You remember the January 2009 data breach of Heartland Payment Systems that exposed 130 million personal records, right? You should — it was the largest data breach of all time.
To give you a little background, Heartland Payment Systems processes 100 million credit and debit card transactions per month for 175,000 merchants. In late 2008, a hacker accessed the computers Heartland uses on a daily basis, jeopardizing 130 million customer records.
And finally, after almost one year of investigations, officials charged 28-year-old Albert Gonzalez of Miami. He pleaded guilty to two counts of conspiracy to gain unauthorized access to the payment card networks operated by Heartland, among other payment processing companies. But this was not Gonzalez’s first run-in with the law for hacking-related activities.
Gonzalez pleaded guilty in September 2009 in Boston to 19 counts of conspiracy, computer fraud, wire fraud, access device fraud and aggravated identity theft relating to hacks into numerous major U.S. retailers including TJX Companies, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble and Sports Authority. Gonzalez also pleaded guilty in September 2009 in Boston to one count of conspiracy to commit wire fraud relating to hacks into the Dave & Buster’s restaurant chain, which were the subject of a May 2008 indictment in the Eastern District of New York.
Who knows where this cyber-scoundrel would have attacked next, had he not been caught. He faces sentencing in March for his crimes and will likely be sentenced to 17 to 25 years in prison.
Let’s take a look at the largest data breach incidents on record, listed by number of records breached, date and organizations affected.
Largest Data Breach Incidents
|130,000,000||01/20/09||Heartland Payment Systems|
|90,000,000||06/01/84||TRW, Sears Roebuck|
|76,000,000||10/05/09||National Archives and Records Administration|
|40,000,000||06/19/05||CardSystems, Visa, MasterCard, American Express|
|26,500,00||05/22/06||U.S. Department of Veterans Affairs|
|25,000,000||11/20/07||HM Revenue and Customs, TNT|
|17,000,000||10/06/08||T-Mobil, Deutsche Telekom|
|16,000,000||11/01/86||Canada Revenue Agency|
As hackers become more sophisticated, more pressure is put on IT risk managers. And with budgets tight and resources lacking, we will undoubtedly see our share of data breaches well into the future.