Data breach

Last updated

A data breach is the intentional or unintentional release of secure or private/confidential information to an untrusted environment. Other terms for this phenomenon include unintentional information disclosure, data leak, information leakage and also data spill. Incidents range from concerted attacks by black hats, or individuals who hack for some kind of personal gain, associated with organized crime, political activist or national governments to careless disposal of used computer equipment or data storage media and unhackable source.

Contents

Definition: "A data breach is a security violation in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so." [1] Data breaches may involve financial information such as credit card & debit card details, bank details, personal health information (PHI), Personally identifiable information (PII), trade secrets of corporations or intellectual property. Most data breaches involve overexposed and vulnerable unstructured data – files, documents, and sensitive information. [2]

Data breaches can be quite costly to organizations with direct costs (remediation, investigation, etc) and indirect costs (reputational damages, providing cyber security to victims of compromised data, etc.)

According to the nonprofit consumer organization Privacy Rights Clearinghouse, a total of 227,052,199 individual records containing sensitive personal information were involved in security breaches in the United States between January 2005 and May 2008, excluding incidents where sensitive data was apparently not actually exposed. [3]

Many jurisdictions have passed data breach notification laws, which requires a company that has been subject to a data breach to inform customers and takes other steps to remediate possible injuries.

Definition

A data breach may include incidents such as theft or loss of digital media such as computer tapes, hard drives, or laptop computers containing such media upon which such information is stored unencrypted, posting such information on the world wide web or on a computer otherwise accessible from the Internet without proper information security precautions, transfer of such information to a system which is not completely open but is not appropriately or formally accredited for security at the approved level, such as unencrypted e-mail, or transfer of such information to the information systems of a possibly hostile agency, such as a competing corporation or a foreign nation, where it may be exposed to more intensive decryption techniques. [4]

ISO/IEC 27040 defines a data breach as: compromise of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to protected data transmitted, stored or otherwise processed. [5]

Trust and privacy

The notion of a trusted environment is somewhat fluid. The departure of a trusted staff member with access to sensitive information can become a data breach if the staff member retains access to the data after termination of the trust relationship. In distributed systems, this can also occur with a breakdown in a web of trust. Data quality is one way of reducing the risk of a data breach, [6] partly because it allows the owner of the data to rate data according to importance and give better protection to more important data.

Most such incidents publicized in the media involve private information on individuals, e.g. social security numbers. Loss of corporate information such as trade secrets, sensitive corporate information, and details of contracts, or of government information is frequently unreported, as there is no compelling reason to do so in the absence of potential damage to private citizens, and the publicity around such an event may be more damaging than the loss of the data itself. [7]

Insider versus external threats

Those working inside an organization are a major cause of data breaches. Estimates of breaches caused by accidental "human factor" errors range from 37% by Ponemon Institute [8] to 14% by the Verizon 2013 Data Breach Investigations Report. [9] The external threat category includes hackers, cybercriminal organizations and state-sponsored actors. Professional associations for IT asset managers [10] work aggressively with IT professionals to educate them on best risk-reduction practices [11] for both internal and external threats to IT assets, software and information. While security prevention may deflect a high percentage of attempts, ultimately a motivated attacker will likely find a way into any given network. One of the top 10 quotes from Cisco CEO John Chambers is, "There are two types of companies: those that have been hacked, and those that don't know they have been hacked." [12] FBI Special Agent for Cyber Special Operations Leo Taddeo warned on Bloomberg television, "The notion that you can protect your perimeter is falling by the wayside & detection is now critical." [13]

Medical data breach

Some celebrities have found themselves to be the victims of inappropriate medical record access breaches, albeit more so on an individual basis, not part of a typically much larger breach. [14] Given the series of medical data breaches and the lack of public trust, some countries have enacted laws requiring safeguards to be put in place to protect the security and confidentiality of medical information as it is shared electronically and to give patients some important rights to monitor their medical records and receive notification for loss and unauthorized acquisition of health information. The United States and the EU have imposed mandatory medical data breach notifications. [15] Reportable breaches of medical information are increasingly common in the United States. [16]

