5 data breaches: From embarrassing to deadly

Major companies including Netflix, Google and Facebook have let private data loose -- and the results can be devastating.

1 of 5
BACKNEXT
Netflix accidentally reveals rental histories
Netflix accidentally reveals rental histories

Four years ago, Netflix came up with what seemed like an ingenious plan to improve its movie recommendations algorithm: crowdsource the problem and award the best solution a $1 million prize. But the video rental and streaming company found out that anonymizing data isn't easy.

For the first edition of the "Netflix Prize" in 2006, the company released 100 million supposedly anonymized movie ratings. Each included a unique subscriber ID, the movie title, year of release and the date on which the subscriber rated the movie. Contestants were asked to develop an algorithm that was 10% better than Netflix' existing in predicting how subscribers rated other movies.

Just 16 days later, two University of Texas researchers announced that they had identified some of the Netflix users in the data set. In some cases, Arvind Narayanan and Vitaly Shmatikov were able to identify targets by matching their Netflix reviews with data from other sites like IMDb. More damningly, the found that if you knew a few movies a Netflix subscriber had rented in a given time period, you could reverse-engineer the data and find out the rest of their viewing history.

Despite the UT findings, Netflix continued the contest and named a $1 million winner. But when Netflix tried to launch another contest in 2009 -- with subscriber data including gender, zip code, and age -- the smackdown came in the form of a lawsuit. One plaintiff said she would be "irreparably harmed by Netflix's disclosure of her information."

That woman is a lesbian mother who is not open about her sexual orientation. She filed the suit as Jane Doe. As her legal filing put it: "To some, renting a movie such as Brokeback Mountain or even The Passion of the Christ can be a personal issue that they would not want published to the world."

After months of back-and-forth, Netflix called off the second contest and settled the lawsuit. Lead counsel Scott Kamber, of KamberLaw LLC, says he believes Netflix genuinely tried -- but failed -- to protect its users' privacy.

"The contest was clever, but they overlooked an aspect of privacy that I think we were able to get them to focus on," Kamber said. "Netflix was in its infancy, so really, it made a mistake while trying to do the right thing."


NEXT: Insurer seeks patient's Facebook posts
Last updated December 14 2010: 1:03 PM ET
More Galleries
6 luxury getaways to escape your digital life Step away from your smartphone. No Facebook or Twitter here. These are six places where luxury travel agents send clients looking to unplug and experience the ultimate digital-detox getaway. More
Most reliable cars - Consumer Reports These cars, trucks and SUVs scored best in the magazine's latest survey of vehicle owners. More
Some Converse copycats cost big bucks A few bargain brands got swept up in Chuck Taylor's net, but others cost a pretty penny. More

Special Offer

Most stock quote data provided by BATS. Market indices are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer.

Morningstar: © 2014 Morningstar, Inc. All Rights Reserved.

Factset: FactSet Research Systems Inc. 2014. All rights reserved.

Chicago Mercantile Association: Certain market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved.

Dow Jones: The Dow Jones branded indices are proprietary to and are calculated, distributed and marketed by DJI Opco, a subsidiary of S&P Dow Jones Indices LLC and have been licensed for use to S&P Opco, LLC and CNN. Standard & Poor's and S&P are registered trademarks of Standard & Poor’s Financial Services LLC and Dow Jones is a registered trademark of Dow Jones Trademark Holdings LLC. All content of the Dow Jones branded indices © S&P Dow Jones Indices LLC 2014 and/or its affiliates.