Major security breaches you should know about
Unfortunately, data breaches are more common than you think. In an attempt to keep consumers informed, WisePiggy has created this list and will continue to update it with helpful information as news breaks on major security breaches that might affect your financial accounts.
One way to stay on top of your finances in the midst of all these breaches is to monitor your credit score and credit report, free of charge, at WisePiggy.com.
U.S. Federal Government
Date announced: June 4, 2015
Affected: 19.7 million current and former federal employees
Estimated cost: Unknown
The U.S. government announced in June 2015 that they suspected Chinese hackers of stealing personal records of over 4 million employees from both the Office of Personnel Management and the Interior Department. As the FBI investigated the attack, they discovered a second cyber-attack which was most likely carried out by the same hackers. This attack targeted sensitive intelligence and military personal, increasing the affected population to nearly 20 million.
Premera Blue Cross
Date announced: March 17, 2015
Affected: 11 million customers
Estimated cost: Unknown
In a data breach that began in May 2014, cybercriminals gained access to medical data, birth dates, Social Security numbers, bank account numbers, and other personal information of 11 million Premera Blue Cross customers. The company’s PR rep says this attack is unrelated to the recent Anthem Blue Cross data breach.
Anthem Blue Cross
Date announced: Feb. 4, 2015
Affected: 80 million accounts
Estimated cost: Unknown
Hackers breached an Anthem database that contained records of past and present customers and employees. The database contains Social Security numbers, names, addresses, and other personal information. The company believes that no medical information or credit card data was exposed during the attack.
JPMorgan Chase
Date announced: Oct. 2, 2014
Affected: 76 million household and 7 million business accounts
Estimated cost: Unknown
Hackers infiltrated JPMorgan Chase’s database, taking contact information such as names and addresses from its customers. However, it appears that account numbers, passwords, and other highly sensitive information were not compromised.
Home Depot
Date announced: Sept. 8, 2014
Affected: 56 million payment cards
Estimated cost: $62 million
In a period from April to September, cybercriminals used custom software to hack into Home Depot’s cash registers systems in the U.S. and Canada.
eBay
Date announced: May 21, 2014
Affected: All 145 million active users were asked to change their passwords, but eBay wasn’t sure how many accounts were actually compromised.
Estimated cost: Unknown
Hackers stole personal information such as names, passwords, and addresses from eBay users by stealing login credentials from a few employees. The breach lasted from late February 2013 to early March 2013.
Target
Date announced: Dec. 19, 2013
Affected: 40 million debit and credit card accounts and personal information from 70 million customers
Estimated cost: $148 million
From late-November to mid-December, data hackers pierced Target’s network, stealing millions of customers’ card information, as well as personal information, such as name and street address.
Adobe
Date announced: Oct. 3, 2013
Affected: 152 million accounts
Estimated cost: $700 million
In 2013, hackers got hold of millions of Adobe user IDs, taking credit and debit card numbers. The company did not publically acknowledge the cyber-attack until two weeks after it was discovered.
Global Payments, Inc.
Date announced: March 30, 2012
Affected: 1.5 million payment cards
Estimated cost: $94 million
In late March 2012, the payment processing company, Global Payments, discovered that hackers had gained access to a portion of their data systems. The company was one of the largest processors of Visa and MasterCard transactions, but days after the breach, Visa dropped Global Payments from its list of approved service providers.
Sony
Date announced: May 3, 2011
Affected: 100 million user accounts and tens of millions of credit cards
Estimated cost: $1.7 billion
In April 2011, Sony experienced multiple data breaches within PlayStation Network, Sony Online Entertainment and Qriosity. The company temporarily shut down these sites while they investigated the cybercriminal(s) who stole credit card data and personal information from millions of users.
National Archives and Record Administrations
Date announced: Oct. 2, 2009
Affected: 76 million veterans
Estimated cost: Unknown
A defective hard drive containing 76 million Social Security numbers was sent to recycling without deleting the unencrypted data. The hard drive was used to request copies of veteran health records and discharge papers. It has never been located.
Heartland Payment Systems
Date announced: Jan. 19, 2009
Affected: 130 million cards
Estimated cost: $2.8 billion
In May 2008, hackers installed spyware in Heartland’s data systems and recorded consumer card data during the purchase process for a period of eight months. At the time, it was the largest data breach of the 21st century.
Bank of New York Mellon
Date announced: March 26, 2008
Affected: 12.5 million consumer records
Estimated cost: $150,000 in a settlement to Connecticut; other costs are unknown
The bank lost a box of computer tapes which contained Social Security numbers, personal information, and potentially, bank account numbers. The box was being sent to storage, along with nine other boxes, but it never arrived to the facility.
TD Ameritrade Holding Corporation
Date announced: Nov. 23, 2007
Affected: 6.3 million customers
Estimated cost: Between $2.5 million and $6.5 million in a settlement for a class action suit
Hackers infiltrated one of Ameritrade’s databases, taking personal information and Social Security numbers from 6.3 million customers. Months prior, the company had received spam-related complaints from its customers yet failed to notify the public of a potential breach.
Fidelity National Information Services (FIS)
Date announced: May 3, 2007
Affected: 8.5 million records
Estimated cost: $13 million
March 2007, an FIS employee stole credit card and account data from customers, and then sent the information to co-conspirators who withdrew $13 million from ATMs all across Europe.
TJX Companies Inc.
Date announced: Jan. 17, 2007
Affected: 94 million credit and debit cards
Estimated cost: $2.5 billion
In late 2006, TJX, the parent company to TJ Maxx and Marshalls, discovered suspicious software on their systems. After further investigation, the company said that the hackers may have accessed their systems as far back as July 2005, stealing data from over 90 million credit cards.
U.S. Department of Veterans Affairs
Date announced: May 22, 2006
Affected: 28.6 million records
Estimated cost: $20 million paid to military personnel (past and present) in a class action suit.
A laptop containing veteran Social Security numbers, names, and other personal information was stolen from a VA employee’s home. Officials believe the robbery was a random act, and that the burglar had no idea what kind of sensitive information existed on the computer.
CardSystems Solutions
Date announced: June 17, 2005
Affected: 40 million card accounts
Estimated cost: Unknown
CardSystems Solutions, a third-party processor of card transactions, experienced a data breach in May 2005, potentially exposing tens of millions of card data. Hackers planted a virus in the company’s database and exported user information. At the time, this was the world’s largest data breach.