10 Case Studies That Prove That IT Security is No Joke

While often overlooked, IT security is actually one of the most important aspects that companies should prioritize. Whether your business is a start-up or a larger corporation, the looming threat of cyberattacks that can ultimately lead to your organization’s demise, shouldn’t be underestimated.

There is a multitude of ways a hacker can launch a cyberattack on your company’s systems. Some may use the data they have accessed and sell the confidential information to the highest bidder. Another, and more notorious method, is called ransomware, in which the hacker will seize the systems of an organization and demand a sum of money to regain access.

In the last ten years alone, there have been hundreds of cases that prove that IT security is no joke, but for now here are just ten of them:

1. Adobe (2013)

In 2013, hackers stole login information and 3 million credit card numbers from 38 million Adobe users. It is considered to be one of the biggest breaches in the 21st century.

On top of the USD 1.2 million settlement Adobe had to hand out, they also spent an undisclosed – but certainly hefty – amount of money to settle customer claims from the 3 million credit card numbers stolen.

2. MySpace (2013)

MySpace was the website before Facebook and Twitter. However, its popularity wasn’t proportional to its IT security. As they disclosed years later, they experienced one of the biggest data breaches at the time with approximately 360 million accounts being compromised. Apparently, anyone could have unauthorized access to another person’s account, as long as they had the username and date of birth.

While it wasn’t clear how much was spent in recovery from the breach, MySpace is now known to not only be outdated, but unsafe to use.

3. Yahoo (2013)

Yahoo shared that they had actually experienced several data breaches throughout the years. One breach occurred in 2013, where 1 billion Yahoo accounts were compromised by a group of hackers. This attack targeted the users’ security questions, leaving them vulnerable to identity theft.

At the time, Yahoo was in the process of being sold to Verizon. However, because of this, they lost around USD 350 million, due to their sale price being cut down.

In 2017, Yahoo disclosed that the number of accounts that were accessed was closer to 3 billion user accounts. While none of these accounts were further exploited – according to Yahoo’s own investigation – the users and their information were still rendered defenceless.

4. Marriott Hotels (2014-2018)

In a span of four years, Marriott Hotels in the UK underwent constant data breaches. While they may have tempered the attacks with bandaid solutions, they ultimately (and literally) paid the price in the end. 

The breach resulted in hackers getting access to roughly 7 million guest records (i.e. names, contact information, and passport details). The hackers also had control over the Marriott Hotel systems, which included guest VIP status, arrival and departure information, and loyalty program numbers, which all could be altered at the expense of the guests. As a result of this massive data breach, the UK’s data privacy watchdogs fined the Mariott Hotels chain 18.4 million euros.

5. MyFitnessPal (2018)

On March 25, 2018, MyFitnessPal users received a notification that they needed to change their password due to a security breach. While Under Armor (who had purchased MyFitnessPal) had quickly dispatched the notification and alerted authorities, approximately 150 million accounts were left vulnerable.

It was later found out that the information of the users was sold on the dark web, and despite MyFitnessPal recovering the accounts and information, the users had been vulnerable to further phishing attacks and other cyberattacks.

Read more about The Importance of IT Compliance.

6. Twitter (2018)

In 2018, Twitter emailed a total of 330 million accounts with the notification that they needed to change their passwords. Apparently, and without the knowledge of the users, their billing information could have been accessed through their accounts. This information included their phone numbers, email addresses, and the last four digits of their credit cards.

Twitter shared that there wasn’t any real harm due to the breach, but they haven’t made clear the potential damage that could have been done due to user vulnerability.

7. Alibaba (2019)

This multinational company endured up to eight months of cyberattacks. The software developer that attacked Alibaba was able to acquire over 1.1 billion pieces of user information. The information gathered included user IDs and numbers.

While the exact recovery cost has not been released by Alibaba, it certainly cost them a large sum to not only get back the information that was leaked, but to also tighten up their security.

The culprits were eventually found, and each was sentenced to three years in prison, with fines of 100,000 yuan and 350,000 yuan, respectively.

8. Facebook (2019)

Interestingly, Facebook has had several so-called “data breaches” in the past, and more often than not chooses not to investigate such attacks since most of the information that is scraped is also public on their website. Due to this reasoning, Facebook has not chosen to notify its users of these data breaches.

However, in 2021, the South Korean state watchdog on personal information protection concluded that Facebook passed the personal data of 3.3 million Korean users to third parties without the users’ consent. Because of this data leak, it was reported that Facebook was fined 6.7 billion won (USD 5 million).

9. CAM4 (2020)

In March 2020, the adult streaming website CAM4 had its servers breached, with hackers getting access to over 10 billion records. These records included users’ full names, email addresses, chat transcripts, IP addresses, and more sensitive information. Many of the emails that were accessed were connected to cloud storage, which made them even more vulnerable to further attacks.

10. LinkedIn (2021)

In early 2021, it was found that the data of more than 700 million users was scraped by hackers and was put for sale on the dark web. While LinkedIn stated that no real harm was done to the site itself and that they didn’t have any major recovery costs, there were reports of phishing attacks from LinkedIn users who had their data leaked.

Even if the company itself didn’t undergo many repercussions – other than a slight blow to its reputation – the impact of the breach was felt by the users who had their data accessed unwillingly.

IT Security is No Joke

Now that the world has gone digital, the landscape of security has changed. Gone are the days when people worried about more physical and in-person threats to their businesses. While bodyguards and security guards may be a thing of the past, the modern version of security is still very much applicable today.

Investing in IT security doesn’t have to be difficult or time-consuming. The ZenAdmin team is committed to safeguarding your data from the public, the dark web, and even our own team. ZenAdmin ensures integrated and unified IT security at the device, application, and network levels. They also help you develop, document, and maintain regulatory frameworks to help you stay compliant. Book a free demo session today!

Read more for The Easy Way to Manage Your IT Security and 8 IT Security Measures to Implement ASAP.