Source: maxim ibragimov/Shutterstock

Top 10 Data Breaches in 2016

2016 has been a pretty bad year, and cybersecurity is not spared from the seeming domino-effect of bad luck.

The Identity Theft Resource Center reports that more than 35 million records were stolen in nearly 1,000 breaches this year. Security firms have always claimed that breaches are not a matter of “if” but “when.”

And if 2016 has taught us anything, its that there’s no such thing as being too big to fail – even the largest firms and governments have fallen prey to determined hackers.

Here’s a recap of the top 10 data breaches this year. The list includes the biggest ones that happened and reported or disclosed within the year.

And we hope that’s just about it, and no new reports would come out as we count down to 2017.


10 – Dropbox

In August, cloud file storage service Dropbox revealed that 68 million user information including usernames and passwords were leaked in 2012.

Dropbox initially thought the breach only affected a small number of users, which have already been addressed.

But it was then revealed that the breach was massive. Users were prompted to change passwords and enable two-factor authentication for added safety.



9 – LinkedIn

Earlier this year, LinkedIn users found themselves being forced by the service to reset passwords.

In May, LinkedIn disclosed that 117 million email and password combinations were stolen back in 2012 prompting the professional social network to require users to update their credentials.

LinkedIn also figured in security news when Facebook CEO Mark Zuckerberg’s password was revealed as “dadada”, which was also used for his other accounts.



8 – Android Backdoor

Cheap and decently-powered Android devices can be had for less than $50. However, it might not just be hi-resolution screens and cameras that come with the package.

According to security firm Kryptowire, these devices may also contain a backdoor that sends data mined from the phone to China every 72 hours.

The backdoor may be found running on as many as 700 million phones. Kryptowire released its report last November.



7 – National Payment Corporation of India

International banks, including those from the US and China, alerted the NPCI that 3.2 million debit cards in India were being used illegally.

Security experts believe that the breach originated from an ATM malware.

The breach involved cards across 19 Indian banks, and account holders were prompted to change their PIN for protection.



6 – Panama Papers

Panamanian law and corporate services law firm Mossack Fonseca was hit by a data breach that leaked documents, with some dating back to the 1970s.

In April, the firm disclosed that it suffered from a data breach. Journalists pored over the leaked documents and found that some of the firm’s shell corporations may be involved in illegal activities.

The documents also mentioned political leaders and popular personalities that have been involved with the firm.



5 – Philippine Commission on Elections

The Philippines elections went ahead despite the massive personal data leak of almost all 55 million registered voters. Pic: AP.

It is quite tragic when governments fail to protect their own people.

In what is perhaps the biggest government data breach, Filipino voters’ information were hacked and leaked in March – just months before the national elections.

Among the information leaked were names, addresses, dates of birth, and even biometric information of every registered voter in the system.



4 – Bangladesh Bank heist

Officials opening a bag of US dollars that formed a small portion of the funds stolen from Bangladesh’s central bank by hackers and laundered in Manila’s casinos. Pic: AP.

In February, hackers exploited the SWIFT wire transfer network to initiate transactions with Bangladesh Bank amounting to $951 million.

Transactions totaling $101 million succeeded with parts of the amount routed through Sri Lanka (recovered) and the Philippines.

The rest were blocked at the request of Bangladesh Bank. Only $18 million of the funds routed through the Philippines have been recovered so far.



3 – Dyn DDoS Attack

Source: DaLiu

Distributed Denial-of-Service (DDoS) attacks have been growing increasingly massive reaching record sizes this year.

A DDoS attack aimed at Internet service provider Dyn took out popular sites that Dyn services including Twitter, Spotify, and Reddit.

The botnet used by attackers consisted of hundreds of thousands of Internet-of-Things devices that included IP and security cameras.



2 – Yahoo!

yahoo headquarters office

Source: AP

In September, Yahoo! disclosed that hackers stole 500 million user information records in 2014.

The information included usernames, passwords, full names, phone numbers, dates of birth, and, in some cases payment information.

Another breach was discovered just recently supposedly happening in 2013 affecting 1 billion users. The issue even figured in sale price negotiations between embattled Yahoo! and Verizon.



1 ­– US Democratic National Committee email leak

Demonstrators make their way around downtown in Philadelphia after the email leak. Source: AP.

Any breach that may have an impact on who will be the “leader of the free world” has got to make it to the top.

Last July, WikiLeaks published thousands of emails and attachments of the DNC covering a critical period in the campaigns for the Democratic Party’s presidential primaries.

Analysts have pondered on the impact this had in the eventual results of the US elections. Reports have also now surfaced that Russia might have been involved in the leaks in an effort to influence the elections.