Your organization made the headlines! That’s great, right? Not if it’s because you had sensitive data breached. A data breach can wreak financial and logistical havoc for you, your customers, patients, employees, and others. More importantly, it can severely impact the reputation you’ve so carefully built up and nurtured over time with existing as well as potential customers.
According to Risk Based Security, before year-end, 2019 already gained fame as the “worst year on record” for breaches. A total of nearly 8 billion records were exposed through nearly 5,200 data breaches, with medical services, retail and public entities hit hardest.
Data Breaches Impact the Bottom Line
Face it. A data breach is going to hurt – to the tune of up to $3.92 million on average – according to the latest study from IBM. The study shows that the cost to mitigate data breaches has risen 12 percent over the past five years.
You’ll pay not only in reputation loss, but also for investigation expenses, lawsuits, system repairs, damage control, regulatory fines, and more. The numbers are staggering, the financial damage painful, and the lasting reputational impact can’t be easily measured.
An annual report by CNET details the year’s worst data breaches. Check them out below, then learn how a secure file transfer solution, like GoAnywhere Managed File Transfer (MFT) can protect your priceless data in motion (between departments, providers, third-parties, etc.) and at rest.
Repeat after me: "I will not use an unsecured database" as this was the thread in many of the year's top (or should we say, worst), data breaches. Here we go:
2019 Data Breach Hall of Shame
- January: A record-setting breach of unencrypted passport numbers (5.25 million) and credit card details (383 million) of hotel guests were lifted. Thankfully, the 86 million credit card numbers stolen were safety encrypted. Also kicking off the year, were the 773 million email addresses found by a researcher in a cloud-service file collection.
- February: More than 617 million accounts didn’t feel the love this month as 16 different websites such as Dubsmash, Whitepages and more were breached and users’ names, emails addresses and weak passwords were offered up for sale on the dark web for less than $20,000 in Bitcoin. The health industry was also hit hard with details of up to 15,000 Australian patients were held for ransom; records of 326,000 Connecticut patients exposed due to unauthorized email access, and 2.7 million calls recorded and left out in the open on a Swedish healthline.
- March: The luck of the Irish was not with popular social media apps Facebook and Instagram, as the credentials of hundreds of millions of users were stolen due to poor password storage management.
- April: Facebook’s troubles continued as the usernames, IDs, and passwords of 540 million users were exposed on unprotected servers. But wait – there’s more. The popular app also admitted to storing millions of Instagram users’ passwords in plaintext format – a dangerously unsecure option. And, “It’s a data breach!” was not the exciting news 12.5 million expectant women wanted to hear as they learned their medical records were exposed thanks to an Indian government healthcare agency.
- May: Data breaches this month ranged from hundreds of millions of leaked insurance documents from First American Financial Corp.; to Burger King’s leaky database, which exposed information from its kid-focused KoolKing Shop; to Bay Area lunch company rivals hacking into each others' sites and exposing student data. So. Much. Leaking. And, the year continues…
- June: At some point, data breaches impact an organization to the point where they can’t recover. Such was the case with bill collector American Medical Collection Association. When at least 20 million patients had their payment data, Social Security numbers, medical information, birthdates, phone numbers, addresses, and more hacked. The resulting multiple class-action lawsuits filed against AMCA and its contractors put the firm into such deep debt they filed bankruptcy.
- July: There was no “Independence Day” from exposed data news this month, as Facebook certainly did not “like” forking over $5 billion for the Cambridge Analytica debacle.
- August: Bring the popcorn for these disaster productions. The records of 160 million MoviePass users were left encrypted on the company’s database and without password protection, exposing their credit card data. Romantics also were impacted by security flaws on dating apps like Grindr, Romeo, 3Fun and Recon, where the locations of the lovelorn were exposed. The U.K. was not immune – with a huge leak of 27.8 million biometric staff records.
- September: A hacker’s game strategy on Words with Friends included nabbing more than 218 million players’ account details. Also, 20.8 million records in Equador were exposed due to an open, misconfigured government database including birth data, marital status and national ID numbers, along with full home addresses and children’s information, phone numbers, and education records.
- October: Social media took a hit with 4 billion profile records exposed on an unsecure Elasticsearch server – one of the largest single-source exposures noted. Two more unsecure database breaches led to Adobe Creative Cloud exposing the records of 7.5 million and for Russia laying bare over 20 million of its citizens’ tax records from 2009 to 2016.
- November: It’s not always a stranger causing trouble. Employees can also put you at risk. Just ask Facebook (again), as about 100 app developers were given inappropriate access to profile data.
- December: Three years hard time is NOT on anyone’s holiday wish list, but the 100 women who were victimized with explicit photo leaks by a former Dutch politician are happy a judge is giving him that “present.” The hacker gained access to the women’s personal iCloud accounts with credentials he found in public data breaches that had occurred earlier.