Gone are the days when our primary identity theft concern was having our credit card information stolen. In today’s digital age, data breaches are the new normal. And cyberthieves are finding treasure troves of data in other industries. Retail, financial services, healthcare, social media companies and the Internal Revenue Service (IRS) have been rich targets for hackers. According to the Identity Theft Resource Center, the total number of 2017 breaches topped 1,300, an increase of more than 21 percent over the record set in 2016. But what stands out as significant in 2017 is that more than 172.4 million records were exposed. That’s a mind-blowing 371 percent increase over the total records exposed in 2016.
Here’s a look back at some of the major data breaches that stole headlines in 2017:
EQUIFAX – September 7 – “One of the worst data breaches of all time”
One of the three largest credit agencies in the U.S. suffered a breach affecting 143 million consumers. In October, Equifax reported that an additional 2.5 million people were affected – bringing the total to 145.5 million. Due to the sensitivity of data stolen, the Equifax breach has the dubious distinction of being called “one of the worst data breaches of all time.” Hackers accessed social security numbers, driver’s license data, full names, addresses, dates of birth, credit card numbers and other personal information.
YAHOO – October 9 – Final tally: 3 billion accounts hacked
In 2016, it was originally reported that “more than 1 billion user accounts” may have been impacted by a 2013 Yahoo breach. But that was not the end of the story … in 2017, it was revealed that every single Yahoo customer was hacked by that breach. Three billion Yahoo accounts – including email, Tumblr, Fantasy and Flickr – were stolen, making users vulnerable to potential identity theft. Hackers accessed names, email addresses, hashed passwords, phone numbers, birth dates, and in some cases, security questions and answers.
VERIZON – July 13 – Third-party vendor exposure
A reported 14 million subscribers may have been exposed to potential identity theft by a data leak involving a third-party vendor working with Verizon. The compromised data came from log files that generated when Verizon subscribers contacted customer service via phone. Records publicly exposed online contained the customer’s name, mobile number, account PIN, home address and email address, as well as their Verizon account balance.
AMERICA’S JOBLINK – March 21 – Job applicant info hacked
Hackers gained access to the personal information of 4.8 million job seekers, including full names, birth dates and social security numbers. Activity was uncovered in the 10 states that use the America’s JobLink system: Alabama, Arizona, Arkansas, Delaware, Idaho, Illinois, Kansas, Maine, Oklahoma and Vermont.
GMAIL – May 3 – Google Docs phishing scam
Gmail users were targeted in an email phishing scam through a third-party app. The emails appeared to be from a trusted contact who wanted to share a Google Doc via a link. Unsuspecting people who clicked the link were prompted to allow a fake Google Docs app to access their email account. This enabled attackers to read, send and delete emails from the user’s account – then hijack their contact list to spread the threat to others. Google estimates about 1 million users may have been affected.
DUN & BRADSTREET – March 15 – Employee records exposed
Millions of employees from the U.S. Department of Defense, the U.S. Postal Service, AT&T, Walmart and CVS Health had their data exposed when Dun & Bradstreet sold its marketing database to thousands of companies across the country. An internal investigation showed that Dun & Bradstreet had not suffered a security breach, meaning the leak could have come from one of its thousands of customers. Records included full names, work email addresses, phone numbers and other business-related data.
IRS – April 6 – Student financial aid application breached
Up to 100,000 taxpayers may have had their personal information stolen in a scheme involving the IRS Data Retrieval Tool used to complete the Free Application for Federal Student Aid (FAFSA). In March 2017, federal officials observed a potential data breach and took the tool down. Identity thieves stole personal information from outside of the tax system and used the IRS tool to steal additional data from taxpayers.
The cost of getting caught up in a data breach can be devastating, both personally and financially, for many years. The earlier you find out about fraudulent activity occurring in your name, the easier it will be to stop the effects from spreading. If you’re not already doing so, consider signing up for a credit monitoring and identity protection product, which will allow you to regularly review your credit reports and scores – and will alert you to changes in your credit file and suspicious activity involving your personal information.