Every store, restaurant, and retailer that has been hacked
If you're a person in the world in 2018, there are probably two words you remain in constant fear of: data breach.
In recent history, several businesses used regularly by modern consumers have been targets of hacks, resulting in compromised data for millions of people.
SEE ALSO:Is someone hijacking your Spotify? Here's what I did when it happened to me.Perhaps one of the most notable cases was the 2017's Equifax hack, infamous for a multitude of reasons including: the scale of the hack (143 million customers with compromised data); the sensitive nature of the information lost (social security numbers, license numbers, and more); and the way the company bungled the recovery (in the aftermath of the hack, they accidentally directed concerned customers to a phishing scam posing as security site).
But it's not just Equifax. Fast food chains like Wendy's and Chipotle, health insurers like Anthem and Premera, and retailers such as Under Armour and Saks Fifth Ave have all been hacked.
For anyone trying to keep all of the breaches in order, here's a list of all of the retailers that have been hacked, starting with 2013's Target hack.
Target
In 2013, Target fell victim to a massive data breach, in which hackers stole credit card data from up to 40 million customersCredit: Justin Sullivan/Getty ImagesIn 2013, Target fell victim to a massive data breach, where hackers stole credit card data from up to 40 million customers. The hack took place between Nov. 27 and Dec. 15 that year — right after Black Friday— due to a breach in Target's point-of-sale systems, compromising customer data from Target stores all over the country.
Target confirmed the hack in a memo and told Mashable in December 2013, "We're asking everyone who shopped at a Target location since Black Friday to monitor their credit card accounts and contact their banking establishments to see if there is any suspicious activity."
Later it was revealed that hackers were able to gain access to Target's systems by hacking an outsider contractor that was working with Target. The breach cost Target a reported $148 million, according to The New York Times.
eBay
In May 2014, eBay discovered that it had been victim to a hack which compromised a database holding information for 145 million customers with active or inactive accounts.Credit: Justin Sullivan/Getty ImagesHate to break it to you, but if you're an eBay user, you may have been affected by a hack. In May 2014, the ecommerce platform discovered that it had been victim to a hack which compromised a database holding information for 145 million customers with active or inactive accounts. In the breach, hackers were able to see users' usernames, email addresses, physical addresses, phone numbers, dates of birth, and account passwords. In response, eBay urged users to change their passwords.
Fortunately for anyone worried about repercussions from the hack, an eBay spokesperson told Mashable that "there is no evidence that any financial information was accessed or compromised." Also, Pay Pal and a host of other sites that use eBay's marketplace to operate including StubHub, eBay Classifieds, Tradera, Gmarket, GumTree and GittiGidiyor were also safe from the hack.
Home Depot
In September 2014, just month's after Target was hacked, Home Depot fell victim to a breach of its own.Credit: Mark Makela/Getty ImagesTarget isn't the only mega-corporation to have been hacked. In September 2014, just months after Target was hacked, Home Depot had to deal with a breach of its own.
The Home Depot hack was first reported by cyber security expert Brian Krebs on Sept. 2, who noted that a batch of credit card information had gone on sale on an underground cybercrime site, and that multiple banks were seeing evidence that Home Depot may have been the source of the hack. At the time, Home Depot only said that it was investigating unusual activity.
A week later, on Sept. 7, the home improvement store confirmed the hack, but the brand didn't email customers about the data breach until Sept. 21, when Home Depot once again confirmed the hack and offered customers 12 months of fraud detection services.
Anthem
Anthem, the second largest health insurer in America, was breached when hackers broke into the company's computer system in 2015.Credit: Aaron P. Bernstein/Getty ImagesIn February 2015, Anthem, the second largest health insurer in America, was breached when hackers broke into the company's computer system. The hack compromised the personal data — including names, addresses, social security numbers, and more — of up to 80 million people, including Anthem's CEO Joseph R. Swedish.
It is believed that hackers were able to breach Anthem after the stealing the login information of an Anthem employee.
The company's CEO stated that the hack was the result of a sophisticated cyberattack. But according to The New York Times, experts say that Anthem did not complete vital cybersecurity steps like encrypting personal data which could have helped protect customer info.
Wendy's
Over 1,000 restaurants were affected by a Wendy's hack in 2015.Credit: Justin Sullivan/Getty ImagesWendy's is a brand known for getting into beefs (pun intended, I'm sorry) with other restaurants, but in 2015, the fast food chain had some less playful news to share: Wendy's had been hacked.
Wendy's first broke the news at the end of January that year, when the brand confirmed that it was looking into suspicious activity. Later, in May, the brand revealed that it had been targeted by malware that collected customer credit card information but estimated that fewer than 300 restaurants were affected. By July, however, that number dramatically increased when Wendy's said that actually over 1,000 restaurants were targeted.
Premera
In May 2014, health insurance company Premera Blue Cross discovered sensitive data had been compromised when hackers broke into the company's computer system.Credit: Premera.comIn March 2015, health insurance company Premera Blue Cross announced that sensitive user info, including medical, financial, and personal information had been compromised when hackers broke into the company's computer system. The cyberattack reportedly took place between May 2014 to January 2015, exposing data of 11 million customers.
