Tech news

These are the worst hacks, cyberattacks, and data breaches of 2019

What occurs after an information breach in a significant firm? Nothing good, says Wall Avenue
The inventory market doesn’t take cybersecurity incidents kindly, it appears.

The blight of cyberattacks, illegal hacking teams, and data breaches just isn’t going away anytime quickly.

For the previous few years, there was a relentless stream of information breaches which have hit the headlines, starting from the theft of medical data, account credentials, company emails, and inside delicate enterprise knowledge.

When an information breach happens, corporations will often haul in third-party investigators, notify regulators, promise to do higher and provides any impacted customers free credit score monitoring — however we have reached a stage the place it’s best to take into account signing as much as such companies anyway, given how a lot of our data is now obtainable in data dumps strewn all around the web. (Think about using Have I Been Pwned to examine should you’ve been concerned in a breach.)

The explanations a cyberattack or data breach happen range. In some instances, equivalent to Equifax, the failure to patch a recognized vulnerability that has the potential to affect software program or libraries in use — and in an inexpensive timeframe — has severe repercussions.

In others, unsecured databases left uncovered to the web could also be the issue, zero-day vulnerabilities could also be exploited within the wild earlier than fixes can be found, or in a few of the worst instances, a corporation or particular person could also be focused by state-sponsored superior persistent risk (APT) teams with substantial sources and instruments at their disposal.

In accordance with IBM’s newest annual Cost of a Data Breach examine, the common data breach now prices as much as $3.92 million whenever you take note of notification prices, bills related to investigation, injury management, and repairs, in addition to regulatory fines and lawsuits. These prices have elevated by 12% over the previous 5 years.

The long-term injury of a safety incident might not be so obvious. Wall Avenue doesn’t look upon them kindly and the general public disclosure of an information breach can result in the common share worth of an organization falling by 7.27% on disclosure, with low share worth and progress underperformance a actuality for years afterward.

FireEye estimates that under half of organizations are ready to face a cyberattack or data breach.
Under, we check out probably the most fascinating and largest data breaches, hacks, and cyberattacks which have taken place over 2019.

January Cyberattacks

  • Ministry of Health HIV registry: In Singapore, the Ministry of Well being admitted to an information breach exposing the confidential and extremely delicate data of over 14,000 people recognized with HIV. This data was then leaked on-line.
  • Apple FaceTime: A Fortnite participant discovered a bug in Apple iOS that allowed customers to listen in on an iPhone’s surroundings by calling however with out it being answered. It might have additionally been doable to view dwell video feeds.
  • Oklahoma Department of Securities: A server belonging to the Oklahoma Division of Securities containing terabytes of confidential authorities data, together with FBI investigation data and delicate authorities recordsdata, was uncovered to the web and was discovered via the Shodan search engine.
  • Del Rio ransomware: The Metropolis of Del Rio, in Texas, was pressured to return to pen-and-paper programs after Metropolis Corridor servers have been rendered ineffective by a ransomware an infection.
  • Town of Salem: City of Salem developer BlankMediaGames mentioned the private particulars of seven.6 million customers have been stolen. A number of backdoors have been faraway from firm programs.

February Cyberattacks

  • Cabrini Hospital: A ransomware an infection locked up 15,000 affected person recordsdata, with operators demanding fee in return for a decryption key.
  • VFEmail: Privateness electronic mail supplier VFEmail suffered a catastrophic cyberattack by which a hacker destroyed data on its predominant and backup programs. On the time, rumors surfaced of the supplier shutting down because of the injury, however VFEmail is at the moment in restoration.
  • UConn: Unauthorized entry to worker electronic mail accounts compromised roughly 326,000 sufferers. The info leak could have included Social Safety numbers.
  • The wrong tax forms: In a blunder of ridiculous proportions, the State of Ohio despatched 9,000 tax varieties, inaccurate and containing the mistaken PII, to the mistaken individuals.
  • UW Medicine: UW Medication revealed the existence of an open database, obtainable to anybody with a browser, that had been leaking affected person data and PII since December 2018. Shut to at least one million people have been embroiled within the safety lapse.
  • Medical advice calls: In Sweden, recordings of roughly 2.7 million calls made to a Swedish nationwide well being service hotline have been saved in an open server. Some cellphone numbers, linked to the recordings, have been additionally obtainable.
  • 620 million accounts: 620 million accounts harvested from 16 web sites owned by corporations together with Dubsmash, Armor Video games, 500px, Whitepages, and ShareThis have been put up on the market within the Darkish Internet.
  • Tax documents lost: Roughly 42,000 college students from Salt Lake Neighborhood School have been advised their tax data was misplaced after a USB drive containing this delicate data fell out of an envelope.

