The issue was fixed in November for orders going forward. 1. This massive data breach was the result of a data leak on a system run by a state-owned utility company. Exclusive UK Jeweller, Gaff, suffered a data breach that compromised many of its famous clients. In July 2018, Apollo left a database containing billions of data points publicly exposed. In 2019, this sensitive data appeared listed for sale on a dark web marketplace and began circulating more broadly, so it was identified and provided to data security website Have I Been Pwned. Attackers used a small set of employee credentials to access this trove of user data. 14 19 https://t.co/ysGCPZm5U3 pic.twitter.com/nM0Fu4GDY8. The stolen information included encrypted passwords and other personal information, including names, e-mail addresses, physical addresses, phone numbers and dates of birth. Penetration was achieved by the hacker posing as a private investigator from Singapore and convincing staff to relinquish access to the internal database. Apparently, hackers can change your email on your account which allows them to change the password to your account and give them full access. During the investigation of the ransomwares attack impact on its network, they discovered some of its current and former employees personal information was accessed by the attackers. Learn why security and risk management teams have adopted security ratings in this post. The highly sophisticated hackers are believed to also be responsible for the FireEye cyberattack resulting in the theft of its Red Team Assessment tools - a set of tools developed by FireEye to discover cyberattack vulnerabilities within any organizations. After the stolen data was dumped on a hacker forum, a threat actor claimed to have uncovered 158,000 hashed SHA-256 passwords. The hackers shared two million of these LinkedIn records for only $2 total to prove the legitimacy of the information in the stolen data. There was a whirlwind of scams and fraud activity in 2020. Directly accessible data for 170 industries from 50 countries and over 1 million facts: Get quick analyses with our professional research service. The disclosed information included customer names, phone numbers, physical and email addresses, and the last four digits of their payment card, as well as the source code for the companys app. This is a complete guide to security ratings and common usecases. May 7, 2021: CaptureRx, a healthcare system IT company, exposed almost 2 million patient records belonging to over 100 hospitals and healthcare organizations after it was targeted by a ransomware attack. Even if hashed, they could still be unencrypted with sophisticated brute force methods. Most of the damages included payments to affected individuals, credit card companies, banks, and lawsuits. The records exposed included private conversations between adult dating site members as well as the following Personally Identifiable Information: Besides the personal information of website members, this data breach also exposed many scam dating websites with fabricated female profiles.. Antheus Tecnologia, a Brazilian biometrics company specializing in the development of fingerprint identification systems, suffered a breach to its server which could potentially expose 76,000 unique fingerprint records. In March 2020, nation-state hackers believed to be from Russian, compromised a DLL file linked to software update for the Orion platform by SolarWinds. February 2, 2021: A database containing more than 3.2 billion unique pairs of cleartext emails and passwords belonging to past leaks from Netflix, LinkedIn, Exploit.in, Bitcoin, Yahoo, and more were discovered online. This figure had increased by 37 . Macy's, Inc. will provide consumer protection services at no cost to those customers. This event was one of the biggest data breaches in Australia. In October 2016, hackers collected 20 years of data on six databases that included names, email addresses and passwords for The AdultFriendFinder Network. "The company has already begun notifying regulatory authorities. The attacker also claimed to have gainedOAuthlogin tokens for users who signed in via Google. It was only about two years later that Yahoo publicly disclosed the breach after a stolen database from the company allegedly went up for sale on the black market. How UpGuard helps healthcare industry with security best practices. Yahoo disclosed that a breach in August 2013 by a group of hackers had compromised 1 billion accounts. The Magellan attack was one of the largest breaches to the healthcare sector in 2020. Eugene is the Director, Technology and Security of Sontiq, a TransUnion company. IdentityForce is a leading provider of proactive identity, privacy and credit protection for individuals, businesses, and government agencies. A new IRS ruling recognizes employer paid ID theft protection as a non-taxable, nonreportable benefit. The FriendFinder Network includes websites like Adult Friend Finder, Penthouse.com, Cams.com, iCams.com, and Stripshow.com. Panera Bread confirmed on April 2, 2018 that it was notified of a data leak on its website. You can opt out anytime. Learn about the dangers of typosquatting and what your business can do to protect itself from this malicious threat. Facebook: quarterly number of MAU (monthly active users) worldwide 2008-2022, Quarterly smartphone market share worldwide by vendor 2009-2022, Number of apps available in leading app stores Q3 2022. The LinkedIn