COVID-19 has led to major changes to daily life for Americans, including a shift toward remote and at-home work. While these changes have led to more flexible working conditions for employees, they have also increased data security risks. New data from the Federal Trade Commission and the Identity Theft Resource Center indicates that heightened security risks brought on by more remote work are of particular concern when considering that data breach and identity theft reports doubled between 2014 and 2019.
Certain sectors are more vulnerable to data breaches than others. In 2019, the largest number of breaches occurred in the business and healthcare sectors, at 644 and 525 total data breaches, respectively. The business sector has become increasingly vulnerable to data security issues, as breaches in this sector increased by nearly 150 percent between 2014 and 2019. In contrast, data security remains strongest in the banking and government sectors, both of which saw a decline in total data breaches between 2018 and 2019.
Data breaches often compromise a company’s most sensitive records. The majority of data breaches stem from hacking and intrusion cases and unauthorized access to records, which comprised more than 75 percent of all data breaches in 2019. On the other hand, employee error and negligence accounted for less than 11 percent of data breaches in 2019. However, with an increase in at-home and remote work, breaches stemming from a lack of employee knowledge or training is now more of a priority among employers.
RELATED Hackers aren’t the only threat to your business’ data-employee negligence can also cause irreparable damage. Protect your business’s Microsoft 365 and SharePoint data with our comprehensive, automated Microsoft 365 Backup solution.
To profile the most significant data breaches of U.S. companies, researchers at Spanning analyzed data from the Identity Theft Resource Center and the Federal Trade Commission, while also reviewing major news reports. Data breaches were defined as any unauthorized exposure to a company’s records, and incidents were ordered based on the total number of records exposed.
Between 2013 and 2019, companies involved in social networking and media, such as Yahoo and Facebook, were the most vulnerable to data breaches. For these companies, data breaches were most likely to occur through hacking and intrusion or accidental internet exposure. Emails, passwords, and other personal information were the most frequently compromised types of information. Here are the 10 largest data breaches of U.S. companies.
The 10 Largest Data Breaches of U.S. Companies
10. MySpace (2016)
- Number of records exposed: 360,000,000
- Type of breach: Hacking/intrusion
- Industry: Social network
- Types of information compromised: Account name, email, password
9. FriendFinder Networks (2016)
- Number of records exposed: 412,000,000
- Type of breach: Hacking/intrusion
- Industry: Social network
- Types of information compromised: Account name, email, password, user activity dates
TRENDING
Our Google Workspace Backup solution protects your organization’s entire Google Workspace domain, including Gmail, Drive, Calendars, Contacts, and Sites.
8. Facebook (2019)
- Number of records exposed: 419,000,000
- Type of breach: Accidental web/internet exposure
- Industry: Social network
- Types of information compromised: Name, account ID, phone number, country
7. Marriott International (2018)
- Number of records exposed: 500,000,000
- Type of breach: Hacking/intrusion
- Industry: Hospitality
- Types of information compromised: Name, physical address, phone number, email, passport number, date of birth, gender, reservation information
6. Yahoo (2014)
- Number of records exposed: 500,000,000
- Type of breach: Hacking/intrusion
- Industry: Media
- Types of information compromised: Name, email, phone number, date of birth, login information
5. Facebook / Cultura Colectiva (2019)
- Number of records exposed: 540,000,000
- Type of breach: Accidental web/internet exposure
- Industry: Social network
- Types of information compromised: Account name, account ID, Facebook comments and reactions
4. First American Corporation (2019)
- Number of records exposed: 885,000,000
- Type of breach: Accidental web/internet exposure
- Industry: Financial
- Types of information compromised: Bank account number, bank transactions, drivers license, Social Security number
3. People Data Labs / OxyData.io (2019)
- Number of records exposed: 1,200,000,000
- Type of breach: Accidental web/internet exposure
- Industry: Data
- Types of information compromised: Name, email, phone number, social media profiles
RELATED
Enjoy daily, automated backup of your Salesforce data, attachments, files, and metadata with our Salesforce Backup solution.
- Number of records exposed: 1,370,000,000
- Type of breach: Accidental web/internet exposure
- Industry: Marketing
- Types of information compromised: Name, IP address, physical address, email
1. Yahoo (2013)
- Number of records exposed: 3,000,000,000
- Type of breach: Hacking/intrusion
- Industry: Media
- Types of information compromised: Name, email, phone number, date of birth, login information
Methodology & detailed findings
Aggregate statistics on data breaches (historical and for 2019) are from the Identity Theft Resource Center. Aggregate statistics on identity theft are from the Federal Trade Commission’s Consumer Sentinel Network Data Book_.
The list of data breaches, representing the 10 largest data breaches of U.S. companies between 2013 and 2019, were compiled from news reports. Rankings were based on the total number of records exposed, regardless of record type.
The real threat to data security stems from the lack of preparation and resources among companies transitioning to remote work, coupled with the lack of awareness among employees on best practices for working securely at home or from remote environments. One example is the use of personal devices to conduct work-related tasks, which highly compromises data security. Addressing best practices to avoid security risks when working remotely will be a top priority for companies moving forward, especially considering the uncertainty surrounding the return to traditional work environments.