5 Biggest Data Breaches of 2019, and What We Learned from Them

At the end of the decade, we’re closing a very eventful chapter in the book of cybercrime. The data breaches reported in the year 2019 nearly doubled compared to the numbers logged in 2018. Statistically, over 3,800 breaches were publicly disclosed in 2019, but let’s not forget that the actual number can be a lot higher with all the cybercrime activity that remains unreported.

More than 4.1 billion records were exposed by various data breaches in 2019, and that sets a daunting precedent for 2020. Seeing how the numbers have been rising steadily over the past few years, we can only brace ourselves for what is yet to come.

We would like to take this opportunity and discuss the five biggest data breaches of 2019, and see what we can learn from them. Let’s start with arguably the biggest cyber incident of 2019: The Capital One data breach.

Capital One Cyber Incident

The Capital One data breach that occurred between March 22nd and 23rd, 2019, is arguably the biggest cybersecurity incident of 2019 because it led to a breach of over 106 million records, thus, affecting millions and millions of customers.

According to the official report posted by Capital One, the financial corporation determined that “an outside individual gained unauthorized access and obtained certain types of personal information about Capital One card customers” on July 19, 2019. The company is said to have fixed the issue immediately, and the hacker was caught by the FBI, too.

Luckily, no credit card account numbers or login credentials were stolen by the hacker, and since the perpetrator was apprehended by the law enforcement authorities, it is believed that no data was used for fraud or shared. Based on the information available, the hacker managed to access the credit card application data of 100 million customers in the United States and 6 million in Canada. Aside from that, the individual also managed to obtain the customer status data and fragments of transaction data, as well as about 140,000 social security numbers and about 80,000 linked bank account numbers.

In order to mitigate this data breach, Capital One notified all the individuals whose information was accessed by the hacker. The corporation offers free credit monitoring and identity protection to everyone affected by the incident.

Evite Data Breach

Unfortunately, the Capital One data breach wasn’t the only one that affected more than 100 million customers. A social-planning website Evite reported in February 2019 that a storage file that held information about the company’s customers from 2013 and earlier was accessed by an unauthorized third party. Although the hackers didn’t access the latest information on the company’s users, the information acquired included usernames, emails, passwords, and other personal information (if users had provided it).

The upside of this story is that unlike Capital One, Evite doesn’t store user’s financial information, so this data breach didn’t have great financial implications. Also, Evite issued recommendations on what the users are supposed to do to deal with the consequences of this cyber security incident.

First, they should definitely change the password on their Evite account. It is also strongly recommended to change passwords on all accounts that employ the password that was compromised by this hack. In other words, it is not a good idea to reuse passwords. Just like every single lock is supposed to have a unique key, each and every account should have a unique password.

If you’re wondering how you can ensure that, consider trying out Cyclonis Password Manager. This tool offers a free 30-day trial, and it helps users create strong and unique passwords for every single account. Since it is hard to memorize all the unique passwords, Cyclonis Password Manager also stores them for you. Sounds neat, doesn’t it? A password manager is definitely something users should consider employing if they got affected by this and other data breaches.

Bio Star 2 Breach

We covered the Bio Star 2 data breach back in August. Unlike the cybersecurity incidents we discussed before, this one was all about biometrics. More than 28 million records containing fingerprint data, facial recognition data, face photos, and other sensitive information was exposed.

The problem was that the database that stored this information was not encrypted. There are multiple companies out there that use Bio Star 2, the web-based security platform. For example, it can allow a company’s employees to enter buildings and offices using biometric authentication. Since the database storing this information wasn’t encrypted, it means anyone could have potentially breached it to access the data. Therefore, end-user cannot do much about such a breach. It’s the company that provides such services that needs to step-up their security measures.

LabCorp Data Breach

The timeline of some data thefts might stretch over several months. For example, initially, more than 7 million customers of Laboratory Corporation of America Holdings (a.k.a. LabCorp) were affected when the company suffered a cyberattack on July 16, 2018. However, the vulnerable system that wasn’t secured until March 30, 2019. Therefore, it is very likely that LabCorp and the affiliated companies had undergone several continuous attacks for months. At the end, it is estimated that more than 20 million records could have been breached.

LabCorp reported that names, addresses, birth dates, phone numbers, and other types of information were leaked. Although no medical information or Social Security numbers are said to have been leaked, the American Medical Collection Agency (AMCA), which is a LabCorp contractor, issued a statement saying that some of the sensitive information “may have been accessed.” Therefore, users are encouraged to look out for suspicious activity by monitoring their credit card and bank accounts. It would also be a good idea to sign up for a credit-monitoring service.

DoorDash Breach

The final data breach we would like to cover is the DoorDash breach. DoorDash is a food-delivery service, and it uses apps to provide seamless customer experience. On September 26, 2019, DoorDash reported that their app service was hacked, and 4.9 million people who joined the service before April 5, 2018 were affected by the breach. The information accessed by the hackers included names, delivery addresses, phone numbers, and account passwords.

Although the hack leaked the last four digits of payment cards for some customers, DoorDash said that full credit card information wasn’t exposed. However, over 100,000 driver’s license numbers were revealed to third parties.

Again, to counter this breach, users were urged to reset their DoorDash passwords and create strong and unique passwords on all accounts. Also, users are urged to monitor their credit card and bank account statements for any suspicious activities.

As you can see, the common thing among all these hacks is that they usually go for the most vulnerable parts in the security chain. Obviously, it is important that users employ all security measures possible by creating strong passwords and not sharing their sensitive information with unreliable third parties. However, it is clear that the companies that manage and store this information cannot slack either. Otherwise, hackers will snatch the first opportunity to attack.

January 13, 2020

Leave a Reply