account users data was scrapped or imported from the website into a database, and includes names, LinkedIn account IDs, email addresses, phone numbers, gender, LinkedIn profile links, connected social media profile links, professional titles and other work-related personal data. You may also be interested in our list of biggest data breaches in the finance and healthcare industries. Many of them were caused by flaws in payment systems either online or in stores. Capital One Data Breach Compromises Data of Over 100 Million 475 The breach at Capital One, which led to charges against a software engineer in Seattle, was one of the largest-ever thefts. Encrypted credit-card information was also exposed, and, potentially, the key to decrypt it. The hacker was running a business selling Personal Identifiable Information and was selling the credit card numbers and social security numbers he had accessed in the breach. But, as we entered the 2010s, things started to change. Left unanswered is why LinkedIn did not further investigate the original breach, or inform more than 100 million affected users, in the intervening four years. Once downloaded, the software granted remote access to the company devices and to the customer relationship management (CRM) software containing account records for 4.9 million customers. !function(e,i,n,s){var t="InfogramEmbeds",d=e.getElementsByTagName("script")[0];if(window[t]&&window[t].initialized)window[t].process&&window[t].process();else if(!e.getElementById(n)){var o=e.createElement("script");o.async=1,o.id=n,o.src="https://e.infogram.com/js/dist/embed-loader-min.js",d.parentNode.insertBefore(o,d)}}(document,0,"infogram-async"); Wayfair posted its first profitable year in 2020, but dropped back into the negatives in 2021, posting a $131 million annual loss. Published by Ani Petrosyan , Jul 7, 2022. The data breach contained an internal ID, username, email, encrypted password and password hint in plain text. Learn about the difference between a data breach and a data leak. Learn more about the latest issues in cybersecurity. Given that FireEyes clientbase includes government entities, it is further speculated that these Red Team Assessment tools made the U.S. Government data breach possible - an attack labeled by cyber security experts as the biggest breach in the nations security history. The list of victims continues to grow. Wayfair generated $13.7 billion revenue in 2021, a 2.8% contraction on 2020 It posted a net loss in 2021 of $131 million Wayfair has over 30 million active buyers Wayfair overview Wayfair revenue Wayfair had its first decline in annual revenue in 2021, after eight years of increases. On August 14, grocery chain Hy-Vee announced that it has launched an investigation to look into unauthorized transactions made at some of its fuel pumps, drive-thru coffee shops, and restaurants. At the time, the company said it believed only customers who shopped on and purchased items from the US version of Adidas.com could have been affected by the breach. The accessed data also contained comprehensive voter analysis based on Reddit post activity which could be used to predict how somebody would vote on a particular issue. Customers who visited Darden-owned Cheddar's Scratch Kitchen between November 3, 2017 and January 2, 2018 may have had their credit-card information stolen. The sensitive medical information involved in the cyberattack includes names, birthdates and prescription details. In June 2013, a data breach allegedly originating from social website Badoo was found to be circulated. At the time of the breach, Heartland was processing north of 100 million credit card transactions per month for 175,000 merchants. That revelation prompted other services to comb their LinkedIn data and force their own users to change any passwords that matched (kudos to Netflix for taking the lead on this one.) Though a slightly different type of data breach as the information was not stolen from Facebook, the incident that affected 87 million Facebook accounts represented the use of personal information for purposes that the affected users did not appreciate. The former social media network giant has since invalidated all passwords belonging to accounts that were set up prior to 2013. Marriott has once again fallen victim to yet another guest record breach. A highly sophisticated cyber attack breached exposed the data of 9 million easyJet customers. Amazon began investigating the breach on the day it was disclosed to them with the third-party company involved shutting down the database on 8 February. Hudson's Bay also owns Lord & Taylor, and those stores were also affected by the breach. Exposed information included names, mailing addresses, phone numbers, email addresses, passport numbers, dates of birth, gender, and other Starwood account information. April 12, 2021: A third-party software vulnerability is responsible for exposing 21 million customer records belonging to ParkMobile, a contactless payment parking app. In June of 2018, Florida-based marketing and data aggregation firm Exactis exposed a database containing nearly 340 million records on a publicly accessible server. According to one source, the hacker gained access to the Slack account of an HR employee, as well as data such as email addresses, phone numbers, and salaries of Activision employees. The leaked details of more than 2.28 million users registered included names, email addresses, location details, dating