The year 2019 saw thousands of data breaches of all types and sizes. Billions of personal records were exposed, caused by malicious hacks and organizational incompetence. The public has had their payment information stolen, personal data leaked and private messages exposed.
Data breaches have been on an upward trend since the early 2000s, and the past year was no exception.
Here are six of the biggest data breaches of 2019:
1. TrueDialog Leaves SMS Database Exposed
TrueDialog, an SMS communications company that lets its clients send bulk text messages to individuals, left millions of text messages exposed in an online database with no password protection. The database stored records of text messages sent by clients as well as responses received from message recipients.
Millions of text messages and conversations were kept in an unencrypted databased with no password protection. Anyone who knew where to look could access the company’s client data.
Information stored in the database included messages about college financial aid applications, marketing content and more. Security messages that contained two-factor authentication codes, password reset and login messages for popular websites and codes for accessing personal medical records also were in the database.
The database contained sensitive information about TrueDialog’s customers as well, including account logins, email addresses, phone numbers, names, addresses and more.
2. Facebook Data Stored in Unprotected Database
Facebook closed out the year with another data breach that exposed the personal information of 267 million users. Cybersecurity firm Comparitech and security researcher Bob Diachenko discovered a database that contained the names, phone numbers and Facebook IDs of these users. The database was not password protected.
Facebook claimed that the information contained in the database was obtained in a breach prior to recent security updates that have since been made to the platform. The database was open from Dec. 4 to 19.
3. Collection # 1 Contains Emails and Passwords
Last January, an enormous database of email records and passwords was discovered on the internet. Known as “Collection #1,” the sheer number of records exposed might have made it the largest recorded public data breach in history – though much of the data could have been collected from previous data breaches.
Collection #1 contained 772, 904,991 million email addresses and 21,222,975 passwords. It was uploaded to cloud service MEGA and subsequently uploaded to forums on the dark web. The database appeared to contain logins for more than 2,000 websites.
4. Zynga Game Words with Friends Hacked
Mobile game company Zynga reported a data breach that occurred in September and affected more than 218 million players of popular mobile game Words with Friends. A hacker was able to access player names, email addresses, phone numbers, login IDs, Facebook IDs and account IDs.
The game only affected players who installed the game prior to Sept 2. According to the hacker who claimed responsibility for the breach, the stolen data was taken from Android and iOS versions of the game.
5. Capital One Account Information Stolen
An ex-Amazon employee was arrested in July and accused of hacking the account information of more than 100 million Capital One customers. Paige Thompson was accused of stealing names, addresses, credit scores, bank account numbers and Social Security and Canadian Social Insurance numbers and attempting to share that info on the dark web.
Thompson had previously been a software engineer for Amazon Web Services, which hosted Capital One’s customer data. She was able to take advantage of a misconfigured web application firewall to access the information. She was released in November pending her trial.
Capital One expected to spend $100 million to $150 million to alert customers, implement security updates and implement other recovery efforts from the data breach.
6. Quest Diagnostics and LapCorp Financial and Personal Records Exposed
Quest Diagnostics and LabCorp reported that 11.9 million patients were affected by a data breach that took place from August 2018 to March 2019. They indicated that 7.7 million patients were at risk. The breach occurred at the companies’ billing vendor American Medical Collection Agency. An unauthorized user was able to gain access to customers’ financial and personal information.
The breach exposed credit card numbers and financial data, Social Security numbers, birthdates, addresses, phone numbers and account balances. Medical tests and lab results were not breached.