Data is more of a commodity than it has ever been, and often, companies spend a considerable sum on data security. Unfortunately, even the most well-defended organizations still have trouble keeping data safe. 2018 saw 446.5 million records exposed due to data breaches, even though the overall number of breaches dropped by 23 percent to 1,244. We’ll discuss some of the most notable breaches that have happened over the first four months of 2019.
January
Blur
A January 2nd data breach of an unsecured server at a password management company called Blur exposed a file containing the personal information of 2.4 million users, including names, email addresses, IP addresses, and encrypted passwords.
BenefitMall
An outsourced HR provider like BenefitMall is bound to have a ton of personal information stored on its infrastructure, and a security breach due to a phishing attack proved that to be the case. Over a period of four months, the names, addresses, Social Security numbers, dates of birth, bank account numbers, and even more information was exposed for over 110,000 users.
Ascension
A data analytics company called Ascension experienced an online database breach, leaving the personal information of over 24 million clients unprotected for over two weeks. The data revealed contains names, addresses, dates of birth, Social Security numbers, and financial information.
Other January breaches: Oklahoma Department of Securities, Managed Health Services of Indiana, Fortnite, Alaska Department of Health and Social Services, Rubrik.
February
500px
The online photography community 500px was hacked, affecting 14.8 million users. The breach revealed full names, usernames, email addresses, dates of birth, locations, and more.
Dunkin’ Donuts
Dunkin’ Donuts’ DD Perks rewards members found themselves victims of a data breach for the second time in three months, giving hackers access to customer accounts.
Coffee Meets Bagel
This dating website announced that they were hacked on Valentine’s Day, revealing the names and email addresses of six million users who had been registered since before May 2018.
University of Washington Medical Center
Almost one million patients have had their medical, personal, and financial information breached as a vulnerability on the organization’s website exposed sensitive information.
Other February breaches: Houzz, Catawba Valley Medical Center, Huddle House, EyeSouth Partners, Advent Health, Coinmama, UConn Health.
March
Dow Jones
2.4 million records by government officials and politicians were leaked online. This database was made up of individuals who could possibly embezzle money, accept bribes, or launder funds.
Health Alliance Plan
The electronic protected health information (ePHI) of over 120,000 patients was exposed following a ransomware attack. This ePHI contained names, addresses, dates of birth, ID numbers, claim information, and other identifiers.
Facebook was forced to admit that they couldn’t properly secure passwords of nearly 600 million users. These passwords were stored in plain text and could be accessed by any of the company’s 20,000 employees.
Federal Emergency Management Agency (FEMA)
Survivors of hurricanes Maria and Irma, as well as survivors of California’s wildfires, have all had their personal information exposed to a data breach. About 2.5 million victims have had their names, addresses, bank account numbers, and birth dates shared and left unprotected.
Verification.io
This breach is one of the largest in history, and it was found that Verification.io left a database filled with almost one billion email accounts and personal information on an unprotected server. The company has since closed.
Other March breaches: Rush University Medical Center, Pasquotank-Camden EMS, Spectrum Health Lakeland, Rutland Regional Medical Center, Zoll Medical, MyPillow & Amerisleep, Oregon Department of Human Services.
April
Facebook (Again)
Two third-party applications containing Facebook datasets were left exposed online, resulting in over 540 million records, including account names, Facebook ID, and user activity being compromised.
City of Tallahassee
Nearly $500,000 was stolen from the city of Tallahassee employees’ paychecks, accomplished via redirecting direct deposits into unauthorized accounts.
Georgia Tech
Approximately 1.3 million users, including current and former faculty members, students, and college staff, had their personal information stolen from an unsecured server. Some of the files included names, Social Security numbers, and birthdates.
Steps to Recovery
The drug and alcohol recovery company has had nearly 145,000 patients’ files exposed.
Bodybuilding.com
One of the largest online retailers of fitness supplements was hacked, exposing the names, email addresses, billing/shipping addresses, phone numbers, and order histories of seven million registered users.
Other April breaches: EmCare, Microsoft Email Services, Prisma Health, Baystate Health.
If your organization hasn’t taken the time to properly address data security and privacy, there’s no reason to wait any longer. Reach out to WheelHouse IT today at (877) 771-2384 to learn more.
