Delivering expert cyber security solutions to small and medium-sized businesses

Learn More

The 5 Most Devastating Data Breaches of All Time

Data breaches can happen anywhere at any time and have the potential to jeopardize the confidential information of millions of people. The sheer scale of these breaches can appear like a death note to any business in our global economy today. These incidents and their effects pertain to both small businesses and large corporations. The following list briefly describes how each of these disastrous breaches unfolded as well as their effect on the public. 

Yahoo breach, 2013: 3 billion accounts compromised 

The largest data breach on record occurred in August 2013, when 3 billion Yahoo accounts were compromised. Nearly every Yahoo account holder had been affected. 

Current information about the breach did not emerge until about three years after the event, and about four months after Verizon acquired many of Yahoo’s Internet assets. This move cost the telecom giant $4.5 billion (about $14 per person in the US).  

After reporting the breach, Yahoo notified the affected accounts and required password changes. Unencrypted answers to security questions were also preemptively invalidated, requiring users to create new ones. 

Along with names and email addresses, passwords were also compromised in the breach, leaving user accounts vulnerable. Additionally, if users relied on the same passwords for other accounts, they were vulnerable to further hacking incidents. After the incident, Yahoo reached a settlement with those affected, eventually agreeing to pay $117.5 million after an earlier amount was rejected. 

Although news of this breach emerged in 2016, it preceded a 2014 data breach by four individuals, including two foreign spies and two hackers. 

Marriott breach: 500 million customers affected 

In November 2018, Marriott International announced that hackers had gained access to data related to 500 million Starwood hotel customers. The data was initially accessed in 2014 and the vulnerability existed until Marriott’s acquisition of Starwood in 2016. However, Marriott was not aware of the breach until 2018. 

Names, contact details, passport numbers, guest numbers, travel information and other data were obtained by the hackers. Payment card numbers and expiration dates were also stolen for more than 100 million affected customers, although it is unclear whether the attackers were able to decrypt the data. 

A Chinese intelligence group was said to be responsible for the hack, making the incident the biggest breach by a nation-state. Marriott’s costs were considered much lower than most would have expected, coming in at just $72 million in the first six months, most of which was covered by insurance. 

FriendFinder breach, 2016: 412 million accounts exposed 

In another of the biggest incidents of all time, the FriendFinder network – home to several adult-oriented websites – was hacked in 2016. In total, more than 412 million accounts were exposed, covering 20 years of historical customer data. 

Usernames, passwords, and email addresses were part of the breach. Additionally, the passwords were only protected using the SHA-1 hashing algorithm, making them incredibly easy to decipher. Some of the email addresses were also linked to non-personal accounts, with thousands ending in .mil or .gov. 

The company updated its code to address the vulnerability, which allowed hackers to access data. Beyond that, it’s not entirely clear what steps the company has taken. Moreover, the cost of the incident is not immediately apparent. 

Myspace Breach, 2013: 360 million accounts compromised 

Another massive breach by any standard, 360 million Myspace accounts were compromised. A Russian hacker was responsible, although specific details about the attacker and the total cost of the incident ​​are not available. 

These were username, email address and password. Although it was limited to an older database created before Myspace bolstered its security, the breach posed a significant risk to anyone using the same email address or username/password combination. 

While the hack originally occurred in 2013, reports of the incident did not emerge until May 2016. Myspace required affected users to create new passwords and implemented automated tools to identify and block suspicious activity. 

Court Ventures Breach, 2012: 200 million records stolen 

Court Ventures, a subsidiary of Experian, sold 200 million sensitive personal records that ended up in the hands of an identity theft operation. News of the data breach emerged in October 2013, although the incident reportedly occurred before Experian’s acquisition of Court Ventures in March 2012. 

Fraudsters gained access to U.S. data Info Search by Court Ventures – by providing sensitive information such as full names, social security numbers, dates of birth and other similar data – by posing as a private investigator. Experian was informed of the sales activity that was taking place at the time of the acquisition by the US Secret Service. 

Once Experian became aware of the problem, it ceased all related data resale activity and worked with law enforcement to apprehend the perpetrator, Hieu Minh Ngo, a Vietnamese national who eventually pleaded guilty to the crime. Since the data involved was not from the original Experian and there was no direct way to identify who was affected, no further action was taken on the affected individuals. 


We hope that these stories give you pause before deciding who to provide access to your data. The best way to stay safe in the Digital Age and better secure your digital footprint, is to always be vigilant in protecting your account credentials and restrict access to your confidential information. If there is a silver lining in these breaches, it’s that we can see the immediate need to look at improvements in how we protect our sensitive data. There is no excuse for why a company may not have any need for privacy or security in today’s Digital Age. It is crucial for all business owners/individuals to take precautious action and fortify the protection surrounding their own sensitive information and their companies’, colleagues’, partners’ and clients’ private data. Start your cybersecurity journey with GoldSky today and schedule a free consultation with one of our security experts.

CONTACT US FOR A FREE CONSULTATIONGetting started in security can be challenging. Let us help ease the burden of security and compliance with our small-mid sized business services and solutions.