New York / AP
The latest Yahoo hack exposed personal details from more than 1 billion user accounts, the largest known data breach in history. Despite the size of the break-in, which apparently dates back to August 2013, attackers don’t appear to have accessed obviously sensitive information such as financial data or Social Security numbers. Here’s how the Yahoo attack revealed Wednesday stacks up against other recent major hacks.
YAHOO’S PREVIOUS HACK
Yahoo disclosed in September that hackers swiped personal information from at least 500 million Yahoo accounts. At the time, that hack was believed to be the biggest digital break-in at an email provider. That breach dated back to late 2014. Yahoo said it believes the 2014 hack was distinct from the 2013 breach it announced. The company later revealed in a regulatory filing that it had detected evidence that a hacker had broken into its computer network at least 18 months before it launched the investigation that discovered the breach.
OFFICE OF PERSONNEL
MANAGEMENT
A hack of the computer systems at the US government’s personnel office compromised the personal information of more than 21 million current, former and prospective federal employees, including highly sensitive data such as background investigations.
The attack — disclosed last year and widely blamed on China’s government — also led to the resignation of the agency’s director and drew outrage over changing explanations about its severity. A House committee report faulted OPM for failing to secure sensitive data despite warnings for years that it was vulnerable to hackers. It concluded that the hacking could have been prevented if the agency had put in place basic, required security controls and recognized from an earlier break-in attempt that it was actually dealing with a sophisticated, persistent enemy.
ANTHEM
In early 2014, the health insurer Anthem disclosed that hackers had stolen information on almost 80 million current and former customers and employees.
Thieves potentially accessed Social Security numbers, names, birthdates, email addresses, employment details, incomes and street addresses. Anthem said it had no evidence that medical or financial information was taken.
In the aftermath of the attack, some Anthem customers said their identities had been stolen and used to file fake tax returns, a common tactic for claiming fraudulent refunds. Some state officials warned that scammers were also targeting Anthem policyholders with fake credit-monitoring appeals.
DEMOCRATIC NATIONAL
COMMITTEE
Federal officials continue to investigate electronic break-ins into
Democratic Party computers, including a breach of the Democratic
Congressional Campaign Committee, the campaign arm for House Democrats. US intelligence officials have blamed the breaches on Russian intelligence agencies.
Following the hack, embarrassing internal Democratic documents, along with both personal and official information about Democratic members and hundreds of congressional staff, was posted online. Rep. Debbie Wasserman Schultz of Florida relinquished her post as Democratic Party chief in July after the documents showed some DNC officials tilting toward Hillary Clinton in her presidential campaign against Vermont Sen. Bernie Sanders.
HOME DEPOT
Home Depot said in September 2014 that attackers stole 56 million debit and credit card numbers in a months-long breach of its computer systems. About two months later, the nation’s largest home improvement chain disclosed that hackers also stole 53 million email addresses in addition to the card data.
TARGET
Target Corp. first announced its massive data breach in December 2013, saying that 40 million debit and credit cards were affected. Weeks later, the retailer added that further investigation had revealed that the hackers also took the
personal information — including email addresses, phone numbers, names and home addresses — of 70 million people.
TJ MAXX
TJX Cos., the parent company of retailers T.J. Maxx and Marshall’s, announced its data breach in 2007.
At first it said the intrusion into its customer data files took place
between May 2006 and January 2007, but it later learned that it also was hacked into in July 2005 and other periods during that year. Ultimately, the breach exposed at least 45.7 million credit and debit cards
to possible fraud.
SONY PICTURES
In 2014, Sony discovered that personal information — including emails, Social Security numbers and salary details for nearly 50,000 of its current and former workers — was leaked online. In addition, attackers uploaded screeners of unreleased movies to the internet for illegal download. Thousands of internal emails from and about Sony executives, many of them embarrassing, were later released.
The hackers also threatened violence against movie theaters that planned to show “The Interview,†a Seth Rogen/James Franco comedy about an assassination attempt on the leader of North Korea. While many major theaters canceled showings of the movie, it went on to screen at independent theaters
and aired digitally. The Obama administration later implicated North Korea in the attack.