Four online sports stores fell victim to a cyberattack resulting in the theft of highly-sensitive customer information including credit card data. The data was scraped in a vulnerability that the company patched in 2019, and includes users phone numbers, full names, location, email address and biographical information. Mailfire, an email marketing software used by adult dating sites and ecommerce websites, had its database breached exposing personal user records from over 70 websites. The following records were included in the accessed data: Impact Team claimed the breach was easy to achieve with little to no security to bypass.. Direct retail net revenue of Wayfair worldwide from 2013 to 2020 (in million U.S. dollars) Wayfair operating expenditure 2012-2021, by type Wayfair operating expenditure 2012-2021, by type. Date: early 2018 (this is when a Cambridge Analytica whistleblower disclosed the story). A highly sophisticated cyber attack breached exposed the data of 9 million easyJet customers. Instead, their objective was to call a mass disruption to punch Twitch for fostering a toxic community of users. The security vulnerability that made the breach possible was a server configuration change permitting unauthorized access by third parties. Oops! "We are aware of a data security incident involving a small number of our customers on Macys.com," a representative from Macy's said in a statement to Business Insider on Tuesday. data than referenced in the text. March 4, 2021: The global IT company, SITA, which supports 90% of the worlds airlines confirmed it fell victim to a cyberattack, exposing the personally identifiable information (PII) belonging to an undisclosed number of airline passengers. Guests staying at any of the Starwood brand's hotels, including W Hotels, St. Regis, Sheraton, Westin, Element, and Aloft, on or before September 10, likely had their data exposed. The breach exposed highly personal information such as people's phone numbers, home, and email addresses, interests, and the number, age, and gender of their children. Buca di Beppo's parent company, Earl Enterprises, was hit with a major data breach that potentially lasted from May 23, 2018 to March 18, 2019. The sensitive medical information involved in the cyberattack includes names, birthdates and prescription details. In March 2020, nation-state hackers believed to be from Russian, compromised a DLL file linked to software update for the Orion platform by SolarWinds. names, the order's billing address, shipping address, phone number, and email address, plus the number of items and total dollar amount for the order, the delivery date, and a tracking link. 2020, meanwhile, brought unexpected challenges, as Covid-19 spurred sudden shifts in standard operating . The number 267 million will ring bells when it comes to Facebook data breaches. Cambridge Analytica was a data analytics company that was commissioned by political stakeholders including officials in the Trump election and pro-Brexit campaigns. returns) 0/30. Cambridge Analytica acquired data from Aleksandr Kogan, a data scientist at Cambridge University, who harvested it using an app called "This Is Your Digital Life". The information gathered by the third party includes patient names, addresses, dates of birth, medical record numbers, patient identification numbers, health insurance information and some clinical information related to the healthcare services provided by UNM Health. UpGuard is a complete third-party risk and attack surface management platform. 7. Slickwraps, a manufacturer of vinyl skins for phones and tablets, suffered a breach impacting 370,000 of its customers.. In addition, the hackers were able to access Uber's GitHub account, where they found Uber's Amazon Web Services credentials. Capital One Data Breach Compromises Data of Over 100 Million 475 The breach at Capital One, which led to charges against a software engineer in Seattle, was one of the largest-ever thefts. The attackers used the bugs on the Exchange servers to access email accounts of at least 30,000 organizations across the United States, including small businesses, towns, cities and local governments. The leaked records include email addresses, usernames, hashed passwords, users country, whether they signed up for the newsletter and other sensitive information. In 2021, it has struggled to maintain the same volume. In May of 2018, social media giant Twitter notified users of a glitch that stored passwords unmasked in an internal log, making all user passwords accessible to the internal network. The type of information exposed included the photographs, thumbprints, retina scans and other identifying details of nearly every Indian citizen. The accessed data also contained comprehensive voter analysis based on Reddit post activity which could be used to predict how somebody would vote on a particular issue. Whoever is at fault for this breach will likely suffer tough financial regulatory consequences for their security negligence. By 2014, the move to a single platform had paid off, with Wayfair becoming the largest online-only home furniture retailer in the United States. The stolen information included encrypted passwords and other personal information, including names, e-mail addresses, physical addresses, phone numbers and dates of birth. Some are so advanced, they can barely be identified by the companys being falsely represented in the email. Something went wrong while submitting the form. The hackers demanded that parent company Avid Life Media shut down Ashley Madison and sister website Established Men within 30 days to avoid the publication of compromised records. The breaches occurred over several occasions ranging from July 2005 to January 2007. The data accessed consists of 2.3 millions data points which could be reverse engineered to recreate each original fingerprint. According to a study by KPMG, 19% of consumers said