Average cost of data breaches in Germany Data breach average cost germany.svg
Average cost of data breaches in Germany

Consequences

Although such incidents pose the risk of identity theft or other serious consequences, in most cases there is no lasting damage; either the breach in security is remedied before the information is accessed by unscrupulous people, or the thief is only interested in the hardware stolen, not the data it contains. Nevertheless, when such incidents become publicly known, it is customary for the offending party to attempt to mitigate damages by providing to the victim's subscription to a credit reporting agency, for instance, new credit cards, or other instruments. In the case of Target, the 2013 breach cost Target a significant drop in profit, which dove an estimated 40 percent in the 4th quarter of the year. [18] At the end of 2015, Target published a report claiming a total loss of $290 million to data breach related fees. [19]

The Yahoo breach disclosed in 2016 may be one of the most expensive today. It may lower the price of its acquisition by Verizon by $1 billion. [20] Verizon later released their renegotiation to Yahoo agreeing to lower the final price from $4.8 to $4.48 billion. [21] Cybercrime cost energy and utilities companies an average of $12.8 million each year in lost business and damaged equipment according to DNV GL, an international certification body and classification society based in Norway. [22] Data breaches cost healthcare organizations $6.2 billion in the last two years (presumably 2014 and 2015), according to a Ponemon study. [23]

In health care, more than 25 million people have had their health care stolen, resulting in the identity theft of more than 6 million people, and the out-of-pocket cost of victims is close to $56 billion. [24] Privacy Rights Clearinghouse (PRC) has shown records from January 2005 to December 2018 that there has been more than 9000 breaches events. Also, what causes lead to each breach such as, insider attack, payment card fraud, lost or stolen portable device, infected malware and sending an email to the wrong person (DISC). This shows that many common mistake that leads to a data breach is humans who make mistakes allowing hackers to exploit it and perform an attack. [25]

It is notoriously difficult to obtain information on direct and indirect value loss resulting from a data breach. A common approach to assess the impact of data breaches is to study the market reaction to such an incident as proxy for the economic consequences. This is typically conducted through the use of event studies, where a measure of the event's economic impact can be constructed by using the security prices observed over a relatively short period of time. Several studies such studies have been published with varying findings, including works by Kannan, Rees, and Sridhar (2007), [26] Cavusoglu, Mishra, and Raghunathan (2004), [27] Campbell, Gordon, Loeb, and Lei (2003) [28] as well as Schatz and Bashroush (2017). [29]

Since data volume is growing exponentially in the digital era and data leaks happen more frequently than ever before, preventing sensitive information from being leaked to unauthorized parties becomes one of the most pressing security concerns for enterprises. [30] To safeguard data and finances, businesses and companies often have to put in additional costs to take preventive measure on potential data breaches. [31] From 2017 to 2021, the predicted global spending on internet security is to be over $1 trillion. [31]

Major incidents

Notable incidents include:

2005

2006

2007

2008

2009

2010

2011

2012

2013

2014

2015

2016

2017

2018

2019

2020

2021

See also

Related Research Articles

Computer security Protection of computer systems from information disclosure, theft or damage

Computer security, cybersecurity or information technology security is the protection of computer systems and networks from information disclosure, theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.

RSA SecurID, formerly referred to as SecurID, is a mechanism developed by RSA for performing two-factor authentication for a user to a network resource.

SQL injection computer hacking technique

SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution. SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

Equifax Inc. is an American multinational consumer credit reporting agency and is one of the three largest consumer credit reporting agencies, along with Experian and TransUnion. Equifax collects and aggregates information on over 800 million individual consumers and more than 88 million businesses worldwide. In addition to credit and demographic data and services to business, Equifax sells credit monitoring and fraud prevention services directly to consumers.

