Another year, another series of malicious hacks and data breaches. It’s estimated that in the first half of 2018, over 4.5 billion records were compromised by unauthorized parties. And that doesn’t even begin to cover the millions of records stolen by cyber thieves in the second half of the year. From government entities to retail to food service companies, no one is safe from cyber thieves. These are the nine major breaches that shaped 2018.
Records Breached: 500 million
The travel and hospitality industry proved to be very vulnerable in 2018. In November, Starwood Hotels confirmed that up to 500 million hotel guests’ information had been stolen in a data breach. The data breach was detected on September 10th, but could date back to 2014.
The breach was one the largest in history after the two record-setting Yahoo hacks. What is very alarming about this breach is the wide array of information that was stolen. Cyber thieves didn’t just steal the usual information – names, addresses and credit card information. They also took passport numbers, travel locations and arrival and departure dates. Since they had travel information, it leads authorities to believe that the culprits were nation-state hackers seeking to track the movements of diplomats, spies, military officials and business executives. It is believed that China could be behind the data breach.
Records Breached: 380,000
Approximately 380,000 travelers who purchased plane tickets on the British Airways website and mobile app were robbed of their personal data in August, including their full credit card information.
British Airways’ response to the sophisticated hack was refreshingly transparent. Whereas many companies fail to notify their customers of breaches in a timely manner, British Airways quickly admitted to their cybersecurity follies, notifying affected customers as soon as possible and providing instructions for reaching out to their personal banks.
Macy’s and Bloomingdale’s
Records Breached: Unknown
Macy’s and Bloomingdale’s customers were left shaken after a letter from Macy’s to impacted customers was leaked to DataBreaches.net on July 9. The letter stated that a third party had accessed online customers’ sensitive personal data, including names, phone numbers, addresses and even credit card information.
The breach came as bad news for Macy’s, which has been struggling to keep up with its online competitors and find its place in the e-commerce market.
Records Breached: 150,000,000
The health-tracking app MyFitnessPal has seen incredible success since it was purchased by Under Armour in 2015 for over $475 million. That same success made it a tempting target for data hackers.
Cyber criminals hit the jackpot when they gained access to over 150 million usernames, emails and passwords in February of 2018. While more sensitive information such as credit card data and driver’s license numbers were kept safe, email addresses and passwords can still prove valuable for cyber thieves. Since many people reuse the same passwords on different accounts, hackers may take that information and use it to attempt to breach more valuable account, such as banking accounts or corporate work emails.
Records Breached: Unknown
Once upon a time, going out to eat meant, well, going out to eat. But today, delivery apps and online ordering are the norm in the food service industry, with more transactions than ever taking place online. And more online business means more opportunities for hackers to take advantage of the food service industry.
Cyber criminals’ latest food service victim is Panera Bread, specifically the MyPanera program. There, hackers breached personal details such as birthdays, names, emails, physical addresses and the last four digits of credit card numbers. While Panera Bread estimated that only 10,000 users were affected, KrebsonSecurity reported that more than 37 million is a more accurate number.
Records Breached: 26,151,608
Hackers hit ticket merchant and EventBrite subsidiary TicketFly hard this year when they breached the names, addresses, phone numbers and email addresses of over 26 million customers. The breach was good news for some music lovers — several venues offered free shows after TicketFly was forced to temporarily shut down their website. However, TicketFly took major losses as they footed the bill.
Medicare and Medicaid
Records Breached: 75,000
Government hacks have been in the public eye since the infamous email hack of the Democratic National Committee in 2016, and 2018 is no different. This year, hackers gained access to HealthCare.gov, the government’s Affordable Care Act enrollment website.
The Centers for Medicare and Medicaid Services moved swiftly to shut down the breached portal and provide credit protection to the 75,000 affected users — a relatively small portion of total users, but a major breach just the same.
Of all government bodies, why hack the CMS? Hackers often target healthcare entities for their treasure trove of valuable consumer information, such as names, emails, SSNs and credit card data.
Records Breached: 92,000,000+
In one of the largest and most frightening breaches of the year, hackers stole over 92 million sensitive records from the DNA ancestry company MyHeritage.
MyHeritage maintains that no genetic data was stolen during the cyber-heist — cyber criminals were more interested in email addresses and passwords. However, the thought that cyber thieves could get their hands on DNA gives us a glimpse into the kind of data hackers could gain access to in the future. With the rising popularity of DNA analysis websites and biometric recognition technology, the amount of digital biometric data in existence is higher than ever — and so are the chances of a major breach.
Records Breached: 30,000,000+
Earlier this year, the Cambridge Analytica scandal rocked the world, shaking the public’s trust in their favorite social media mogul. And in case Cambridge Analytica didn’t do enough damage to Facebook’s reputation, hackers gained access to over 30 million users’ records in September 2018.
Rather than going for payment information or passwords, cyber criminals stole personal data such as names, relationship status, religion, birthdate, employers, search activity and check-in locations. Just what cybercriminals want with such data remains unclear, though it is reminiscent of Cambridge Analytica and other politically motivated data grabs.
What can we learn from the biggest hacks of 2018?
Cybersecurity experts agree that with the right protection, most data breaches are avoidable. A combination of point-to-point encryption (P2PE) services, tokenization technology and careful employee cybersecurity training is the best way to prevent your company from becoming the next Equifax or Facebook.
Want to find out how you can protect your customers’ data from hackers and understand the impact of implementing a PCI P2PE system? Bluefin offers P2PE and tokenization solutions that ensure sensitive payment data is protected the moment it enters your system. See our White Paper to understand why P2PE is integral to every business.
Learn more about how you can protect your organization from a data breach, contact a Bluefin representative today.