The past decade has seen an unprecedented increase in data breaches. In 2017, up to 1,579 incidents that exposed over 174 million records were recorded. That is a significant advancement from the 1,093 breaches recorded in 2016. The increase has been attributed to the fact that hackers are getting more sophisticated with some receiving funding from global organizations and governments. Eva Velasquez, CEO of Identity Theft Resource Centre indicated that the increase in the number of breaches stems from the efforts of industries to offer transparency in their services. This data shows that even in 2018, the spike in data breaches is expected to continue. So let’s look at some of the most devastating data breaches of 2018 so far.
- British Airways
The famed airline British Airways became victim of a data breach that occurred between 21st August 22.58 BST and 5th Septembers 21.45 BST. The attack was launched on their main website and mobile app. The hackers gained access to personal and financial information of more than 100,000 customers transacting on the site and the app. Details that were compromised include credit card data such as card number, expiry dates and CVC codes, email addresses, and names. The company has since apologized to the affected customers and promised to reimburse them duly for any harm done.
Exactics, a marketing and data aggregation company, hit the headlines this year for their devastating data breach. According to a security researcher, Vinny Troia, the company leaked a database containing approximately 340 million records on a freely accessible server. The 2 TB worth of data belonged to 230 million American adults and 110 million businesspeople. Individual names, phone numbers, home addresses, email addresses, and characteristics (age, habits, interests, gender, and children) were exposed. This breach is classified among the worst based on the number of people exposed and the depth of the information breached.
Users of the genealogy and DNA testing company, MyHeritage, had to instruct its users to change their passwords following a data breach that occurred in June. The breach exposed 92 million users’ records including email addresses and encrypted passwords. The data belonged to users who had registered to the company on October 26th, the date of the breach. The company was quick to notify their users that their DNA data and family trees were safe. They claimed that such sensitive information was kept on a separate server far from where the attackers planted the malicious file. This breach is particularly jarring due to the type of information that the targeted company holds. While evidence of the attacker using the information has not been reported, it took a whole 8 months before MyHeritage notified its users of the data breach.
The data breach targeted Aadhaar, which is the largest biometric ID system in the world. The database contains unique IDs for registered Indian citizens. This makes the breach one of the most devastating ones of 2018. The attackers used a software patch that allowed unauthorized users from anywhere across the globe to randomly generate Aadhaar unique identities. They were able to bypass the robust security features such as biometrics. The attackers could also access 1.1 billion records containing names, addresses, photos, phone numbers, and email addresses of Indian citizens through their Aadhaar numbers.
- Under Armour
The data breach on the renowned apparel brand, Under Armour, was disclosed on 25th May. It targeted the flagship MyFitnessPal, an application that deals with food and nutrition. Over 150 million users of the app had their accounts exposed. The attack targeted their usernames, email addresses, and hashed passwords. However, the payment information was not tampered with since the company collects and processes them separately. The breach seriously hurt their profits as evidenced by the 3.8% drop in shares. The company notified all the affected users of the incident and have made serious strides in investigating the data breach.
In March, mainstream media was crawling with news about how the giant social media platform, Facebook, exposed personal information of over 50 million users to unknown attackers. This breach became the largest the company has had to deal with since its inception. Facebook took a major blow from this scandal especially because it occurred at a time when Cambridge Analytica gained access to PII of 87 million people. Even though the link was not proved beyond reasonable doubt, trust issues have emerged between users and the company. The British political consulting firm, Cambridge Analytica, supposedly used the data to influence elections. Facebook says that they’ve handled all the flaws in their engineering and are working with law enforcers on the matter. However, the identity of the attackers and the extent of the breach still remain unknown.
- BJC Healthcare
An error in the BJC Healthcare databases compromised 33,420 patient records. This is yet another breach that has rocked the world of cybersecurity in 2018. The error left critical patient information available to the public for nine months (from May 9th, 2017 to January 23rd, 2018) before it could be mitigated. The exposed information included driver’s licenses, insurance cards, healthcare documents, names, address, telephone numbers, dates of birth, and SSNs of patients. Since the incident, the company offers free identity theft protection to all its clients.
This is just a glimpse into the serious data breaches that have occurred in 2018. They surpass those of 2017 by far, showing the ever-growing threat to cybersecurity. There are many ways to fight data breaches. Why not start by installing a VPN? This is an effective way of keeping your online presence private.
Jack Foster, Chief Content Writer at VPNGeeks