US Data Corporation Direct Marketing Blog

Top 13 Most Embarrassing Data Breaches6:59 am

By Guest Blogger

Identity theft is on the rise each year. In 2011 alone, Sony won the crown for largest number of people affected with a shade over 100 million. In spite of more advanced security measures, it seems data leaks are here to stay.

With that said, take a look at these Top 13 Most Embarrassing Data Breaches. Perhaps you were affected by one or more of these. If so, or if you want to add to the list, just share your thoughts below.

1. Playstation Network and Sony Online Entertainment

In April and May of 2011, the Sony Playstation Network was hacked not once, but twice, resulting in perhaps the largest data breach of all time. Credit card numbers and expiration dates as well as personal information for an estimated 77 million were hijacked. Sony Online Entertainment was estimated to have given up another 24.5 million, making this one the biggest screw-job to consumers during the Digital Age.


2. Heartland Payment Systems

Sony is in good company with the 2009 data heist at Heartland Payment Systems. Heartland coughed up more than 100 million card numbers from approximately 650 financial services companies, dealing a black eye to the equivalent of one-third of the US population and shafting a lot of businesses in the process. The good news is the hacker responsible, Albert Gonzalez, was arrested, convicted and sentenced to 20 yrs in prison in April, 2010.


3. TJ Maxx

While Sony’s misgivings were across two networks and Heartland’s involved 650 of their clients, the retailer TJ Maxx may win the award for most embarrassing data breach. For scaring the bejeezus out of 45 million credit and debit card holders in 2007, TJ Maxx was eventually forced to pay a $40.9 million settlement to Visa to help offset costs related to the breach. Ouch!


4. The Blood Bank Breaches

In 2008, Lifeblood jeopardized the privacy of about 321,000 donors, while just a year prior, Memorial Blood Centers did the same for 268,000 of their donors. While the amount affected is considerably smaller than numbers 1, 2, and 3, on this list, what
makes these two breaches so embarrassing is the fact that it’s hard enough as it is to get blood donors. People don’t like getting stuck with needles, and even the feel good reality of saving someone’s life is often not enough to attract donors. Start losing their personal data and you’ve really got problems.


5. The Gap

The Gap made national headlines in 2007 when they lost the personal information of more than 800,000 job applicants. The breach was traced to two vendor laptop computers that were in turn stolen. It’s hard enough telling someone “Don’t call us, we’ll call you,” but then to add insult to injury by allowing their personal information to fall into the hands of an identity thief, ouch! “Thanks but no thanks” is little deterrent to the threat of litigation nor was the offer of one year of free credit monitoring and fraud resolution assistance.


6. Department of Veterans Affairs

In 2006, approximately 28.6 million veterans, reserves, and active duty military personnel information was stolen, the largest such breach in US Government history. Here you had a branch of government entrusted with protecting those, who protect us, and this was the thanks they received: a very public ball-drop that left close to 30 million wondering whether they would have their identities stolen. What makes it even worse is that whether you’re liberal, moderate or conservative, you likely have a deep respect for the nation’s military men and women. It takes a lot to give these three groups a common enemy. The DVA and the hackers responsible for the breach did just that. Impressive.


7. Lifelock

In a world of identity theft and cyber-paranoia, it is quite the marketing campaign to post your owner’s social security number on the company website of an ID theft prevention service. Just the thing to give your customers peace of mind-or at least it was until 2007 when the owner became a victim himself. A crafty thief used his information to obtain a $500 personal loan from a check cashing store. D’oh!


8. WikiLeaks

Julian Assange, founder of WikiLeaks and noted sex offender, was able to finagle 251,000 diplomatic cables from the United States and release them to the public in November 2010. The embarrassment for US allies was substantial but it was worse for the government as 40 percent of the cables were confidential and 6 percent were secret. So much for national security when a guy that looks like Assange can compromise you.


9. UK Department for Work and Pensions

In 2008, the United Kingdom’s Department for Work and Pensions lobbied for the task of maintaining an ID card database for the citizenry. Very noble, except that Liberal Democrat spokesman Danny Alexander told, “The government’s strategy for protecting citizens’ personal information is in shambles. We’ve had mislaid CDs, lost laptops, and now passwords are being circulated with the information they are supposed to protect. Data protection is being undermined…the very idea that this government could be responsible for an ID card database is a joke.” Ringing endorsement from one of your own!


10. Science Applications International Corp

One would think the digital age would demand a more sophisticated type of criminal to wreak havoc on personal information, but according to Reuters, the Science Applications International Corp (SAIC) is still being targeted by a more old-fashioned type of villain in spite of the advanced nature of its business. The data contractor, tasked with protecting personal and medical info for military men and women, had more than 4.6 million of those records stolen in September 2011, when an employee left the back-up tapes in his car.


11. Certegy

In 2007, the check service company Certegy had a rogue employee make off with credit card, bank account and personal info for more than 8.5 million people. In addition to living with the black eye of an internal data heist, the St. Petersburg, Florida-based company had to pay out close to $1 million in the state’s investigative costs, according to ABC News.


12. University of Utah Hospitals and Clinics

In 2008 the University of Utah Hospitals and Clinics suffered a massive data breach, which occurred as a result of records being stolen from an employee’s car. Costs levied on the University have totaled $3.4 million with more than 1.5 million patient records being compromised. To add insult to injury, the damage to finances and reputation can be blamed on a group of thieves, who were too stupid to know that the back-up computer tapes they were stealing were not pornos. Apparently, the knuckleheads, prior to being caught, had tried to play the tapes on a VCR.


13. Social Security Administration

Sure, we could say this happened in 2011, but really you could just pick any year. Apparently, the Social Security Administration is not too concerned about your identity, because each year when it releases the Death Master List, they inadvertently throw in the social security numbers and birth dates of about 14,000 people, who are still alive. Furthermore, according to the Seattle Times, they don’t even feel the need to notify you in spite of laws to the contrary. So the next time you get high and mighty about how the system needs to be protected, keep this little nugget of info in mind.




Sign up for our free mailing list to receive our newsletter, special promotions, and more!

Follow Us

Facebook Twitter LinkedIn Google+ RSS Feed

Like Us on Facebook

Learn More About...

Email Marketing

Marketing Strategy

Direct Mail Marketing

Data Cards

Fun Marketing Facts

Mobile Marketing

Social Media

Happy Client Highlight

Work Tips

Recent Posts

5 Tips for Convincing Clients to Try New Marketing Strategies

Is Direct Mail Marketing Still Effective with Millennials?

Email Marketing Relevancy Is More Important Than Ever

5 Black Friday and Cyber Monday Email Marketing Guidelines

Marketing 101: What is Direct Marketing?


April 2017

January 2017

November 2016

October 2016

September 2016

August 2016

July 2016

June 2016

May 2016

April 2016

March 2016

February 2016

January 2016

December 2015

November 2015

October 2015

September 2015

August 2015

July 2015

June 2015

May 2015

April 2015

March 2015

February 2015

January 2015

December 2014

November 2014

October 2014

September 2014

August 2014

July 2014

June 2014

May 2014

April 2014

March 2014

February 2014

January 2014

December 2013

November 2013

October 2013

September 2013

August 2013

July 2013

April 2013

March 2013

February 2013

January 2013

December 2012

November 2012

October 2012

September 2012

August 2012

July 2012

June 2012

May 2012

April 2012

March 2012

February 2012

January 2012

December 2011

November 2011

October 2011

September 2011

August 2011

July 2011

June 2011