The company did not reveal how hackers were able to breach Premera's systems, but as CNN notes, once they were in, the attackers were able access customer data going as far back as 2002.
Chipotle
If you love moderately priced burritos and questionable queso, we have some bad news for you: Chipotle was hacked in 2017.Credit: Scott Olson/Getty ImagesIf you love moderately priced burritos and questionable queso, we have some bad news for you: Chipotle was hacked in 2017.
The company first reported the hack in April 2017 during a investor call, according to Fortune, where Chipotle's CFO told analysts "We want to make our customers and investors aware we recently detected unauthorized activity on a network that supports payment processing for purchases made in our restaurants."
Then in May 2017 Chipotle revealed more about the hack — malware reportedly infected Chipotle's point of sale system, allowing hackers to steal credit card data from "most, but not all" restaurants.
Equifax
Not only was the Equifax massive — affecting 143 million people — but the company also poorly handled all of the follow up.Credit: AP/REX/SHUTTERSTOCKIf there is one hacking scandal that'll go down in the history books, it's the Equifax data breach. In September 2017, the credit reporting agency revealed that it had been victim to a hack, resulting in data from approximately 143 million people being stolen. According to a statement posted by Equifax, the hack lasted from May to July in 2017, allowing hackers to steal sensitive personal information from customers, including social security numbers and drivers license numbers.
Following the hack, former Equifax CEO Richard Smith, who stepped down soon after the data breach, apologized to customers, saying, "This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do."
But that was only the first part of the scandal.
Briefly after the hack, Equifax accidentally directed customers to a fake security website that was actually a phishing scam. Also, the company went through yet another scarewhen security researcher Randy Abrams revealed that some pages on the company's website redirected to another website which offered a fake Flash update which contained malware. Equifax looked into the incident and found that its systems were not compromised because of the issue.
Though the hack took place in 2017, the Equifax scandal found a way to come back to 2018 when *plot twist* the company revealed in March that an additional 2.4 million people were hacked.
Yikes.
Whole Foods
Whole Foods said "certain venues such as taprooms and full table-service restaurants located within some stores" were victim to a data breach.Credit: Joe Raedle/Getty ImagesIn September, Whole Foods announced that it was investigating information the company received about unauthorized access of payment card information used at Whole Foods properties.
It's still unclear what information was stolen, if any, and to what scale, but Whole Foods noted that the breach didn't affect all of Whole Foods, just "certain venues such as taprooms and full table-service restaurants located within some stores."
"These venues use a different point of sale system than the company’s primary store checkout systems, and payment cards used at the primary store checkout systems were not affected," Whole Foods wrote in a statement about the hack.
Sonic
5 million customers had credit card information stolen and put for sale in Sonic's 2017 hack.Credit: SONIC/BUSINESSWIREIn September 2017, Krebs reported that fast-food company Sonic had been hacked, and the credit card information of 5 million customers were put on sale on cybercrime website Joker's Stash.
The hack revelation involved a little bit of detective work on Krebs part. The cybersecurity expert first began keeping an eye out for info about a potential hack after hearing from "sources at multiple financial institutions who noticed a recent pattern of fraudulent transactions on cards that had all previously been used at Sonic," Krebs wrote.
He then asked those sources to look into a batch of credit card info that had been posted to Joker's Stash and "sure enough, two sources who agreed to purchase a handful of cards from that batch of accounts on sale at Joker’s discovered they all had been recently used at Sonic locations."
Sonic then confirmed the breach, telling Mashable via email that the company it uses to process credit cards had seen "unusual activity regarding credit cards used at Sonic." The fast-food chain also posted a memo about the breach to its site, writing, "Sonic Drive-In has discovered that credit and debit card numbers may have been acquired without authorization as part of a malware attack experienced at certain Sonic Drive-In locations."
In addition to working with law enforcement to investigate the hack, Sonic also offered customers two years of free fraud and identity theft detection.
Under Armor
Usernames, email addresses, and hashed passwords were stolen in Under Armour's March 2018 data breach.Credit: JUSTIN SULLIVAN/GETTYIn March 2018, Under Armour notified customers that its food and nutrition app "MyFitnessPal" had suffered a data breach and that 150 million users' data was compromised. The company explained the breach in a press release, stating, "On March 25, the MyFitnessPal team became aware that an unauthorized party acquired data associated with MyFitnessPal user accounts in late February 2018."
Included in the stolen information were usernames, email addresses, and hashed (or encrypted) passwords. That last bit — hashed passwords — may be one small consolation from the breach. Of the hack, Mashable tech reporter Jack Morse noted, "The fact that the passwords were hashed is good news to those affected, as it suggests that their accounts may not have been immediately compromised following the breach."
But users should still change their passwords just to be safe. "Still, anyone who has used the MyFitnessPal should absolutely change their password — a recommendation that Under Armour is making as well," Morse advised.