March Cyberattacks

  • Tornado sirens: Forward of a significant storm, two Texan cities have been pressured to drag twister warning programs offline after a risk actor compromised them and set off over 30 false alarms.
  • Hacked ASUS software: A marketing campaign known as Operation ShadowHammer focused the ASUS Stay Replace Utility to compromise 1000’s of PCs.
  • Facebook, Facebook Lite and Instagram: A whole lot of hundreds of thousands of customers could have been impacted by shoddy password storage administration by Fb, by which account credentials have been saved in plaintext.
  • Legal documents: 250,000 authorized paperwork, some marked “not designated for publication,” have been saved on an open database uncovered on-line for at the least two weeks.
  • Student admissions files: A hacker allegedly compromised admissions databases belonging to 3 schools, providing the prospect for impacted college students to purchase their admissions file for one Bitcoin.
  • FEMA: FEMA by accident uncovered the PII and monetary data of two.Three million catastrophe victims, together with those that survived Hurricane Harvey and Irma.
  • Vengeance: A sacked IT admin torched 23 servers belonging to his ex-employer.

April Cyberattacks

  • Inmediata Health Group: Inmediata Well being Group started notifying sufferers of a safety incident by which the private and medical data of shoppers could have been uncovered. The difficulty was induced as a consequence of web site misconfiguration that allowed inside webpages to be listed by public engines like google. It’s believed as much as 1.5 million people could have been affected.
  • Facebook records: 540 million Fb-related data, collected by two third-party corporations, have been discovered uncovered and open to the world on AWS servers. Names, IDs, some passwords, likes, images, teams joined, and extra have been leaked.
  • Georgia Tech: An internet utility with wide-open entry compromised the safety of 1.Three million data belonging to present and former Georgia Institute of Expertise workers and college students.
  • Toyota: Japanese automaker Toyota revealed an information breach in April that befell at gross sales subsidiaries and dealerships. “Unauthorized entry” to programs could have uncovered shopper data.
  • Facebook, in plaintext: Fb admitted to storing the passwords of hundreds of thousands of Instagram customers in plaintext.
  • Evite: Evite admitted to an information breach by which person data was offered as a part of a wider dump within the Darkish Internet.
  • Pregnant women: A leaky server belonging to an Indian authorities healthcare company uncovered over 12.5 million data referring to pregnant ladies.
  • Docker: Docker warned {that a} risk actor obtained entry to a database containing delicate data belonging to 190,000 person accounts.

May Cyberattacks

  • Canva: Australian tech unicorn Canva was focused by the GnosticPlayers, which claimed to have stolen data belonging to 139 million customers together with names and electronic mail addresses with a purpose to flog the information on the Darkish Internet.
  • First American Financial Corp.: Actual property large FAFC leaked a whole lot of hundreds of thousands of insurance coverage paperwork relationship again to 2003. Checking account numbers, statements, mortgage and tax data, and extra have been brazenly obtainable on the web.
  • Major hotel chains: 85GB in lodge safety logs belonging to main lodge chains have been uncovered on-line as a consequence of a third-party administration supplier.
  • Burger King: Near 40,000 buyer data for Kool King Store, particularly designed for youths, have been left open for the world to see via a leaky database.
  • Git repositories: A hacker wiped GitHub repositories and demanded a ransom. Supply code was eliminated and a risk was made to launch every part to the general public.
  • Lunchtime: Rivalry between two Bay Space college lunch corporations ultimately spilled out into cyberwarfare, with an government from one agency being arrested for allegedly hacking the opposite’s web site and illegally acquiring pupil data.

