Every store, restaurant, and retailer that has been hacked
If you're a person in the world in 2018, there are probably two words you remain in constant fear of: data breach.
In recent history, several businesses used regularly by modern consumers have been targets of hacks, resulting in compromised data for millions of people.
SEE ALSO:Is someone hijacking your Spotify? Here's what I did when it happened to me.Perhaps one of the most notable cases was the 2017's Equifax hack, infamous for a multitude of reasons including: the scale of the hack (143 million customers with compromised data); the sensitive nature of the information lost (social security numbers, license numbers, and more); and the way the company bungled the recovery (in the aftermath of the hack, they accidentally directed concerned customers to a phishing scam posing as security site).
But it's not just Equifax. Fast food chains like Wendy's and Chipotle, health insurers like Anthem and Premera, and retailers such as Under Armour and Saks Fifth Ave have all been hacked.
For anyone trying to keep all of the breaches in order, here's a list of all of the retailers that have been hacked, starting with 2013's Target hack.
Target
In 2013, Target fell victim to a massive data breach, in which hackers stole credit card data from up to 40 million customersCredit: Justin Sullivan/Getty ImagesIn 2013, Target fell victim to a massive data breach, where hackers stole credit card data from up to 40 million customers. The hack took place between Nov. 27 and Dec. 15 that year — right after Black Friday— due to a breach in Target's point-of-sale systems, compromising customer data from Target stores all over the country.
Target confirmed the hack in a memo and told Mashable in December 2013, "We're asking everyone who shopped at a Target location since Black Friday to monitor their credit card accounts and contact their banking establishments to see if there is any suspicious activity."
Later it was revealed that hackers were able to gain access to Target's systems by hacking an outsider contractor that was working with Target. The breach cost Target a reported $148 million, according to The New York Times.
eBay
In May 2014, eBay discovered that it had been victim to a hack which compromised a database holding information for 145 million customers with active or inactive accounts.Credit: Justin Sullivan/Getty ImagesHate to break it to you, but if you're an eBay user, you may have been affected by a hack. In May 2014, the ecommerce platform discovered that it had been victim to a hack which compromised a database holding information for 145 million customers with active or inactive accounts. In the breach, hackers were able to see users' usernames, email addresses, physical addresses, phone numbers, dates of birth, and account passwords. In response, eBay urged users to change their passwords.
Fortunately for anyone worried about repercussions from the hack, an eBay spokesperson told Mashable that "there is no evidence that any financial information was accessed or compromised." Also, Pay Pal and a host of other sites that use eBay's marketplace to operate including StubHub, eBay Classifieds, Tradera, Gmarket, GumTree and GittiGidiyor were also safe from the hack.
Home Depot
In September 2014, just month's after Target was hacked, Home Depot fell victim to a breach of its own.Credit: Mark Makela/Getty ImagesTarget isn't the only mega-corporation to have been hacked. In September 2014, just months after Target was hacked, Home Depot had to deal with a breach of its own.
The Home Depot hack was first reported by cyber security expert Brian Krebs on Sept. 2, who noted that a batch of credit card information had gone on sale on an underground cybercrime site, and that multiple banks were seeing evidence that Home Depot may have been the source of the hack. At the time, Home Depot only said that it was investigating unusual activity.
A week later, on Sept. 7, the home improvement store confirmed the hack, but the brand didn't email customers about the data breach until Sept. 21, when Home Depot once again confirmed the hack and offered customers 12 months of fraud detection services.
Anthem
Anthem, the second largest health insurer in America, was breached when hackers broke into the company's computer system in 2015.Credit: Aaron P. Bernstein/Getty ImagesIn February 2015, Anthem, the second largest health insurer in America, was breached when hackers broke into the company's computer system. The hack compromised the personal data — including names, addresses, social security numbers, and more — of up to 80 million people, including Anthem's CEO Joseph R. Swedish.
It is believed that hackers were able to breach Anthem after the stealing the login information of an Anthem employee.
The company's CEO stated that the hack was the result of a sophisticated cyberattack. But according to The New York Times, experts say that Anthem did not complete vital cybersecurity steps like encrypting personal data which could have helped protect customer info.
Wendy's
Over 1,000 restaurants were affected by a Wendy's hack in 2015.Credit: Justin Sullivan/Getty ImagesWendy's is a brand known for getting into beefs (pun intended, I'm sorry) with other restaurants, but in 2015, the fast food chain had some less playful news to share: Wendy's had been hacked.
Wendy's first broke the news at the end of January that year, when the brand confirmed that it was looking into suspicious activity. Later, in May, the brand revealed that it had been targeted by malware that collected customer credit card information but estimated that fewer than 300 restaurants were affected. By July, however, that number dramatically increased when Wendy's said that actually over 1,000 restaurants were targeted.
Premera
In May 2014, health insurance company Premera Blue Cross discovered sensitive data had been compromised when hackers broke into the company's computer system.Credit: Premera.comIn March 2015, health insurance company Premera Blue Cross announced that sensitive user info, including medical, financial, and personal information had been compromised when hackers broke into the company's computer system. The cyberattack reportedly took place between May 2014 to January 2015, exposing data of 11 million customers.
