Skip to main content

What have we learnt from some of the biggest data breaches ever recorded?

1st August 2025

How can we learn from the mistakes of others to improve cyber security measures?

Over the years, there have been many cyber security breaches that have made the news, usually involving a loss of money, trust and custom for the companies involved. However, every misstep is an opportunity to learn and improve, so it is important to pay attention to these incidents.

Below are five notorious examples of cyber breaches: take a look, discover what happened, what errors that were made, and consider if the same vulnerability needs fixing in your business.

Equifax (2017)

Equifax is a credit bureau in the US, responsible for collecting and reporting on financial data. Hackers exploited a vulnerability in a web application framework and were able to breach 147 million records, exposing social security numbers, credit card details and other private details.

This was despite a patch for the vulnerability already existing, it just hadn’t been implemented yet – this highlights the importance of patch management. Furthermore, the incident conveyed the less data you have on file, the less that can be leaked, so it is critical to only keep what is essential and delete what you no longer need.

Yahoo (2013-2016)

At one point Yahoo was a leading provider of email, news and search services, amongst others. Over the course of many years, state-sponsored attackers used forged cookies and backdoors to access approximately 3 billion accounts, compromising names, emails, passwords and security questions.

From this, we better understand the need for encryption: much of this information would have been kept secure, but it was stored in plaintext, so it was easily readable. Additionally, it conveyed that security needed to evolve beyond passwords and security questions (which we are now progressing towards as we embrace passkeys).

Mother of All Breaches (MOAB, 2024)

Not referring to a single company, this refers to a massive data compilation, with over 26 billion records found on an unsecured server. It included emails, passwords, IP addresses and payment logs.

The danger of reusing credentials was highlighted here, as someone could have quite easily have access this old data and used it to compromise accounts being used today. It also showed the scale of cyber threats, and that zero trust is the best way to ensure proper security.

Marriott International (2018)

Marriott is one of the world’s largest hotel chains, operating a range of hotel brands. One of these brands, Starwood, was the source of the vulnerability. Bad actors had access to Starwood’s reservation system, even before Marriott had acquired them. It led to passport number, travel history and personal details being exposed.

It showed the importance of implementing equally robust cyber security over all elements of a business, and, like with Equifax, it highlighted the dangers of keeping sensitive data for too long. As well as this, the fact that Starwood was compromised for so long without anyone realising shows the need for better threat detection.

Bitfinex Crypto Exchange (2016)

A platform for trading cryptocurrencies, Bitfinex was targeted using a vulnerability in their multi-signature wallet system. This resulted in one of the largest crypto threats in history, with $72 million being stolen.

This vulnerability apparently came from a third-party implementation, conveying the need to improve security across all industries for the best protection. In addition, Bitfinex were very open about the incident and suffered less backlash as a result, showing other companies that open communication is a good idea.

Hopefully, having read about these incidents, you can learn from them so nothing like it happens to you or your business. If you would like any guidance on how to implement changes referenced here, please contact Interfuture Security.

YouTube: https://youtu.be/PzwCH5gjni4

Back to top