The recent data breaches at Marriott and Equifax are, unfortunately, more commonplace than you may think.
“When you have a national brand, then it becomes major news,” says Yaron Samid, founder and chief executive of Billguard, a company that monitors your credit and debit cards for unwanted charges. “A lot of smaller merchants get breached all the time.”
A 2015 study by the Ponemon Institute and Symantec Corp. found that 47% of data breaches are caused by malicious or criminal attacks.
Here are 13 high-profile U.S. data breaches from the past several years.
The Bankrate Daily
2 of 14
Affected: Up to approximately 500 million guests who made a reservation at a Starwood property before Sept. 10, 2018. Approximately 327 million people who made a reservation at a Starwood property may have had their name, mailing address, phone number, email address, passport number, date of birth, gender and other personal information impacted due to the breach.
What happened: An unauthorized party has been accessing the Starwood network since 2014. This was first discovered on Sept. 8, 2018.
3 of 14
Affected: Approximately 143 million U.S. consumers were impacted in this cybersecurity incident.
Cost: Expected to hit $439 million, according to Reuters.
What happened: During mid-May through July 2017, unauthorized access to certain files occurred. The information accessed included: names, Social Security numbers, dates of birth, addresses and possibly driver’s license numbers in some instances. The credit card numbers of approximately 182,000 U.S. consumers were also accessed.
Affected: 80 million patient and employee records, potentially exposing names, dates of birth, Social Security numbers, email addresses, employment information and income data.
Cost: The data breach could cost Anthem well over $100 million, according to ZDNet.com, with some estimating $8 to $16 billion. Anthem paid the Office of Civil Rights (OCR) $16 million in October. This was a record Health Insurance Portability and Accountability Act (HIPAA) settlement and resulted in the largest health data breach in U.S. history.
What happened: In January 2015, health care giant Anthem learned of a cyberattack on its IT system that occurred over several weeks starting in December 2014. The stolen information may have included personal information, but the company does not believe credit card or banking information was compromised.
Affected: 33 million user accounts, including email addresses, first and last names and phone numbers.
Cost: The breach could cost the company an estimated $850 million, according to The New York Times.
What happened: In possibly the most publicized attack of the year, more than 30 million accounts on affair-site Ashley Madison, owned by Avid Life Media, were hacked and released to the public. The site claims that full credit card numbers were not taken.
6 of 14
Affected: 145 million customer accounts, including personal information.
Cost: Protection Group International estimates the breach will cost the company $200 million.
What happened: A cyberattack occurred between late February and early March, compromising customer names, encrypted passwords, email addresses, physical addresses, phone numbers and dates of birth. No financial information was taken, according to eBay.
7 of 14
Affected: Sensitive financial and personal information of more than 76 million households, according to The Associated Press, and 7 million small businesses.
Cost: Protection Group International estimates that it will cost the banking giant $1 billion, despite the bank spending $250 million annually on cybersecurity.
What happened: In summer 2014, a cyberattack against Chase compromised usernames, addresses, phone numbers and email addresses. There were no signs that account numbers, passwords, user IDs, dates of birth or Social Security numbers were taken.
8 of 14
Affected: 56 million credit card accounts and 53 million email addresses.
Cost: The data breach cost the company an estimated $80 million before insurance reimbursements, according to Protection Group International.
What happened: In September 2014, Home Depot revealed that hackers had gained access to the company’s computer network using stolen account information from a vendor doing business with the hardware giant.
9 of 14
Sony Pictures Entertainment
Affected: Personal information of about 3,000 current and former employees.
Cost: Sony estimates the cyberattack will cost the company $35 million.
What happened: In November, Sony Pictures Entertainment was the target of a cyberattack that leaked internal documents, including embarrassing emails and the annual salaries of senior executives. The attack also compromised employee names, Social Security numbers, credit card information and bank account information.
10 of 14
Affected: 40 million credit and debit card accounts, as well as data on 70 million customers.
Cost: Through the end of 2014, the data breach cost Target $252 million, according to corporate filings.
What happened: The breach affected credit and debit card accounts from shoppers from Nov. 27 to Dec. 15. But personal data could have been stolen from more Target shoppers.
Cost: The company reported that the breach cost more than $90 million.
What happened: Global Payments discovered a breach on a “handful” of its servers in North America, with data and credit and debit card information stolen.
12 of 14
Affected: About 5 million Tricare military beneficiaries.
Cost: $130 million (Ponemon Institute estimate)
What happened: Computer backup tapes with personal data on military service members were stolen from the car of an employee of Science Applications International Corp., a defense contractor for Tricare, the health care program for service members. Much of the data was not encrypted.
13 of 14
Affected: 360,000 credit card holders.
Cost: $19.4 million (Ponemon Institute estimate)
What happened: Citibank agreed to pay $55,000 to settle with Connecticut after the state’s attorney general’s office alleged that the company had a “known technical vulnerability” in its online banking system.
What happened: Heartland Payment Systems, a credit card processor, had its computer network compromised. The company suffered another smaller breach in May 2015 that affected 2,200 individuals’ personal information, which may have included Social Security numbers and bank account information.