cbc.ca (© Copyright: (C) Canadian Broadcasting Corporation, http://www.cbc.ca/aboutcbc/discover/termsofuse.html#Rss)
Updated: Tue, 28 Jan 2014 15:15:41 GMT | By CBC News, cbc.ca

Personal data online: 5 of the biggest security breaches



Personal information like birth dates, addresses and even bank accounts numbers are out there in digital databases, and if they're not properly safeguarded, can be vulnerable to online thieves. Kostenko Maxim/Shutterstock

Personal information like birth dates, addresses and even bank accounts numbers are out there in digital databases, and if they're not properly safeguarded, can be vulnerable to online thieves. Kostenko Maxim/Shutterstock

With recent revelations suggesting that the U.S. National Security Agency is using mobile apps like Angry Birds to glean information about individuals, many people may be thinking about how much of their personal data is accessible online.

Details like birthdates, addresses and even bank account numbers are out there in digital databases and, if they're not properly safeguarded, can be vulnerable to online thieves. Here are five of the biggest privacy breaches involving personal data over the last few years.

1. 70 million Target shoppers get hacked

​U.S. retailer Target announced in December 2013 that hackers accessed information belonging to tens of millions of their customers, including Canadians who did any shopping in their stores south of the border. The security breach was believed to have involved 40 million credit and debit card accounts and the personal information of 70 million customers who paid with their cards between Nov. 27 and Dec. 15, 2013. Target has said Canadian stores weren't affected because they use a different payment system at cash registers.

Upscale retailer Neiman Marcus was also hit with a security breach that compromised their customers’ credit and debit cards, but wouldn’t say how many accounts were affected. One security expert said the Target and Neiman Marcus thefts were likely carried out by the same group.

2. TJX customers' card data stolen

TJX, the U.S. parent of Winners and HomeSense stores, revealed in 2007 that data from at least 45.7 million credit and debit cards was stolen by hackers.

The company said the stolen information covered transactions between 2003 and part of 2006, but the breach wasn’t discovered until December 2006. Victims won a class-action lawsuit, were reimbursed and received store vouchers.

Canada’s privacy commissioner weighed in, saying the TJX data breach could have been preventable if they had taken necessary precautions, including upgrading their encryption technology.

3. Hackers make a point with Snapchat leak

​Users of the popular smartphone app Snapchat got a rude awakening this past New Year's Day when a group of hackers published an online database containing the usernames, locations and cellphone numbers of 4.6 million accounts. (The database has since been taken down.)

The alleged hackers sent out a statement saying they wanted to raise awareness about online security and put pressure on the developers — who had earlier been warned about vulnerabilities — to address security holes in the app.

4. Hackers target Sony gamers, movie buffs

Sony had a rough year in 2011 when hackers targeted both their PlayStation Network and their Sony Pictures website. More than 100 million PlayStation accounts worldwide were compromised, with hackers getting their hands on names, birthdates, bank account numbers  and credit and debit card information.

Months later, a group of hackers said they managed to steal a massive trove of personal information from Sony Pictures' website, accessing data belonging more than one million users, including passwords, email addresses, home addresses and dates of birth. The group, who called themselves LulzSec, chastised Sony online for its lax approach to security.

5. Canadian agencies lose personal data

Alberta’s Health Minister Fred Horne revealed this week that an unencrypted laptop containing the personal health information of 620,000 Albertans was stolen in September. The laptop, which belonged to an IT consultant for the province's network of medical centres, housed data including names, birthdates, health card numbers and billing codes of people who visited the clinics between May 2, 2011, and Sept. 10, 2013.

In another security breach last year, the federal government revealed a portable hard drive containing personal information, including Social Insurance Numbers, of more than half a million student-loan borrowers had gone missing. Similarly in 2012, a government employee for Human Resources and Skills Development Canada reported that a USB key containing personal data of about 5,000 Canadians went missing. 

more video