June Cyberattacks

  • American Medical Collection Agency (AMCA): Unauthorized entry to a database led to the publicity of medical data belonging to roughly 20 million people. The data leak additionally impacted different corporations together with LabCorp and Quest Diagnostics.
  • Smartphone backdoors: 4 entry-level smartphone fashions have been discovered to be pre-loaded with backdoor malware.
  • Tech Data Corp.: The Fortune 500 firm owned an open database containing 264GB of information referring to shopper servers, invoices, SAP integrations, and plain-text passwords.

July Cyberattacks

  • Equifax: Equifax settled with regulators over the theft of data belonging to 146 million prospects in 2017 for $700 million. A $300 million fund was arrange for purchasers to say as much as $125 in compensation — along with an extra $150 million — or free credit score monitoring was on provide. Lower than per week later, the FTC practically begged customers to take up the credit score monitoring provide as a substitute, as too many would scale back financial claims.
  • Capital One: Capital One disclosed an information breach impacting 100 million US residents and 6 million people in Canada. A configuration vulnerability in a database was accountable for the publicity of PII from 2005 to 2019.
  • Los Angeles police department: The Los Angeles’ Personnel Division was topic to an information breach after a hacker claimed to have stolen the PII of two,500 serving LAPD officers, trainees, and recruits, and data belonging to roughly 17,500 Candidate Applicant program enrollees.
  • Facebook: Fb settled with the FTC for a report $5 billion to settle lawsuits launched following the Cambridge Analytica privateness scandal.
  • Banks: Bangladesh, India, Sri Lanka, and Kyrgyzstan banks have been hit in fast succession by ‘Silence’ hackers, allegedly stealing hundreds of thousands of {dollars} within the course of.
  • Dominion National: Virginia-based well being insurer and companies firm Dominion Nationwide revealed a 10-year-long data breach attributable to an unsecured server. The data of two.9 million members could have been compromised.

August Cyberattacks

  • Choice Hotels: An unsecured database containing roughly 700,000 buyer data was accessed by an unknown risk actor and a ransom notice positioned on the server, demanding Bitcoin in return for the stolen data.
  • Biometric database leak: A biometrics database utilized by the UK Metropolitan Police, banks, and enterprise corporations leaked hundreds of thousands of data.
  • SIM-swapper jailed: A British teenager was sentenced to 20 months behind bars for providing data theft and SIM-swapping companies as a hacker-for-hire.
  • 3Fun: A cellular utility used to seek out prepared members for threesomes was discovered to be a “privateness trainwreck” by researchers that might be manipulated to hone in on the precise places of people. The app claims to cater to 1.5 million lively customers.
  • Major dating apps: Three relationship purposes, Grindr, Romeo, and Recon, have been additionally discovered to include safety flaws that led to the publicity of a person’s location.
  • Asurion: Asurion Insurance coverage bowed to hacker calls for and forked out $300,000 to an attacker who claimed he had stolen roughly 1TB of personal data belonging to 1000’s of workers and over one million prospects.
  • Cybercrime in space: A NASA astronaut was accused of monitoring her estranged partner from house together with accessing a checking account allegedly with out permission.

September Cyberattacks

  • DK-LOK: An unsecured AWS database belonging to South Korean industrial producer DK-LOK uncovered confidential emails and communication between the corporate and its shoppers. Efforts by researchers and ZDNet to have the leak closed through electronic mail have been despatched to the trash bin, an exercise viewable because of the open bucket.
  • Ecuador: One other open, misconfigured database leaked the private data of Ecuador’s residents. It’s believed many of the nation’s residents — in complete, roughly 20 million — have been impacted.
  • DoorDash: Shut to 5 million prospects of DoorDash have been embroiled in an information leak. An unauthorized third-party accessed the PII of consumers, drivers, and retailers. Roughly 100,000 driver licenses have been additionally stolen and the final 4 digits of fee playing cards have been uncovered.