The 2011 PlayStation Network outage was the result of an "external intrusion" on Sony's PlayStation Network and Qriocity services, in which personal details from approximately 77 million accounts were compromised and prevented users of PlayStation 3 and PlayStation Portable consoles from accessing the service. The attack occurred between April 17 and April 19, 2011, forcing Sony to turn off the PlayStation Network on April 20. On May 4, Sony confirmed that personally identifiable information from each of the 77 million accounts had been exposed. The outage lasted 23 days.

The 2012 LinkedIn hack refers to the computer hacking of LinkedIn on June 5, 2012. Passwords for nearly 6.5 million user accounts were stolen. Yevgeniy Nikulin was convicted of the crime and sentenced to 88 months in prison.

Identity theft involves obtaining somebody else's identifying information and using it for a criminal purpose. Most often that purpose is to commit financial fraud, such as by obtaining loans or credits in the name of the person whose identity has been stolen. Stolen identifying information might also be used for other reasons, such as to obtain identification cards or for purposes of employment by somebody not legally authorized to work in the United States.

The 2014 Russian hacker password theft is an alleged hacking incident resulting in the possible theft of over 1.2 billion internet credentials, including usernames and passwords, with hundreds of millions of corresponding e-mail addresses. The data breach was first reported by the New York Times after being allegedly discovered and reported by Milwaukee-based information security company, Hold Security.

Have I Been Pwned? Consumer security website and email alert system

Have I Been Pwned? is a website that allows Internet users to check whether their personal data has been compromised by data breaches. The service collects and analyzes hundreds of database dumps and pastes containing information about billions of leaked accounts, and allows users to search for their own information by entering their username or email address. Users can also sign up to be notified if their email address appears in future dumps. The site has been widely touted as a valuable resource for Internet users wishing to protect their own security and privacy. Have I Been Pwned? was created by security expert Troy Hunt on 4 December 2013.

Alex Holden is the owner of Hold Security, a computer security firm. As of 2015, the firm employs 16 people.

Credential stuffing is a type of cyberattack in which stolen account credentials, typically consisting of lists of usernames and/or email addresses and the corresponding passwords, are used to gain unauthorized access to user accounts through large-scale automated login requests directed against a web application. Unlike credential cracking, credential stuffing attacks do not attempt to use brute force or guess any passwords – the attacker simply automates the logins for a large number of previously discovered credential pairs using standard web automation tools such as Selenium, cURL, PhantomJS or tools designed specifically for these types of attacks, such as Sentry MBA, SNIPR, STORM, Blackbullet and Openbullet.

The Internet service company Yahoo! was subject to the largest data breach on record. Two major data breaches of user account data to hackers were revealed during the second half of 2016. The first announced breach, reported in September 2016, had occurred sometime in late 2014, and affected over 500 million Yahoo! user accounts. A separate data breach, occurring earlier around August 2013, was reported in December 2016. Initially believed to have affected over 1 billion user accounts, Yahoo! later affirmed in October 2017 that all 3 billion of its user accounts were impacted. Both breaches are considered the largest discovered in the history of the Internet. Specific details of material taken include names, email addresses, telephone numbers, encrypted or unencrypted security questions and answers, dates of birth, and hashed passwords. Further, Yahoo! reported that the late 2014 breach likely used manufactured web cookies to falsify login credentials, allowing hackers to gain access to any account without a password.

The Equifax data breach occurred between May and July 2017 at the American credit bureau Equifax. Private records of 147.9 million Americans, along with 15.2 million British citizens and about 19,000 Canadian citizens were compromised in the breach, making it one of the largest cybercrimes related to identity theft. In a settlement with the United States Federal Trade Commission, Equifax offered affected users settlement funds and free credit monitoring.

The 2018 SingHealth data breach was a data breach incident initiated by unidentified state actors, which happened between 27 June and 4 July 2018. During that period, personal particulars of 1.5 million SingHealth patients and records of outpatient dispensed medicines belonging to 160,000 patients were stolen. Names, National Registration Identity Card (NRIC) numbers, addresses, dates of birth, race, and gender of patients who visited specialist outpatient clinics and polyclinics between 1 May 2015 and 4 July 2018 were maliciously accessed and copied. Information relating to patient diagnosis, test results and doctors' notes were unaffected. Information on Prime Minister Lee Hsien Loong was specifically targeted.

