The worst data breaches of 2018
In 2018 the world has experienced the worst data breaches in major businesses. This unplanned or unintended discharge of confidential information to unauthorised parties has left the global business community in shock and loss.
The mention of data spill or data leak has left CEOs and directors of companies in a devastated state. The answers and safeguards to data breaches are yet to be fully realised. As if the damage of data breaches is not enough, the pre-planned assaults by hackers are still looming in the dark and ready to strike any time. But all is not lost as small, medium and big businesses are spending a fortune to beef up their IT infrastructure and their software security systems.
According to Barkly, Aadhaar of India experienced a data breach that averaged 1.1 billion of its records on 3rd January 2018. The breach involved login credentials for a phoney service that was being sold by unknown sellers over the WhatsApp platform for 500 rupees. It was a data breach that was disclosed by India’s Tribune News Service. The reporters would enter a 12-digit Aadhaar number belonging to all the citizens of India. All types of information belonging to the member would be obtained from the Unique Identification Authority of India (UIDAI). If a person added 300 rupees, the hackers would allow them entry into the software, and one could print the details on the ID card.
In June 2018, data breaches continued and Vinny Troia, a security researcher, discovered that Exactis, which is a data and marketing aggregation company in Florida had its data hacked. The firm had unintentionally left its data unprotected in an accessible server that could be accessed by the public. The information belonged to over 340 million Americans and their business. The American people who were affected had their phone numbers, email addresses, children’s names, and their physical addresses made accessible.
In May 2018 Under Armour had 150 million of its records breached. The hacker had illegally accessed Under Armour’s MyFitnessPal platform that tracks workouts and diets of the users. The usernames, hashed passwords and email addresses belonging to the users were exposed. However, luckily, the payment information belonging to the users was not accessed, nor were their Social Security Numbers as they are processed by Under Armour separately.
On 4th June 2018, MyHeritage had its 92 million records breached. However, MyHeritage’s investment in a security researcher paid off. The researcher informed MyHeritage Chief Security Officer of a labelled file tagged ‘MyHeritage’ in a server that did not belong to MyHeritage. The server was private and was outside the precincts of MyHeritage. On closer inspection, the file had all the email addresses of MyHeritage users who had joined the company before 26th October 2017. Luckily enough, the members’ payment information was not in that location even though the users hashed passwords were.
Facebook was not spared from the data breach attack either. On 17th March, 87 million of its records were breached. Even before Facebook had sorted out this data breach, Cambridge Analytical, the party-political data firm interfered with over 50 million Facebook’s user's information. Cambridge Analytical had an app that would scrap Facebook users’ social networks, users’ personalities and the users’ engagements on the Facebook platform.
On 2nd April Panera had 37 million of its records breached. Daylan Houlihan, a security researcher, contacted Brian Krebs who is an investigative journalist on security matters about Panera Bread data breach. It was a breach that exposed in plaintext Panera.com members’ private records. The hackers were scraped and later indexed by use of automated tools. Dylan attempted to brief Panera about the data breach, but he was dismissed. In eight months, Houlihan kept a closer look at Panera Bread’s data susceptibility and let Krebs know the outcome. Thirty-seven million of its members’ information had been tampered with.
As you can see, there are many high profile data breaches that have occurred throughout 2018. In order to ensure your business does not become a victim, there are a number of steps you should take. VPNGeeks suggests a range of different VPNs that can help you to act more securely online. You should also ensure your employees are on board with the latest cyber security methods.