The Biggest Data Leaks in the Past 15 Years
Years come and go, but one thing that is consistent is data loss.
An unerring trend
Marriott, Facebook, Instagram, First American Financial Corp, Capital One, Zoll Medical, Georgia Tech, Federal Emergency Management Agency (FEMA), and others. What’s common with them all?
Well, they are all in the 2019 data loss Hall of Shame.
An unwavering reality year after year. Heads of business and leaders of business operations continue to put money into business enablers often to detrimental cost of the business’ key asset – data.
In 2019 alone over 4 billion records have been breached – many of which included clients’ information. As per Norton :
3,800: The number of publicly disclosed breaches
4.1 billion: The number of records exposed
Over 54%: Increase in number of reported breaches vs. first six months of 2018
Have you read the story of the National Health Service confirming that systemic data leaks is an often overlooked security issue?
T3n.de gives an even more microscopic view – 75 data records are compromised every second. Around 6.5 million data records are “lost” every day. 
According to their article, AOL, Ebay, Uber and Facebook were the biggest sources of data leaks not just in 2019 or 2018 – but over the past 15 years! The article further elucidates that the United States leads in the number of data leaks. Just in 2017, 86% of global data loss incidents were from the US alone.
Some popular data breach stories of 2019 from the United States
Capital One (Financial Data Breach)
- March 22 and 23, 2019
- Number of records breached: 106 million
- Information exposed: Names, addresses, ZIP codes, phone numbers, email addresses, birthdates, self-reported income, customer credit scores, credit limits, balances, payment history, contact information, social security numbers and linked bank account numbers
Evite (Entertainment Data)
- February 22, 2019
- Number of records breached: 100 million
- Information exposed: Names, email addresses, passwords, and IP addresses of Evite customers
American Medical Collection Agency (Healthcare Data)
- August 1, 2018, to March 30, 2019
- Number of records breached: More than 20 million
- Information exposed: Social Security numbers, dates of birth, payment card data, and credit card information
Georgia Tech (Education Data)
- December 14, 2018, to March 22, 2019
- Number of records breached: 1.3 million
- Information exposed: Names, addresses, Social Security numbers and birth dates
Federal Emergency Management Agency (Government Data)
- Number of records exposed: 2.3 million
- Information exposed: Street addresses, financial institution names, electronic funds transfer numbers, and bank transit numbers of survivors of hurricanes Harvey, Irma, and Maria, and the California wildfires.
To the above list, add Marriott, Equifax, Facebook (again), Instagram, First American Financial Corp, AOL, Yahoo!, Target, eBay, Anthem Inc., LinkedIn, MySpace, Three, Uber, Cathay Pacific, Quora, and Blank Media Games, among others.
How does it all go?
T3n.de states that hackers were the major cause of data leaks – amounting to 42% of data woes. Understandable. However, what should be a cause of major concern to business owners is that a good 25% of data loss was due to employees!
This isn’t surprising.
Do you think so too?
Most CISOs tend to think of DLP technology to monitor communication channels (i.e. ports, protocols, or storage locations) and prevent certain data from leaving the corporate perimeter based on pre-defined rules and/or learned user behavior. DLP is an important tool in your data-protection toolkit, and it has the advantage of providing generic protection without the need for deep integration into third-party applications. However, this advantage is also a disadvantage.
Because DLP is far away from where data is created (applications), it often lacks the context and understanding of the user’s intention in order to make a reliable decision, for example, whether or not a certain file should be quarantined or allowed. This lack of understanding usually results in a negative for the end users who are unable to access the information they need to perform their job duties.
Are you an SAP user?
If you are an SAP user, your most valuable data is inside it. With data leaving the enterprise in enormous volumes and rates, Data Loss Prevention (DLP) for SAP is a key security issue.
How do you secure your precious data on premise or on the cloud? Watch! ‘SAP Security On Premise and in the Cloud with Halocore’
HALOCORE’s DLP technology for SAP helps prevent loss of your most sensitive data, while enabling secure collaboration and sharing. HALOCORE is directly integrated with SAP, preventing certain sensitive data downloads from happening even before they arrive at the user’s chosen medium. HALOCORE monitors data extracted from SAP and blocks downloads that would violate internal data security policy or alternatively, encrypts them. Additionally, all download behavior is logged for further auditing and with HALOCORE’s GRC Extension, appropriate personnel can be alerted of blocked downloads to investigate and take further action.
For more information, visit our HALOCORE page.