Data breach incidences in India were the second highest globally in 2018, according to a report by digital security firm Gemalto. With over 690 million internet subscribers and growing, India has increasingly seen a rise in data breaches both in the private and public sector. This is a list of some of the biggest data breaches in the country.

ShinyHunters is a criminal black-hat hacker group that is said to have been involved in numerous data breaches. The stolen information is often sold on the dark web.

The 2021 Air India cyberattack was a cyberattack that affected more than 4.5 million customers of Air India airlines.

References

  1. United States Department of Health and Human Services, Administration for Children and Families. Information Memorandum. Retrieved 2015-09-01.
  2. "Panama Papers Leak: The New Normal?". Xconomy. 2016-04-26. Retrieved 2016-08-20.
  3. 1 2 3 4 5 6 7 8 9 10 11 "Chronology of Data Breaches", Privacy Rights Clearinghouse
  4. When we discuss incidents occurring on NSSs, are we using commonly defined terms? , "Frequently Asked Questions on Incidents and Spills", National Archives Information Security Oversight Office
  5. "Information technology — Security techniques — Storage security". www.iso.org. Retrieved 2020-10-24.
  6. The NHS Must Prioritise Quality To Prevent Further Data Breaches
  7. Wickelgren, Abraham (2001). "Damages for Breach of Contract: Should the Government Get Special Treatment?". Journal of Law, Economics & Organization. 17: 121–148. doi:10.1093/jleo/17.1.121.
  8. Risk of Insider Fraud: Second Annual Study. Ponemon.org (2013-02-28). Retrieved 2014-06-10.
  9. Verizon Data Breach Investigations Report | Verizon Enterprise Solutions. VerizonEnterprise.com. Retrieved 2014-06-10.
  10. Welcome to IAITAM Archived 2015-02-16 at the Wayback Machine . Iaitam.org. Retrieved 2014-06-10.
  11. "The IT Checklist to Prevent Data Breach". IT Solutions & Services Philippines - Aim.ph. Archived from the original on 2016-06-16. Retrieved 2016-05-06.
  12. "John Chambers' 10 most memorable quotes as Cisco CEO". Network World. Retrieved 2016-11-10.
  13. "FBI on Bloomberg TV". Archived from the original on 2015-04-20.
  14. Ornstein, Charles (2008-03-15). "Hospital to punish snooping on Spears". Los Angeles Times. Retrieved 2013-07-26.
  15. Kierkegaard, Patrick (2012). "Medical data breaches: Notification delayed is notification denied". Computer Law. 28 (2): 163–183. doi:10.1016/j.clsr.2012.01.003.
  16. McCoy, Thomas H.; Perlis, Roy H. (September 25, 2018). "Temporal Trends and Characteristics of Reportable Health Data Breaches, 2010-2017". JAMA. 320 (12): 1282–1284. doi:10.1001/jama.2018.9222. ISSN   1538-3598. PMC   6233611 . PMID   30264106.
  17. "2010 Annual Study: German Cost of a Data Breach" (PDF). Ponemon Institute. February 2011. Retrieved 2011-10-12.
  18. Harris, Elizabeth A. (27 February 2014). "Data Breach Hurts Profit at Target". The New York Times. Retrieved 11 May 2016.
  19. Manworren, Nathan; Letwat, Joshua; Daily, Olivia (May 2016). "Why you should care about the Target data breach". Business Horizons. 59 (3): 257–266. doi:10.1016/j.bushor.2016.01.002. ISSN   0007-6813.
  20. "Verizon Wants $1 Billion Discount After Yahoo Privacy Concerns". TechCrunch. October 6, 2016.
  21. Trautman, Lawrence J. (2016). "Corporate Directorss and Officerss Cybersecurity Standard of Care: The Yahoo Data Breach". SSRN Working Paper Series. doi:10.2139/ssrn.2883607. ISSN   1556-5068. S2CID   168229059.
