COVID-19 has led to major changes to daily life for Americans, including a shift toward remote and at-home work. While these changes have led to more flexible working conditions for employees, they have also increased data security risks. New data from the Federal Trade Commission and the Identity Theft Resource Center indicates that heightened security risks brought on by more remote work are of particular concern when considering that data breach and identity theft reports doubled between 2014 and 2019.
Certain sectors are more vulnerable to data breaches than others. In 2019, the largest number of breaches occurred in the business and healthcare sectors, at 644 and 525 total data breaches, respectively. The business sector has become increasingly vulnerable to data security issues, as breaches in this sector increased by nearly 150 percent between 2014 and 2019. In contrast, data security remains strongest in the banking and government sectors, both of which saw a decline in total data breaches between 2018 and 2019.
Data breaches often compromise a company’s most sensitive records. The majority of data breaches stem from hacking and intrusion cases and unauthorized access to records, which comprised more than 75 percent of all data breaches in 2019. On the other hand, employee error and negligence accounted for less than 11 percent of data breaches in 2019. However, with an increase in at-home and remote work, breaches stemming from a lack of employee knowledge or training is now more of a priority among employers.
To profile the most significant data breaches of U.S. companies, researchers at Spanning analyzed data from the Identity Theft Resource Center and the Federal Trade Commission, while also reviewing major news reports. Data breaches were defined as any unauthorized exposure to a company’s records, and incidents were ordered based on the total number of records exposed.
Between 2013 and 2019, companies involved in social networking and media, such as Yahoo and Facebook, were the most vulnerable to data breaches. For these companies, data breaches were most likely to occur through hacking and intrusion or accidental internet exposure. Emails, passwords, and other personal information were the most frequently compromised types of information.
Here are the 10 largest data breaches of U.S. companies in history.
|Company||Rank||Number of records exposed||Type of breach||Industry||Types of information compromised|
|Yahoo – 2013||1||3,000,000,000||Hacking/intrusion||Media||Name, email, phone number, date of birth, login information|
|River City Media – 2017||2||1,370,000,000||Accidental web/internet exposure||Marketing||Name, IP address, physical address, email|
|People Data Labs / OxyData.io – 2019||3||1,200,000,000||Accidental web/internet exposure||Data||Name, email, phone number, social media profiles|
|First American Corporation – 2019||4||885,000,000||Accidental web/internet exposure||Financial||Bank account number, bank transactions, drivers license, Social Security number|
|Facebook / Cultura Colectiva – 2019||5||540,000,000||Accidental web/internet exposure||Social network||Account name, account ID, Facebook comments and reactions|
|Yahoo – 2014||6||500,000,000||Hacking/intrusion||Media||Name, email, phone number, date of birth, login information|
|Marriott International – 2018||7||500,000,000||Hacking/intrusion||Hospitality||Name, physical address, phone number, email, passport number, date of birth, gender, reservation information|
|Facebook – 2019||8||419,000,000||Accidental web/internet exposure||Social network||Name, account ID, phone number, country|
|FriendFinder Networks – 2016||9||412,000,000||Hacking/intrusion||Social network||Account name, email, password, join dates, user’s last visit|
|MySpace – 2016||10||360,000,000||Hacking/intrusion||Social network||Email, password|
For more information, a detailed methodology, and complete results, you can find the original report on Spanning’s website: https://spanning.com/