Server Breaches, Big Data, and the FBI

Many millions of Americans have been victims of data theft, including information about personal health, credit card and other financial information, emails, and purchasing habits. Some of the larger thefts are described below.

While people tend to think of data theft as primarily a financial crime, it is becoming increasingly clear that there may be other reasons for thieves to steal personal data. In the case of the Yahoo hack, data stolen may have been used for blackmail. 

Yahoo
In 2014, Russian hackers stole the data of 500 million Yahoo users. The hacking group included Russian intelligence officers. According to the New York Times and federal documents, the Russian government used the stolen data to spy on journalists, government and military officials, bank executives, two cloud computing companies, one airline, and a Nevada gambling regulator.

The New York Times article can be found here.
https://www.nytimes.com/2017/03/15/technology/yahoo-hack-indictment.html

The federal indictment, announced in March of 2017, can be found here.
https://www.justice.gov/opa/pr/us-charges-russian-fsb-officers-and-their-criminal-conspirators-hacking-yahoo-and-millions

A Washington Post article with more information about the Yahoo hack can be found here.
https://www.washingtonpost.com/world/national-security/justice-department-charging-russian-spies-and-criminal-hackers-for-yahoo-intrusion/2017/03/15/64b98e32-0911-11e7-93dc-00f9bdd74ed1_story.html?utm_term=.76adfb49d23e

Office of Personnel Management
A hack of data stored by the Office of Personnel Management, stolen in 2014 and 2015, was originally reported to involve 4 million individuals. In July of 2015 Reuters  reported that the number had grown to 21.5 million people’s personal information that had been stolen. The hackers were, and still are, believed to have originated the hack in China.
The Reuters article can be found here.
https://www.reuters.com/article/us-cybersecurity-usa-idUSKCN0PJ2M420150709
An article from Wired  magazine from October 2016 can be found here.
https://www.wired.com/2016/10/inside-cyberattack-shocked-us-government/

Trump Hotels
Reuters reported on July 12, 2017 that Trump International Hotels Management LLC had announced that a data breach at a service provider compromised credit card payment details at 14 of its properties. It was unclear today how many customers were affected.
Last year Trump International Hotels Management paid a $50,000 fine in New York state for failing to notify customers immediately after data breeches in 2015 exposed more than 70,000 credit card numbers and 300 Social Security numbers. The company also agreed to update its security practices.
According to a report in the Los Angeles Times, the Trump hotel chain is probably a greater target for hackers because the chain has been attracting more Republican politicians, industry lobbyists, and foreign officials who use the hotel to try to curry favor with President Trump.
The Reuters article can be found here.
https://www.reuters.com/article/us-trumphotels-cyber-idUSKBN19X2G2
The Los Angeles Times article can be found here.
http://www.latimes.com/business/la-fi-trump-hotels-20170712-story.html

Target
Retail chain Target paid a $18.5 million multistate settlement for a data breach resulting from a cyberattack in 2013 that resulted in the theft of payment information for 41 million customers, and contact information for 60 million.
A USA Today article about the Target cyberattack can be found here.
https://www.usatoday.com/story/money/2017/05/23/target-pay-185m-2013-data-breach-affected-consumers/102063932/

Home Depot
A 2014 cyberattack on the home improvement chain Home Depot resulted in the theft of credit card data from 56 million customers. In addition, the email address information of about 53 million customers was also stolen.
Home Depot was ordered to pay $27.2 million to financial institutions that bore the brunt of the financial burden from the attack, and to update its security practices.
The gang that launched the attack used malware to steal payment information at self-checkout lanes in the U.S. and Canada. They were inside the system from April to September of 2014.
A March 2017 article from Infosecurity Magazine about the Home Depot breach can be found here.
https://www.infosecurity-magazine.com/news/home-depot-to-pay-2725m/

Anthem
A cyberattack on health care company Anthem resulted in a security breach of 78.8 million individuals’ protected health information. A national investigation of the breach pointed to “a foreign government” as the source of the attack.
The breach began in February of 2014, when a user within an Anthem subsidiary opened a phishing email containing malware. Opening the email enabled the malicious program to infect the system and allow the hackers remote access to at least 90 computer systems within the Anthem group of companies.
In response to the breach, Anthem agreed to enhance its security systems, and to provide credit protection to consumers who experienced information theft.
The press release from the California Insurance Commissioner about the Anthem breach can be found here.
http://www.insurance.ca.gov/0400-news/0100-press-releases/2017/release001-17.cfm
An article from Fox Business can be found here.
http://www.foxbusiness.com/features/2017/06/23/anthem-agrees-to-115-million-settlement-data-breach-lawsuit.html

Facebook
Microtargeting (aiming advertising and other content very specifically at users who meet certain criteria) was used extensively in the 2016 presidential election to boost stories critical of Hillary Clinton and favorable to Donald Trump.
An article published in Mother Jones in October of 2016, which originally appeared in ProPublica, describes the process.
http://www.motherjones.com/politics/2016/10/facebook-advertisers-exclude-users-by-race/