Yahoo Tops the List of Cyber Breaches This Year - But It Had Competition
It’s not a list you want to be on, and certainly not at the top. But this year, Yahoo had the dubious honor of being the company that announced the year's biggest cyber breach—not once, but twice—based on the number of accounts affected.
The breach Yahoo announced Wednesday, in which data from over 1 billion accounts was compromised, actually occurred in August 2013—but last month law enforcement provided Yahoo with evidence that consumer data had been found online, according to a statement the company sent to affected customers The stolen user account information likely included names, email addresses, telephone numbers, dates of birth, as well as encrypted or unencrypted security questions and answers, Yahoo says.
The hack revealed Wednesday is separate from—and bigger than—the 2014 breach that affected at least 500 million accounts, which the company disclosed in September and which at the time was considered the biggest ever. But Yahoo is not the only company that suffered a cyber hack this year. In fact, the Identity Theft Center reports there have been 980 breaches in 2016.
Check out the year's other big cyber hacks—ranked by the number of users affected—to see where your information may have been compromised.
MySpace: In May, an online forum posted roughly 360 million credentials of MySpace users. The information included usernames, passwords and email addresses of people who signed up for the site prior to June 2013. MySpace refused to disclose the total scope of the breach, but confirmed that the information posted appeared to be correct.
LinkedIn: Professional networking site LinkedIn suffered a major breach in 2012 when 6.5 million encrypted passwords were posted on a Russian site. But things got much worse this past May, when 167 million LinkedIn credentials—email and password combinations—were posted for sale on the dark web.
DropBox: In August, tech website Motherboard reported it had obtained details of more than 68 million users of the cloud storage. The information appeared to be from a 2012 hack and contained user email addresses and passwords.
Modern Business Solutions: Never heard of this company? You’re not alone—MBS is a behind-the-scenes operation that provides companies with services like in-house data management. In October, a hacker who goes by @0x2Taylor, reported stealing more than 58 million records—although the breach could have actually been as high as 258 million, according to industry publications. The information gathered included full names, IP addresses, dates of birth, email addresses and vehicle data.
Fish & Wildlife Agencies: A hacker going by “Mr. High” reported accessing the databases of four state fish and wildlife agencies. The breach encompassed over 6.5 million records from registered users in Idaho, Kentucky, Oregon, and Washington. The Washington Department of Fish and Wildlife reported the flaw was in a vendor’s sale system and several states suspended the sale of licenses temporarily.
The Office of Child Support Enforcement: Another of the biggest reported government breaches came in April when a laptop and portable hard drives containing personal information were stolen from the Office of Child Support Enforcement’s offices in Washington. The breach encompassed over 5 million credentials, including Social Security numbers, birth dates, addresses and phone numbers.
Banner Health: Starting in August, the company—which operates 29 hospitals in seven states—notified a total of 3.7 million patients, physicians, customers and others that their information may have compromised. Banner discovered hackers may have accessed debit and credit card information from payment systems linked to food and beverage sales made between June 23 and July 7, 2016, at the company's facilities.
Newkirk Products: The New York-based company—which supplies ID cards for businesses, including several Blue Cross Blue Shield organizations—reported in August that a data breach potentially compromised the personal information of 3.3 million people. The potentially accessed information came from ID cards for 500,000 Albany-based Capital District Physicians' Health Plan, another half a million CDPHP members, and about 70,000 BlueShield members, among others.
21st Century Oncology: Hackers breached a Fort Myers, Fla., cancer center’s systems in March, accessing information of 2.2 million patients across the country. The company said the cyber criminals gained information including patients’ names, Social Security numbers, treatment data and insurance information.
Eddie Bauer: In August, retailer Eddie Bauer reported that the payment systems at its stores were accessed without permission, according to the ID Theft Center. Criminals accessed credit and/or debit card information of almost 2.2 million customers.
Verizon: Hackers accessed 1.5 million records of the telecom giant’s enterprise division clients in March, according to a report from security publication Krebs. The thieves collected basic client contract information, although Verizon said no networks or other data was accessed.
Internal Revenue Service: During the height of tax season, the IRS reported it was hit with a massive data breach compromising more than 700,000 people. Hackers accessed the information by using the agency’s “Get Transcript” program, which allowed users to look up their (or someone else's) history online.
This article was updated December 16 to remove health insurer Centene, which appeared on the Identity Theft Center's list of the year's breaches. Centene notified Money that, after an investigation, an employee admitted that six hard drives previously reported missing were actually “placed in a locked receptacle for secure destruction.”