The worst data breaches of 2018

21st December 2018
Posted By : Joe Bush
The worst data breaches of 2018

In 2018 the world has experienced the worst data breaches in major businesses. This unplanned or unintended discharge of confidential information to unauthorised parties has left the global business community in shock and loss.

The mention of data spill or data leak has left CEOs and directors of companies in a devastated state. The answers and safeguards to data breaches are yet to be fully realised. As if the damage of data breaches is not enough, the pre-planned assaults by hackers are still looming in the dark and ready to strike any time. But all is not lost as small, medium and big businesses are spending a fortune to beef up their IT infrastructure and their software security systems.

Aadhaar
According to Barkly, Aadhaar of India experienced a data breach that averaged 1.1 billion of its records on 3rd January 2018. The breach involved login credentials for a phoney service that was being sold by unknown sellers over the WhatsApp platform for 500 rupees. It was a data breach that was disclosed by India’s Tribune News Service. The reporters would enter a 12-digit Aadhaar number belonging to all the citizens of India. All types of information belonging to the member would be obtained from the Unique Identification Authority of India (UIDAI). If a person added 300 rupees, the hackers would allow them entry into the software, and one could print the details on the ID card.

Exactis
In June 2018, data breaches continued and Vinny Troia, a security researcher, discovered that Exactis, which is a data and marketing aggregation company in Florida had its data hacked. The firm had unintentionally left its data unprotected in an accessible server that could be accessed by the public. The information belonged to over 340 million Americans and their business. The American people who were affected had their phone numbers, email addresses, children’s names, and their physical addresses made accessible.

Under Armour
In May 2018 Under Armour had 150 million of its records breached. The hacker had illegally accessed Under Armour’s MyFitnessPal platform that tracks workouts and diets of the users. The usernames, hashed passwords and email addresses belonging to the users were exposed. However, luckily, the payment information belonging to the users was not accessed, nor were their Social Security Numbers as they are processed by Under Armour separately.

MyHeritage Investment
On 4th June 2018, MyHeritage had its 92 million records breached. However, MyHeritage’s investment in a security researcher paid off. The researcher informed MyHeritage Chief Security Officer of a labelled file tagged ‘MyHeritage’ in a server that did not belong to MyHeritage. The server was private and was outside the precincts of MyHeritage. On closer inspection, the file had all the email addresses of MyHeritage users who had joined the company before 26th October 2017. Luckily enough, the members’ payment information was not in that location even though the users hashed passwords were.

Facebook
Facebook was not spared from the data breach attack either. On 17th March, 87 million of its records were breached. Even before Facebook had sorted out this data breach, Cambridge Analytical, the party-political data firm interfered with over 50 million Facebook’s user's information. Cambridge Analytical had an app that would scrap Facebook users’ social networks, users’ personalities and the users’ engagements on the Facebook platform. 

Panera
On 2nd April Panera had 37 million of its records breached. Daylan Houlihan, a security researcher, contacted Brian Krebs who is an investigative journalist on security matters about Panera Bread data breach. It was a breach that exposed in plaintext Panera.com members’ private records. The hackers were scraped and later indexed by use of automated tools. Dylan attempted to brief Panera about the data breach, but he was dismissed. In eight months, Houlihan kept a closer look at Panera Bread’s data susceptibility and let Krebs know the outcome. Thirty-seven million of its members’ information had been tampered with.

As you can see, there are many high profile data breaches that have occurred throughout 2018. In order to ensure your business does not become a victim, there are a number of steps you should take. VPNGeeks suggests a range of different VPNs that can help you to act more securely online. You should also ensure your employees are on board with the latest cyber security methods.


You must be logged in to comment

Write a comment

No comments




Sign up to view our publications

Sign up

Sign up to view our downloads

Sign up

Anti-Counterfeiting Forum 2019
20th March 2019
United Kingdom Farnborough, Hampshire
The Security Event 2019
9th April 2019
United Kingdom NEC, Birmingham