October Cyberattacks

  • Yahoo: Yahoo launched a compensation fund for individuals who owned a Yahoo account between 2012 and 2016. Between these dates, hackers have been in a position to entry each Yahoo account in existence and steal names, electronic mail addresses, phone numbers, dates of delivery, passwords, and safety query solutions.
  • UniCredit: Italian financial institution UniCredit mentioned a single, compromised file relationship again to 2015 uncovered three million buyer data, together with their names, phone numbers, electronic mail addresses, and cities of residence.
  • Tū Ora Compass Health: Tū Ora Compass Well being, a major healthcare group in New Zealand, revealed the leak of private data belonging to at least one million individuals, probably together with names, dates of delivery, ethnicity, and addresses. The PHO is not positive if data was stolen however mentioned it was “assuming the worst.”
  • Adobe: Adobe left the main points of seven.5 million Adobe Inventive Cloud prospects on an unsecured database uncovered on-line with out authentication credentials being required for entry.
  • 20 million Russians: Over 20 million tax data belonging to Russian residents have been contained in an open database, obtainable on-line. Info leaked spanned 2009 to 2016.
  • Avast: Avast mentioned an inside safety breach, attributable to compromised worker credentials, aimed to insert malware into CCleaner.
  • Nikkei: A Nikkei worker was scammed by risk actors into transferring $29 million to a checking account. The hackers pretended to be a administration government.

November Cyberattacks

  • OnePlus: A vulnerability within the smartphone vendor’s web site paved the best way for attackers to acquire entry to data of previous buyer orders, together with names, phone numbers, electronic mail addresses, and transport particulars.
  • Facebook: The social networking large revealed a privateness breach by which roughly 100 builders got entry to profile data they should not have.
  • Trend Micro: A rogue worker of the cybersecurity agency stole private data belonging to help prospects, together with names, electronic mail addresses, help ticket numbers, and a few phone numbers, later promoting this data on to scammers.
  • PayMyTab: An open AWS database belonging to the cellular fee service was discovered by researchers, exposing buyer names, electronic mail addresses, phone numbers, order particulars, restaurant go to data, and the final 4 digits of fee playing cards.
  • T-Mobile: T-Cellular revealed an information breach impacting pay as you go service prospects. Unauthorized entry uncovered names, billing addresses, cellphone numbers, account numbers, and plans.
  • UK Labour Party: The UK Labour Get together was topic to a number of distributed denial-of-service (DDoS) assaults flooding each the occasion’s web site and marketing campaign instruments.
  • Macy’s: US retailer Macy’s revealed a week-long Magecart assault impacting e-commerce prospects. It’s not recognized what number of prospects have been impacted, however the card-skimming code discovered within the agency’s fee portal and pockets service stole fee card particulars.
  • Disney+: Solely hours after the service launched, the Disney+ content material streaming service was compromised and underground merchants started providing accounts on hacking boards.
  • 1.2 million records leaked: An unsecured database was discovered by researchers that contained 1.2 million data of people together with their electronic mail addresses, employers, places, job titles, names, cellphone numbers, and social media profiles.

December Cyberattacks

  • Politician by day, hacker by night: On Christmas eve, a Dutch politician shall be sentenced for being a part of the “fappening” motion in 2014. The politician is accused of compromising the iCloud accounts of roughly 100 ladies and leaking specific images and movies on-line.
  • Mixcloud: data belonging to roughly 21 million Mixcloud customers went up on the market on the Darkish Internet.
  • New Zealand’s gun buyback: New Zealand’s gun buyback scheme, launched following mass shootings in Christchurch, was topic to an information breach attributable to human error at SAP. SAP developed a customized platform for licensees to register their weapons earlier than turning them in.
  • Nebraska Medical Center: An insider managed to entry a database with out permission that contained affected person datadata together with names, addresses, dates of delivery, social safety numbers, and take a look at outcomes. The worker was instantly fired.


Passionate about technology and gaming. I am a regular bloke with a small child, so forgive any mistakes in my posts, it's from sleep deprivation. All opinions are my own.

Related Articles

Back to top button