  22. "Hydrocarbon Processing". September 29, 2016.
  23. "Data breaches cost healthcare industry $6.2B". Becker's ASC Review. May 12, 2016.
  24. Meisner, Marta (2018-03-24). "Financial Consequences of Cyber Attacks Leading to Data Breaches in Healthcare Sector". Copernican Journal of Finance & Accounting. 6 (3): 63. doi: 10.12775/CJFA.2017.017 . ISSN   2300-3065.
  25. Hammouchi, Hicham; Cherqi, Othmane; Mezzour, Ghita; Ghogho, Mounir; Koutbi, Mohammed El (2019-01-01). "Digging Deeper into Data Breaches: An Exploratory Data Analysis of Hacking Breaches Over Time". Procedia Computer Science. 151: 1004–1009. doi: 10.1016/j.procs.2019.04.141 . ISSN   1877-0509.
  26. Kannan, Karthik; Rees, Jackie; Sridhar, Sanjay (September 2007). "Market Reactions to Information Security Breach Announcements: An Empirical Analysis". International Journal of Electronic Commerce. 12 (1): 69–91. doi:10.2753/jec1086-4415120103. ISSN   1086-4415. S2CID   1267488.
  27. Cavusoglu, Huseyin; Mishra, Birendra; Raghunathan, Srinivasan (2004). "The Effect of Internet Security Breach Announcements on Market Value: Capital Market Reactions for Breached Firms and Internet Security Developers". International Journal of Electronic Commerce. 9 (1): 69–104. doi:10.1080/10864415.2004.11044320. JSTOR   27751132. S2CID   10753015.
  28. Campbell, Katherine; Gordon, Lawrence A.; Loeb, Martin P.; Zhou, Lei (2003-07-01). "The economic cost of publicly announced information security breaches: empirical evidence from the stock market*". Journal of Computer Security. 11 (3): 431–448. doi:10.3233/JCS-2003-11308. ISSN   1875-8924.
  29. Schatz, Daniel; Bashroush, Rabih (2016-03-14). "The impact of repeated data breach events on organisations' market value" (PDF). Information and Computer Security. 24 (1): 73–92. doi:10.1108/ics-03-2014-0020. ISSN   2056-4961.
  30. Cheng, Long; Liu, Fang; Yao, Dangfei (2017). "Enterprise data breach: causes, challenges, prevention, and future directions". WIREs Data Min. Knowl. Discov. 7 (5): e1211. doi: 10.1002/widm.1211 . S2CID   28320918.
  31. 1 2 Ryle PM, Goodman L, Soled JA. Tax consequences of data breaches and identity theft. Journal of Accountancy. October 2020:1-6.
  32. "ChoicePoint to pay $15 million over data breach", NBC News
  33. data Valdez Doubletongued dictionary
  34. AOL's Massive Data Leak Archived 2008-10-13 at the Wayback Machine , Electronic Frontier Foundation
  35. data Valdez , Net Lingo
  36. "Active-duty troop information part of stolen VA data Archived 2010-04-01 at the Wayback Machine ", Network World , June 6, 2006
  37. Manning, Jeff (2010-04-13). "D.A. Davidson fined over computer security after data breach". The Oregonian. Retrieved 2013-07-26.
  38. "T.J. Maxx data theft worse than first reported". NBC News . 2007-03-29. Retrieved 2009-02-16.
  39. "GE Money Backup Tape With 650,000 Records Missing At Iron Mountain". InformationWeek. Retrieved 11 May 2016.
  40. "UK - BNP activists' details published". BBC. 2008-11-18. Retrieved 11 May 2016.
  41. Reckard, E. Scott (August 24, 2010). "Bank of America settles Countrywide data theft suits". Los Angeles Times.
  42. "Countrywide Sued For Data Breach, Class Action Suit Seeks $20 Million in Damages", Bank Info Security , April 9, 2010
  43. "Countrywide Sold Private Info, Class Claims", Courthouse News, April 5, 2010