they would. April 6, 2021: Over 500 million LinkedIn user profiles were discovered on the Dark Web. Stay up to date with security research and global news about data breaches, Insights on cybersecurity and vendor risk management, Expand your network with UpGuard Summit, webinars & exclusive events, How UpGuard helps financial services companies secure customer data, How UpGuard helps tech companies scale securely, How UpGuard helps healthcare industry with security best practices, Insights on cybersecurity and vendor risk, In-depth reporting on data breaches and news, Get the latest curated cybersecurity updates, The 68 Biggest Data Breaches (Updated for November 2022). There were 4,145 publicly disclosed breaches that exposed over 22 billion records in 2021, approximately 5% fewer than in 2020. All 533,000,000 Facebook records were just leaked for free.This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.I have yet to see Facebook acknowledging this absolute negligence of your data. This text provides general information. Some Planet Hollywood restaurants were also impacted by the breach that hit parent company Earl Enterprises. Impact:Exposure of the credit card information of 56 million customers. Order volume peaked, like most Wayfair metrics, in 2020 with 61 million orders. TJX, the owner of a number of retail brands, had one of its payment systems breached exposing over 45 million credit and debit card numbers. Marriott has once again fallen victim to yet another guest record breach. January 20, 2021: A database containing 1.9 million user records belonging to Pixlr, a free online photo-editing application, was leaked by a hacker. Marriott disclosed a massive breach of data from 500 million customers in late November. January 28, 2021: Through a targeted attack on retail employees of U.S. Cellular, the fourth-largest wireless carrier in the U.S., hackers were able to scam employees into downloading malicious software onto company computers. Prior to the attack, LAUSD was told of potential vulnerabilities in their systems but the school district failed to act to remediate the issues. The hacker was running a business selling Personal Identifiable Information and was selling the credit card numbers and social security numbers he had accessed in the breach. April 12, 2021: A third-party software vulnerability is responsible for exposing 21 million customer records belonging to ParkMobile, a contactless payment parking app. As we hinted at above, exposed and open databases cause sleepless nights in IT offices the world over. Youku a Chinese video service exposed 92 million unique user accounts and MD5 password hashes.. Each of the data breaches reveals the mistakes that lead to the exposure of up to millions of personal data records . These events have earned Experian the reputation of suffering one the biggest data breaches in the financial services sector. At the time of the breach, Heartland was processing north of 100 million credit card transactions per month for 175,000 merchants. Men's retailer Bonobos had personal information on 7 million shoppers, including 3.5 million partial credit cards, snatched by. Track Your Package. MGM Grand assures that no financial or password data was exposed in the breach. The exposed information for each platform varies but includes users names, phone numbers, email addresses, profile links, usernames, profile pictures, profile description, follower and engagement logistics, location, Messenger ID, website link, job profile, LinkedIn profile link, connected social media account login names and company name. Personal messaged between users was not compromised, but the following private information was exposed: A database of 1.9 million user records belonging to online photo-editor Pixlr was dumped on a dark web hacker forum by notorious cybercriminal ShinyHunters. The exposed database contains order information for over 7 million customers, including addresses, phone numbers and account information for 1.8 million registered customers, and 3.5 million partial credit card records. Note: Values are taken in Q2 of each respective year. A hacker group breached the security systems of the Commission on Elections (COMELEC) for the Republic of the Philippines, compromising 60 gigabytes of sensitive voter information. Data breaches in the health sector are amp lified during the worst pandemic of the last century. The Russian cybercriminal group, Conti, was responsible for the attack which involved the deployment of ransomware (ransom software). The breach occurred through Mailfires unsecured Elasticsearch server. According to one source, the hacker gained access to the Slack account of an HR employee, as well as data such as email addresses, phone numbers, and salaries of Activision employees. Once downloaded, the software granted remote access to the company devices and to the customer relationship management (CRM) software containing account records for 4.9 million customers. Wayfairs average order value is one of the few metrics to increase from 2020 to 2021, rising 20% to $269. February 20, 2021:A third-party data breach at cloud solutions company, Accellion, allowed hackers to steal human resources data and pharmacy records belonging to the supermarket giant, Kroger. Learn why security and risk management teams have adopted security ratings in this post. The cyberattack gives the hackers total remote control over affected systems, allowing for potential data theft and further compromise. The email communication advised customers to change passwords and enable multi-factor authentication. When clicked, this link directed users to a malicious website almost indistinguishable from Trezors website. If this cybersecurity best practice isnt followed, a single compromise could result in a victim suffering multiple breaches. Encrypted credit-card information was also exposed, and, potentially, the key to decrypt it.