5 Worst Data Breaches of 2017

By Mike Peterson
3 Min Read
Credit cards, a chain and an open padlock is seen in front of displayed Equifax logo in this illustration Credit: REUTERS/Dado

The internet is no stranger to data breaches — from the massive Yahoo breach to smaller-scale attacks. But this year, in particular, has been dominated by severe and especially high-profile data breaches. Many of those have compromised sensitive information for millions of people. Press the right arrow to learn about five of the worst data breaches of 2017.

5 Cloudflare

In February, content delivery network Cloudflare announced that its servers had suffered a breach that exposed sensitive and private data such as HTTP cookies, authentication tokens and login information. Not only was the data leaked, but it was also cached by search engines — adding to its severity.

The breach, later dubbed “Cloudbleed,” was the result of a software bug, according to a lengthy blog post by Cloudflare. And it potentially affected thousands of popular websites and services that use Cloudflare’s performance and security platforms, including Uber, OKCupid, Fitbit, Medium and more.

4 Verizon

Verizon iPhone Deals

In some cases, data breaches are the result of human error rather than a malicious attack. One such example is the Verizon breach from July 2017. In that case, sensitive customer information was left accessible online for around nine days before being found and secured. The cause? A mistakenly configured setting on a cloud server.

That information included phone numbers, names and PIN codes for over six million Verizon customers. Verizon later told CNN that “no loss or theft of customer information occurred.” Despite that, the telecom giant recommended that users change or update their PIN codes, so there's a chance that some of the data was accessed.

3 Cellebrite

Customer information is not the only data at risk of being exposed in breaches. Earlier this year, Israeli data extraction firm Cellebrite had over 900 gigabytes of its files stolen by an unidentified hacker — which was sent to Motherboard but also posted online. That included client information and internal databases, but it also included more dangerous data.

Cellebrite gained notoriety as the firm that helped the FBI break into an iPhone belonging to one of the San Bernardino shooters. And within that 900GB haul was a plethora of information on the firm’s data extraction tools. Presumably, tools similar to the one that it used to unlock and access an iPhone — a feat that's notoriously hard to pull off.

2 Deep Root Analytics

Similar to the Verizon breach, a conservative data analytics firm unwittingly left voter information on nearly 200 million Americans on an unsecured and easily accessible Amazon web server. The firm, Deep Root Analytics, had been contracted by the Republican National Committee to conduct voter research.

The roughly 1.1 terabytes of information included voter details such as names, home addresses, phone numbers, dates of birth, and “modeled” voter ethnicities and religions. Like the Verizon breach, there’s no evidence that the data was actually hacked, but the scope and scale of the information were especially troubling.

1 Equifax

You’ve probably heard of the Equifax breach. That’s largely because it’s not just one of the worst breaches of 2017, it’s possibly one of the worst breaches of all time. The credit score company said that attackers actually accessed account details for around 143 million customers — if you live in the U.S., there’s a roughly one in two chance that you’ve been affected if you have a credit report.

Worryingly, that breach also included extremely sensitive information like social security numbers, driver's license information and credit card details for around 200,000 people. That kind of data, of course, can be extremely damaging in the wrong hands. If you’re concerned, Equinox has a tool that lets you know how likely it is that you've been affected.

Social Sharing