Biggest Data Breaches & Cyber Security Incidents in 2019

Data breaches remain an ever-present topic in the news across the world. Despite the push for more regulation, industry compliance and a greater awareness of cyber security, some of the biggest companies in the world aren’t protecting the personal data of millions of people enough. 2019 has seen huge data breaches where sensitive information has been placed into the hands of criminals. Here are the biggest cyber security incidents of 2019.

1. Capital One

In one of the biggest data breaches in the history of finance, Capital One suffered a hack which impacted tens of millions of credit card customers. Hackers stole banking information, transaction history, balances, credit scores and addresses in the theft. Some social security numbers were also taken, however, Capital One said that credit card information wasn’t compromised during the breach.

The person allegedly behind the theft was a software engineer who worked for Amazon in the past who now faces up to five years in prison and a $250,000 fine!

2. Facebook

Facebook have been involved in two cyber security incidents in 2019. The first of these was the accidental upload of 1.5 million new Facebook users since May 2016. Facebook unintentionally grabbed the data, which they’ve since deleted. It was also noticed that, for some users, Facebook was asking for their email account passwords as well, a move widely criticised by security experts.

The second breach of the year saw Facebook uploading 540 million user records on the Amazon Cloud. It was found that Facebook app developers posted the records in plain sight for users to see. The biggest leak could be found with Cultura Colectiva who exposed 146GB of Facebook user data which included account names and comment and reaction data.

With the recent Cambridge Analytica scandal still hanging over the social network giant, the trust in how Facebook handles data is at its lowest.

3. First American Corporation

Another finance company affected by a data breach, First American Corporation, had a total of 885 million records exposed. The breach was discovered when a real-estate developer discovered the files on the internet. Access to sensitive data was possible thanks to a “design” defect in one of the company’s production applications. The external access was immediately blocked, with First American looking into the full impact of the breach.

4. Zynga

Everyone knows Words With Friends, the popular social media mobile word game with millions of users. During September, a hacker claimed to have gained access to information on more than 218 million of its player base. The hacker claims to have stolen data from 45 online services and Zynga was his latest victim. It was reported that names, email addresses, phone numbers and Facebook IDs were stolen.

With over a billion people thought to have played Zynga’s library of games, the breach is a worrying prospect for players. However, this was the first breach of Zynga’s systems for 7 years with hackers disrupting YoVille back in 2012.

5. US Customs and Border Protection

In June, hackers were able to gain access to a database of images kept by US Customs and Border Protection. The photographs included images of people’s faces and license plates. The images were obtained through the network of a license plate reading subtractor (Peceptics) working on behalf of US Customs. Around 100,000 travellers were affected by the data breach.

6. Quest Diagnostics

Clinical laboratory, Quest Diagnostics, announced in June that an unauthorised user had gained access to the data of 11.9 million patients between August 2018 and March 2019. The information stolen included credit card and social security numbers. Quest Diagnostics blamed the breach on American Medical Collection Agency, a debt collector that handled the sensitive information.

7. Canva

The online design tool, Canva, were hit with a huge cyber attack in May that saw the data of nearly 140 million users stolen. Hackers had taken usernames and email addresses of users. Fortunately for the company, all passwords are encrypted on Canva, even those who logged in with Facebook and Google. This was a great relief for its users across 180 countries, who were still asked to change passwords as a precautionary measure.

While it’s great that Canva had the right cyber security measures in place, the way it informed its customers of the breach was criticised. This is because it was tacked onto the end of an announcement to celebrate Canva acquiring stock photo companies Pexels and Pixabay.

8. Microsoft Game Studio

In April, Microsoft found that hackers had hijacked one of its development tools, Visual Studio. The criminals seeded backdoors into three of the company’s video game businesses that use it. According to WIRED, up to 92,000 computers were found to be running malicious versions of affected games.

This breach was an example of a supply chain hack, where cyber criminals place a malicious code into company software so it can be distributed across the wider network. The chain hack was hard to detect because video game businesses digitally sign software before sending them elsewhere. Thus, the software was seen as legitimate despite it housing malware.

9. Desjardins

Not every attack is made by an external source. Sometimes, a business suffers a breach because of someone inside their own company. This happened to the Desjardins Group after an employee with “ill-intention” collected and shared the information of three million people and businesses. The information shared included names, addresses and social insurance numbers.

The risk from an internal cyber incident is always there, no matter how much awareness training is put in place. Businesses must remain vigilant of the possibility.

10. JustDial

In April, local search business JustDial faced a data breach related to 100 million users. The data shared publicly included names, mobile numbers and addresses. The majority of data was taken from customers who had called the company’s customer care number. It was found that four application programme interfaces (APIs) had been left unprotected on an older version of JustDial’s site. If the old site had been patched, the breach wouldn’t have happened.

Improve your cyber security today with our host of services. Get in touch with us to find out how we can protect your business from a cyber security incident.