Updating the Latest Major Data Breaches

We’ve tried to keep a detailed record of this year’s largest data breaches. These are the major breaches that have happened this fall. September 9/5  Providence Health Plan – 122,000 members have had their personal information leaked as an unauthorized party accessed the company’s servers. Plan member names, addresses, email addresses, dates of birth, Social Security numbers, member ID numbers, and subscriber numbers were involved in the leak. Facebook – An unprotected server with over 419 million records was discovered, giving outside entities access to Facebook’s user ID and phone number. In some cases, user’s names, genders, and locations were also leaked. 9/16 Dealer Leader, LLC. – The personal information of 198 million prospective car buyers was left exposed. The exposed information included names, email addresses, phone numbers, addresses, and IPs. 9/27 DoorDash – The food delivery app announced that 4.9 million customers had their personal information breached through a third-party. The information included the names, delivery addresses, phone numbers, hashed passwords, order history, and the last four numbers of each’s credit card numbers. Additionally, over 100,000 delivery drivers had their driver’s license information leaked.  9/30 Zynga – The mobile game maker, Zynga, has announced that 218 million players of their popular mobile games Words With Friends and Draw Something, had their information accessed by a hacker. Player names, email addresses, login IDs, phone numbers, Facebook IDs and more were exposed. October 10/17  Methodist Hospitals of Indiana – After a couple of employees fell victim to an email phishing scam, the personal information of 68,000 patients were accessed by hackers. The information leaked included names, addresses, dates of birth, Social Security, driver’s licenses, and more.  10/21 Autoclerk – An open database was discovered by a cybersecurity vendor belonging to Autoclerk, a hotel property management software developer. The exposed data included names, dates of birth, home addresses, phone numbers, dates of travel, travel costs, room numbers, and some masked credit card details of hundreds of thousands of guests.  10/22 Kalispell Regional Healthcare – Over 130,000 personal, insurance, and financial records were exposed in a hacking attack. This included patient names, Social Security numbers, addresses, medical record numbers, dates of birth, medical history and treatment information, name of treating physicians and more.  10/26 Adobe – The account information for over 7.5 million users of Adobe’s Creative Cloud were exposed from an unprotected online database. Data that was exposed included email addresses, usernames, location, Adobe product licenses, account creation dates, and payment statuses.  10/27 Network Solutions – The world’s oldest domain name provider has exposed in a hack. Millions of individual’s data that include names, addresses, phone numbers, email addresses, and service information. November  11/9  Texas Health Resources – The Texas-based health care provider reported a data breach where 82,000 patient records were exposed. Included in the breach were names, addresses, email information, health information, and more.  11/16  Magic the Gathering – The popular online version of the card game Magic the Gathering has reported that an unsecured website database has exposed 452,000 player records that include names, usernames, and more.  11/18 State of Louisiana – The State of Louisiana has been a victim of a ransomware attack that took down many state agencies’ servers. Although no data is said to be lost, the state’s crucial computing infrastructure was down for several days […]

Looking Back at 2019 Data Breaches

January BlurA January 2nd data breach of an unsecured server at a password management company called Blur exposed a file containing the personal information of 2.4 million users, including names, email addresses, IP addresses, and encrypted passwords. BenefitMallAn outsourced HR provider like BenefitMall is bound to have a ton of personal information stored on its infrastructure, and a security breach due to a phishing attack proved that to be the case. Over a period of four months, the names, addresses, Social Security numbers, dates of birth, bank account numbers, and even more information was exposed for over 110,000 users. AscensionA data analytics company called Ascension experienced an online database breach, leaving the personal information of over 24 million clients unprotected for over two weeks. The data revealed contains names, addresses, dates of birth, Social Security numbers, and financial information. Other January breaches: Oklahoma Department of Securities, Managed Health Services of Indiana, Fortnite, Alaska Department of Health and Social Services, Rubrik. February 500pxThe online photography community 500px was hacked, affecting 14.8 million users. The breach revealed full names, usernames, email addresses, dates of birth, locations, and more. Dunkin’ DonutsDunkin’ DonutsDunkin’ Donuts’ DD Perks rewards members found themselves victims of a data breach for the second time in three months, giving hackers access to customer accounts. Coffee Meets BagelThis dating website announced that they were hacked on Valentine’s Day, revealing the names and email addresses of six million users who had been registered since before May 2018. University of Washington Medical CenterAlmost one million patients have had their medical, personal, and financial information breached as a vulnerability on the organization’s website exposed sensitive information. Other February breaches: Houzz, Catawba Valley Medical Center, Huddle House, EyeSouth Partners, Advent Health, Coinmama, UConn Health. March Dow Jones2.4 million records by government officials and politicians were leaked online. This database was made up of individuals who could possibly embezzle money, accept bribes, or launder funds. Health Alliance PlanThe electronic protected health information (ePHI) of over 120,000 patients was exposed following a ransomware attack. This ePHI contained names, addresses, dates of birth, ID numbers, claim information, and other identifiers. FacebookFacebook was forced to admit that they weren’t able to properly secure passwords of nearly 600 million users. These passwords were stored in plain text and could be accessed by any of the company’s 20,000 employees. Federal Emergency Management Agency (FEMA)Survivors of hurricanes Maria and Irma, as well as survivors of California’s wildfires, have all had their personal information exposed to a data breach. About 2.5 million victims have had their names, addresses, bank account numbers, and birth dates shared and left unprotected. Verification.ioThis particular breach is one of the largest in history, and it was found that Verification.io left a database filled with almost one billion email accounts and personal information on an unprotected server. The company has since closed down. Other March breaches: Rush University Medical Center, Pasquotank-Camden EMS, Spectrum Health Lakeland, Rutland Regional Medical Center, Zoll Medical, MyPillow & Amerisleep, Oregon Department of Human Services. April Facebook (Again)Two third-party applications containing Facebook datasets were left exposed online, resulting in over 540 million records, including account names, Facebook ID, and user activity being compromised. City of TallahasseeNearly $500,000 was stolen from the city of Tallahassee employees’ paychecks, accomplished via redirecting direct deposits into unauthorized accounts. Georgia […]