Most Noteworthy Data Breaches in 2019

image description

Most Noteworthy Data Breaches in 2019

With data starting to be treated more like a commodity, companies are spending more time and money attempting to secure the data they have. Some organizations aren’t successful. In 2018 over 446.5 million records were exposed, even as data breaches dropped by 23 percent to 1,244. Today we take a look at some of the most noteworthy data breaches that have happened in the first four months of 2019.

January

Blur
When a company’s strength is security, it’s hard to believe that they would be careless with data. That’s what happened on January 2, when an unsecured server at the password management company Blur exposed a file containing the personal information, including names, email addresses, IP addresses, and encrypted passwords of 2.4 million users.

BenefitMall
A company’s HR department is a treasure trove of personal information. When your entire business model is to be an outsourced HR provider, security is an absolute must. HRaaS company BenefitMall was the victim of a phishing attack. Over four months the names, addresses, Social Security numbers, dates of birth, bank account numbers, and more of over 110,000 users were exposed.

Ascension
Ascension, a data analytics company, had an online database containing personal information of over 24 million clients sitting unprotected for more than two weeks. Some of the data that was exposed were names, addresses, dates of birth, Social Security numbers, and financial information.

Other January breaches: Oklahoma Department of Securities, Managed Health Services of Indiana, Fortnite, Alaska Department of Health and Social Services, Rubrik.

February

500px
Online photography community 500px was hacked to the tune of 14.8 million users. The breach revealed full names, usernames, email addresses, dates of birth, locations, and more.

Dunkin’ Donuts
For the second time in three months, the Dunkin’ Donuts DD Perks rewards members were breached as hackers again gained access to customer accounts.

Coffee Meets Bagel
The dating website Coffee Meets Bagel, announced they were hacked on, of all days, Valentine’s Day. Names and email addresses of all six million users who were registered before May 2018 were exposed.

University of Washington Medical Center
Almost a million patients have had their medical, personal, and financial information breached as a vulnerability on the organization’s website.

Other February breaches: Houzz, Catawba Valley Medical Center, Huddle House, EyeSouth Partners, Advent Health, Coinmama, UConn Health.

March

Dow Jones
A database that contained 2.4 million records of government officials and politicians from every country in the world was leaked online. The database is made up of prominent individuals who could possibly embezzle money, accept bribes, or launder funds.

Health Alliance Plan
The electronic protected health information (ePHI) of over 120,000 patients was exposed after a ransomware attack. The ePHI that was exposed contained names, addresses, dates of birth, ID numbers, claim information, and other identifiers.

Facebook
Facebook was forced to admit that it hadn’t been properly securing passwords of nearly 600 million users. The passwords were stored in plain text and could be accessed by any of the company’s 20,000 employees.

Federal Emergency Management Agency (FEMA)
Survivors of hurricanes Maria and Irma, as well as survivors displaced by California’s wildfires have had their personal information exposed in a data breach. About 2.5 million disaster victims had their names, addresses, bank account numbers, and birth dates shared and left unprotected.

Verification.io
In one of the largest data breaches in history, the email verification company Verifcations.io was found to have left a database filled with nearly one billion email accounts and personal information on an unprotected server. The company has closed its doors as a result of the breach.

Other March breaches: Rush University Medical Center, Pasquotank-Camden EMS, Spectrum Health Lakeland, Rutland Regional Medical Center, Zoll Medical, MyPillow & Amerisleep, Oregon Department of Human Services.

April

Facebook (again)
Two third-party applications that held Facebook datasets here left exposed online. Over 540 million records, including account names, Facebook ID, and user activity were exposed.

City of Tallahassee
Almost $500,000 of the city of Tallahassee employees’ pay was stolen by hackers. They accomplished this by redirecting direct deposits into an unauthorized account.

Georgia Tech
The personal information of current and former faculty members, students, and college staff, adding up to 1.3 million individuals was leaked through an unsecured server. Files that were exposed include names, Social Security numbers, and birthdates.

Steps to Recovery
The drug and alcohol recovery company has had nearly 145,000 patients’ files exposed.

Bodybuilding.com
One of the largest online retailers of fitness supplements has been hacked exposing seven million registered users of the website. The information taken includes names, email addresses, billing/shipping addresses, phone numbers, and order history.

Other April breaches: EmCare, Microsoft Email Services, Prisma Health, Baystate Health.

If your business hasn’t addressed it already, data security and privacy must be a priority for your company, as any data breach could be a major problem for your business on many fronts. To talk to an IT professional about protecting the sensitive data that your company has, call us today at (978) 993-8038.