data breaches 2020

 

Privacy Policy and Cookie Policy, Identity and Access Management Services (IAM), Ransomware Hits Largest US Fertility Clinic. Before deleting the data, the cybercriminals copied sensitive data from over 6 million donors, potential donors, patients, and community members including names, emails, phone numbers, dates of birth, genders, provider names, dates of service, department visited, and philanthropic giving history. May 24, 2020: At least 25 million Mathway app users, a top-rated mobile app calculator, had their email address and password exposed to data thieves, and the leaked database was quickly found for sale on the dark web. The information accessed through the attack includes patient names, addresses, dates of birth, medical record numbers, account numbers, health insurance information, Medicare numbers, Medicare Health Insurance Claim Numbers (which can include Social Security numbers), and limited clinical and treatment information. An undisclosed number of email addresses, geographic location data, detailed device data, and links to photos and videos posted by parents have been impacted. December 11, 2020:A phishing attack on the vision benefits management company, EyeMed, exposed the personal and medical information of hundreds of thousands of health plan members, including 484,157 Aetna members (announced on December 28, 2020,) 60,545 members of Tufts Health Plan, and 1,300 members of Blue Cross Blue Shield of Tennessee. They are faced with overwhelming, competing challenges as they continue to navigate the crisis. 2020’s Biggest Data Breaches Throughout this year, dozens of high-profile data breaches made headlines. Please take a moment to review those changes. According to the Ponemon Institute, 76% of organizations don’t have a Cybersecurity Incident Response Plan (CSIRP) applied consistently across the enterprise. These files included household addresses, names of the head of the household, gender, and Mosaic group ID. 2020 Data Breaches | The Most Significant Breaches of the Year. Unfortunately, most organizations are still ill-equipped to handle a significant cybersecurity incident, much less amid a crisis like a pandemic. October 16, 2020: A year-long Point-of-Sale (POS) system breach has impacted 3 million customers of the popular national BBQ chain, Dickey’s Barbecue Pit. The leaked information included names, phone numbers, dates of birth, email and home addresses, and GPS coordinates, as well as other technical information. 2020 has been a wild ride all around, and it’s been extra bumpy for cybersecurity. The Health Share of Oregon data breach disclosed sensitive data, including names, addresses, phone numbers, dates of birth, Social Security numbers, and Medicaid ID numbers. 29. In 2020, a major cyberattack by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. Data monopolies allow tech companies to know too much about us. April 27, 2020:  A credential stuffing attack using previously exposed user IDs and passwords of popular video game company, Nintendo, granted hackers access to over 160,000 player accounts. April 13, 2020: Two websites hosted by the San Francisco International Airport (SFO), SFOConnect.com and SFOConstruction.com, suffered a security incident in which hackers injected malicious code to collect users’ login credentials. They believed that it was a state-sponsored attack based on the attacker’s discipline, operational security, and techniques. Although no financial information was disclosed, the breach exposed names, phone numbers, emails, birth dates, home addresses, and encrypted Social Security numbers. Third-parties are […] The highly sophisticated hacker also attempted to search and gather information related to the company’s government customers. “Based on my 25 years in cybersecurity and responding to incidents, I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities. 2020 Data Breach Investigations Report Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. The cyber landscape in 2020 The past year has profoundly accelerated the growth in digital dependence. The information disclosed during the attack included names, addresses, dates of birth, phone numbers, email addresses, vision insurance account/identification numbers, health insurance account/identification numbers, Medicaid or Medicare numbers, driver’s license, birth or marriage certificates. The information exposed includes names, dates of birth, social security numbers, and home addresses. In 2020, surveys showed that over half of Americans were concerned about data breaches in natural disasters and personal safety as a result of the pandemic. Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. “Upon notification of the issue, engineers remediated the configuration on December 31, 2019, to restrict the database and prevent unauthorized access. More than 3.2 million records were exposed in the 10 biggest data breaches in the first half of 2020, with eight of the top 10 breaches occurring at medical or health-care organizations. The data found for sale includes names, email addresses, phone numbers, addresses, scrambled passwords, and the last four digits of credit card numbers. July 28, 2020: The online alcohol delivery startup Drizly disclosed to its customers that a hacker accessed the account details of 2.5 million Drizly accounts. The third-party data leak affected guests that have booked reservations through travel companies such as Expedia, Hotels.com, Booking.com, Agoda, Amadeus, Hotelbeds, Omnibees, Sabre and more. The breached portal exposed names, Social Security numbers, physical and email addresses, dates of birth, citizen status, and insurance information of business owners applying for emergency loans during COVID-19. For a smaller number of members, partial or full social security numbers and/or financial information, medical diagnoses and conditions, treatment information, and passport numbers were also included. November 25, 2020: Cannon, a popular camera manufacturer, publicly disclosed a ransomware attack and resulting data breach targeting the firm had occurred for several weeks in July and August of 2020. The company has not disclosed how many customers have been impacted, but noted billing and shipping addresses, telephone numbers, and email addresses were accessed in the data leak. Before we get into the specifics, it is worth noting a few important facts about these API […] 71% of all data breaches are financially motivated. XSS Attacks 3. The threat actors gained access to three data files inadvertently stored in an unsecured external storage system. Last year, we also began to see the Federal Trade Commission (FTC) impose hefty fines and penalties on organizations, such as those relating to the Equifax breach and Facebook data leaks, to settle charges of improper handling of Personally Identifiable Information (PII). The various methods used in the breaches are also listed, with hacking being the most common. Microsoft’s exposed database disclosed email addresses, IP addresses, and support case details. We also use third-party cookies that help us analyze and understand how you use this website. According to SafetyDetectives, the Personally Identifiable Information (PII) exposed in the breach included: Cybercriminals could have exploited this data to conduct identity theft, phishing scams, website attacks, and blackmailing. New findings also suggest that the impact is not felt exclusively when a data breach is discovered - the financial impact can remain for more than 2 years after the initial incident. We've updated our Privacy Policy. Below here, we discussed the ten biggest data breaches, in no particular order, that made headlines in 2020. The hackers used the stolen accounts to buy coveted digital items. The cyber landscape in 2020. Magellan Health, a Fortune 500 company, fell victim to a ransomware attack in April 2020, where over 365,000 patient records were compromised. Suite 190, Irving, TX 75038. March 31, 2020: Using the login credentials of two employees through a third-party app used to provide guest services, Marriott International hotels exposed the information of 5.2 million guests. Read about 4 main types of data breaches that are threatening today’s enterprises and how to safeguard your organization’s data systems in our post. Amid the remote working culture triggered by the pandemic, Zoom video conferencing app has become the most used application for virtual meetings and online collaboration. In particular, misconfiguration errors have dramatically increased since 2017, though the researchers acknowledge this is mostly due to "internet … In April 2020, Nintendo announced that it suffered a cyberattack, and 160,000 user accounts have been compromised. The rising trend in data breaches continues to angle upwards, and as a result, there has never been a more precarious time in history to launch and maintain a successful business. He oversees the architecture of the core technology platform for Sontiq. The data breach exposed patient names, dates of birth, addresses, phone numbers, e-mails, admission and discharge dates, locations of services, and physician names and specialties. That brings the total for 2020 to more than 20 billion. At least 530,000 Zoom accounts were listed for sale on the dark web and hacker forums. Also Read: Cyber Security Threats and Attacks. Data exposed includes leak dates, passwords, email addresses, email domains, and companies that were the source of the original leaks. Since the COVID-19 pandemic has forced companies to move their business to remote operations, there has been a significant increase in the “I am giving back to the community. on the dark web for free. January 22, 2020: A customer support database holding over 280 million Microsoft customer records was left unprotected on the web. The accessed information includes patient names, gender, date of birth, mailing address, phone number, email address, health insurance information, internal record numbers, diagnostic information, and a small number of Social Security numbers. Microsoft says the database did not include any other personal information. API Data Breaches in 2020 As we near the end of Year 2020, it is time for us to look back and review some of the major API-related data breaches and/or data leakage vulnerabilities in the past