Skip to main content
The worst attack of the decade?

The worst attack of the decade?

Though it was intense, the Equifax breach wasn’t necessarily the worst attack of the decade, although definitely the most talked about. In fact, we would argue that Equifax was really just one of the many business data breaches that we have suffered nationally and globally, since 2009. 

What was Equifax?

Just in case you somehow missed the Equifax breach: Equifax -one of the three largest credit reporting agencies in the USA, suffered a gigantic breach on March 2017 which affected hundreds of millions of people, effectively releasing the personal details of their entire database, their response was seen as clumsy and many of the top dogs at Equifax were accused of corruption.

Yes, it was big, and ugly but it wasn’t the worst, by size or impact.

Believe it or not there has been an attack that affected the data of far more than 145.5 million people and its name was Aadhaar.

Aadhaar

There are only a few locations where over a billion people can be affected by a database breach, namely India or China and this time it was India. The government-run identification database Aadhaar houses personally-identifying information, biometrics, and the Indian identity card, which is a 12-digit number for more than 1.1 billion Indian citizens.

Aadhaar is used for everything. From when you open a bank account to buying a cell phone, to credit checks, the Aadhaar database gets used. There have also been multiple third-party leaks of Aadhaar data due to improper storage by the Indian government.

Researchers believe that in 2018 alone, the entire 1.1billion Aadhaar numbers have been breached, along with connected information which has given space to a flourishing black market on the darknet for Indians personal data.

Yahoo

Although not even half the size of Aadhaar, but still outstripping the Equifax breach by the hundreds of millions was Yahoo. Yahoo felt the pain of two separate large data breaches – in 2013-2014 but this were left undisclosed until 2016-17. The initial attack exposed 500 million Yahoo user accounts and second – all of the Yahoo user accounts, which number at around 3 billion. The difference between this 3 billion and Aadhaar’s 1.1billion is the potential scope of the data dump, even though the numbers on the second Yahoo hack were huge, many of those accounts were of little to no value- such as duplicate or unused accounts.

So, size isn’t everything, it’s what you do with it that counts. Once the data has been hacked, it’s important to look at if we can identify where that data has landed or will land, rather than where it can potentially get to, giving us a real figure for the damage. In the Equifax hack, the data wasn’t leaked publicly, making the long-term effects more of a trickle, rather than an immediate waterfall. In the wake of Equifax, it was hard to decide how deep the danger was or will be, with widespread fraud, digital account compromises, and scams.

Big Impact: Game Changers, Data Risk and blackmail

Then we have to assess impact. The Target breach in 2013 which affected the data of 40 million customers, although smaller than Equifax, brought about a monumental change in awareness of data risk. Probably even more game changing and definitely more scandalous, was the 2015 Ashley Madison hack, perpetuated by hacktivists who disagreed with the site’s existence, as it marketed itself as a place to have extra-marital relationships.

The hackers exposed many clients publicly through a data dump of 32 million users, with details on sexual preference and payment details – leaving a lot of users with a lot of consequences, notably several suicides have been linked to this data breach.

These data breaches witnessed a shift on how we store data and protect client details which have led to many legal, national and international steps that affect companies and their cyber policies.

Bottom line:

It’s hard to identify the most important hack of the decade but we are sure there will be plenty more to fill the headlines come 2020!

Subscribe now to the fastest-growing podcast that brining security practitioners together. No sales and buzz words just practical cybersecurity knowledge.