These days, it seems no one is safe from data breaches. From government entities to major banks, organizations around the world have fallen victim to cyberthieves. In a few months 2020 will arrive, marking the end of a decade marred by cybersecurity attacks, international cybercrime and data leaks. Will a new decade usher in an age of security-savvy organizations, or simply smarter cybercriminals? Only time will tell. In the meantime, we highlight the major global breaches of 2019 so far.
Capital One
Records Breached: 106 million
In July of 2019, sensitive information of over 100 million Americans and 6 million Canadians who had applied for Capital One credit cards was breached. According to Capital One’s statement, no credit card number or log-in credentials were leaked, and less than 1% of Social Security Numbers were compromised. However, names, addresses, dates of birth, and some 80,000 linked bank account numbers were exposed.
Interestingly, this is one of the few data breaches where we can put a face to the hacker’s name. Paige A. Thompson, a former employee of Capital One’s cloud hosting company, was eventually arrested and charged for the hack. Taken in stride with the Desjardins breach, it’s clear that far-away foreign hackers aren’t the only cybersecurity threats. Companies need to be vigilant against internal threats as well.
Quest Diagnostics
Records Breached: 11.9 million
Next to this year’s Capital One breach, the hack of Quest Diagnostics was the second biggest newsmaker. Quest’s records were compromised via a third-party data breach which struck American Medical Collection Agency (AMCA), a billing collections vendor that provides services to Quest Diagnostics. In a public statement on the breach, Quest announced that sensitive personal information of about 12 million of their customers may have been exposed, which included credit card numbers, bank account information, medical details, and personal identity and contact details. One month after the breach was exposed, AMCA filed for Chapter 11.
MoviePass
Records Breached: Unknown
Users may have tossed out their MoviePass cards last year, when the discount movie ticket company went bust. But that doesn’t mean they protected their data.
The once-beloved movie ticket company neglected to password-protect a critical server. As a result, tens of thousands of MoviePass card numbers and personal credit card numbers were exposed. During their investigation, TechCrunch also discovered customer records including credit card numbers and their expiration date, complete with billing information, names and home addresses. That’s enough information to make fraudulent purchases online.
Canva
Records Breached: 139 million
Notorious hacker GnosticPlayers is at it again this year, putting the data of over a million Canva users up for sale on the dark web.
Providing graphic design services for millions of users around the world, Canva is one of Australia’s largest tech companies. It’s no surprise that GnosticPlayers, who is responsible for major hacks like MyFitnessPal and MyHeritage, went after the successful tech company.
But unlike many of the companies hacked before them, Canva played it safe with their data. While customers’ names and usernames were made available, Canva had the foresight to encrypt users’ passwords within their system. This encryption ensured that all passwords were hidden by a nearly impossible to crack code.
Desjardins
Records Breached: 2.9 million
In 2018, Global Finance named Desjardins one of the world’s safest banks. In 2019, that came crashing down when a former employee exposed the personal data of over 2.9 million credit union members. The breach impacted over 40% of Desjardins’ members, compromising information such as names, birthdays, social insurance numbers, addresses, email addresses and more. Thankfully, log-in credentials remained secure.
How did the unnamed former employee gain access to the files? Surprisingly, it wasn’t through sophisticated cyber methods. Instead, the employee allegedly created a scheme to earn the trust of his coworkers and gain access to customers’ private data.
National Revenue Agency of Bulgaria
Records Breached: 5 million
After the hack of the Democratic National Party in 2016, the truth came out about the weakness of cybersecurity at government organizations. Since then, a number of cities, states and organizations have been hacked. In 2019, the National Revenue Agency of Bulgaria joined that long list.
This latest hack exposed the information of as many as 5 million Bulgarians and foreign residents — a vast majority of the country’s population of 7 million. In fact, it was the largest theft of personal data ever recorded in the Balkans. Names, addresses, incomes and social security information of citizens were compromised during the hack. While the hacker or hackers still have not been apprehended, they did send a message to the Bulgarian government: “The state of your cybersecurity is a parody.”
Lessons Learned from 2019’s Biggest Breaches
Hackers may be smart, but organizations must be smarter. That means taking preventative measures against cybercriminals. After all, with the right security, even the Equifax breach could have been avoided. Protect your customer and protect your brand with the help of Bluefin.
Bluefin specializes in security technologies, including tokenization and point-to-point encryption (P2PE), to protect payment and PII/PHI data – so that if a breach does occur, Hackers get nothing. We are a staunch advocate of devaluing all valuable data and taking a holistic approach to security. Learn more about our security products or contact us today.