Cyber attacks have been making headline news and thrusting the threat of ‘cyber’ into the public eye for many years now. Here, we’ve rounded up some of the biggest and most interesting data breaches ever to have affected UK consumers:
Equifax first reported a major cyber breach earlier in 2017, revealing over 140 million US customers were affected. The breach disclosed the names, Social Security numbers, dates of birth and addresses of almost half the US population. Also compromised were 209,000 consumer credit card numbers and 182,000 personal identifying records.
Around 690,000 British customers were also impacted. Equifax later revealed 15,000 UK customers had their financial information and passwords stolen, which included credit card numbers.
2. Marriott Hotels
In 2018, a data breach of Marriott Hotels resulted in over 300 million guests’ personal data being leaked, including payment card numbers and expiry dates. Passport numbers, dates of birth and email addresses were also amongst the leaked data. Worryingly, the unauthorised access actually occurred years before the discovery, as early as 2014.
Marriott revealed it was the Starwood hotel network that provided the hacker with access, and while the breach was reported to the ICO, the hotel group still faced a fine of over £99 million for failure to comply with GDPR.
3. Talk Talk
The telecommunications company was hit by a significant cyber attack in October 2016. Initially, the breach was expected to have affected a large amount of its 4 million customers. However, it was later revealed only 157,000 customers’ data was breached.
The data compromised included over 15,000 bank account details, and 28,000 credit and debit card numbers were stolen.
The taxi firm covered a huge cyber hack that affected 57 million customers and drivers worldwide and 2.7 million users in the UK. The 2016 breach was covered up by the firm paying hackers $100,000 (£75,000) to delete the data. As a result of the cover-up, their Chief Security Officer (CSO) left the company.
Names, email addresses and mobile phone numbers of customers were exposed.
5. JD Wetherspoons
In 2015, the well-known pub chain suffered one of the UK’s largest data breaches. Affecting over 650,000 customers, the data that was stolen included phone address, email accounts and date of birth. This information was released on the dark web (an underground area of the Internet where illegal information and items are sold) for sale.
JD Wetherspoon only became aware of the breach six months after it took place.
6. Ashley Madison
Perhaps the most infamous breach of all time, in 2015, 37 million users of the dating website for adulterous affairs, Ashley Madison, found their information released to the world. Emails, names, home addresses, credit card information and even sexual fantasies were stolen.
The released data included information from customers who had previously paid a $19 fee to Ashley Madison to supposedly have their data deleted.
The British payday loan company suffered a massive data breach in April 2017. The hack put millions of customers at the threat of data theft, including their name, bank accounts, sort codes and their debit cards’ last four digits.
Reports suggest over 240,000 of its customers’ data were breached.
8. Three Mobile
The telecommunications provider was hit by a major data breach in November 2016, when cyber criminals used the employee login of the company to breach its database, resulting in the data theft of its customer’s name, date of births, phone numbers and addresses.
Over 200,000 customers’ data was accessed.
9. Sony Playstation
The customer information of around 100 million users was stolen in a cyber attack in 2011, including bank account numbers, customer names, account names, and addresses. The hackers got the information by exploiting a weakness in Sony’s network following numerous ‘distributed denial of service’ (DDoS) attacks, which essentially overload a network with information requests.
Britain’s Information Commissioners Office (ICO) issued a £250,000 fine for what’s known as the first big data breach to affect people around the world.
The once-dominant Internet company revealed all of its 3 billion email users were likely compromised in a 2013 breach, breaking its own record for the largest ever data breach. While it’s not a UK-based company, Yahoo has a large number of UK customers, who its data breaches have impacted.
The company has been breached twice in recent years, and the impact of the breaches reduced its overall value by an estimated $350 million, eventually being sold for $4.48 billion to Verizon.
11. Tesco Bank
The retail bank’s data breach of 2016 resulted in a loss of nearly £2.5million. The bank reportedly froze its online system when the cyber attack hit it. Reportedly, 20,000 Tesco Bank customer’s accounts were breached, however, that number dropped to 9,000 following an enquiry.
After the attack, Tesco Bank covered all financial losses suffered by any of its customers.
Why do we share this information we hear you ask!? Well, it’s simple really. We want to highlight that regardless of size or industry, any business can fall prey to cyber crime and methods being used are becoming increasingly complex. Not only do cyber attacks have large financial implications, they also have the ability to destroy trust with an organisation, sometimes irreversibly.