Slideshow

Slideshow: 15 worst data breaches

15 Photos Bill Brenner (CSO (US))

  • VeriSign Impact: Undisclosed information stolen. Security experts are unanimous in saying that the most troubling thing about the VeriSign breach, or breaches, in which hackers gained access to privileged systems and information, is the way the company handled it -- poorly. VeriSign never announced the attacks. The incidents did not become public until 2011, through a new SEC-mandated filing. .

  • Fidelity National Information Services Impact: An employee of FIS subsidiary Certegy Check Services stole 3.2 million customer records including credit card, banking and personal information.

  • Sony PlayStation Network Impact: 77 million PlayStation Network accounts hacked; Sony is said to have lost millions while the site was down for a month.

  • AOL Impact: Data on more than 20 million web inquiries, from more than 650,000 users, including shopping and banking data were posted publicly on a web site.

  • RSA Impact: Possibly 40 million employee records stolen. The impact of the cyber attack that stole information on the company's SecurID authentication tokens is still being debated. The company said two separate hacker groups worked in collaboration with a foreign government to launch a series of spear phishing attacks against RSA employees, posing as people the employees trusted, to penetrate the company's network. EMC reported last July that it had spent at least $66 million on remediation.

  • TJX Impact: 94 million credit cards exposed. According to KNOS Project cofounder and chief architect Kevin McAleavey, this was possible because TJX's network wasn't protected by any firewalls. Albert Gonzalez, hacking legend and ringleader of the Heartland breach, was convicted and sentenced to 40 years in prison, while 11 others were arrested.

  • Gawker Media Impact: Compromised e-mail addresses and passwords of about 1.3 million commenters on popular blogs like Lifehacker, Gizmodo, and Jezebel, plus the theft of the source code for Gawker's custom-built content management system.

  • Monster.com Impact: Confidential information of 1.3 million job seekers stolen and used in a phishing scam.

  • Department of Veterans Affairs Impact: An unencrypted national database with names, Social Security numbers, dates of births, and some disability ratings for 26.5 million veterans, active-duty military personnel and spouses was stolen.

  • Google, etc. Impact: Stolen intellectual property. In an act of industrial espionage, the Chinese government launched a massive and unprecedented attack on Google, Yahoo, and dozens of other Silicon Valley companies. The Chinese hackers exploited a weakness in an old version of Internet Explorer to gain access to Google's internal network. .

  • CardSystems Impact: 40 million credit card accounts exposed. CSS, one of the top payment processors for Visa, MasterCard, American Express is ultimately forced into acquisition.

  • Epsilon Impact: Exposed names and e-mails of millions of customers stored in more than 108 retail stores plus several huge financial firms like CitiGroup Inc. and the non-profit educational organization, College Board.

  • ESTsoft Impact: The personal information of 35 million South Koreans was exposed after hackers breached the security of a popular software provide

  • Stuxnet Impact: Meant to attack Iran's nuclear power program, but will also serve as a template for real-world intrusion and service disruption of power grids, water supplies or public transportation systems.

  • Heartland Payment Systems Impact: 134 million credit cards exposed through SQL injection to install spyware on Heartland's data systems.

Show Comments