One of the great virtues of surfing the Web is occasionally stumbling upon that perfect interactive infographic that makes all the other time you spent fruitlessly perusing worthwhile. And now we can say that we definitely found that, thanks to the folks over at Information is Beautiful, who put together a dazzling infographic detailing all the major cyberattacks that have occurred in the past 10 years. Our first thought, upon viewing it, was, "Wow, this looks kind of beautiful" (something about all those different-sized bubbles that kind of light up when you click on them). But that was followed, immediately afterward, by an abject feeling of fear, because all of the bubbles in the interactive infographic represent a cyberattack that's compromised at least 30,000 records – and there are a lot of bubbles. We thought we'd take the next few posts to review some of the attacks highlighted in this infographic, beginning back in 2004 and working our way toward the present. Hopefully, by reviewing what went wrong over the past 10 years in terms of cybersecurity, we can make the next decade a little safer in the computing realm:
- AOL (2004): This 2004 hack resulted in a whopping 92 million records being compromised, and if that seems big by today's standards, it was positively gargantuan to the not-yet-breach-wary crowd of 2004. An Associated Press story from 2005 explained that the hack took place after an employee of the company stole screen names of users and peddled them to criminals on the black market, who ended up spamming those users with a collective 7 billion emails. Considering that the consequences of the breach were that people only got spam messages – something every basic email service these days can filter – the attack seems rather tame by today's standards. Nevertheless, it was a big deal at the time, and it signaled that cybercrime could happen on a massive scale. The employee responsible for the hack ended up getting a prison sentence of more than a year.
- The U.S. Department of Veterans Affairs (2006): Back in 2006, a laptop with private information from the VA went missing. Stored on that computer were records containing some of the most privileged data imaginable: medical details. But the breach itself wasn't the only problem – the VA's troubles were compounded by the fact that it chose to wait three weeks after first being alerted to the incident before informing those who'd been potentially impacted. This delay in outreach likely didn't bode well for the department's reputation. Ultimately, the VA was required to pay around $20 million as a result of a class action suit. That was a lot less than the $26 billion that had originally been demanded in the suit.
- Hewlett-Packard (2006): Like the VA hack discussed above, this one also started with a single missing laptop. The laptop that was stolen had information on it for roughly 200,000 current and past employees of HP. It should come as no surprise that right around this year, the number of people reporting identity theft experienced a major surge. By 2006, people were starting to realize that the Internet could be used as a malicious means through which their personally identifying details could be taken and exploited. As a result of the breach, HP ramped up its security, but even as companies took proactive steps like these, hackers looked for new ways to launch attacks.
Think those breaches are bad? It just gets worse with the years. Tune in to read about subsequent incidents as we make our way toward the present.
