10 Data Leaks that have cost Fortune 500 companies a fortune

Data is undoubtedly the most important element in an organization. Securing data, in these trying times, is a tightrope walk not just for data security heads, but for CEOs too. Here is a list of the top 10 data leaks that have cost Fortune 500 companies dearly – and how such tragedies can be averted.

As companies grow, they constantly face problems that pose a great risk to it and in some cases the economy itself. With data breaches and data leakages becoming a norm in today’s world, companies are forced to step up to the plate and face the heat. Studies have found that an average of 10 percent of all Fortune 500 employee email credentials have been leaked via some form of data breach and analysis of public data revealed that 27% of Fortune 500 companies have experienced major data breaches in the past decade.

What these companies fail to understand is the fact that there are no exceptions when it comes to malfunctions and insider threats.

In the following blog, we’ll have a look at 10 data leaks that have cost Fortune 500 companies a fortune in losses, repairs and more.

Marriott Hotels International – 500 Million Users data

In November 2018, the Marriott Hotel group announced that hackers have had access to the reservation systems of many of its hotel chains for the past four years. The breach, so far, has exposed private details of up to 500 million customers while the sensitive nature of records showing the user’s travel data that included when, where and who they traveled with.

Facebook – 147 Million Users (Multiple data breaches)

Just when Facebook was recovering from a series of scandals, including the Cambridge Analytica fiasco and a series of other such debacles, Facebook was hit with its biggest data breach. Over 147 Million users’ data were compromised in this breach.

The issue arose when Facebook’s engineering team discovered that unidentified hackers may have exploited a series of bugs related to a Facebook feature that lets people see what their own profile looks like to someone else. The “View As” feature was mainly designed to allow users to experience firsthand on how their privacy settings look to another person.

The bug firstly prompted Facebook’s video upload tool to mistakenly show up on the “View As” page. The second one caused the uploader to generate an access token i.e.; the feature that keeps you logged in on your devices, finally, when the video uploader did appear in “View As” mode, it triggered an access code for whoever the hacker was searching for. This caused a massive uproar among the users and the company faced severe scrutiny in the following months.

British Airways – 380,000 Users

Between 21st August and the 5th of September last year, one of the foremost airlines in the UK suffered a massive attack on its data, with more than 380,000 of their users’ data being hacked by a Russian group.

Researchers estimate that the hacker group might have made up to $12.2 million from the attack.

Also worth mentioning is the fact that the attack was found to be breaching the General Data Protection Regulation (GDPR) laws, which came into effect last May. The airline company might also face up to $897 million in fines, according to The Daily Telegraph.

Coca Cola – 8000 employees’ data leaked

In a time when the possibility of an insider threat is brushed aside as a dystopian possibility, a disgruntled employee of Coca Cola went ahead and proved how real and damaging it actually is. The soft drink company known all over the world for its refreshing beverages suffered a huge setback in the form of a data breach they might not have expected. Data of over 8000 employees were found to be compromised in this data leakage.

Following the incident, it is believed that the company has secured the services of Kroll to provide ID monitoring to its employees.

Tesla – No Data Available

Tesla. We are pretty sure you’ve heard of this company in one context or another. It is without a doubt one of the fastest emerging companies in recent times. If you’ve been following the company closely in the recent past, chances are that you might have known that the company recently filed a lawsuit against one of its previous employees who was found to have leaked sensitive data to a company that works in the same domain as that of Tesla. This just goes on to prove that insider threat is not one to be taken lightly.

Although, there are still debates on whether it is an act of whistleblowing or corporate espionage, but the fact remains, in information security terms, an insider stole valuable data and put it out in the public forum.

Uber – 20 Million users data breached

In what can be termed as an instance of both user data and officials being taken for a ride, Uber suffered a huge data breach in which the data of around 20 Million users were accessed by hackers. What’s more, is that the ride-hailing company failed to disclose the breach to the concerned officials and it’s investors.

According to the Federal Trade Commission (FTC), around 25.6 million names and email addresses, 22.1 million names and mobile phone numbers, and 607,000 names and driver’s license numbers are estimated to have been compromised. In addition, Uber could also face civil penalties if it fails to notify the FTC of future incidents, and it must submit audits of its data security, the agency said.

Google – 52.5 Million

Now, this might come across as a shock to you, considering that Google knows almost everything there is to know about you via the permissions we’ve granted to the apps in our Android phones and other smart home devices such as the Google Home. But, a minor consolation can be sought from the fact that it wasn’t any of those applications that were a victim, but the most infamous sibling of the group, Google+.

Although the platform has since been disabled, it is known by Google’s own admission that over 52.5 million users might have been affected in the breach.

Yahoo – 3 Billion

Infamously known as the largest data breach in history, the IT giant’s string of unfortunate events does not seem to end, with one of the latest additions to its being the data breach that resulted in one of the Internet’s most notorious cases of data breach.

The leak included individuals’ names, email IDs, Birthdays and Security questions/answers of at least 500 million Yahoo accounts. This just goes to emphasize how no company is too big for a digital breach and no firewall too hard to scale.

In a more recent development, Yahoo has agreed to pay $50 million in damages and provide two years of free credit-monitoring services to 200 million people whose email addresses and other personal information were stolen as part of history’s biggest security breach.

JP Morgan Chase –  83 Million accounts

Undoubtedly one of the biggest intrusions in the banking sector, It was the industry giant, JP Morgan Chase, that fell victim to a data breach. The breach affected the data of over 83 Million accounts. Although there was no leak of any sensitive data such as login details or the social security numbers of an individual, the individuals’ names, addresses, and phone numbers were hacked into, thus raising concerns of potential phishing attacks. As many as four people were indicted for their attack on the corporation.

Ford – No Data Available

The automaker was one of the victims of a series of data breaches targeted on the automotive industry. Other victims include companies like GM, Tesla, and other leading automobile manufacturers.

According to the New York Times, sensitive documents such as digital copies of contracts, invoices, and work plans; detailed factory blueprints; and nondisclosure agreements were leaked in the attack.

This goes to show that there are threats both inside and outside of an organization and that your data might not be as safe as you think. It would be in the company’s best interest to review the safety measures they take to ensure that their data and therefore their business, is in safe hands.

Now, if you are a large company with sensitive business, operations of client data residing in your enterprise resource planning platform, such as SAP, should you be worried about its integrity? SECUDE has interacted with many SAP users, from government entities to large and medium corporations who have voiced concern about data security – especially data that leave the boundaries of their IT landscape.

To know how SECUDE can protect your vital information, be it financial, IP, operations, customer or even about your employees, visit our HALOCORE page

Reference

[1] Report: More Than 1 in 4 of Fortune 500 Companies Hacked in Last Decade

[2] Marriott discloses massive data breach affecting up to 500 million guests

[3] Everything we know about Facebook’s massive security breach

[4] No Smiles for Coca-Cola After Data Breach

[5] Tesla Breach: Malicious Insider Revenge or Whistleblowing?

[6] Uber Data Breach Exposed Personal Information of 20 Million Users

[7] A new Google+ blunder exposed data from 52.5 million users

[8] The Hacked & the Hacker-for-Hire: Lessons from the Yahoo Data Breaches (So Far)

Related Reading

[1] Why CEOs Should Worry About Data Leaks

[2] SAP and Oracle applications are increasingly being targeted by hackers

[3] Bridging Technology Landscapes for Enhanced Data Security: A Microsoft Case Study

[4] How do you secure data against Industrial Espionage?