Greatest Cyberattacks On U.S. Companies In The Last 10 Years

Virtually every day we see news of data breaches, which affect organizations of all types and sizes. From startups to global companies, they are subject to cyber attacks aimed at stealing (or even destroying) data. After all, the question is not “if”, but “when” an organization will fall victim to malicious attackers. And as much as vendors evolve their solutions and teams improve their cybersecurity posture, malicious actors have also been improving their attack techniques to circumvent the controls put in place. An analysis by the Identity Theft Resource Center indicated that there were 1862 data breaches in the year 2021 alone, a number 68% higher than in 2020. The segments most affected by these attacks include healthcare, finance and retail. And that number is expected to be even higher in 2022. The consequences of these attacks are not just financial: organizations are also subject to loss of reputation and trust from customers, partners, suppliers and even employees. After all, in times where data is considered the new oil, more and more people are considering the cybersecurity aspect when doing business with organizations. In recent years, millions of US user records have been publicly exposed, in many cases posted on the dark web or sold to third parties for malicious actions. For organizations, financial losses are increasing: according to IBM and the Ponemon Institute in their Cost of a Data Breach 2021 report, the average cost of a data breach was USD 4.24 million, an increase of 9 .8% compared to 2020. Continue reading this article to learn about the 8 biggest data breaches that have occurred in the United States of all time, and the consequences for users and organizations.

1. Yahoo – the data leak that occurred at the tech giant is one of the best known in the cybersecurity market. Between 2013 and 2016 a series of cyberattacks allowed Russian cybercriminals to gain access to the personal data of more than 3 billion users. These attacks earned the company a fine of USD 35 million, in addition to a few dozen lawsuits.
   
   
2. Microsoft – nearly 30,000 US companies (60,000 globally) were affected by one of the largest cyber attacks in US history. In early 2021, criminals exploited four zero-day flaws in Microsoft Exchange email servers to gain unauthorized access to users’ electronic messages. The US government has accused a cyber gang sponsored by the Chinese government of being behind the attack.
   
   
3. First American Financial Corp. – a series of flaws in the digital protection mechanisms of this large financial institution allowed approximately 885 million sensitive records to be exposed on the internet. These records included bank account numbers and their statements, as well as money transfer receipts with social security numbers and driver’s licenses. While not considered a leak, as no data was compromised, the SEC fined First American nearly $500,000.
   
   
4. Facebook – this is not the first time that Mark Zuckerberg’s social network has been involved in scandals of leaks and exposure of its users’ data. After the Cambridge Analytica episode, the names, phone numbers, usernames and passwords of 530 million users were exposed through third parties. After this episode, Facebook tightened the criteria for accessing third-party applications to its databases;
   
   
5. LinkedIn – in April 2021 malicious actors managed to exploit vulnerabilities in APIs to improperly obtain the personal data of more than 93% of the user database of the largest professional social network, which had approximately 750 million users at the time of the attack. Data such as names, phone numbers, location data and associated account details have been stolen, allowing malicious actors to misuse them to carry out phishing or ransomware attacks;
   
   
6. JP Morgan Chase – In a highly regulated industry, not even one of the largest US banks has been safe from cyber attacks. In September 2014, JP Morgan reported that cyber criminals compromised the accounts of over 76 million individuals and 7 million businesses. Fortunately, only names, emails and phone numbers were leaked, which didn’t save the giant from having to commit to spend USD 250 million annually to properly protect its customer data;
   
   
7. Home Depot – Using malware, criminals stole more than 56 million payment card records from Home Depot customers during April 2014. By 2020, the retailer had already spent over USD 180 million in damages, including damages to banks and credit card companies, in addition to paying compensation to those affected.
   
   
8. MySpace – although it no longer exists as a social network, MySpace attracts thousands of people to its site. In 2016 it was revealed that logins, names and birthdates of over 360 million users were leaked. MySpace was able to invalidate all login data and notify users, as well as having implemented stricter cybersecurity measures.