Several billion people had their names, passwords and banking information publicly exposed through data breaches in 2018.
And that shocking total comes from just the 10 biggest breaches that made the news – several of which impacted more than 100 million people.
Meanwhile, an unknown number of hacks and thefts went undetected, and others were discovered but not made public.
Those are some of the disturbing cyber-crime statistics from 2018. Some of the breaches were caused by outside hackers. Others resulted from internal bugs in the system. Either way, the victims were powerless to prevent their most sensitive information from being put at risk – and often they first learned about it on the news.
Protect your practice by attending a free CLE webinar on August 14 on “Top 10 Things To Prevent a Data Breach.” It’s just one benefit of membership in the Alta Pro Lawyers RPG. Already a member? Sign up for the program today. Want to join? Click here.
10 Biggest Data Breaches
Here are the 10 Biggest Data Breaches that came to light in 2018, courtesy of dashlane.com.
- Aadhaar (ID database run by the Indian government)
Number of people affected: 1.1 billion
What happened: The Indian government “ignored repeated attempts by security researchers to secure a database leak caused by an unsecured API endpoint connected to a state-owned utility company,” reports dashlane. “It was only after the vulnerability was publicly disclosed that the government secured the database.”
What was compromised: Names, unique 12-digit identity numbers, information about their banks and other services
Number of people affected: 500 million
What happened: “Marriott received an alert from an internal security tool about an attempt to access the Starwood guest reservation database. During the investigation, Marriott learned that there had been unauthorized access to the Starwood network since 2014, and that an unauthorized party had copied and encrypted information and had taken steps to remove it.”
What was compromised: Names, addresses, phone numbers, email addresses, passport number
Number of people affected: 340 million
What happened: Exactis was notified of leaked data by a security researcher.
What was compromised: Names, addresses, email addresses, phone numbers, other personal information, including habits, hobbies, and the number, ages, and genders of the person’s children
Number of people affected: 330 million
What happened: “Twitter discovered a bug that stored passwords unmasked in an internal file. Though this isn’t really a breach, it’s inexcusable for any company—especially one as well-equipped as Twitter—to store user passwords in plaintext. Twitter asked all of its users to reset their passwords as a result.”
What was compromised: Passwords
Number of people affected: 150 million
What happened: An “unauthorized user” accessed MyFitnessPal accounts.
What was compromised: Usernames, email addresses, encrypted passwords
Number of people affected: 100 million
What happened: A “malicious third party” accessed Quora’s database.
What was compromised: Names, email addresses, encrypted passwords, data imported from linked networks when authorized by users
Number of people affected: 92 million
What happened: “A security researcher found a file containing email addresses and hashed passwords on a private server outside of MyHeritage. MyHeritage added two-factor authentication options for users to protect against account takeover.”
What was compromised: Email addresses, encrypted passwords
- Facebook (via Cambridge Analytica)
Number of people affected: 87 million
What happened: “Cambridge Analytica exploited a loophole in Facebook’s API that allowed third-party developers to collect data not only from users of their apps but from all the people in those users’ friends network on Facebook. It’s important to note that this isn’t really a breach, but more a misuse of user data.”
What was compromised: Facebook user profile data, user preferences and interests
Number of people affected: 52.5 million
What happened: A breach disclosed personal data of Google+ users.
What was compromised: Names, email addresses, dates of birth, some other personal information collected by Google+
Number of people affected: 40 million
What happened: An “unauthorized party” gained access to a user database. The company reset passwords for all customers and though it notified the SEC, it didn’t initially notify the customers directly.
What was compromised: Names, shipping addresses, email addresses, usernames, passwords
Alta Pro Insurance offers top of the line, comprehensive cyber-liability insurance protection. Find out how to protect your firm today.