6. Facebook
In June of last year, Facebook admitted, via their blog, to a technical breach that had inadvertently exposed the phone numbers and emails of more than six million users. The software bug allowed Facebook users who downloaded contact information for their list of friends to obtain additional, unauthorized contact details. The bug was found by a security researcher who reported it to the company.
While Facebook says they fixed the glitch within 24 hours of discovery, and that they hadn't received any complaints of suspicious activity as a result of the glitch, the incident served as a reminder to users that their personal information wasn't safe-even on one of the world's most popular websites.
7. LivingSocial
Daily deal site LivingSocial was the victim of a cyber attack that compromised the account information of its 50 million users. According to the company, customer credit card data was stored on a different server and remained safe, however the names, email addresses, birth dates, and encrypted passwords of its users were accessed. LivingSocial forced the reset of customer passwords and sent notices to affected users.
8. Maricopa Community College
A massive security breach in Arizona exposed the personal information of 2.4 million current and former students and faculty across ten district schools. Compromised was a wealth of personal information, including Social Security numbers, driver's license numbers, and bank account information, as well as academic records.
The school was notified of the security breach by the FBI who found a website selling personal data from the district's information-technology system. While there is no evidence the information was actually accessed, the school came under fire for waiting seven months to disclose the breach to those affected.
The board has allocated $17 million to deal with the fallout—funds will go towards ongoing retention of a law firm, maintenance for a call center, as well as the issue of notification letters and credit monitoring for those affected.
9. JP Morgan Chase
The financial services firm revealed it was targeted in a July 2013 cyber attack. The bank uncovered the breach to its website server in September but came under fire for waiting months to notify its customers that their personal information had been compromised.
Targeted were almost half a million holders of the bank's prepaid cash cards, called UCards, which were issued to corporations and government agencies—organizations that are increasingly using the cards to replace paper checks. More than 6,000 residents in Louisiana received the cards for their state income tax refund, for example. While the bank believes critical personal information such as Social Security numbers and birth dates were not taken, the bank is offering the cardholders a year of free credit-monitoring services as a courtesy.
10. The University of Pittsburgh Medical Center
The University of Pittsburgh Medical Center (UPMC) was the victim of a data breach than enabled scammers to file up to 788 bogus 2013 tax returns with the IRS—a scam worth about $10 million. Names, addresses, and Social Security numbers for up 27,000 employees may have been compromised, UPMC said. An investigation into the UPMC breach is ongoing but one worker has already filed a lawsuit against her employer—rather than financial compensation, the employee is seeking credit restoration services and identity theft insurance.
