different resources and tips out there to use if your identity has been stolen.
“Use the tools that are available to you as a consumer or a victim of a data breach because they’re out there,” Velazquez says.
Big data breaches make the headlines. But the size of a breach doesn’t matter, if your information is involved.
“The impact on that individual is exactly the same because the really important things for consumers to understand (is) that it’s about the data,” Velazquez says.