  44. "The Convergence of Data, Identity, and Regulatory Risks", Making Business a Little Less Risky Blog
  45. Heartland Payment Systems Uncovers Malicious Software In Its Processing System Archived 2009-01-27 at the Wayback Machine
  46. Lessons from the Data Breach at Heartland, MSNBC, July 7, 2009
  47. Greenberg, Andy (9 June 2011). "Citibank Reveals One Percent Of Credit Card Accounts Exposed In Hacker Intrusion". Forbes. Retrieved 2014-09-05.
  48. Honan, Mat (2012-11-15). "Kill the Password: Why a String of Characters Can't Protect Us Anymore". Wired . Retrieved 2013-01-17.
  49. Honan, Mat (August 6, 2012). "How Apple and Amazon Security Flaws Led to My Epic Hacking". Wired . Retrieved 26 Jan 2013.
  50. "Protecting the Individual from Data Breach". The National Law Review. Raymond Law Group. 2014-01-14. Retrieved 2013-01-17.
  51. "Public Incident Response Report" (PDF). State of South Carolina. 2012-11-12. Archived from the original (PDF) on 2014-08-23. Retrieved 2014-10-10.
  52. "South Carolina: The mother of all data breaches". The Post and Courier. 2012-11-03. Retrieved 2014-10-10.
  53. Goodin, Dan. (2013-11-01) How an epic blunder by Adobe could strengthen hand of password crackers. Ars Technica. Retrieved 2014-06-10.
  54. "Target Confirms Unauthorized Access to Payment Card Data in U.S. Stores". Target Corporation. 19 December 2013. Retrieved 19 January 2016.
  55. "Apple Media Advisory: Update to Celebrity Photo Investigation". Business Wire . StreetInsider.com. September 2, 2014. Retrieved 2014-09-05.
  56. Melvin Backman (18 September 2014). "Home Depot: 56 million cards exposed in breach". CNNMoney.
  57. "Staples: Breach may have affected 1.16 million customers' cards". Fortune. December 19, 2014. Retrieved 2014-12-21.
  58. James Cook (December 16, 2014). "Sony Hackers Have Over 100 Terabytes Of Documents. Only Released 200 Gigabytes So Far". Business Insider . Retrieved December 18, 2014.
  59. "TalkTalk Hacked…Again". Check&Secure. 2015-10-23. Archived from the original on 2015-12-23. Retrieved 2015-10-23.
  60. "Online Cheating Site AshleyMadison Hacked". krebsonsecurity.com. 2015-07-15. Retrieved 2015-07-20.
  61. "Data breach at health insurer Anthem could impact millions". 15 February 2015.
  62. "Hacks of OPM databases compromised 22.1 million people, federal authorities say". The Washington Post. July 9, 2015.
  63. "British teenager who 'cyber-terrorised' US intelligence officials gets two years detention Archived 2018-04-22 at the Wayback Machine ". The Independent. April 21, 2018.
  64. "Hackers publish contact info of 20,000 FBI employees Archived 2018-04-22 at the Wayback Machine ". CNN. February 8, 2016.
  65. UK teen Kane Gamble gets two years for hacking CIA ex-chief John Brennan Archived April 22, 2018, at the Wayback Machine ". Deutsche Welle. April 20, 2018.
  66. "5 IT Security Lessons from the Comelec Data Breach". IT Solutions & Services Philippines - Aim.ph. Retrieved 2016-05-06.
  67. The massive Panama Papers data leak explained. Computerworld. April 5, 2016.
  68. Freytas-tamura, Kimiko De (2016-10-30). "Iceland's Prime Minister Resigns, After Pirate Party Makes Strong Gains". The New York Times. ISSN   0362-4331 . Retrieved 2016-11-10.
  69. "Watch: Will Panama scandal go away after the reshuffle?". Times of Malta. Retrieved 2016-11-10.
  70. "EU Must Bear Down on Money Laundering, Regulators Say - Law360".
  71. "U.S. Readies Bank Rule on Shell Companies Amid 'Panama Papers' Fury". NBC News. Retrieved 2016-11-10.
