The 6 Worst 2019 Data Breaches

Caleb Townsend
Staff Writer   United States Cybersecurity Magazine

Cybersecurity is a constant, ever evolving problem that affects all of us. 2019 was a rough year regarding data breaches. Indeed, Forbes reported that 4.1 billion records were exposed within the first six months of 2019. This is a 52% rise from same period in 2018.

It is important to look back on the year and remember that we still have a long way to go regarding our cybersecurity. Here are the 6 worst data breaches of 2019.

Door Dash

In September, DoorDash confirmed in their blog post that 4.9 million DoorDash customers and employees had their data compromised by hackers. This data included names, email addresses, delivery addresses, order history, phone numbers, and passwords. Additionally, some customers had the last 4 digits of their payment cards accessed. This 2019 breach was the second breach suffered by DoorDash, having also been attacked in 2018.

Capital One

In July, Capital One suffered what they refer to as a “security incident“, in which a hacker gained access to 100 million credit card applications and accounts in America, as well as 6 million in Canada. Within these applications and account, alleged Capital One hacker Paige Thompson accessed 140,000 social security numbers, 1 million social insurance numbers and 80,000 bank accounts.

In addition to that info, the alleged hacked gained access to credit scores, limits, balances, pay history, and transaction data. As a result, Capital One was hit with a class action lawsuit. In the wake of all this, the company offered free credit monitoring to consumers that were affected by the breach.

Adobe

Adobe suffered a data breach within their creative cloud suit on October, in which customer data was exposed. The information primarily was data regarding the consumer’s account, as opposed to financial information or passwords. This info included email addresses, IDs, country or origin, adobe products used, payment status, and subscription level.

This likely was an attempt to start a spear-phishing campaign with all of the emails that the hacker had access to. Though Adobe did not initially break the news, they did admit to a leaky server in a blog post.

American Medical Collection Agency (AMCA)

The American Medical Collection Agency had their medical data exposed via the unauthorized accessing of their database. This breach affected 24.4 million patients, as well as 21 companies. The information included credit card numbers, medical information, bank account information, and even social security numbers.

This was just one in a string of data breaches this year, indicating a much larger problem with the health care industry as a whole being subject to data breaches. Indeed, many see a trend of hackers specifically targeting the healthcare industry, as there were many nasty healthcare data breaches in 2018 as well.

Verifications.io

Verifications.io, an email validation service, left a shockingly large database of records unsecured. Security Discover researcher Bob Diachenko discovered in February that a non password protected 150GB sized database was simply left out in the open, publicly accessible to anyone. For reference, this is a whopping 763 million records that were exposed. This information exposes included mortgage amounts, gender, birth-date, EP addresses, social media email logins, and interest rates on loans.

Had Bob not discovered this authentication vulnerability before malicious users ravaged the database, some serious widespread damage could have been done.

Collection No. 1

Collection #1 was the largest collection of stolen data in history.

Nearly 773 million unique email addresses and more than 22 million unique passwords were affected by this breach. Troy Hunt, a Microsoft Regional Director, stated that “Collection #1 is a set of email addresses and passwords totaling 2,692,818,238 rows.”

Many of these emails, passwords, and logins have been previously reported in other breaches. However, hackers likely used this information, old and new, for credential stuffing.

Leave a Comment