A Year in Review: The Worst Data Breach News of 2018

By |2019-01-21T18:31:53+00:00January 14th, 2019|

Cybersecurity threats were a major theme in 2018, as last year saw some of the biggest data breaches in history. Security flaws and illegal hacks exposed the personal data of millions and shook up some of the world’s largest organizations.

Ultimately, there’s no foolproof way to protect your personal data when it’s in the hands of someone else. No matter how many resources an organization has, it can still be vulnerable to cybersecurity threats.

Here are some of 2018’s worst data breach news stories.

1. Facebook Security Flaws

In March, the New York Times reported that a political data firm, Cambridge Analytica, collected the personal information of more than 50 million Facebook users – including details about their personalities, preferred friend networks, and social media engagement – against Facebook policy.

Then in September, Facebook announced the biggest data breach in its history, one that exposed the personal data of 50 million users. A network attack exploited a feature in Facebook’s code that enabled access to personal data including name, sex, hometown and other information. Facebook says it has shored up those vulnerabilities and reset access for affected users, but this may not be the last cybersecurity issue for the social media giant. 

2. Marriott Database Breach

In November, Marriott revealed the existence of a massive data breach that exposed the data of up to 500 million guests. An unauthorized party had been accessing the Starwood guest reservation database since 2014. Stolen information included account details, names, home addresses, birthdates, passport numbers, and more. Marriott acknowledged that encrypted credit card information was stolen, though it was unclear if hackers had the ability to decrypt payment data.

Since then, Marriott has revised its estimate of affected users to fewer than 383 million. However, they also admitted that over five million unencrypted passport numbers were stolen, leaving travelers vulnerable to identity theft, fraud, and even international espionage.

3. T-Mobile Customer Data Hacked

Last August, T-Mobile announced that hackers accessed the names, zip codes, phone numbers, email addresses, and account numbers of approximately two million wireless customers. Affected users were notified via text message. This breach leaves customers vulnerable to identity theft, phishing scams, and even SIM swapping scams.   

4. Under Armour Fitness App Hacked

Under Armour announced last March that hackers had gained access to MyFitnessPal, a program that tracks user diet and exercise habits. Criminals were able to access individual usernames, email addresses, and hashed passwords of up to 150 million users.

5. House Report Finds Equifax Data Breach Preventable

While Equifax’s enormous data breach, which exposed the data of 143 million consumers, occurred in 2017, the House Oversight Committee report that came out late last year concluded that the data breach was entirely preventable. The report found that Equifax’s security practices were suboptimal, its systems were obsolete, and basic security measures, such as patching known vulnerabilities, weren’t taken. Had Equifax taken security more seriously, said the report, the breach would never have occurred.