Worst Data Breaches of 2017

2017 has been a particularly bad year for data violations, but what were the worst data breaches of 2017? We have put together a list of the largest and most serious cyber attacks that came to light in 2017.

Equifax – 143 Million Records

The Equifax data breach was first noticed in September and sits at the top of our list of the worst data breaches of 2017, not just for the size of the breach, but also due to the range of data stolen by the hackers. Equifax reports that the breach effected as many as 143 million consumers – approximately 44% of the population of the United States.

The data stolen in the attack including highly sensitive information – the types of data cybercriminals seek in order to carry out identity theft and fraud. Social Security numbers and driver’s license numbers were taken along with names, addresses, dates of birth, and credit card numbers. The breach due to an unpatched software vulnerability.

Uber – 57 Million Records

The Uber data breach may not have been the most significant in terms of the types of data exposed, but it certainly ranks as one of the worst data breaches of 2017, affecting some 57 million riders and drivers.

What really makes this one of the worst breaches of 2017 is the discovery that Uber made efforts to keep the breach quiet. Uber paid the hacker $100,000 to keep quiet and not publish the data, which included names, addresses, email addresses, and in some instances, driver’s license numbers. The breach took place in October 2016, but it was not shared for more than 12 months.

Dun & Bradstreet – 33.7 Million Records

The data analytics company Dun & Bradstreet created a marketing database including 52 GB of data, including 33.7 million email addresses and contact details. While Dun & Bradstreet states its systems were not compromised, one of the businesses that the database was sold to certainly was. The database held the records of millions of employees of major companies including Wal-Mart and CVS Health, as well as the U.S Postal Service and the Department of Defense.

River City Media – 1.4 Billion Records

A huge illegal spam operation run by River City Media was uncovered this year by security experts, who found that more than 1.4 billion records had been left exposed online. A review of the data showed there were 393 million unique email addresses in the database, along with names, IP addresses, and real addresses.

The review into River City Media showed that the group was sending as many as a billion emails a day, and was pretending to be a real marketing company. The files were exposed due to bad RSync backup practices, which saw to it that a disaster would not result in data loss, but the firm wrongly left its data exposed online.

Onliner Spambot – 711 Million Records

Another large data breach to affect spammers involved the operator of the onliner spambot, which gathered email addresses to share spam emails. A database of some 711 million email addresses was left exposed online after the server on which the data were stored had been left unsecured. It is unknown how many people found the database and are now using it to plague those 711 million people with email more spam email. The breach was largely limited to email addresses, but in terms of size, it certainly is one of the most major data breaches of 2017.

Link copied to clipboard
Photo of author

Posted by

Elizabeth Hernandez

Elizabeth Hernandez is a news writer on Defensorum. Elizabeth is an experienced journalist who has worked on many publications for several years. Elizabeth writers about compliance and the related areas of IT security breaches. Elizabeth's has a focus data privacy and secure handling of personal information. Elizabeth has a postgraduate degree in journalism. Elizabeth Hernandez is the editor of HIPAAZone. https://twitter.com/ElizabethHzone