For Cybersecurity Awareness Month this year, we're taking a look at the past and future of cybersecurity. This week, we track how data breaches became as common as they are today.
Data breaches happen so frequently these days that no recent year has gone by without a handful of them making headlines. So how did we get here? It certainly didn't happen overnight.
Spies and thieves
The earliest data breaches were most probably acts of industrial espionage or just common crime, which eventually morphed into the digital thefts we know today once corporations started integrating computers and the internet into how they do business.
One such case was an incident that occurred with credit reporting agency TRW Information Systems. In 1984, they were informed that the password to one of their databases had been stolen and posted online on an electronic bulletin board, exposing the personal data and credit histories of 90 million Americans.
Even in the 80s, the potential risks data breaches posed to organizations were already being recognized. In the New York Times' coverage of the incident, a computer security expert by the name of Reed Phillips weighed in, stating ''This points out how vulnerable all companies are," and "organizations will have to spend more on securing their systems.''
But it's safe to assume that data breaches were not a concern for most businesses at the time, since very few of them had gone online and probably wouldn't until the 90s, or even the 2000s.
A new era of cybercrime
Most sources cite 2005 as the year that the current era of frequent large-scale data breaches we are currently living in began.
136 data breaches were reported that year, which included George Mason University (names, pictures, and Social Security numbers of 32,000 students and staff), DSW Designer Shoe Warehouse (1.4 million credit card numbers), and CardSystems Solutions (40 million credit card numbers), among others.
2005 was also the year that hacker Albert Gonzalez masterminded a breach of retail giant TJX Companies where 45.6 million credit card numbers were stolen from one of its systems over a period of more than 18 months, culminating in 2007.
And it was in 2007 when Gonzalez launched "Operation Get Rich or Die Tryin", another set of data breaches that targeted Heartland Payment Systems (130 million credit card numbers), Hannaford Brothers (4.2 million credit card numbers), and other organizations.
The big oneAs more major data breaches continued to make headlines into the 2010s, media outlets were throwing around the label "the largest to date" quite a lot, as the damage seemed to be growing more and more severe with each one. But the true "largest data breach to date" was right around the corner.
In September 2016, Yahoo! disclosed that a data breach had taken place some time in late 2014. 500 million user accounts, including account names, email addresses, telephone numbers, dates of birth, hashed passwords, and in some cases, encrypted or unencrypted security questions and answers had been compromised.
Later that same year, in December, Yahoo! discovered a data breach that had taken place a year prior to the one they reported, in August 2013. The number of affected accounts jumped up to one billion, and then in October of 2017, Yahoo! updated its assessment to 3 billion; in other words, every single account that existed in August 2013.
Unfortunately, the Yahoo! breach was not the ultimate wakeup call that it should have been, as major organizations such as Equifax (data of 147 million American citizens) Marriott (data of 500 million guests), Facebook (data of 540 million users), and plenty more have fallen victim to data breaches since then, and still continue to.
And here we are today. Although this is by no means a comprehensive list of every data breach that has ever occurred, we hope we have illustrated how frequent and how destructive they have gotten over the years, and highlighted the importance of protecting online data, whether it's your own personal data, or that of your users and customers.