Top 13 Most Embarrassing Data Breaches
Identity theft is on the rise each year. In 2011 alone, Sony won the crown for largest number of people affected with a shade over 100 million. In spite of more advanced security measures, it seems data leaks are here to stay.
With that said, take a look at these Top 13 Most Embarrassing Data Breaches. Perhaps you were affected by one or more of these. If so, or if you want to add to the list, just share your thoughts below.
1. Playstation Network and Sony Online Entertainment
In April and May of 2011, the Sony Playstation Network was hacked not once, but twice, resulting in perhaps the largest data breach of all time. Credit card numbers and expiration dates as well as personal information for an estimated 77 million were hijacked. Sony Online Entertainment was estimated to have given up another 24.5 million, making this one the biggest screw-job to consumers during the Digital Age.
2. Heartland Payment Systems
Sony is in good company with the 2009 data heist at Heartland Payment Systems. Heartland coughed up more than 100 million card numbers from approximately 650 financial services companies, dealing a black eye to the equivalent of one-third of the US population and shafting a lot of businesses in the process. The good news is the hacker responsible, Albert Gonzalez, was arrested, convicted and sentenced to 20 yrs in prison in April, 2010.
3. TJ Maxx
While Sony’s misgivings were across two networks and Heartland’s involved 650 of their clients, the retailer TJ Maxx may win the award for most embarrassing data breach. For scaring the bejeezus out of 45 million credit and debit card holders in 2007, TJ Maxx was eventually forced to pay a $40.9 million settlement to Visa to help offset costs related to the breach. Ouch!
4. The Blood Bank Breaches
In 2008, Lifeblood jeopardized the privacy of about 321,000 donors, while just a year prior, Memorial Blood Centers did the same for 268,000 of their donors. While the amount affected is considerably smaller than numbers 1, 2, and 3, on this list, what
makes these two breaches so embarrassing is the fact that it’s hard enough as it is to get blood donors. People don’t like getting stuck with needles, and even the feel good reality of saving someone’s life is often not enough to attract donors. Start losing their personal data and you’ve really got problems.
5. The Gap
The Gap made national headlines in 2007 when they lost the personal information of more than 800,000 job applicants. The breach was traced to two vendor laptop computers that were in turn stolen. It’s hard enough telling someone “Don’t call us, we’ll call you,” but then to add insult to injury by allowing their personal information to fall into the hands of an identity thief, ouch! “Thanks but no thanks” is little deterrent to the threat of litigation nor was the offer of one year of free credit monitoring and fraud resolution assistance.
6. Department of Veterans Affairs
In 2006, approximately 28.6 million veterans, reserves, and active duty military personnel information was stolen, the largest such breach in US Government history. Here you had a branch of government entrusted with protecting those, who protect us, and this was the thanks they received: a very public ball-drop that left close to 30 million wondering whether they would have their identities stolen. What makes it even worse is that whether you’re liberal, moderate or conservative, you likely have a deep respect for the nation’s military men and women. It takes a lot to give these three groups a common enemy. The DVA and the hackers responsible for the breach did just that. Impressive.
In a world of identity theft and cyber-paranoia, it is quite the marketing campaign to post your owner’s social security number on the company website of an ID theft prevention service. Just the thing to give your customers peace of mind-or at least it was until 2007 when the owner became a victim himself. A crafty thief used his information to obtain a $500 personal loan from a check cashing store. D’oh!
Julian Assange, founder of WikiLeaks and noted sex offender, was able to finagle 251,000 diplomatic cables from the United States and release them to the public in November 2010. The embarrassment for US allies was substantial but it was worse for the government as 40 percent of the cables were confidential and 6 percent were secret. So much for national security when a guy that looks like Assange can compromise you.
9. UK Department for Work and Pensions
In 2008, the United Kingdom’s Department for Work and Pensions lobbied for the task of maintaining an ID card database for the citizenry. Very noble, except that Liberal Democrat spokesman Danny Alexander told Politics.co.uk, “The government’s strategy for protecting citizens’ personal information is in shambles. We’ve had mislaid CDs, lost laptops, and now passwords are being circulated with the information they are supposed to protect. Data protection is being undermined…the very idea that this government could be responsible for an ID card database is a joke.” Ringing endorsement from one of your own!
10. Science Applications International Corp
One would think the digital age would demand a more sophisticated type of criminal to wreak havoc on personal information, but according to Reuters, the Science Applications International Corp (SAIC) is still being targeted by a more old-fashioned type of villain in spite of the advanced nature of its business. The data contractor, tasked with protecting personal and medical info for military men and women, had more than 4.6 million of those records stolen in September 2011, when an employee left the back-up tapes in his car.
In 2007, the check service company Certegy had a rogue employee make off with credit card, bank account and personal info for more than 8.5 million people. In addition to living with the black eye of an internal data heist, the St. Petersburg, Florida-based company had to pay out close to $1 million in the state’s investigative costs, according to ABC News.
12. University of Utah Hospitals and Clinics
In 2008 the University of Utah Hospitals and Clinics suffered a massive data breach, which occurred as a result of records being stolen from an employee’s car. Costs levied on the University have totaled $3.4 million with more than 1.5 million patient records being compromised. To add insult to injury, the damage to finances and reputation can be blamed on a group of thieves, who were too stupid to know that the back-up computer tapes they were stealing were not pornos. Apparently, the knuckleheads, prior to being caught, had tried to play the tapes on a VCR.
13. Social Security Administration
Sure, we could say this happened in 2011, but really you could just pick any year. Apparently, the Social Security Administration is not too concerned about your identity, because each year when it releases the Death Master List, they inadvertently throw in the social security numbers and birth dates of about 14,000 people, who are still alive. Furthermore, according to the Seattle Times, they don’t even feel the need to notify you in spite of laws to the contrary. So the next time you get high and mighty about how the system needs to be protected, keep this little nugget of info in mind.