preferences, marital status, birth dates, IP addresses, Bcrypt-hashed account passwords, Facebook user IDs and Facebook authentication tokens. The PII included clients names, dates of birth, drivers license or personal identification card numbers, Social Security Numbers, payment account numbers, payment card information, biometric data including but not limited to medical information and history, medical diagnosis and treatment information, health insurance information and other personal information. Data accessed in the breach included travel details email addresses as well as the complete credit card details of 2,208 customers. The criminal had access to the account for 24 hours, allowing permission to view Personally Identifying Information (PII) contained in Unclaimed Property Holder Reports and to send more phishing emails to the hacked SCO employees contacts. The breaches occurred over several occasions ranging from July 2005 to January 2007. The personal information in the databases included customer names, addresses, phone numbers, birth dates, Shoppers Club numbers, email addresses and hashed passwords to Wegmans.com accounts. Search help topics (e.g. The exposed information for each platform varies but includes users names, phone numbers, email addresses, profile links, usernames, profile pictures, profile description, follower and engagement logistics, location, Messenger ID, website link, job profile, LinkedIn profile link, connected social media account login names and company name. March 23, 2021: A database containing records of over 300,000 customers of the arts and crafts chain store, Hobby Lobby, was exposed after the company suffered a cloud-bucket misconfiguration. Employee login information was first accessed from malware that was installed internally. By multiplying its internal login authentications and continuously scanning for data breaches, Marriott could mitigate, or completely prevent future cyber attacks.. Monitor your business for data breaches and protect your customers' trust. January 11, 2021: A Chinese social media management company, Socialarks, suffered a data leak through an unsecured database that exposed account details and Personally Identifiable Information (PII) of at least 214 million social media users from Facebook and Instagram and LinkedIn. Shop Wayfair for A Zillion Things Home across all styles and budgets. Impact:Personal information of 57 million Uber users and 600,000 drivers exposed. March 26, 2021: The Cancer Treatment Centers of America sent out notifications to 104,808 patients, alerting them a compromised email account led to medical information being accessed by an unknown third-party. This number may represent the total number of email accounts targeted in the phishing campaigns, but that hasnt yet been confirmed. Thank you! January 11, 2021: One of the biggest Internet of Things (IoT) technology vendors, Ubiquiti, Inc., alerted its customers of a data breach caused by unauthorized access to their database through a third-party cloud provider. It was fixed for past orders in December. MyHeritage, a genealogical service website was compromised, affecting more than 92 million user accounts. Internet users in the 2000s gravitated towards websites that were named after the specific product they were looking for, and they tended to perform better in search rankings. Learn about the latest issues in cyber security and how they affect you. Find your information in our database containing over 20,000 reports, best-selling e-commerce retailers in the United States, furniture and appliances e-commerce sales, shopping elsewhere than Amazon on Prime Day, United States, the company devoted nearly 1.2 billion to advertising, U.S. retailers with the largest ad spending. This is a complete guide to preventing third-party data breaches. In May 2019, First American Financial Corporation reportedly leaked 885 million users' sensitive records that date back more than 16 years, including bank account records, social security numbers, wire transactions, and other mortgage paperwork. Just wanted to share my experience to warn other people and see if anyone else has had this experience as well. Only the last four digits of a customer's credit-card number were on the page, however. January 20, 2021: A database containing 1.9 million user records belonging to Pixlr, a free online photo-editing application, was leaked by a hacker. In September 2017, Equifax, one of the three largest consumer credit reporting agencies in the United States, announced that its systems had been breached and the sensitive personal data of 148 million Americans had been compromised. Twitter told its 330 million users to change their passwords but the company said it fixed the bug and that there was no indication of a breach or misuse, but encouraged the password update as a precaution. Facebook saw 214 million records breached via an unsecured database. Note: This post will be continuously updated with new information as additional 2021 data breaches are reported. How UpGuard helps tech companies scale securely. A report published by cybersecurity firm Shape Security showed that 80-90% of the people who log in to a retailer's e-commerce site are hackers using stolen data. Signet Jewelers, parent company of Kay Jewelers, had a vulnerability in its website that exposed customers' information after they had purchased jewelry online. Twitch, an Amazon-owned company, suffered a breach of almost its entire code base. Key Points. liability for the information given being complete or correct. To prevent further breaches, Nintendo posted a tweet asking members to enable 2-step authentication. Macy's customers are also at risk for an even older hack. Mailchimp fell victim to a data breach after cybercriminals gained access to a tool used by internal customer support and account administration teams following a successful social engineering attack. MyHeritage earned praise for promptly investigating and disclosing details of the breach to the public. This lethal combination meant that anybody with knowledge of the server IP address could access the leaked sensitive data, and thats exactly what happened. June 11, 2021: The personal and shipping information of over 410,000 customers of the baby clothing retailer, Carters, were exposed due to a third-party data breach with the companys online purchases software. March 9, 2021: A third-party ransomware attack exposed the personal information of over 200,000 patients, providers and staff of MultiCare Health System, a non-profit health care organization. Most cybercriminals post stolen data for sale after a breach, but the unidentified cybercriminal - who was likely using a proxy server - was not interested in monetary gain. While it isnt clear how hackers gained access to accounts, its speculated that weak passwords are to blame. Marketplace | News & Insights | Data | Events, Pinterest Revenue and Usage Statistics (2023), E-commerce App Revenue and Usage Statistics (2023), Depop Revenue and Usage Statistics (2023), Shein Revenue and Usage Statistics (2023), Niraj Shah (CEO, co-founder), Steve Conine (co-founder), Wayfair Revenue and Usage Statistics (2023), Wayfair generated $13.7 billion revenue in 2021, a 2.8% contraction on 2020, It posted a net loss in 2021 of $131 million, Wayfair has over 30 million active buyers. In late 2016, Uber learned that two hackers were able to access the names, email addresses, and mobile phone numbers of 57 million users of the Uber app. However, by October of 2017, Yahoo changed the estimate to 3 billion user accounts. This incident was the impetus to Joe Biden's Cybersecurity Executive Order that now enforces all organizations to strengthen their supply chain security efforts. The breach was disclosed in May 2014, after a month-long investigation by eBay. In mid 2012, Dropbox suffered a data breach which exposed 68 million records that contained email addresses and salted hashes of passwords (half SHA1, half bcrypt). Experian suffered another breach in 2020, when a threat actor claiming to be Experian's client convinced staff to relinquish customer information for marketing purposes. By changing the link customers received confirming online orders, anyone could access information including customers'names, the order's billing address, shipping address, phone number, and email address, plus the number of items and total dollar amount for the order, the delivery date, and a tracking link. The data breach was disclosed in December 2021 by a law firm representing each sports store. The breached database was discovered by the UpGuard Cyber Research team. However, this initial breach was just the preliminary stage of the entire cyberattack plan. UpGuard's researchers also discovered and disclosed a related breach by AggregateIQ, a Canadian company with close ties to Cambridge Analytica. Read more about this Facebook data breach here. Guests staying at any of the Starwood brand's hotels, including W Hotels, St. Regis, Sheraton, Westin, Element, and Aloft, on or before September 10, likely had their data exposed. The exposed database contains order information for over 7 million customers, including addresses, phone numbers and account information for 1.8 million registered customers, and 3.5 million partial credit card records. The security team at MyHeritage confirmed that the content of the file affected the 92 million users, but found no evidence that the data was ever used by the attackers. But threat actors could still exploit the stolen information. The breach exposed highly personal information such as people's phone numbers, home, and email addresses, interests, and the number, age, and gender of their children. Included in the breached data was patient social security numbers, W-2 information and employee ID numbers. In May of 2018, social media giant Twitter notified users of a glitch that stored passwords unmasked in an internal log, making all user passwords accessible to the internal network. The breach occurred through Mailfires unsecured Elasticsearch server. Exposed data types include Social Security numbers, drivers license numbers, login information, medical records such as lab results and treatment information, and more. July 9, 2021: U.S. healthcare provider, Forefront Dermatology, announced unauthorized access to its IT systems exposed the personal data and medical records of up to 2.4 million patients. Code related to proprietary SDKs and internal AWS services used by Twitch. The 204 GB leaked database was not password protected and included visitor and session IDs, device information, configuration data, as well as multiple records for medications, including COVID-19 vaccines and CVS products. The retailer confirmed that some customersshopping online at Macys.com and Bloomingdales.com between April 26, 2018 and June 12, 2018 could have had their personal information and credit-card details exposed to a third party.