Choosing TOP 2019 data breaches looks a lot easier then it really is. Although some candidates were pretty obvious (like Facebook), we had to dive into the topic and find the most devastating data breaches that affected millions of individuals.
So here are our top picks:
➡️ Facebook
➡️ Fortnite
➡️ Coinmama
➡️ Microsoft
➡️ Canva
The number of affected individuals is staggering. However, before we start let’s go over the definition first.
What is a Data Breach?
According to Norton, a ‘data breach’ is a security incident in which information is accessed without authorization. The definition is pretty simple, but the consequences for companies and individuals are far-reaching.
59% of customers believe their personal data is vulnerable to a security breach. Which says a lot about how we feel about data security.
Data breach represents a true risk for your business and customers. It can affect people’s lives as well as damage company reputation.
We spend a huge amount of time on the Internet, leaving personal information on various sites, and our online behavior is oftentimes tracked in a way, so there is a digital footprint left behind.
For the purposes of entertainment, online shopping, music, online dating, gaming, or socializing via different social media platforms, at some point, you are required to enter your personal data in order to proceed with creating a profile. An example of given data is an email address, name, date-of-birth, photographs, etc.
30% of companies have over 1,000 sensitive folders open to everyone
Even though Internet users sometimes leave their personal information without a second thought, they are becoming more and more aware that their personal information is at risk of being compromised.
This brings a little bit of paranoia into our lives. We often have a feeling that we are tracked and listened to, and as consumers, we feel vulnerable and suspicious.
Well, sometimes you have every right to be paranoid. We are bringing the top 5 2019 data breaches that happened in the first half of the year. Maybe you were one of the affected individuals. If so, we hope you were notified.
Top 5 2019 Data Breaches
1. Facebook Data Breach
Where to start with our favorite social network Facebook and Mark Zuckerberg? We are already so used to reading headlines with words “Facebook” and “data breach” together, that we are not sure if you even care anymore. From 2013 they have been constantly misusing our data, and are affected by data breaches (or caused some themselves). However, we simply couldn’t make this list without Facebook.
In April 2019, 1.5 million users were hit by a data breach. According to the Bussiness Insider, “Facebook harvested the email contacts of 1.5 million user data without their knowledge or consent when they opened their accounts.” Facebook stated that the information was uploaded by accident and claimed they deleted it.
What exactly happened?
If you wanted to open a Facebook account the system would ask you to verify your account (which is pretty standard security measure). You would then enter your password for the account and click connect. Facebook would then start to import your contacts from your e-mail, with no chance to cancel or opt-out, or do anything really.
Additionally
In the same month, 540 million Facebook users’ personal information has been exposed on unprotected Amazon cloud servers. Such as Facebook IDs, comments, likes, reactions, and account names. The exposed data were not driven from Facebook directly; instead, they were collected online by third-party Facebook app developers. That is why we are just going to mention this breach, but we will count affected users (you can click on the link in the text and read the entire article).
Affected users
If counting both breaches in 2019, more than half a billion users were affected.
Conclusion
The data that is once put in the circulation can hardly be deleted. It cannot be easily erased because the data are already far beyond the reach and control of the company causing irreparable damage.
Recent research on the most lucrative Facebook market (USA) found that almost 15 million fewer people use Facebook today than they did in 2017, with the biggest drop among teens and millennials. You should read our article on customer trust and data breaches and see if those two are connected.
2. Fortnite Data Breach
Are you a Fortnite fan? If not, just so you know, Fortnite is an online video game, and most of us know at least someone who is a Fortnite fan. Or at least someone’s kid since the population of its fans is predominantly teens and younger population. When it comes to data breaches affecting children and minors, it brings even bigger concerns.
What exactly happened?
In January 2019, Fortnite accounts were affected by a breach that led to gaining full access to users’ game account and personal information. The game had some vulnerabilities that allowed hackers to log into accounts without a password.
Vulnerable information included bank account information which is linked to the profile so that in-game purchases can be made. This represents a major financial risk for users. Also, this would allow access to listen to in-game activity without users’ knowledge of such action. Hackers could gain various information and personal data once they tuned in.
Affected users
80 million accounts.
Conclusion
Epic Games found out about data breach in November and they were fixed by January. Still, the popularity of the game makes it very attractive to hackers causing serious problems and damage to the company.
3.Microsoft Data Breach
April 2019, Microsoft sent notifications to affected users that the company suffered a data breach, affecting their personal information. Microsoft stated that from January till the end of the March, hackers had access to information regarding Outlook, MSN, and Hotmail accounts. Later it was claimed that the hackers had access to affected accounts for more than 6 months, which Microsoft denied.
What exactly happened?
Hackers found access to Hotmail, MSN and Outlook accounts, through a Microsoft support agent that handles technical complaints. Microsoft initially found out that the hackers had access to information about folder names, and the subject line of e-mails.
Later on, they informed affected users that the data breach was far worse than initially stated, and that compromised information also included the contents of e-mails and attachments of 6% of affected users.
Affected users
Microsoft never really revealed the number, stating only that a large number of users were affected.
Conclusion
We are sure that Microsoft handled data breach to the best of their abilities, but because the information was released to the public little by little, it gave the (wrong) impression that Microsoft was not completely transparent.
First, they claimed that the third parties had unauthorized access from January till March, later rumors started that it was for much longer. However, Microsoft denied it, but it was an unnecessary situation that created additional PR issues.
Later on, Microsoft confirmed that some of the compromised information also included the contents of e-mails and attachments, which was not revealed at first.
Moreover, the company never revealed the number of affected users. Not disclosing all of the information (or disclosing it later on) leaves the impression that the company is hiding something(even if that is not the case).
4. Canva Data Breach
Canva is a very popular tool used by millions of people. Users log in every day to create their designs and graphics with their created accounts that are often combined with their financial information since Canva allows you to purchase certain features and designs. They announced that they detected a malicious attack on their systems this May.
What exactly happened?
The attack took place on May 24th, 2019, which they noticed immediately, stopping the attack as it was happening. Canva stated, “Our first response was to lock down Canva, then notify authorities and users that the breach had occurred.
Because the intruder was interrupted mid-attack, they also took a different tactic to most security incidents and tweeted about the attack, which required a rapid communication response.”
They issued a full report on what happened to notify users that hackers accessed information from profile database, passwords, and briefly viewed files with a partial credit card and payment data.
Affected users
The breach affected 139 million user accounts.
Conclusion
Canva approached this breach by the book, not only that they have been able to block some of the access with security methods and act quickly, but they have also issued a report about what happened, how many users have been affected, about what the attackers did (or claimed they have done), what are they doing about it afterward and what can users do to protect their accounts.
I call this turning a frown upside down!
5.Coinmama Data Breach
Crypto exchange Coinmama suffered from a huge data breach. Once they found out about the security breach, they formed an investigation team and required users affected by the threat to reset their password upon their next login. Also, they advise users to use unique and strong passwords and try to enhance their security systems to detect and prevent unauthorized access.
What exactly happened?
Coinmama stated that this was part of a bigger data breach. Companies that were affected used open-source PostgreSQL database software and pointed out that this may be where the hackers had their access. Stolen data included emails and hashed passwords from users who registered before August 5th, 2017. Coinmama said that data breach did not affect credit card information.
Affected users
Over 450 000 users were affected.
Conclusion
What is the difference between Data Privacy and Data Security?
Data breaches can be caused by a lack of security measures. To properly protect data and comply with data protection laws you need to implement both Data Privacy and Data Security strategies. Even though these two terms can look similar, their distinctions are clearer once you start to dissect them.
If you want to read more about differences between data privacy and data security we recommend: