Digital Identity

Top 6 data breaches of 2019

With 15.1 billion personal records exposed, 2019 holds the record for the largest amount of personal information breached history. For those not yet familiar with the term, a data breach occurs when confidential and sensitive data is viewed or stolen by unauthorized individuals.

To help educate consumers on the importance of protecting their personal information, we have looked back at the security landscape and listed the most impactful data breaches of 2019.

Collection #1 – 773 million records

In January 2019, a massive database containing 773 million emails and 22 million passwords was leaked on a cloud storage website called Mega. The information was gathered from thousands of other data breaches that dated back to 2008.

Facebook – 1.4 billion records

In March 2019, Facebook admitted that thousands of employees had access to 600 million user records that were insecurely stored in plain text file.

One month later, the social media giant counted a new addition to its history of data scandals: Two batches of records housed on an unprotected public storage server exposed the personal information of over 540 million Facebook users. The data included comments, likes, reactions and account names.

The company ‘shone’ once again in December when a third database containing personal information of 267 million was exposed. Names, phone numbers and Facebook IDs where among the sensitive information up for grabs.

Verifications.io – 763 million records

Two security researchers discovered an unsecured database of Verifications.io online. The company ensured that third-party email marketing campaigns were being sent to verified accounts. The database included dates of birth, email addresses, employers, genders, geographic locations, IPs, job titles, names, phone numbers and physical addresses.

First American – 885 million records

Due to its faulty webpage, 885 million highly sensitive records of First American Financial Corp’s customers were leaked. Bank account numbers, tax records, Social Security numbers and driver’s license images were available for anyone.

Capital One – 100 million records

Capital One is the third-largest credit card issuer in the US. In July 2019, a software engineer breached a server holding customer information for Capital One and obtained the personal data of over 100 million people, including Social Security numbers, bank account numbers and credit card applications dating back to early as 2005.

ElasticSearch server– 1.2 billion records

Security researchers discovered an unprotected server containing more than 1 billion personal records. By the end of November 2019, the information was sourced to two data-enrichment companies, and exposed email addresses, social media profiles, phone numbers and job titles.
Before the dawn of the Internet, thieves relied on more ‘primitive’ methods for gaining your personal information, such as dumpster diving and stealing your mail. However, with the new digital toolbox that blossomed alongside the expansion of the Internet, cyber criminals are having a field day, constantly updating their methods, with tremendous success in their schemes.

The Internet is no longer just a place where you can connect with others. It’s part of who we are and linked to all walks of life. The volume of data housed online has been growing exponentially. While we create most of the data, studies show more than 80% of the data is actually stored by companies that rely on this digital information to thrive.

Our data can be stored locally on a machine, on an enterprise database or on a cloud server. Gaining access to restricted networks and files has become a simple game of cat and mouse for some criminals, and sooner or later even the most complex systems can be breached.

While some companies manage to survive a data breach, having sufficient capital or insurance that covers hefty fines and lawsuits, others collapse and go out of business, leaving hundreds of millions of consumers in distress.

A data breach marks the beginning of a series of events and troubles for both customers and businesses. The after-effects of a data breach can be seriously damaging. For example, companies are likely to suffer financial and reputational effects, while customers can fall victim to identity-theft related crimes, impersonation and fraud. On top of the financial distress, recovering from a data breach can be time-consuming and stressful for both parties.

About the author

Alina Bizga

Alina has been a part of the Bitdefender family for some years now, as her past role involved interfacing with end users and partners, advocating Bitdefender technologies and solutions. She is a history buff and passionate about cybersecurity and anything sci-fi. Her spare time is usually split between her two feline friends and traveling.