The top data breaches of 2013

While many people are out having summer fun at the beach, we have some stark evidence pointing out that so far in 2013, life has been anything but a beach for many organizations in nearly every vertical- including tech, financial, retail, state government, federal government, and even news organizations.

Living Social

An unfortunate event for an e-commerce start-up, Living Social unwittingly shared PII about an estimated 50 million users due to a breach. Exposed information included names, email addresses, and birth dates.


A data breach in February exposed usernames, email addresses and encrypted passwords of 250,000 users, and is somewhat of a unique incident in that the Twitter team discovered the live attack as it was happening and were able to shut it down while it was in progress.

Washington State Court System Administrative Office

Up to 160,000 SSNs and 1 million drivers license numbers were exposed in March and announced in a release in May. In addition to the PII data was potentially reputational damaging information such as jail bookings and DUI citations.


Another attack that was detected live by the company’s security team was against Evernote. Suspicious network activity alerted the team to attempts into their corporate network. Users’ passwords were securely stored, but Evernote took the precaution of resetting an estimated 50 million passwords.

Department of Homeland Security (DHS)

In an odd turn of events for the DHS, a vendor provided software vulnerability exposed names, SSNs, and dates of birth of potentially thousands of employees. The DHS says that there is no evidence of fraudulent use of the information, but it should serve as a reminder about liability due to third-party components.

Federal Reserve

The Fed drew the ire of hacking collective Anonymous, which accessed the personal data of 4,000 bank executives. The hackers published their bounty online including mailing addresses, phone numbers, business emails, and fax numbers.

The New York Times

Reporters were targeted in an advanced and months-long campaign to infiltrate the news outlet with an unknown goal in mind. Imagine the havoc that could be wrought by either faking a disaster, or suppressing news about a real one.


Zendesk experienced a breach that put its support clients at risk when thousands of email addresses and support messages from users of the services were exposed. Such information could be used in creating very detailed phishing attacks to lure even the most vigilant of victims.


Despite attempts at increasing privacy for its users, a breach of the notoriously PII laden organization left an estimated 6 million Facebook users’ mobile numbers and email addresses exposed. The issue was discovered and reported to Facebook through their responsible disclosure program.

NSA Surveilence Program

Whether you agree with Edward Snowden’s actions or not, the situation arguably would not be an issue had there been proper enforcement of physical security at the Booz Allan facility where he worked.