Saks Fifth Avenue / Saks Off Fifth / Lord & Taylor
Not even luxury retail brands are safe from data hacks.Credit: PETER BRANDT/GETTY IMAGESOn the first day of April, security firm Gemini Advisory revealed that cybercrime syndicate Fin7 hacked Saks Fifth Avenue, Saks Off Fifth, and Lord & Taylor, stealing credit and debit card data from approximately 5 million customers between May 2017 - April 2018.
"Based on the analysis of the available data, the entire network of Lord & Taylor and 83 Saks Fifth Avenue locations have been compromised. The majority of stolen credit cards were obtained from New York and New Jersey locations," Gemini Advisory wrote.
Saks later confirmed the breach, saying "Once we have more clarity around the facts, we will notify our customers quickly and will offer those impacted free identity protection services, including credit and web monitoring."
Panera Bread
Sorry bread lovers... Panera Bread hasn't been very careful with your data.Credit: GETTY IMAGESSometimes customer data gets exposed not because of a hack but because of some terrible, horrible, no good, very bad decision making on a businesses part. And that's definitely the case with Panera Bread's 2018 data breach.
In April, Krebs reported that PaneraBread.com listed, in plain text, customer data including names, email addresses.
To make matters worse, Panera Bread reportedly knew of the leak for eight monthsbefore the leak was revealed. In an essay published on Medium titled "No, Panera Bread doesn't take security seriously," cybersecurity expert Dylan Houllihan says he alerted Panera Bread about the flaw but the company "sat on the vulnerability and, as far as I can tell, did nothing."
Not cool, Panera. Not cool.
Delta / Sears / Kmart
Credit: DAVID L. RYAN/THE BOSTON GLOBE VIA GETTY IMAGESHackers don't always have to go through your business to get your customer information.
On April 4, both Delta and Sears put out statements that hackers may have been able to access customer payment information after [24]7.ai, a software company that both brands use, had been breached. The [24]7 breach lasted from Sept. 26 to Oct. 12, and hackers were also able to see information for shoppers at Kmart, which is owned by Sears.
The investigation is ongoing but Delta tried to comfort customers by saying that just because 24[7] had been breached it doesn't mean that customer data was actually exposed. "At this point, even though only a small subset of our customers would have been exposed, we cannot say definitively whether any of our customers' information was actually accessed or subsequently compromised," Delta said in a release.
Featured Video For You
AI will become the criminal hacker's best friend—and worst enemy
(责任编辑:新闻中心)
- Speeding space object triggered a warning. It wasn't an asteroid.
- Listeners encouraged to go wild with Le Sserafim's 4th EP
- World’s first ‘meltdown
- 提前谋划部署准备秋季开学
- NYT Strands hints, answers for August 29
- “大体老师”的故事:以生命点亮生命
- 10 Places to Get to Know Paul Bunyan
- 10 Places to Get to Know Paul Bunyan
- Apple Intelligence is now a little easier to get outside the U.S.
- Bernie Sanders’ DNC speech sounded like everyone else’s. That’s astonishing.
- Venture Missionaries
- 热浪来袭 科学应对防中暑
- NASA rover snaps photo of its most daunting challenge yet
-
South Korean lawmakers brace for US election as Harris, Trump diverge on North Korea
Democratic presidential nominee and US Vice President Kamala Harris waves from the stage on Day 4 of ...[详细] -
Webb telescope discovers 6 rogue worlds. They didn't form the way you'd expect.
Sometimes, planets go rogue. Scientists used the powerful James Webb Space Telescope to spot six of ...[详细] -
Abrar Ahmed returns as Pakistan names squad for second Test against Bangladesh
ListentoarticlePakistan has announced its 12-member squad for the second Test against Bangladesh, se ...[详细] -
[Exclusive] Samsung unsure of Suga's future as brand ambassador: source
Suga of BTS (right) holds the first Galaxy Fold 5 with Roh Tae-moon, president of Samsung Electronic ...[详细] -
Unionized hospital workers pull out from strike
Health care workers at Chosun University Hospital hold signs and chant slogans at the hospital' ...[详细] -
Discover Secret Swimming Holes and Hidden History in Crystal River, Florida
Often called the Nature Coast because of its abundant wildlife, wooded forests, and mangrove islands ...[详细] -
The vast majority of our portable electronic gadgets, and the new wave of electric transportation, a ...[详细]
-
How to trademark your TikTok phrase and protect your brand
So, you had a video go viral and it had a very specific phrase, like "Hawk Tuah on that thang" or "v ...[详细] -
17 Places That Harness the Power of the Sun
As we begin the journey down the path of totality in 2024, the eclipse offers the perfect opportunit ...[详细] -
Families of S. Korean detainees in NK appeal to embassies for support
Lee Shin-wha, former ambassador for international cooperation on North Korean human rights (center), ...[详细]
- [From the Scene] How ‘world’s first oil town’ is wrestling to become ‘green'
- 10 Places to Get to Know Paul Bunyan
- Pragmocracy Now
- A global problem is preventing the wars in Ukraine and Gaza from coming to an end.
- Which is Faster for Gaming, Windows 10 or Windows 11?
- Abrar Ahmed returns as Pakistan names squad for second Test against Bangladesh
- Freedom from Dissent