In 2019, there were over 3,800 publicly disclosed data breaches. There was a 54% increase in the number of reported data breaches compared to 2018 and this number is forecasted to continue to rise in 2020. It’s integral that security teams look back at the year to learn how to better protect, detect and investigate data breaches.
Figure 1 – Most impactful data breaches of 2019
January – Online Casino Group
An online casino group leaked information of upwards of 108 million betting records that included the personal identifiable information (PII) of customers including deposits, home addresses and usernames. The information was found on an unsecured server on January 11, leaving the data exposed for approximately one month.
February – Dubsmash
On February 25, Dubsmash discovered that information on 162 million of their users were exposed. The information included usernames, passwords, phone numbers, and names. In a Dubsmash press release, it was disclosed that the data was for sale on the Dark Web since the beginning of February.
March – Facebook
An investigation into Facebook’s internal system discovered that hundreds of millions of Facebook users’ passwords were left searchable by thousands of Facebook employees. Although there were no signs that the information was abused, a review of employee activity revealed that this information was searched 2,000 times by developers and engineers. This information was left unprotected and stored in plain text as far back as 2012. While concrete numbers were not released, it is predicted that between 200 million and 600 million users had their passwords exposed in plain text.
April – Facebook
After the Cambridge Analytical Scandal in 2018 and the data breach from March 2019, Facebook continues to suffer additional data breaches. In April, it was disclosed that another 540 million users’ data was exposed. The data was left unprotected on Amazon cloud servers in two different lists. Upon purchasing Instagram in 2012, Instagram users also face the repercussions of Facebook data breaches.
May – First American Financial Corporation
More than 885million records were exposed as a result of a data breach that affected First American Financial Corporation. The information was left unprotected and could be found at a URL on First American Financial’s website, as shown in Figure 2. The PII that was exposed included bank account numbers and statements, mortgage and tax records, social security numbers and images of drivers licenses.
Figure 2: Record exposed on First American Financial’s website
June – American Medical Collection Corporation
On June 3, Quest Diagnostics discovered that information of over 11.9 million patients was exposed on the American Medical Collection Association (AMCA) database. The PII exposed included credit card numbers, bank account information, medical information, and social security numbers. The information that was exposed was leaked from an unauthorized user who had access to the system between Aug 1, 2018, and Mar 30, 2019. One day after this was disclosed, LabCorp found that data on upwards of 7.7 million of their patients was left exposed on the AMCA database. Shortly after these two incidents, AMCA took out a $2.5 million loan and filed for bankruptcy as a result of the expenses associated with these two breaches.
July – Capital One
Capital One fell victim to a data breach in July, leaving the PII of 6 million Canadians and 100 million Americans compromised. The information that was exposed included names, addresses, phone numbers, postal codes, email addresses, birthdates and self-reported income. In addition, 100 million customer social security numbers were also left unprotected.
August – MoviePass
MoviePass, a movie ticket subscription service suffered a data breach in August. MoviePass has over 161 million users and at least 58,000 records were found in one database. While some records only contained the last 4 digits of the bank account number, the majority of records included the full number as well as the expiry date.
September – Zynga
Online gaming company, Zynga, suffered a data breach that exposed PII on over 170 million users. The two games that were affected were Words With Friends and Draw Something. While there was no reported financial information exposed, the login information of users was left unprotected. This information is valuable for credential stuffing attacks, where hackers play on the assumptions that people recycle their login credentials across multiple sites.
October – People Data Labs & OxyData
In October, over 4 billion social media profiles, totalling 4 terabytes of data were exposed on an unsecured server. The server contained names, email addresses, phone numbers, as well as LinkedIn and Facebook profile information. Upon analysis, it was determined that the data came from People Data Labs and OxyData.
November – Trend Micro
In November, an insider threat led to a data breach for cybersecurity company, Trend Micro. The employee accessed the customer-support database and shared the PII of over 70,000 customers to a third-party. Among the information was names and phone numbers. The third-party used this information for scam phone calls posing as Trend Micro staff. This type of impersonation has both financial and reputational costs.
December – LifeLab
LifeLabs, a lab test provider, suffered a data breach in December. While the investigation is undergoing, the total number of affected customers has not been confirmed but the potential impact is high. LifeLabs has 15 million customers and it has already been confirmed that 85,000 Ontarians test results were stolen.
Better Security in 2020
Data breaches have been on a consistent rise year after year. Security teams need to implement a more robust strategy in order to detect data breaches and investigate further should one occur. Although it is forecasted that data breaches will continue to rise and become more complex in nature, there is still time to take control in 2020.
Media Sonar provides security teams with the threat intelligence they need to proactively search the Surface, Deep and Dark Web. With easy to use workflows and 24/7 custom alerts, your team will be equipped with the information they need to better protect, detect and investigate.