Data Breaches: The Complete WIRED Guide

Data Breaches: A Persistent Problem

The Complete WIRED Guide

A History of Data Breaches and the Importance of Digital Security

Data breaches have been a persistent problem since the early days of the internet. Major incidents like the TRW breach, LinkedIn hack, and Target hack highlighted the risks of data exposure.

Early Landmark Incidents

One early landmark incident occurred in 1984, when the credit reporting agency TRW Information Systems (now Experian) realized that one of its database files had been breached. The trove was protected by a numeric passcode that someone lifted from an administrative note at a Sears store and posted on an “electronic bulletin board”—a sort of rudimentary Google Doc.

A Brief History of Data Breaches

The Reality of Data Breaches

Even after a data breach has occurred, though, and an unauthorized actor definitely has your data, you won’t necessarily see an immediate negative impact. Attackers tend to capitalize on certain types of data right away, namely financial information like credit card numbers. But other troves of data disappear into the criminal ecosystem and become a sort of ticking time bomb as personal details are combined and recombined with other stolen information.

The Difficulty of Digital Security

Unfortunately for victims, there is no such thing as perfect security, and no way to eliminate all data breaches. But massive institutional breaches don’t need to happen as often as they do. Many occur not because of complex and sophisticated hacking but because organizations have made basic and potentially avoidable mistakes in implementing their security schemes.

The Importance of Digital Security

Over the past 10 years, however, as corporate and government data breaches have ramped up—impacting the data of billions of people—institutional leaders and the general public alike have finally begun to understand the urgency and necessity of putting security first. Additionally, as ransomware attacks have evolved beyond encrypting a target’s systems and demanding a ransom to include data theft and extortion, institutions have had additional incentives to bolster their digital defenses.

Introduction

One early landmark incident occurred in 1984, when the credit reporting agency TRW Information Systems (now Experian) realized that one of its database files had been breached. The trove was protected by a numeric passcode that someone lifted from an administrative note at a Sears store and posted on an “electronic bulletin board”—a sort of rudimentary Google Doc that people could access and alter using their landline phone connection.

Modern Data Breaches

Today, data breaches are so common that the cybersecurity industry refers to ‘breach fatigue.’ Despite efforts to improve data protection, the industry has yet to turn the corner. Notable examples include Yahoo’s repeated announcements of massive data breaches, including one affecting a billion accounts.

The Severity and Impact of Data Breaches

The severity and impact of these incidents are related not just to how frequent they are and how many people they affect, but to the nature of the stolen data. For example, the credit monitoring firm Equifax is notorious for disclosing a massive breach in September 2017 that exposed personal information for 147.9 million people.

The Problem with Data Security

Unfortunately, you can’t keep your information perfectly safe: It is often impossible to avoid sharing data, especially with organizations like governments and health insurers. Many incidents don’t necessarily even involve hackers. Data “exposures” occur when information that should have been locked down was accessible, but it’s unclear if anyone actually stole it.

A Few Standout Incidents

• The Equifax breach was particularly notable due to its severity and the nature of the stolen data.

• Facebook’s First Full Data Breach Impacts Up to 90 Million Accounts

• T-Mobile said that it had suffered a data breach beginning in November 2022 that impacted 37 million current customers—exposing information like names, email addresses, phone numbers, billing addresses, dates of birth, account numbers, and service plan details.

The Nature of Stolen Data

The severity and impact of these incidents is related not just to how frequent they are and how many people they affect, but to the nature of the stolen data. For example, the credit monitoring firm Equifax is notorious for disclosing a massive breach in September 2017 that exposed personal information for 147.9 million people.

The Role of Data Aggregators

Data aggregators like Equifax have become a single point of failure of the digital age. More and more often, attackers target data analytics companies or digital services that are incorporated into other products and networks as a one-stop-shop for valuable information.

A Security Deficit

Collective inaction for decades has created a security deficit that will take significant time and money to make up. And the reality that robust digital security requires never-ending investment is difficult for institutions to accept.

Modern-Day Data Breaches

Aadhaar Breaches

Aadhaar stores personal information, biometrics, and a 12-digit identification number for more than 1 billion Indian citizens, and it is incorporated by both the government and private companies into a range of foundational digital services. These interconnections have led to numerous major breaches of Aadhaar data from both third parties and the Indian government itself.

Conclusion

Data breaches are increasingly common and harmful. While there have been efforts to improve data protection, the industry has yet to turn the corner. Institutions must prioritize digital security and make it a spending priority to prevent massive institutional breaches.