Top 5 Biggest Data Breaches of 2017 header

2017 has been a good year for cybercriminals and a tough one for the rest of us.

The Equifax breach shows that businesses of any size and in every industry are prime targets for a Laptop with lock icon on screenhack, and while the scale and notoriety of this breach ranks it among the worst cyber security events of the year (or of all time), there have been many others.

During the first half of 2017, data breach activity saw a steep increase with the number of reported breaches jumping 29% to 791, according to a report from the Identity Theft Resource Center. The report shows that at the current rate of growth this number has the potential to reach up to 1,500 breaches, a 37% jump over 2016 when data breaches reached an all-time record high of 1,093. The increase in attacks shows an evolved level of sophistication among cybercriminals and a high-level of unpreparedness amongst businesses regardless of size or industry.

Keep reading to learn what we consider to be the top 5 biggest data breaches of 2017 (so far):

Deloitte
Deloitte experienced a data breach in March of this year but the event wasn’t disclosed until late September. The breach is a huge embarrassment for the company Gartner once named “the best cyber security consultant in the world”. Deloitte failed to use two-factor authentication and as a consequence when hackers uncovered a single administrator password they were able to access all areas of Deloitte’s email system. Deloitte maintains that only a small number of their largest clients were impacted but many experts believe the incident was far more severe.

Gmail
In May of this year, it was revealed that Gmail users were targeted in a sophisticated phishing scam that was seeking access to accounts through a third-party application. Many users fell prey to the attack because the emails were made to look like communication sent from known contacts that were interested in sharing a Google doc with them. When clicked, the victims were led to a Google security page where they were asked to allow a fake Google doc application to manage their email accounts. While Google claims users were only vulnerable for an hour, they estimate that roughly one million accounts were affected.

Whole Foods Market
America’s most beloved and derided grocery chain, Whole Foods, revealed in September that they had been impacted by a breach that compromised the credit card information of shoppers at 29 locations nationwide. Whole Foods has suggested that shoppers keep a close watch on their credit card statements for suspicious activity. The chain has not yet released an estimate for the number of compromised cards but we expect more information to be revealed as the full scope of this breach becomes understood.

Verizon
14 million Verizon user accounts were impacted by a data breach in July of this year and if you’re a customer there’s a good chance you were one of them. The security lapse left subscriber information unprotected on an Amazon Web Services server that included user PINs, names and phone numbers. While it isn’t known (to the public) whether or not the hackers accessed this data, it is estimated that ten percent of Verizon’s 108 million total customers were impacted. The incident at Verizon highlights the importance of moving data protection practices to the cloud.

Arby’s
Last February, Arby’s publicly acknowledged that they had fallen prey to a data breach after the event was exposed by the website KrebsOnSecurity. The attack occurred a month prior but according to a spokesperson, Arby’s was asked initially by the FBI to hold off on going public. Malware infected cash registers accessed the information of a reported 350,000 credit and debit card accounts that were used at over 1,000 of the fast food chains restaurants.

No business is immune
Woman looking at a data breach on her laptop screenThe recent rash of large-scale cyber security events demonstrates the expanding capabilities of cybercriminals and the need for greater protection and response from businesses of any scale. At iConvergence, we use best-in-class security solutions from Cisco to keep our customers protected and are committed to educating business leaders in Louisiana on effective cyber security practices. Everyone wins when businesses make cyber security a top priority.

What is your business doing to stay protected?
Get in touch if you’d like to learn more about cyber security and how iConvergence can help to prepare and protect the sensitive information of your business and customers.