The Worst Data Breaches and Hacks of 2019
In the digital arena, year-to-date 2020 has been an unprecedented time. The pandemic of the novel coronavirus has impacted every level of global economy. That includes the dark web of hackers and cyber attacks.
After following the data, the average breach now costs up to $3.92 million, according to IBM’s latest annual Cost of a Data Breach study.
This number includes regulatory fines and lawsuits, notification costs, expenses associated with investigation, damage control, and repairs.
In fact, these costs have increased by 12% over the past five years.
The creative depths that hackers dive into for the purpose of attacking companies around the world have reached expert levels. Below are some of the highlights (actually, they’re lowlights) of breaches and attacks in 2019 based on key market segments and number of stolen records.
Breaches in the Finance Sector
It’s very clear what hackers are after when they attack financial institutions. Unsecured databases left exposed to the internet may be the problem, or zero-day vulnerabilities may be exploited in the wild before fixes are available.
- First American Financial Corp.: Real estate giant FAFC leaked hundreds of millions of insurance documents dating back to 2003. Bank account numbers, statements, mortgage and tax records, and more were openly available on the internet.
- Capital One: In July, Capital One disclosed a data breach impacting 100 million US citizens and 6 million individuals in Canada. A configuration vulnerability in a database was responsible for the exposure of PII from 2005 to 2019.
Breaches in the Healthcare Sector
Sometimes an organization may be targeted by a state-sponsored advanced persistent threat (APT) group with strong resources and tools on hand. Below are some of the healthcare hacks that happened this year.
- American Medical Collection Agency (AMCA): Unauthorized access to a database led to the exposure of medical data belonging to roughly 20 million The information leak also impacted other companies including LabCorp and Quest Diagnostics.
- LifeLabs: LifeLabs paid hackers to recover the data of 15 million account holders. In addition, 85,000 lab result records were compromised.
Breaches in the Identity Sector
Based on how much of our information is now available in data dumps across the web, you should preemptively consider signing up for credit monitoring. Here are some of the largest identity sector breaches.
- Facebook user data leaks: In April, about 540 million records about Facebook users were exposed. Names, IDs, some passwords, likes, photos, groups joined, and more were leaked.
- FEMA: FEMA accidentally exposed the PII and financial information of 3 million disaster victims, including those who survived Hurricane Harvey and Irma.
- 620 million accounts: 620 million accounts harvested from 16 websites owned by companies including Dubsmash, Armor Games, 500px, Whitepages, and ShareThis were put up for sale in the dark web.
- 20 million Russians: Over 20 million tax records belonging to Russian citizens were contained in an open database, available online. Information leaked spanned 2009 to 2016.
- Ecuador: Another open, misconfigured database leaked the personal data of Ecuador’s citizens. It is believed most of the country’s citizens, roughly 20 million were impacted.
- Zynga: Mobile game producer Zynga announced in October that a hacker had accessed account log-in information on Sept. 12 for 218 million customers who play the popular “Draw Something” and “Words with Friends” games.
Breaches in the Public Sector
In public-facing companies, many haul in third-party investigators, notify regulators, promise to do better and give any impacted consumers free credit monitoring. Here are some of the biggest hacks.
- Canva: Australian tech unicorn Canva was targeted by the GnosticPlayers, which claimed to have stolen records belonging to 139 million
- Adobe: Adobe left the details of 5 million Adobe Creative Cloud customers on an unsecured database exposed online without authentication credentials being required for access.
- Mixcloud: Data belonging to approximately 21 million Mixcloud users went up for sale on the dark web.
- Houzz: Home design website Houzz kicked off the year by informing customers hackers had accessed usernames and encrypted passwords of 9 million accounts, as well as publicly visible profile information.
For more insight into the current cybersecurity landscape
Cyber Security Technologies provides enterprise solutions and technology consulting in cybersecurity, systems integration, engineering development and product support. We also deliver application customization and consultation services to businesses for cross-platform integration of the patented RecordVault product or technology incorporating software-based multifactor authentication (MFA).
If you have concerns about safety or cybersecurity for your business, contact us for a free consultation.
Photo Credit: via photopin (license)