The European Union’s new data protection rules, which take effect on May 25, will give people more control over the way their personal information is used online. They follow scandals involving lax personal data protection procedures such as at Facebook where US-British political research firm Cambridge Analytica was able to harvest the data of 87 million users. In another case, Grindr, the self-proclaimed world’s largest gay dating app, admitted in April to sharing data on its clients’ HIV status with third party software vendors. Such scandals are, however, less frequent than cases in which data are stolen through hacking attacks on websites. Here are some of the biggest: Yahoo, billions hacked In what is considered the biggest cyber-attack in history, a 2013 hack affected all three billion accounts at Yahoo. The disclosure in October 2017 by Verizon, which acquired Yahoo’s online assets in June, revised upward the initial estimate of one billion accounts affected. Yahoo said the stolen user information did not include passwords in clear text, payment card data or bank account information. The disclosure threatened the sale to Verizon, which finally secured a lower price. Another hacking attack on Yahoo affected some 500 million accounts in 2014 but was only revealed in September 2016, for which its financial arm Altaba was fined $35 million. Uber off the road The ride-sharing giant was vilified after the hacking in 2016 of data on 57 million of its riders and drivers, unveiled only in November 2017. It was also criticised for paying the hackers $100,000 to destroy their booty. Investigations have been opened in the United States and Europe. Equifax loses credit A breach by major American credit agency Equifax in September 2017 is seen as potentially more damaging than that of Yahoo because of the sensitivity of the data leaked. Equifax said hackers obtained names, social security numbers, birth dates, addresses and some driver’s licence numbers, potentially exposing victims to identity theft. It said the breach could have affected more than 147 million US, Canadian and British clients. The company was sued for having identified but not corrected the breach, for having insufficient security systems and for delaying reporting the problem. Its chiefs were also suspected of insider trading as they sold shares before the hacking was revealed. Password plunder In August 2014 online data protection firm Hold Security claimed that Russian hackers had accessed 1.2 billion passwords linked to 420,000 internet sites around the world, from corporate giants to individual accounts. Hold Security pointed to a group of hackers called CyberVor, which it said had potentially gained access to 500 million e-mail accounts. There was no major fallout from the announcement. Taking aim at Target The US retail giant was hit by a computer attack in December 2013 that affected 110 million clients. Seventy million might have lost personal data including names, addresses, phone numbers and e-mail accounts, while 40 million bank accounts and credit cards were also put at risk. Hottest hack In August 2015 hackers calling themselves The Impact Team published nearly 30 gigabytes of files including the names and sexual orientation of people who had signed up with Ashley Madison, a website facilitating extra-marital affairs. The company’s boss stepped down as several suicides in the United States and Canada were linked to the revelations. Ashley Madison had earlier offered to delete users’ personal data for a modest fee but did not. Published in Daily Times, May 16th 2018.