Regulators are still closely monitoring businesses that don’t uphold adequate data protection standards. The following list covers 10 types significant Information security breaches and penalties, associated fines, and brief descriptions of the claims’ nature.
Please take note that the General Data Protection Regulation (GDPR) fines are not included in this list. There are also a sizable number of infractions of international data privacy laws on that list. The complete list of the most severe GDPR fines and penalties is available here.
This list includes the total amount of regulatory fines as well as any payments paid to resolve disputes, lawsuits, or other inquiries involving the alleged infractions. These class-action lawsuits resulted in harsher penalties for numerous businesses than the actual regulatory penalty.
In this artricle, tapchiai.net will discuss 10 types significant information security breaches and penalties.
1. Facebook (Information security breaches and penalties): $5 billion
Year issued: 2019
With a $5 billion fine imposed by the U.S. Federal Trade Commission (FTC) in 2019 for the Cambridge Analytica scandal and other privacy infractions, it should come as no surprise that Facebook is at the top of our list.
The FTC’s largest-ever fine was imposed as a result of considerable public outrage over Facebook’s improper treatment of user information.
This was the most high-profile data privacy crisis in recent memory due to the extent of Facebook’s breach and the widely reported political ramifications. Although the alleged $5 billion fine for the social media juggernaut seemed like a fair punishment, the firm settled in court for only $725 million.
2. Didi Global (Information security breaches and penalties): $1.2 billion
Year issued: 2022
The Chinese authorities, well-known protectors of user privacy, fined ride-hailing operator Didi Global a total of 8 billion Yuan ($1.2 billion) for a number of data security and privacy offenses.
Regulators claim that Didi gathered millions of pieces of user data that were taken illegally over the course of seven years and exploited that data in a way that could have compromised national security.
3. Amazon (Information security breaches and penalties): $886 million
Year issued: 2021
The sole GDPR fine on this list, Amazon’s violation is significant since it shows the governmental crackdown on those who violate data privacy. For violating the GDPR, the Luxembourg National Commission for Data Protection fined Amazon a staggering €746 million ($886 million).
A few months later, Amazon filed an appeal of this ruling, claiming that there had been no data breach and no exposure of consumer information to outside parties. In January 2024, the appeal is scheduled to be heard by a Luxembourg court.
4. Equifax (Information security breaches and penalties): $700 million
Year issued: 2019
The FTC fined Equifax $700 million in 2019 for its catastrophic 2017 data breach, which was one of the biggest consumer data breaches in history. Equifax was hit with the penalty for failing to take the necessary precautions to safeguard the personal data of roughly 147 million customers.
According to reports, hackers may have been active on Equifax’s network for months before being discovered. In the end, Equifax agreed to pay the fine, which ranged from $575 to $700 million.
5. Epic Games (Information security breaches and penalties): $520 million
Year issued: 2022
The Children’s Online Privacy Protection Act (COPPA)-related record-breaking settlement saw Epic Games, the company behind Fortnite, fined a staggering $520 million by the FTC.
The case comprised two world-record settlements: $245 million in additional fees to compensate the impacted customers and $275 million in fines for COPPA violations. FTC Chair Lina M. Khan stated that “as our complaints note, Epic used privacy-invasive default settings and misleading interfaces that tricked Fortnite users, including teenagers and children.”
6. T-Mobile (Information security breaches and penalties): $500 million
Year issued: 2022
After a cyberattack in 2021 revealed the personal information of over 76 million people, T-Mobile filed a lawsuit and ultimately settled for $500 million, with $150 million going into cybersecurity system updates and 350 million going to compensate customers.
Then, on January 19, 2023, T-Mobile was the victim of another cyberattack, just days before the opt-in time for its prior legal settlement was about to expire.
The current attack, according to a T-Mobile spokeswoman, was “an altogether separate and different security incident” from its prior hack. event specifics are still emerging.
7. Home Depot (Information security breaches and penalties): $200+ million
Year issued: Ongoing
Hackers penetrated Home Depot’s self-checkout point-of-sale system between April 10 and September 13 of 2014, infecting devices with malware that steals personal information.
Home Depot was found to have neglected to take the required safeguards to stop the theft of customer information, according to the Connecticut Attorney General.
As a result, the retailer became involved in numerous investigations and agreements to pay back those who were harmed. Home Depot’s hack is thought to have cost the corporation more than $200 million, while the precise amount of these costs remains unknown.
8. Capital One (Information security breaches and penalties): $190 million
Year issued: 2021
Even though it wasn’t technically a regulatory fine, Capital One’s notorious 2019 data breach is noteworthy for its size (over 100 million customers were affected) and its tedious, repeated nature.
The U.S. Office of the Comptroller of the Currency (OCC) fined Capital One $80 million for a related vulnerability in 2020.Despite Capital One’s denial of any responsibility, the cyberattack led to a $190 million settlement of a class-action lawsuit.
9. Google (Information security breaches and penalties): $170 million
Year issued: 2019
For breaking COPPA in 2019, the FTC fined Google $170 million. Authorities alleged that Google had improperly gathered personal data from YouTube users who were under the age of 13.
Even if at the time Google’s penalty was one of the highest COPPA-related fines ever, Epic Games vastly outpaced it in 2022.
10. Twitter (Information security breaches and penalties): $150 million
Year issued: 2022
In 2022, Twitter made headlines when it gave marketers access to personal data that was ostensibly being collected for account security. A 2011 FTC injunction prohibiting the business from misrepresenting its security and privacy procedures was broken by this.
Twitter was punished by the FTC with a $150 million fine and a prohibition against making money from the fraudulent use of user data.
