Data is more of a commodity than it has ever
been, and more often than not, companies spend a considerable sum on data
security. Unfortunately, even the most well-defended organizations still have
trouble keeping data safe. 2018 saw 446.5 million records exposed due to data
breaches, even though the overall number of breaches dropped by 23 percent to
1,244 total. We’ll discuss some of the most notable breaches that have happened
over the first four months of 2019.
Blur
A January 2nd data breach of an unsecured
server at a password management company called Blur exposed a file containing
the personal information of 2.4 million users, including names, email
addresses, IP addresses, and encrypted passwords.
BenefitMall
An outsourced HR provider like BenefitMall is
bound to have a ton of personal information stored on its infrastructure, and a
security breach due to a phishing attack proved that to be the case. Over a
period of four months, the names, addresses, Social Security numbers, dates of
birth, bank account numbers, and even more information was exposed for over
110,000 users.
Ascension
A data analytics company called Ascension
experienced an online database breach, leaving the personal information of over
24 million clients unprotected for over two weeks. The data revealed contains
names, addresses, dates of birth, Social Security numbers, and financial
information.
Other January breaches: Oklahoma Department of
Securities, Managed Health Services of Indiana, Fortnite, Alaska Department of
Health and Social Services, Rubrik.
500px
The online photography community 500px was
hacked, affecting 14.8 million users. The breach revealed full names,
usernames, email addresses, dates of birth, locations, and more.
Dunkin’
Donuts
Dunkin’ Donuts’ DD Perks rewards members found
themselves victims of a data breach for the second time in three months, giving
hackers access to customer accounts.
Coffee
Meets Bagel
This dating website announced that they were
hacked on Valentine’s Day, revealing the names and email addresses of six
million users who had been registered since before May 2018.
University
of Washington Medical Center
Almost one million patients have had their
medical, personal, and financial information breached as a vulnerability on the
organization’s website exposed sensitive information.
Other February breaches: Houzz, Catawba Valley
Medical Center, Huddle House, EyeSouth Partners, Advent Health, Coinmama, UConn
Health.
Dow
Jones
2.4 million records by government officials
and politicians were leaked online. This database was made up of individuals
who could possibly embezzle money, accept bribes, or launder funds.
Health
Alliance Plan
The electronic protected health information
(ePHI) of over 120,000 patients was exposed following a ransomware attack. This
ePHI contained names, addresses, dates of birth, ID numbers, claim information,
and other identifiers.
Facebook was forced to admit that they weren’t
able to properly secure passwords of nearly 600 million users. These passwords
were stored in plain text and could be accessed by any of the company’s 20,000
employees.
Federal
Emergency Management Agency (FEMA)
Survivors of hurricanes Maria and Irma, as
well as survivors of California’s wildfires, have all had their personal
information exposed to a data breach. About 2.5 million victims have had their
names, addresses, bank account numbers, and birth dates shared and left
unprotected.
Verification.io
This particular breach is one of the largest
in history, and it was found that Verification.io left a database filled with
almost one billion email accounts and personal information on an unprotected
server. The company has since closed down.
Other March breaches: Rush University Medical
Center, Pasquotank-Camden EMS, Spectrum Health Lakeland, Rutland Regional
Medical Center, Zoll Medical, MyPillow & Amerisleep, Oregon Department of
Human Services.
Facebook
(Again)
Two third-party applications containing
Facebook datasets were left exposed online, resulting in over 540 million
records, including account names, Facebook ID, and user activity being
compromised.
City of
Tallahassee
Nearly $500,000 was stolen from the city of
Tallahassee employees’ paychecks, accomplished via redirecting direct deposits
into unauthorized accounts.
Georgia
Tech
Approximately 1.3 million users, including
current and former faculty members, students, and college staff, had their personal
information stolen from an unsecured server. Some of the files included names,
Social Security numbers, and birthdates.
Steps
to Recovery
The drug and alcohol recovery company has had
nearly 145,000 patients’ files exposed.
Bodybuilding.com
One of the largest online retailers of fitness
supplements was hacked, exposing the names, email addresses, billing/shipping
addresses, phone numbers, and order histories of seven million registered
users.
Other April breaches: EmCare, Microsoft Email
Services, Prisma Health, Baystate Health.
If your organization hasn’t taken the time to properly address data security and privacy, there’s no reason to wait any longer. Reach out to Emerge today at 859-746-1030 to learn more.