Home > News > Content
The biggest hacks that left us exposed in 2017

It was the year nothing seemed safe.

Here’s a look back at the major hacks of 2017.


Cybercriminals penetrated Equifax (EFX), one of the largest credit bureaus, in July and stole the personal data of 145 million people. It was considered among the worst breaches of all time because of the amount of sensitive information exposed, including Social Security numbers.

The company only revealed the hack two months later. It could have an impact for years because the stolen data could be used for identity theft.

The Equifax breach raised concerns over the amount of information data brokers collect on consumers, which can range from public records to mailing addresses, birth dates and other personal details.

Firms like Equifax, TransUnion and Experian sell that data to customers, such as banks, landlords and employers, so they can learn more about you.

Whether data brokers do enough to keep that private information secure is under scrutiny.

The public still doesn’t know who is responsible for the hack.

A Yahoo bombshell

Parent company Verizon (VZ) announced in October that every one of Yahoo’s 3 billion accounts was hacked in 2013 -- three times what was first thought.

In November, former Yahoo CEO Marissa Mayer told Congress that the company only found out about the breach in 2016, when it reported that 1 billion accounts were hacked.

The company still does not know who was responsible.

Leaked government tools

In April, an anonymous group called the Shadow Brokers leaked a suite of hacking tools widely believed to belong to the National Security Agency.

The tools allowed hackers to compromise a variety of Windows servers and Windows operating systems, including Windows 7 and Windows 8.

Microsoft said it had released patches for the security holes in March. But many businesses had not patched their software. The tools Shadow Brokers leaked were then used in the year’s biggest global cyberattacks, including WannaCry.In March, WikiLeaks released documents that claimed to describe hacking tools created by the CIA. Researchers found that many of the exploits were old and imitated hacks that were made public years ago.


WannaCry, which spanned more than 150 countries, leveraged some of the leaked NSA tools. In May, the ransomware targeted businesses running outdated Windows software and locked down computer systems.

The hackers behind WannaCry demanded money to unlock files. More than 300,000 machines were hit across numerous industries, including health care and car companies.

There was a human cost: In Britain, hospitals with locked computers were forced to close temporarily. One patient told CNN his cancer surgery was delayed.


In June, the computer virus NotPetya targeted Ukrainian businesses using compromised tax software. The malware spread to major global businesses, including FedEx, the British advertising agency WPP, the Russian oil and gas giant Rosneft, and the Danish shipping firm Maersk.

This virus also spread by leveraging a vulnerability leaked by the Shadow Brokers.

In September, FedEx attributed a $300 million loss to the attack. The company’s subsidiary TNT Express had to suspend business.

Bad Rabbit

Another major ransomware campaign, called Bad Rabbit, infiltrated computers by posing as an Adobe Flash installer on news and media websites that hackers had compromised.

The ransomware, which hit in October, mostly affected Russia, but experts saw infections in Ukraine, Turkey and Germany.

It served as a reminder that people should never download apps or software from pop-up advertisements or sites that don’t belong to the software company.

Voter records exposed

In June, a security researcher discovered almost 200 million voter records exposed online after a GOP data firm misconfigured a security setting in its Amazon cloud storage service.

It was the latest in a string of major breaches stemming from insecure Amazon servers where data is stored. They are secure by default, but Chris Vickery, a researcher at cybersecurity firm UpGuard, regularly finds that companies set it up wrong.

Verizon and the U.S. Department of Defense also had data exposed on Amazon servers.

An Uber coverup

In 2016, hackers stole the data of 57 million Uber customers, and the company paid them $100,000 to cover it up. The breach wasn’t made public until this November, when it was revealed by new Uber CEO Dara Khosrowshahi.

Now Uber is facing questions from lawmakers. Three senators introduced a bill that could make executives face jail time for knowingly covering up data breaches.

Looking ahead,Expect even more of this in 2018.

Nunnikhoven predicts attacks on the Internet of Things will keep hitting industries including airlines, manufacturing and cars as they rely more on so-called smart technology.

"They face the same cybersecurity challenges that our laptops and our phones do, but they’re attached to real things in the real world," he said. "If someone hacks my laptop, my data is at risk. But if someone hacks a robotic manufacturing arm, that entire manufacturing line is at risk."

The year’s breaches may ultimately change consumer behavior. They proved Social Security numbers and birthdays might not be the best form of secure identification. Criminals buy and sell those numbers for fairly low prices, along with other personal information like addresses, emails and passwords.

Lawmakers are also proposing legislation to combat data breaches.

In the meantime, businesses and people are at least more aware of security risks.