Sony ransomware attack results in all Sony systems being compromised, claims attackers

Sony has become the latest company to fall victim to a ransomware attack, with all of Sony’s systems being compromised, according to the group claiming responsibility.

The group also claims to be selling Sony customer records after Sony refused to pay the attackers.

The extent of this data breach is yet to be known. Still, the number of compromised records might eventually threaten to be a part of the ten largest known data breaches. Yahoo’s data breach in 2013 resulted in the greatest number of compromised data records. Three billion records were compromised in that hack.

Patch management software company NinjaOne analysed the data breaches with the greatest number of records compromised to see which companies have had the largest known data breaches so far.

1. Yahoo (2013) – 3 billion records

The 2013 attack on Yahoo is the largest known data breach in history, with all three billion Yahoo user accounts at the time being compromised. Originally, it was reported that only one billion user accounts were compromised, but this figure was later revised to three billion. The attack resulted in data such as email addresses, passwords, dates of birth, and telephone numbers being stolen. 

2. First American Corporation (2019) – 885 million records

Financial services provider First American Corporation has the second largest known data breach in history, with 885 million records being compromised in 2019. The breach was a result of poor security practices on their servers, with sensitive information being accessible to external users. This information included bank account details, Social Security digits, wire transactions, as well as other mortgage paperwork.

3. Facebook (2019) – 540 million records

The third largest known data breach belongs to social media giant Facebook, with 540 million records compromised in 2019. Third-party app developers posted the records on a public Amazon cloud server with the compromised records including information such as account names, IDs, and information about reactions and comments on posts. 

4. (Tie) Marriott International (2018) – 500 million records

Hotel chain Marriott International has the tied fourth largest known data breach, with 500 million records compromised in a 2018 attack. Hackers suspected of working on behalf of the Chinese government were behind the attack on Marriott’s reservation database. The information that was compromised included unencrypted passport numbers and encrypted credit card numbers stored on the same server as their encryption keys.

5. (Tie) Yahoo (2014) – 500 million records

The second time Yahoo has featured on this list, the 2014 attack was the tied fourth largest known data breach, with 500 million records compromised. The attack resulted in information such as names, email addresses, telephone numbers, dates of birth, and answers to security questions being stolen.

6. Friend Finder Networks (2016) – 412 million records

Online dating and adult entertainment company, Friend Finder Networks, has the sixth largest known data breach, with 412 million records compromised in a 2016 attack. The largest share of the compromised accounts belonged to the AdultFriendFinder website, with stolen information including email addresses and passwords. This information was stored either as plain text or encrypted using obsolete and insecure methods.

7. Exactis (2018) – 340 million records

Marketing and data aggregation company Exactis has the seventh largest known data breach, with 340 million records compromised in 2018. The firm posted the data on a publicly accessible server and included detailed personal information on millions of people. This featured information such as phone numbers, home addresses, and email addresses among others for each name. 

8. Airtel (2019) – 320 million records

Indian telecom giant Airtel has the eighth largest known data breach, with 320 million records being compromised in 2019. A security flaw in Airtel’s mobile app caused the breach, with information such as names, email addresses, dates of birth, and addresses being at risk. 

9. Truecaller (2019) - 299 million records

Caller ID and call-blocking app Truecaller has the ninth largest known data breach, with 299 million records being compromised in 2019. The leaked information included data such as phone numbers, email addresses, and other personal information. 

10. MongoDB (2019) – 275 million records

Tech company MongoDB has the tenth largest known data breach, with 275 million records being compromised. Information such as dates of birth, email addresses, phone numbers, employment details, as well as other personal information, was posted on a publicly accessible server in the 2019 breach.  

A spokesperson for NinjaOne commented on the findings: “Data is one of the most valuable commodities in our interconnected world, and it pays dividends to keep it safe with proper security practices.

“Keeping software up to date by patching security vulnerabilities and making sure sensitive data is only accessible to those who need it, are two ways to minimise the risk of costly data breaches. Yahoo unfortunately learned the hard way just how costly a large data breach can be, with two breaches in 2013 and 2014 resulting in billions of data records being compromised, the former being the largest known in history.

“This series of data breaches resulted in a class action settlement against Yahoo amounting to $117,500,000, in addition to legal action against the company and its successors due to how the breaches were handled. One such example is the $35,000,000 SEC fine Yahoo incurred for not disclosing the data breach when they first learned about it, thereby misleading investors.”