- October 25, 2022
If you read last week’s article, we covered the five most devastating data breaches based on the number of people affected. Aside from having to deal with the undeniable reputational damage, such as negative press and the loss of your clientele’s trust, without proper planning and protection, data breaches can end up costing your business an exorbitant amount of money!
In this article we will review five companies that are perfect examples of how expensive these nasty ordeals can get and look at what preemptive measures should be put in place, to prevent your company from experiencing a similar financial/reputational tragedy. You most likely know and/or do business with at least one of the companies listed below.
Epsilon Breach, 2011: $4 billion
In 2011, Epsilon – an email marketing services company – was involved in the costliest data breach to date. Estimates put the total up to $4 billion due to the number of email addresses and companies involved.
The attackers managed to steal customer names and email data from 75 Epsilon clients, including giants like JP Morgan Chase, Best Buy and Target. Email addresses for 2% of affiliate customers were compromised, and while that seems insignificant, the sheer scale of the data available meant millions were ultimately affected.
After learning of the breach, Epsilon posted notices on its website admitting to “trespassing”. When clients were notified of the incident, they contacted their customers to let them know their data may have been stolen.
Equifax Breach, 2017: $2 billion
In September 2017, Equifax announced a data breach that ultimately affected 147 million Americans. It would quickly become one of the largest and most expensive data breaches in history.
The attackers were able to obtain personal information about customers, including names, social security numbers, dates of birth and more. This has put millions of people at risk of identity theft, a situation that has created a significant amount of anger given the expectations most have of credit bureaus and the inability to avoid these institutions managing personal information.
Equifax responded in several ways. Along with credit monitoring services, free credit freezes have become standard, as well as more regular access to credit reports to look for possible fraudulent activity. In 2019, Equifax agreed to a $700 million settlement, though that only scratched the surface of the total cost. By 2020, the total cost had reached nearly $2 billion. It is still possible that the total number will rise.
US Office of Personnel Management Breach, 2015: $500+ million
In 2015, the US Office of Personnel Management (OPM) did not have just one data breach; there were two. In one incident, sensitive data on 21.5 million individuals was stolen when an unauthorized party gained access to investigative records. Along with the 19.7 million who specifically applied for a background check, another 1.8 million non-applicants were affected based on a connection to the applicant, such as a spouse or roommate.
As part of the breach, sensitive personal information, including names, addresses and social security numbers, was compromised. About 5.6 million apps also had fingerprint data. In some cases, the applicant’s credentials were also leaked.
At the beginning of the year, 4.2 million personal records were stolen. They contained personal information, including names, dates of birth, addresses and social security numbers.
Once the breaches were discovered, OPM offered services such as identity theft insurance and credit monitoring to those affected. The full cost of the incidents is unknown, although estimates suggest they range from $500 million to $1 billion.
Veteran’s Affairs Breach, 2006: $500 million
In 2006, a rather unique – but still costly – incident occurred. A Veteran’s Affairs employee took home an external hard drive that contained unencrypted internal data. An external hard drive was stolen during the break-in, an incident that was revealed in May of that year.
The hard drive contained sensitive personal information about approximately 26.5 million veterans and their spouses. Along with names, dates of birth and Social Security numbers, some records also included disability ratings.
While this was technically a data breach, the data itself was probably not the target. Additionally, it’s unclear whether the thief ended up doing anything with the data she obtained.
A $20 million settlement was announced in 2009. However, the total cost estimate in 2006 was much higher, at up to $500 million to prevent or cover losses related to stolen data.
Target Breach, 2013: $300 million
In November 2013, hackers were able to access Target customers’ payment card information using network credentials stolen from HVAC service providers. Approximately 40 million card accounts were exposed, creating an opportunity for hackers to make fraudulent charges.
Eastern European and Russian hackers were allegedly responsible. It was initially difficult to determine because the affected data hit multiple crash sites, many of which may have been compromised systems designed to effectively hide data unknown to the system owner. Two examples were a hacked server in Miami and a second compromised server in Brazil.
Through a multi-state settlement in mid-2017, Target was to pay $18.5 million. However, this is only part of the total cost. The class action resulted in a multi-million-dollar settlement. There were separate settlements with Mastercard and Visa, as well as various banks and credit unions. Combine that with legal fees and other expenses, and the total was around $300 million, according to Target’s financial report.
Knowing how expensive data breaches can be, leads us to one conclusion and that is: vigilance. Awareness and education are key to better understand the importance of proper safeguards and having a contingency plan in place can help companies take steps to prevent costly cyber-attacks from happening. This will not only save your company money but also guard your reputation. GoldSky’s team of cyber security experts are here to help you start the journey to better protecting your data and securing yourself in cyberspace. Begin your journey today!