  72. "Can secrets stay secret anymore?". CIO Dive. Retrieved 2016-11-10.
  73. Shane, Scott; Mazzetti, Mark; Rosenberg, Matthew (7 March 2017). "WikiLeaks Releases Trove of Alleged C.I.A. Hacking Documents". The New York Times .
  74. Greenberg, Andy (2017-03-07). "How the CIA Can Hack Your Phone, PC, and TV (Says WikiLeaks)". WIRED .
  75. "Vault 7: Wikileaks reveals details of CIA's hacks of Android, iPhone Windows, Linux, MacOS, and even Samsung TVs". Computing . 7 March 2017.
  76. "Who Is Joshua Adam Schulte? Former CIA Employee Charged Over Vault 7 Leak". Newsweek. 19 June 2018.
  77. Mathews, Lee, "Equifax Data Breach Impacts 143 Million Americans", Forbes , September 7, 2017.
  78. Mills, Chris, "Equifax is already facing the largest class-action lawsuit in US history", BGR, September 8, 2017.
  79. Reise, Sarah T. (3 October 2017). "State and Local Governments Move Swiftly to Sue Equifax". The National Law Review. Retrieved 7 October 2017.
  80. DeMarco, Edward. "Washington Wrap Up". ProQuest   2043172601.Cite journal requires |journal= (help)
  81. North Korea hackers stole South Korea-U.S. military plans to wipe out North Korea leadership: lawmaker, Reuters, Christine Kim, October 10, 2017
  82. Graham-Harrison, Emma; Cadwalladr, Carole (17 March 2018). "Revealed: 50 million Facebook profiles harvested for Cambridge Analytica in major data breach". The Guardian . Archived from the original on 18 March 2018.
  83. Wong, Julia Carrie; Solon, Olivia (2018-10-09). "Google to shut down Google+ after failing to disclose user data breach". the Guardian. Retrieved 2018-10-10.
  84. "Everything you need to know about the Reddit data breach". siliconrepublic.com. 2018-08-02. Retrieved 2018-12-05.
  85. "MyFitness Pal Data Breach March 15, 2018 - Hacked". www.javarosa.org. Archived from the original on 2018-03-31. Retrieved 2018-04-03.
  86. "Saks, Lord & Taylor breach: Data stolen on 5 million cards". CNNMoney. April 2018. Retrieved 2018-04-03.
  87. "Singapore health system hit by 'most serious breach of personal data' in cyberattack; PM Lee's data targeted".
  88. "Personal info of 1.5m SingHealth patients, including PM Lee, stolen in Singapore's worst cyber attack". 2018-07-20.
  89. "Customer Data Theft". British Airways. Retrieved October 20, 2018.
  90. Sandle, Paul (September 6, 2018). "BA apologizes after 380,000 customers hit in cyber attack". Reuters. Retrieved October 20, 2018.
  91. "US CMS says 75,000 individuals' files accessed in data breach". Deccan Chronicle. October 20, 2018. Retrieved October 20, 2018.
  92. "Passwords from 100 million Quora users stolen in data breach". December 4, 2018. Retrieved January 27, 2019.
  93. "Australian tech unicorn Canva suffers security breach". ZDNet. Retrieved 2019-12-07.
  94. "139 Million Users Hit in Canva Data Breach". Tom's Guide. Retrieved 2019-12-07.
  95. "Hacker causes mass data breach in Bulgaria".
  96. "Database leaks data on most of Ecuador's citizens, including 6.7 million children". ZDNet. September 16, 2019. Retrieved 2019-09-16.
  97. "Wattpad data breach exposes account info for millions of users".
  98. Sanger, David E.; Perlroth, Nicole; Schmitt, Eric (15 December 2020). "Scope of Russian Hacking Becomes Clear: Multiple U.S. Agencies Were Hit". The New York Times.
  99. "Microsoft hack: 3,000 UK email servers remain unsecured". BBC News. 2021-03-12. Retrieved 2021-03-12.