What Business Owners Can Learn From the Biggest Data Breaches

Data breaches cost organizations an average of $3.86 million in 2018, according to IBM’s 2018 Cost of a Data Breach Study. Cyber attacks and data breaches are serious threats to companies today, and business owners need to take steps to protect their companies’ data to avoid suffering crippling losses of money and resources.

To learn more, check out the infographic below created by Maryville University’s Online Bachelor’s in Cyber Security program.

How companies can keep their data safe from the potentially devastating effects of a data breach.

Add This Infographic to Your Site

<p style="clear:both;margin-bottom:20px;"><a href="https://online.maryville.edu/blog/analyzing-biggest-data-breaches/" rel="noreferrer" target="_blank"><img src="https://online.maryville.edu/wp-content/uploads/sites/97/2023/09/MVU-BSCS-What-Business-Owners-Can-Learn-From-the-Biggest-Data-Breaches-final.jpg" alt="How companies can keep their data safe from the potentially devastating effects of a data breach." style="max-width:100%;" /></a></p><p style="clear:both;margin-bottom:20px;"><a href="https://online.maryville.edu/online-bachelors-degrees/cyber-security/" rel="noreferrer" target="_blank">Learn more about Maryville University's online bachelor's in cybersecurity program.</a></p>

Data Breach Statistics

Data breaches can impact institutions that are entrusted with customer or user data, as well as entities that are provided with user data by other organizations, such as marketing firms and credit bureaus.

Some of the more common types of cyber attacks include viruses, spyware, phising, distributed denial of service (DDOS) attacks, and ransomware attacks. The types of data typically affected by data breaches include names, social security numbers, credit card numbers, and medical records.

Growing Numbers of Data Breaches

Over 4.8 billion records were exposed in 2018, and nearly 2 billion records were compromised between January 1, 2017 and March 20, 2018. There were also 1,579 breaches in 2017 – a 44% increase from 2016. 55% of these breaches were in the retail, hospitality, utilities, and trade sectors, and 23.7% of the breaches were in the medical and healthcare fields. The average cost of these breaches was $3.62 million, or $141 per record. Organizations took an average of 191 days to identify these breaches, and 66 days to fully contain them.

51% of data attacks were by organized cybercrime groups. 25% of breaches originated from careless, negligent, or malicious internal actors, and 18% traced back to state-affiliated groups. 77% of these attacks involved file-less malware and exploits. 26.2% of victims at businesses were targeted via ransomware, and 87% of remote code execution attacks involved crypto-mining software.

The Biggest Data Breaches

Some of the world’s largest organizations have been the targets of data breaches, affecting millions – even billions – of use accounts.

Yahoo, 2013 – 2014

The Yahoo attack started with a spear-phishing e-mail sent to an employee who clicked a link, thereby exposing the company’s network. Roughly 3 billion user accounts were breached, compromising their names, dates of birth, and security questions and answers. The breach wasn’t public knowledge for three years, and the investigation lasted four years. Ultimately, Yahoo reset passwords and unencrypted security questions for all users. The breach caused a $350 million decrease in Yahoo’s sale price to Verizon.

Friend Finder Network, 2016

The Friend Finder Network breach compromised 20 years’ worth of data from six databases, and the stolen data included names, e-mail addresses, and passwords. The attack triggered a local file inclusion (LFI) vulnerability.

Uber, 2016

The Uber breach exposed the personal information of 57 million Uber users and 600,000 drivers. The type of data accessed included names, driver’s license numbers, and Uber’s GitHub usernames and passwords. Uber didn’t publicly disclose the breach for one year, and while the company paid the hackers $100,000 to destroy the data, they received no guarantee in return. Uber fired its chief security officer after the breach, which was cited as a significant factor in the company’s valuation drop from $68 billion to $48 billion.

Equifax, 2017

Equifax data was stolen through a web framework vulnerability and exposed the birthdates, addresses, driver’s license numbers, credit card numbers, and social security numbers of 147.9 million people. It’s considered the worst corporate breach ever because millions of social security numbers were stolen.

Marriott International, 2018

The Marriott International breach occurred through the hotel’s Starwood Preferred Guest system. It exposed the data of 500 million customers, including passport numbers and contact information. The attack was attributed to a Chinese intelligence group.

Preventing Data Breaches

Though data breaches are becoming increasingly frequent, businesses can take definitive steps to prevent cybercriminals from stealing sensitive data.

Tips for Preventing Breaches and Securing Data

There are numerous ways businesses can foil cyberattacks. Some of these are system-based, such as using antivirus software or using firewall and encrypting information. Other ways involve user-based strategies, such as changing passwords and keeping personal and business accounts separate. Still others can be policy-based, such as establishing policies for protecting sensitive data, employee training, and outlining the consequences of security policy violation. Finally, it may be wise for companies to hire a cybersecurity specialist to oversee their system.

How Information Security Consultants Protect Organizations’’ Data

An information security consultant can keep a company’s data secure, and they can do so in numerous ways. Some of the key methods include installing security software, simulating network attacks to spot vulnerabilities, staying aware of information technology trends, aid employees in installing and updating security products, establishing security standards, and monitoring network for data breaches.


In the early years of the internet, businesses didn’t take cybersecurity seriously. Today, every organization that stores or handles personal and sensitive information is responsible for implementing and following best practices for data security. Those that don’t take this responsibility seriously are paying dearly – financially and with their reputation.

Be Brave

Bring us your ambition and we’ll guide you along a personalized path to a quality education that’s designed to change your life.