Greatest Cyberattacks On U.S. Companies In The Last 10 Years
Are you enjoying this post? Join our Newsletter!
Newsletter Blog EN
- Yahoo – the data leak that occurred at the tech giant is one of the best known in the cybersecurity market. Between 2013 and 2016 a series of cyberattacks allowed Russian cybercriminals to gain access to the personal data of more than 3 billion users. These attacks earned the company a fine of USD 35 million, in addition to a few dozen lawsuits.
- Microsoft – nearly 30,000 US companies (60,000 globally) were affected by one of the largest cyber attacks in US history. In early 2021, criminals exploited four zero-day flaws in Microsoft Exchange email servers to gain unauthorized access to users’ electronic messages. The US government has accused a cyber gang sponsored by the Chinese government of being behind the attack.
- First American Financial Corp. – a series of flaws in the digital protection mechanisms of this large financial institution allowed approximately 885 million sensitive records to be exposed on the internet. These records included bank account numbers and their statements, as well as money transfer receipts with social security numbers and driver’s licenses. While not considered a leak, as no data was compromised, the SEC fined First American nearly $500,000.
- Facebook – this is not the first time that Mark Zuckerberg’s social network has been involved in scandals of leaks and exposure of its users’ data. After the Cambridge Analytica episode, the names, phone numbers, usernames and passwords of 530 million users were exposed through third parties. After this episode, Facebook tightened the criteria for accessing third-party applications to its databases;
- LinkedIn – in April 2021 malicious actors managed to exploit vulnerabilities in APIs to improperly obtain the personal data of more than 93% of the user database of the largest professional social network, which had approximately 750 million users at the time of the attack. Data such as names, phone numbers, location data and associated account details have been stolen, allowing malicious actors to misuse them to carry out phishing or ransomware attacks;
- JP Morgan Chase – In a highly regulated industry, not even one of the largest US banks has been safe from cyber attacks. In September 2014, JP Morgan reported that cyber criminals compromised the accounts of over 76 million individuals and 7 million businesses. Fortunately, only names, emails and phone numbers were leaked, which didn’t save the giant from having to commit to spend USD 250 million annually to properly protect its customer data;
- Home Depot – Using malware, criminals stole more than 56 million payment card records from Home Depot customers during April 2014. By 2020, the retailer had already spent over USD 180 million in damages, including damages to banks and credit card companies, in addition to to those affected.
- MySpace – although it no longer exists as a social network, MySpace attracts thousands of people to its site. In 2016 it was revealed that logins, names and birthdates of over 360 million users were leaked. MySpace was able to invalidate all login data and notify users, as well as having implemented stricter cybersecurity measures.