Data security breaches happen daily in too many places at once to keep count. But what constitutes a huge breach versus a small one? For some perspective, we take a look at 15 of the biggest incidents in recent memory. Helping us out are security practitioners from a variety of industries, including more than a dozen members of LinkedIn's Information Security Community, who provided nominations for the list.
- 1. Heartland Payment Systems
- Date: March 2008
- Impact: 134 million credit cards exposed through SQL injection to install spyware on Heartland's data systems.
A federal grand jury indicted Albert Gonzalez and two unnamed Russian accomplices in 2009. Gonzalez, a Cuban-American, was alleged to have masterminded the international operation that stole the credit and debit cards. In March 2010 he was sentenced to 20 years in federal prison. The vulnerability to SQL injection was well understood and security analysts had warned retailers about it for several years. Yet, the continuing vulnerability of many Web-facing applications made SQL injection the most common form of attack against Web sites at the time.
- 2. TJX Companies Inc.
- Date: December 2006
- Impact: 94 million credit cards exposed.