The company did not reveal how hackers were able to breach Premera's systems, but as CNN notes, once they were in, the attackers were able access customer data going as far back as 2002.
Chipotle
If you love moderately priced burritos and questionable queso, we have some bad news for you: Chipotle was hacked in 2017.Credit: Scott Olson/Getty ImagesIf you love moderately priced burritos and questionable queso, we have some bad news for you: Chipotle was hacked in 2017.
The company first reported the hack in April 2017 during a investor call, according to Fortune, where Chipotle's CFO told analysts "We want to make our customers and investors aware we recently detected unauthorized activity on a network that supports payment processing for purchases made in our restaurants."
Then in May 2017 Chipotle revealed more about the hack — malware reportedly infected Chipotle's point of sale system, allowing hackers to steal credit card data from "most, but not all" restaurants.
Equifax
Not only was the Equifax massive — affecting 143 million people — but the company also poorly handled all of the follow up.Credit: AP/REX/SHUTTERSTOCKIf there is one hacking scandal that'll go down in the history books, it's the Equifax data breach. In September 2017, the credit reporting agency revealed that it had been victim to a hack, resulting in data from approximately 143 million people being stolen. According to a statement posted by Equifax, the hack lasted from May to July in 2017, allowing hackers to steal sensitive personal information from customers, including social security numbers and drivers license numbers.
Following the hack, former Equifax CEO Richard Smith, who stepped down soon after the data breach, apologized to customers, saying, "This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do."
But that was only the first part of the scandal.
Briefly after the hack, Equifax accidentally directed customers to a fake security website that was actually a phishing scam. Also, the company went through yet another scarewhen security researcher Randy Abrams revealed that some pages on the company's website redirected to another website which offered a fake Flash update which contained malware. Equifax looked into the incident and found that its systems were not compromised because of the issue.
Though the hack took place in 2017, the Equifax scandal found a way to come back to 2018 when *plot twist* the company revealed in March that an additional 2.4 million people were hacked.
Yikes.
Whole Foods
Whole Foods said "certain venues such as taprooms and full table-service restaurants located within some stores" were victim to a data breach.Credit: Joe Raedle/Getty ImagesIn September, Whole Foods announced that it was investigating information the company received about unauthorized access of payment card information used at Whole Foods properties.
It's still unclear what information was stolen, if any, and to what scale, but Whole Foods noted that the breach didn't affect all of Whole Foods, just "certain venues such as taprooms and full table-service restaurants located within some stores."
"These venues use a different point of sale system than the company’s primary store checkout systems, and payment cards used at the primary store checkout systems were not affected," Whole Foods wrote in a statement about the hack.
Sonic
5 million customers had credit card information stolen and put for sale in Sonic's 2017 hack.Credit: SONIC/BUSINESSWIREIn September 2017, Krebs reported that fast-food company Sonic had been hacked, and the credit card information of 5 million customers were put on sale on cybercrime website Joker's Stash.
The hack revelation involved a little bit of detective work on Krebs part. The cybersecurity expert first began keeping an eye out for info about a potential hack after hearing from "sources at multiple financial institutions who noticed a recent pattern of fraudulent transactions on cards that had all previously been used at Sonic," Krebs wrote.
He then asked those sources to look into a batch of credit card info that had been posted to Joker's Stash and "sure enough, two sources who agreed to purchase a handful of cards from that batch of accounts on sale at Joker’s discovered they all had been recently used at Sonic locations."
Sonic then confirmed the breach, telling Mashable via email that the company it uses to process credit cards had seen "unusual activity regarding credit cards used at Sonic." The fast-food chain also posted a memo about the breach to its site, writing, "Sonic Drive-In has discovered that credit and debit card numbers may have been acquired without authorization as part of a malware attack experienced at certain Sonic Drive-In locations."
In addition to working with law enforcement to investigate the hack, Sonic also offered customers two years of free fraud and identity theft detection.
Under Armor
Usernames, email addresses, and hashed passwords were stolen in Under Armour's March 2018 data breach.Credit: JUSTIN SULLIVAN/GETTYIn March 2018, Under Armour notified customers that its food and nutrition app "MyFitnessPal" had suffered a data breach and that 150 million users' data was compromised. The company explained the breach in a press release, stating, "On March 25, the MyFitnessPal team became aware that an unauthorized party acquired data associated with MyFitnessPal user accounts in late February 2018."
Included in the stolen information were usernames, email addresses, and hashed (or encrypted) passwords. That last bit — hashed passwords — may be one small consolation from the breach. Of the hack, Mashable tech reporter Jack Morse noted, "The fact that the passwords were hashed is good news to those affected, as it suggests that their accounts may not have been immediately compromised following the breach."
But users should still change their passwords just to be safe. "Still, anyone who has used the MyFitnessPal should absolutely change their password — a recommendation that Under Armour is making as well," Morse advised.