year. There are 4 major types of data breaches that organizations should be aware of in 2020: 1. Payment logs including credit card type, amount paid, and applicable currency, Personal information including names, DOB, gender, and age, Records exposed in 2014 breach: 40 million, Records exposed: 100,000 files or 10GB data, Component design for civil and military aircraft, Aligning your security strategy with your business demands, Securing your digital assets, users, and data, Managing your defenses against growing risks. September 7, 2020:  A phishing attack led to the protected health information of 140,000 medical patients of Imperium Health Management to be exposed. December 10, 2020: A cyberattack on healthcare provider, Dental Care Alliance, exposed sensitive personal and medical information of over 1 million patients. November 3, 2020:  Malware embedded in the online shopping platform of precious metals dealer, JM Bullion, captured the personal and banking card information of customers who made purchases between February and July 2020. In 2020, a major cyberattack by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. The app allows its users to easily upload and store scans and photos of membership and loyalty cards to a digital folder in their mobile device. The accessed information includes names, addresses, dates of birth, Social Security numbers, and medical information. June 22, 2020: More than 296 GB of data was leaked from US law enforcement agencies and fusion centers and posted the files online on a searchable portal titled BlueLeaks. Email addresses, passwords, personal meeting URLs, and host keys are said to be collected through a credential stuffing attack. Comparitech’s security experts discovered the unprotected database cluster, which contained more than 350 million records. But opting out of some of these cookies may have an effect on your browsing experience. The information exposed in the data leak includes names, email addresses, national ID numbers, phone numbers of hotel guests, and reservation details such as reservation number, dates of a stay, the price paid per night. September 16, 2020:  Children’s Hospitals and Clinics of Minnesota sent notification that a third-party data breach exposed over 160,000 patient records. Ransomware Attacks 2. This breach is the latest in a string of Magecart attacks, where hackers install malicious malware in Point of Sale (POS) systems to skim credit card information. Data breaches aren’t going anywhere and we’re here to keep you up-to-date on the worst data breaches of the year putting you at risk of identity theft. The details leaked include email addresses, geolocation data, IP addresses, system user IDs, support messages and technical details. The malicious actor uploaded the personal information of 10.6 million hotel guests on a hacker forum for free. Data security incidents, which are breaches of the seventh data protection principle or personal data breaches reported under the Privacy and Electronic Communications Regulations, are a major concern for those affected and a key area of action for the ICO. At StealthLabs, we focus on helping clients thrive in the face of cyber uncertainty. Over 10TB of breached data belonging to potentially thousands of current and former employees working for Cannon between 2005 and 2020 was compromised, including Social … September 5, 2020:  Over 1 million inmates that have used the prison phone service, Telmate, have had their personal information exposed in an unsecured database. Regrettably, the engineer responsible disabled the firewall for about 10 minutes to speed up the process. March 11, 2020: Whisper, an anonymous secret-sharing app, has left member information exposed in an unsecured database. 1,531,855 records were breached across 39 healthcare data breaches in February 2020 alone. May 20, 2020: Over 40 million users of the mobile app, Wishbone, had their personal information up for sale on the dark web. An unauthorized third party gained access to an undisclosed number of employee Form I9’s, containing full name, date of birth, phone number, social security number, passport numbers, mailing address, and email address. (Verizon) It’s no surprise that money is the motivation behind the majority of hacks. The exposed data contained information about reported data breaches throughout 2012-2019. Six years ago, 80% of payment-card related investigations on data breaches were for point-of-sale merchants, while in 2020 that figure is only 20%. May 20, 2020: The information belonging to 8 million users of the home meal delivery service, Home Chef, was found for sale on the dark web after a data breach. May 28, 2020: More than 5 million user records belonging to Minted, an online consumer marketplace for art, home decor, and stationary, were sold by a hacker on the dark web. Telephone number, billing address, shipping address(es), and date of birth were also impacted for a portion of their customers. October 6, 2020: Customers of the food delivery startup, Chowbus, received an email notification from the company that included a link to access the personal and account information of about 800,000 customers.