From 2016 to 2017, the number of data breaches increased by 45 percent, and that trend seems to have continued into 2018. In fact, by July—just halfway through the year—2018 had already seen more than 600 data breaches, exposing more than 22 million records. So what’s the problem? Well, it’s not technology. It’s people, including both consumers and employees of companies who make careless mistakes when it’s time to protect data. To show just how commonplace data breaches are these days, take a look at what the 2018 data breaches reveal.
It didn’t take long for 2018 to see one of the largest cyber attacks in terms of how many people were affected. In March, Under Armour told consumers that 150 million people who use its app, MyFitnessPal, had their personal information taken by a third party. That information included usernames and passwords on the app, as well as email addresses. Luckily, the company quickly notified the app’s users of the data breach, reassuring them that no payment information was collected and that the company was working with data security companies to prevent the issue from happening again.
Early in the year, about 37 million customers thought they were just getting lunch from Panera Bread and ended up with a side of compromised personal information. The eatery accidentally gave hackers access to everything from customer names and birthdays to email addresses and partial credit card numbers. Basically, anyone who created an account on the Panera website had their information exposed for all to see. Panera was informed of this situation in August 2017 but waited until April 2018 to address it publicly. That’s eight months for the information to be in plain sight for anyone to take. The issue here isn’t just that the system was compromised, but the lack of urgency when it comes to addressing the issue.
City of Goodyear
You know it’s a not a “good year” for the 2018 data breaches when a whole city is affected! In May, the city of Goodyear, Arizona reported that a data breach had taken place, affecting about 30,000 people. Basically, anyone who used the city’s website to pay for water, sewer, and trash bills may have had their payment information stolen by hackers. In response, the city alerted customers and shut down the site while it set up a new server to take payments.
In July, anyone who shopped online at Macy’s between April 26 and June 12 got a letter stating that a third party had gained access to their online accounts. This meant their names, email addresses, phone numbers, and credit/debit card numbers were exposed to cyber criminals. In response, Macy’s reported the card numbers to major credit card companies, had customers change their passwords, and put more security measures in place.
2018 data breaches continued to roll in September. The social network announced that 90 million accounts, or 4 percent of their users, were compromised due to a bad line of code in the “View As” tool. According to Identity Force, this vulnerability allowed hackers to exploit digital keys known as “access tokens,” which let people stay logged in without having to enter their password every time they visit the site or app. In reaction to the breach, Facebook reset the accounts that had been compromised.
The largest of the 2018 data breaches involved Marriott. At the end of November, the company announced that it had experienced a breach that affected 500 million people. Essentially, the guest reservation database for select hotels had been hacked dating as far back as 2014, which meant sensitive information was exposed. It included names, email addresses, home addresses, birthdates, phone numbers, passport details, credit card numbers, and more. And the issue continued for four years without anyone noticing!
14,000 BevMo! customers had their payment and contact information stolen when a hacker put malicious code on the BevMo! checkout page. Though the data breach occurred between August 2 and September 26, the beverage retailer just found out about it in December 2018 and is still investigating how it happened.
What Do The 2018 Data Breaches Have in Common?
Now that you know about some of the major data breaches of 2018, you should also know that the main causes behind them are human error and not maintaining a Security First culture in the workplace. In order to combat breaches like these in 2019, organizations should deploy security awareness training, and continuously provide their employees with educational resources to keep them up to date with evolving cybersecurity threats.
The original version of this article was first published on Inspired eLearning.