Saks Fifth Avenue / Saks Off Fifth / Lord & Taylor
Not even luxury retail brands are safe from data hacks.Credit: PETER BRANDT/GETTY IMAGESOn the first day of April, security firm Gemini Advisory revealed that cybercrime syndicate Fin7 hacked Saks Fifth Avenue, Saks Off Fifth, and Lord & Taylor, stealing credit and debit card data from approximately 5 million customers between May 2017 - April 2018.
"Based on the analysis of the available data, the entire network of Lord & Taylor and 83 Saks Fifth Avenue locations have been compromised. The majority of stolen credit cards were obtained from New York and New Jersey locations," Gemini Advisory wrote.
Saks later confirmed the breach, saying "Once we have more clarity around the facts, we will notify our customers quickly and will offer those impacted free identity protection services, including credit and web monitoring."
Panera Bread
Sorry bread lovers... Panera Bread hasn't been very careful with your data.Credit: GETTY IMAGESSometimes customer data gets exposed not because of a hack but because of some terrible, horrible, no good, very bad decision making on a businesses part. And that's definitely the case with Panera Bread's 2018 data breach.
In April, Krebs reported that PaneraBread.com listed, in plain text, customer data including names, email addresses.
To make matters worse, Panera Bread reportedly knew of the leak for eight monthsbefore the leak was revealed. In an essay published on Medium titled "No, Panera Bread doesn't take security seriously," cybersecurity expert Dylan Houllihan says he alerted Panera Bread about the flaw but the company "sat on the vulnerability and, as far as I can tell, did nothing."
Not cool, Panera. Not cool.
Delta / Sears / Kmart
Credit: DAVID L. RYAN/THE BOSTON GLOBE VIA GETTY IMAGESHackers don't always have to go through your business to get your customer information.
On April 4, both Delta and Sears put out statements that hackers may have been able to access customer payment information after [24]7.ai, a software company that both brands use, had been breached. The [24]7 breach lasted from Sept. 26 to Oct. 12, and hackers were also able to see information for shoppers at Kmart, which is owned by Sears.
The investigation is ongoing but Delta tried to comfort customers by saying that just because 24[7] had been breached it doesn't mean that customer data was actually exposed. "At this point, even though only a small subset of our customers would have been exposed, we cannot say definitively whether any of our customers' information was actually accessed or subsequently compromised," Delta said in a release.
Featured Video For You
AI will become the criminal hacker's best friend—and worst enemy
-
The Wonderful World of Christmas Trees[Photo News] Iftar dinner in SeoulNoodle, TikTok's No Bones Day pug, has diedHow to Squeeze the Most Out of Your iPhone's Battery23 Peculiar Places of 2023Is the TikTok trend dead?Rio Open: Alcaraz halted by rain on brink of victory[Photo News] Iftar dinner in Seoul17 Places That Harness the Power of the Sun'Quordle' today: See each 'Quordle' answer and hints for December 23
- ·Google Search tries new tactics for limiting explicit deepfakes
- ·Murray advances in Doha with marathon win over Zverev
- ·Eight suspended Twitter Accounts reinstated, including Musk
- ·Virtual Reality: The True Cost of Admission (and Why It Doesn't Matter)
- ·Get Thee to Totality: Chicago
- ·Patched Laptops: Testing Meltdown & Spectre Patches on Ultraportable
- ·10分钟“跨越”1000多公里
- ·Maitreyi Ramakrishnan talks Instagram, wellbeing, and making positive connections online
- ·多措并举优治理 绘就幸福新图景
- ·14 of the best, most influential K
- ·How to use Hive Social
- ·塑“雅州名师” 创“一流党校”
- ·How much for Oasis tickets? Fans joke about splurging on reunion shows
- ·下一个川锅爆款?清远西牛麻竹笋亮相成都
- ·重拳出击 惩治“老赖”
- ·Top court says Iranian refugee who faked visa document won't be punished
- ·The Analog Embrace: How Some Experiences Are Surviving the Digital Age
- ·[Herald Interview] Korea should use new gas deposits in Peru: ambassador
- ·Five kinds of puppyhood in Korea
- ·Hidden Siri Commands and Unusual Responses
- ·Wordle today: The answer and hints for August 29
- ·13 Good Games You Can Play on Laptops and Budget PCs
- ·Passersby flip car on its side to rescue driver
- ·[From the Scene] Hydrogen tram, floating islands touted in Busan Expo bid
- ·夏凤俭与四川建安工业有限责任公司董事长耿海波座谈
- ·5 Ways to Access a Locked Windows Account
- ·How much will PCB's Champions Cup mentors be paid?
- ·How to Easily Make iPhone Ringtones Using Only iTunes
- ·Murray advances in Doha with marathon win over Zverev
- ·'No favours' for Bayern at Gladbach
- ·Echo Dot (5th gen) deal — get it for $29.99 at Amazon
- ·Elon Musk's private jet now being tracked by a new dedicated subreddit, r/ElonJetTracker
- ·Seoul plans shortening COVID
- ·Qatari bid for Man Utd poses questions over PSG's future
- ·Gastro Obscura's Guide to Where to Eat in Nashville
- ·报名火爆!11月24