The 10 biggest security breaches from unpatched software

Feb 08, 2019 | | Security
breaches-cover

We are all well aware of the ramifications unpatched software brings upon an organization. They cause security breaches.

The bad reputation, the loss of business, and the millions and millions of dollars flushed down the tubes. Even if the company does all the right things to get back on track, the stigma of the breach rests with their brand resulting in perpetual losses.

International cybercriminal groups like Shadow Brokers who used WannaCry, Petya/NotPetya/Goldeneye etc., to exploit systems were quashed by Microsoft’s ability to release the patching cure. But these malware diseases still spread across the globe crippling businesses like Merck, Maersk, Rosnof, and the NHS.

Let’s take a look at some of the worst breaches from unpatched software through history. Let’s also look at the most significant complications these companies experienced. We’ll also examine where they are now based off of the damages.

 

breaches equifaxEquifax

Date: 2017

Records compromised: 143 million

Security breach: Apache Struts

Where are they now: From lawsuits to fines, covering punitive damages and striving to get back on top, Equifax has been apologizing since early 2016. I guess age counts for something as this 120-year-old company is still standing strong with reported revenue of over $3.3 bn.

 

 

breaches heartlandHeartland Payment Systems

Date: 2008

Records compromised: 134 million users

Security breach: unencrypted system, malware plants

Where are they now: Heartland Payment Systems WAS a fortune 1000 company but lost significant revenue after their breach. However, after some strategic moves, HPS merged with Global payments, coming out on top servicing nearly 2.5 million merchants in 29 countries.

 

 

breaches jpmorganchaseJP Morgan Chase

Date: 2014

Records compromised: 83 million

Security breach: weak security system

Where are they now: This banking giant has seemingly recovered from their losses. They are one of the few organizations that fessed up, came clean, and quickly rectified their security lapses. With their HQ in NYC, this city staple isn’t going anywhere.

 

 

breaches cloudbleedCloudbleed

Date: 2017

Records compromised: unknown, 1.2 million estimated

Security breach: an internal bug in the platform wasn’t updated

Where are they now: Cloudbleed’s breach is unique. Its platform services the likes of Google, Microsoft, and Bing. Though only “sensitive data” was confirmed as being exposed to the breach, no user passwords, credit card information, health records, or customer encryptions keys are known to have been leaked. They have, however, done the “right thing”. They are currently employing Veracode to research their systems.

 

 

breaches usregistryUS Voter Registry

Date: 2017

Records compromised: 198 million voters

Security breach: unpatched server

Where are they now: Conspiracy theorists have had a field day with this one. Every single time there’s a voting event, this particular breach is highlighted. (The last US presidential campaign is one in particular.)

 

 

breaches yahooYahoo

Date: 2013, 2014, 2016, 2017…

Records compromised: over 1 billion users

Security breach: too many to count!

Where are they now:  Verizon now owns the company, renamed Altabala Inc. Did you know Yahoo was once valued at over $100 billion? In a statement released earlier this year, they verified that “pretty much anyone who ever had a Yahoo account had been breached.” Enough said.

 

 

breaches home depotThe Home Depot

Date: 2014

Records compromised: 56 million users

Security breach: third-party system infected with malware

Where are they now: After a lengthy settlement including over 40 million people, an estimated $161 million dollars covered up the breach. Home Depot has seemingly recovered though, outshining competitor Lowes and having no reported problems since their initial breach.

 

breaches uberUber

Date: 2016

Records compromised: 57 million users

Security breach: third-party vendor

Where are they now: Uber is still an unbelievably popular service. They suffered a severe valuation drop.  After the news hit that the team attempted to cover up the hack, Uber went from $68 billion to $48 billion. They fired the CSO. Since, the company has undergone several brand changes.

 

 

breaches targetTarget

Date: 2013

Records compromised: 110 million people

Security breach: unpatched third-party vendor systems

Where are they now: At Target, it’s probably fair to say that 2013 is still filed under the category “public relations catastrophe.”

 

 

breaches marriotMarriott

Date: 2014-2018

Records compromised: 500 million

Security breach: unpatched software on a system acquired by Marriott

Where are they now: 
Even after their initial struggles in 2014, their revenue the following year still increased. As of October of 2018, their valuation remains at over $39 bn. Marriott disclosed in November. This one isn’t over yet, and there could be more coming out of the woodwork here.

To ensure you're practicing proper security hygiene, download the full eBook now.

Share this post

Share this post on your favorite social media platform.

Find this article useful?

If so please click here