1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

The worst data breaches this decade

Hardy Graupner
October 25, 2018

Hong Kong carrier Cathay Pacific is the latest company to come under pressure to communicate the scope of a data breach following an attack by hackers. The current decade has seen a surge of major data leakages.

https://p.dw.com/p/37AkY
Cybercriminal at work
Image: picture-alliance/dpa/H. Fohringer

Cathay Pacific faced a hard time Thursday (October 25, 2018) explaining why it had taken five months to admit it had been hacked, seeing the data of 9.4 million customers compromised. The airline had first discovered suspicious activity on its network in March.

Investors noted that customers had missed out on a long period of opportunity to take steps to safeguard their personal data.

Also in the news Thursday was Facebook, which was fined by a UK watchdog for processing personal information unfairly by giving app developers access to millions of accounts without the users' consent. Does Cambridge Analytica ring a bell?

The political consultancy used data from tens of millions of Facebook accounts to profile voters and help US President Donald Trump's 2016 election campaign.

The biggest incidents

But you don't have to look back very far to be reminded of even bigger data breaches earlier this decade.

The largest one in terms of the number of users affected is associated with former internet giant Yahoo. Back in 2016, it conceded to what it called "the biggest data breach in history."

Hackers had attacked the platform in 2014 stealing the real names, email addresses, phone numbers and other personal information of all 3 billion users. You can imagine what that did to Yahoo's sales price. While in negotiations to sell itself to Verizon, the company saw an estimated $350 million (€306.7 billion) go down the drain over the massive leakage.

Uber paid hackers to keep data breach secret

If you go by the number of users affected, then the FriendFinder Networks comes in second, although not really close to Yahoo. The provider of hookup services and adult content saw hackers collecting names, email addresses and passwords of well over 400 million people. It's easy to figure that lots of users immediately became the potential target of blackmail.

The attackers had been able to exploit a vulnerability in the network and obtain access to source code.

Hackers able to take their time

E-commerce multinational eBay certainly also deserves a mention. The online auction behemoth admitted in 2014 to having become the target of a cyberattack. All of its 145 million users were affected.

Media reports at the time said that the hackers, which used the credentials of thee corporate employees to get access to personal information, had been able to analyze some of eBay's databases for several months on end before the leak was detected.

Only a year earlier, a major data breach scandal hit US retail giant Target after it became known that hackers had gained access to its point-of-sale payment card readers. After the company upped its initial estimate, the breach appeared to have affected as many as 110 million clients.

Corporate data breaches, although on a somewhat smaller scale, have certainly also hit German companies.

One of the bigger incidents occurred in late 2016 when Deutsche Telekom announced it was investigating whether a cyberattack was responsible for causing network problems for some 900,000 customers.

A spokesman for the telecoms giant said later the fact that only certain software in routers was affected suggested that the problem had been caused by hacking. Within just two days, the number of outages had fallen to 400,000 after implementing a software update for certain routers.

EU beefs up data protection