Close this search box.

The 10 biggest security breaches from unpatched software


We are all well aware of the ramifications unpatched software brings upon an organization. They cause security breaches.

The bad reputation, the loss of business, and the millions and millions of dollars flushed down the tubes. Even if the company does all the right things to get back on track, the stigma of the breach rests with their brand resulting in perpetual losses.
International cybercriminal groups like Shadow Brokers who used WannaCry, Petya/NotPetya/Goldeneye etc., to exploit systems were quashed by Microsoft’s ability to release the patching cure. But these malware diseases still spread across the globe crippling businesses like Merck, Maersk, Rosnof, and the NHS.
Let’s take a look at some of the worst breaches from unpatched software through history. Let’s also look at the most significant complications these companies experienced. We’ll also examine where they are now based off of the damages.

breaches equifaxEquifax

Date: 2017
Records compromised: 143 million
Security breach: Apache Struts
Where are they now: From lawsuits to fines, covering punitive damages and striving to get back on top, Equifax has been apologizing since early 2016. I guess age counts for something as this 120-year-old company is still standing strong with reported revenue of over $3.3 bn.

breaches heartlandHeartland Payment Systems

Date: 2008
Records compromised: 134 million users
Security breach: unencrypted system, malware plants
Where are they now: Heartland Payment Systems WAS a fortune 1000 company but lost significant revenue after their breach. However, after some strategic moves, HPS merged with Global payments, coming out on top servicing nearly 2.5 million merchants in 29 countries.

breaches jpmorganchaseJP Morgan Chase

Date: 2014
Records compromised: 83 million
Security breach: weak security system
Where are they now: This banking giant has seemingly recovered from their losses. They are one of the few organizations that fessed up, came clean, and quickly rectified their security lapses. With their HQ in NYC, this city staple isn’t going anywhere.

breaches cloudbleedCloudbleed

Date: 2017
Records compromised: unknown, 1.2 million estimated
Security breach: an internal bug in the platform wasn’t updated
Where are they now: Cloudbleed’s breach is unique. Its platform services the likes of Google, Microsoft, and Bing. Though only “sensitive data” was confirmed as being exposed to the breach, no user passwords, credit card information, health records, or customer encryptions keys are known to have been leaked. They have, however, done the “right thing”. They are currently employing Veracode to research their systems.

breaches usregistryUS Voter Registry

Date: 2017
Records compromised: 198 million voters
Security breach: unpatched server
Where are they now: Conspiracy theorists have had a field day with this one. Every single time there’s a voting event, this particular breach is highlighted. (The last US presidential campaign is one in particular.)

breaches yahooYahoo

Date: 2013, 2014, 2016, 2017…
Records compromised: over 1 billion users
Security breach: too many to count!
Where are they now:  Verizon now owns the company, renamed Altabala Inc. Did you know Yahoo was once valued at over $100 billion? In a statement released earlier this year, they verified that “pretty much anyone who ever had a Yahoo account had been breached.” Enough said.

breaches home depotThe Home Depot

Date: 2014
Records compromised: 56 million users
Security breach: third-party system infected with malware
Where are they now: After a lengthy settlement including over 40 million people, an estimated $161 million dollars covered up the breach. Home Depot has seemingly recovered though, outshining competitor Lowes and having no reported problems since their initial breach.

breaches uberUber

Date: 2016
Records compromised: 57 million users
Security breach: third-party vendor
Where are they now: Uber is still an unbelievably popular service. They suffered a severe valuation drop.  After the news hit that the team attempted to cover up the hack, Uber went from $68 billion to $48 billion. They fired the CSO. Since, the company has undergone several brand changes.

breaches targetTarget

Date: 2013
Records compromised: 110 million people
Security breach: unpatched third-party vendor systems
Where are they now: At Target, it’s probably fair to say that 2013 is still filed under the category “public relations catastrophe.”

breaches marriotMarriott

Date: 2014-2018
Records compromised: 500 million
Security breach: unpatched software on a system acquired by Marriott

Where are they now: 
Even after their initial struggles in 2014, their revenue the following year still increased. As of October of 2018, their valuation remains at over $39 bn. Marriott disclosed in November. This one isn’t over yet, and there could be more coming out of the woodwork here.


The FORRESTER WAVE™: End-User Experience Management, Q3 2022

The FORRESTER WAVE™: End-User Experience Management, Q3 2022