What is a Data Breach?
According to Norton, a ‘data breach’ is a security incident in which information is accessed without authorization. The definition is pretty simple, but the consequences for companies and individuals are far-reaching.
59% of customers believe their personal data is vulnerable to a security breach. Which says a lot about how we feel about data security.
Data breach represent a true risk for your business and customers. It can affect people’s lives as well as damage company reputation.
We spend a huge amount of time on the Internet, leaving personal information on various sites and our online behavior is oftentimes tracked in a way so there is a digital footprint left behind.
For the purposes of entertainment, online shopping, music, online dating, gaming or socializing via different social media platforms, at some point, you are required to enter your personal data in order to proceed with creating a profile. An example of given data is an email address, name, date-of-birth, photographs, etc.
It seems pretty harmless to the majority to open up their account or provide their data for services, but the level of data security vary from company to company and hackers are finding new and innovative ways every day, to steal your data and use them for personal gain.
30% of companies have over 1,000 sensitive folders open to everyone
Even though Internet users sometimes leave their personal information without a second thought, they are becoming more and more aware that their personal information is at risk of being compromised.
This brings a little bit of paranoia into our lives, we often have a feeling that we are tracked and listened to and, as consumers we feel vulnerable and suspicious.
Well, sometimes you have every right to be paranoid. We are bringing top 5 data breaches in the past 6 months. Maybe you were one of the affected individuals. If so, we hope you were notified.
Where to start with Facebook? We are already so used to reading headlines with words “Facebook” and “data breach” together, that we are not sure if you even care anymore. From 2013 they have been constantly misusing our data, and are affected by data breaches (or caused some themselves). We simply couldn’t make this list without Facebook.
In April 2019, 1.5 million users were hit by a data breach. According to the Bussiness Insider “Facebook harvested the email contacts of 1.5 million users without their knowledge or consent when they opened their accounts.” Facebook stated that the information was uploaded by accident and claimed they deleted it.
What exactly happened?
If you wanted to open a Facebook account the system would ask you to verify your account (which is pretty standard security measure). You would then enter your password for the account and click connect. Facebook would then start to import your contacts from your e-mail, with no chance to cancel or opt-out, or do anything really.
In the same month, 540 million Facebook users personal information have been exposed on unprotected Amazon cloud servers. Such as Facebook IDs, comments, likes, reactions, and account names. The exposed data were not driven from Facebook directly; instead, they were collected online by third-party Facebook app developers. That is why we are just going to mention this breach, but we will count affected users (you can click on the link in the text and read the entire article).
If counting both breaches in 2019, more than half a billion users were affected.
The data that is once put in the circulation can hardly be deleted. It can not be easily erased because the data is already far beyond the reach and control of the company causing irreparable damage.
Recent research on the most lucrative Facebook market (USA) found that almost 15 million fewer people use Facebook today than they did in 2017, with the biggest drop among teens and millennials. You should read our article on customer trust and data breaches and see if those two are connected.
Fortnite is an online video game, and most of us know at least someone who is a Fortnite fan. Or at least someone’s kid since the population of its fans is predominantly teens and younger population. When it comes to data breaches affecting children, it brings even bigger concern.
What exactly happened?
In January 2019, Fortnite accounts were affected by a breach that led to gaining full access to users’ game account and personal information. The game had some vulnerabilities that allowed hackers to log into accounts without a password.
Vulnerable information included bank account information which is linked to the profile so that in-game purchases can be made. This represents a major financial risk for users. Also, this would allow access to listen to in-game activity without users’ knowledge of such action. Hackers could gain various information and personal data once they tuned in.
80 million accounts.
Epic Games found out about data breach in November and they were fixed by January. Still, the popularity of the game makes it very attractive to hackers causing serious problems and damage to the company.
Crypto exchange Coinmama suffered from a huge data breach. Once they found out about the security breach, they formed an investigation team and required users affected by the threat to reset their password upon their next login. Also, they advise users to use unique and strong passwords and try to enhance their security systems to detect and prevent unauthorized access.
What exactly happened?
Coinmama stated that this was part of a bigger data breach. Companies that were affected used open source PostgreSQL database software, and pointed out that this may be where the hackers had their access. Stolen data included emails and hashed passwords from users who registered before August 5th, 2017. Coinmama said that data breach did not affect credit card information.
Over 450 000 users were affected.
This April Microsoft sent notifications to affected users that the company suffered a data breach, affecting their personal information. Microsoft stated that from January till the end of the March hackers had access to information regarding Outlook, MSN, and Hotmail accounts. Later it was claimed that the hackers had access to affected accounts for more than 6 months, which Microsoft denied.
What exactly happened?
Hackers found access to Hotmail, MSN and Outlook accounts, through a Microsoft support agent that handles technical complaints. Microsoft initially found out that the hackers had access to information about folder names, and subject line of e-mails.
Later on, they informed affected users that the data breach was far worse than initially stated, and that compromised information also included the contents of e-mails and attachments of 6% of affected users.
We are sure that Microsoft handled data breach to the best of their abilities, but because the information was released to the public little by little, it gave the (wrong) impression that Microsoft was not completely transparent. First, they claimed that the third parties had unauthorized access from January till March, later rumors started that it was for much longer. However, Microsoft denied it, but it was an unnecessary situation which created additional PR issues.
Later on, Microsoft confirmed that some of the compromised information also included the contents of e-mails and attachments, which was not revealed at first. Moreover, the company never revealed the number of affected users. Not disclosing all of the information (or disclosing it later on) leaves the impression that the company is hiding something (even if that is not the case).
Microsoft never really revealed the number, stating only that a large number of users were affected.
Canva is a very popular tool used by millions of people. Users log in every day to create their designs and graphics with their created accounts that are often combined with their financial information since Canva allows you to purchase certain features and designs. They announced that they detected a malicious attack on their systems this May.
What exactly happened?
The attack took place on May 24th, 2019, which they noticed immediately, stopping the attack as it was happening. Canva stated “Our first response was to lock down Canva, then notify authorities and users that the breach had occurred.
Because the intruder was interrupted mid-attack they also took a different tactic to most security incidents and tweeted about the attack, which required a rapid communication response.”
They issued a full report on what happened to notify users that hackers accessed information from profile database, passwords and briefly viewed files with a partial credit card and payment data.
The breach affected 139 million users’ accounts.
Canva approached this breach by the book, not only that they have been able to block some of the access with security methods and act quickly, they have also issued a report about what happened, how many users have been affected, about what attackers did (or claimed they have done), what are they doing about it afterward and what can users do to protect their accounts.
What is the difference between Data Privacy and Data Security?
Data breaches can be caused by a lack of security measures. To properly protect data and comply with data protection laws you need to implement both Data Privacy and Data Security strategies. Even though these two terms can look similar, their distinctions are clearer once you start to dissect them.
Read more about this in our blog: 5 THINGS YOU NEED TO KNOW ABOUT DATA PRIVACY