Data Breach Tsunami 2018 [INFOGRAPHIC]

Now that it’s 2019, it’s time to think back. How was 2018 for you? In particular, did you do anything that might have exposed your personal data? Did you ever stay at a Marriott hotel? Banked with HSBC? Kept track of your calories with MyFitnessPal? Answered questions with Quora? Connected with other people on Facebook?

Data Breach Tsunami 2018

If you did any of that, you — plus millions of others — may have had your data exposed in a data breach. All of these organizations (plus countless more) exposed massive amounts of personal data in 2018. Unfortunately, this isn’t a new problem. There have been major data leaks for decades. But in recent years, as more people trust businesses to protect their personal data, the problem has accelerated.

Tragically, data breaches can have painful consequences. If private information such as social security numbers, email addresses, or even credit card numbers are hacked and sold on the dark web, it might be snatched up by identity thieves. And a stolen identity can take months or years to fix after the crime has been discovered.

To help people better understand the serious issue of data breaches, TruthFinder put together this infographic. It reveals just how widespread the problem is.

Data Breach Tsunami 2018

Breached data gushed all over the internet in 2018.

Your personal data almost certainly was exposed.

The Problem of Exposed Data Is Worse Than You Realize

“Breaches are not going away; the problem is not getting better. There is still money to be made by stealing sensitive and confidential data.” – Inga Goddijn, executive vice president of Risk Based Security[1]

Data Breaches By Year

Data Breach Tsunami 2018


Breach Data from the Identity Theft Resource Center[2]

While the total number of data breaches decreased in 2018, more records are being released in each breach. The number of year-over-year compromised records increased by 133% in 2018.[3]

During the first six months of 2018, the equivalent of  291 records was stolen or exposed every second, including medical, credit card, and/or financial data or personally identifiable information.[4]

So many major organizations exposed personal data, it’s impossible to keep track of them all.

Biggest Data Breaches of 2018

1) Marriott

500 Million records breached[5]

Information Exposed: Names, addresses, phone numbers, email addresses, passport numbers, dates of birth, gender, loyalty program account information, and reservation information.

Date Disclosed: November 30, 2018

In September, Marriott received an alert from an internal security tool regarding an attempt to access the Starwood guest reservation database. Marriott learned during the investigation that there had been unauthorized access to the Starwood network since 2014. On November 30, Marriott revealed that the breach affected 500 million guests.

2) Exactis

340 million records breached[6]

Information Exposed: Email addresses, addresses, phone numbers, and a lot more.

Date disclosed: June 26, 2018

In June it was discovered that two terabytes of personal data from Exactis, a Florida data aggregation firm, was available on a publicly accessible server. The breach exposed information on just about every single U.S. Citizen.

3) Under Armour

150 million records breached[7]

Information Exposed: Usernames, email addresses, and passwords

Date disclosed: March 25, 2018

On March 25, Under Armour discovered that someone gained unauthorized access to the fitness platform MyFitnessPal. While usernames, emails, and passwords were exposed, no credit card data was breached. Under Armor stock fell 3.8 percent in reaction to news of the breach.

4) Quora

100 million records breached[8]

Information exposed: Names, email addresses, encrypted passwords , data imported from linked networks when authorized by users

Date Disclosed: December 3, 2018

On November 30, the question-and-answer website Quora discovered that some user data was compromised by a third party who gained unauthorized access to one of their systems

5) MyHeritage

92 million records breached[9]

Information Exposed: Email addresses

Date disclosed: June 4, 2018

On June 4, MyHeritage revealed that all users who signed up for the genealogy service prior to October 26, 2017, had their email address exposed. Credit card information and other personal records information managed by MyHeritage was not exposed.

6) Facebook

87 million records breached[10]

Information Exposed: Facebook profiles

Date disclosed: March 17, 2018

In March, it was revealed that Cambridge Analytica, a political data firm, collected the personal information of 50 million Facebook users. Cambridge Analytica initially claimed it collected data on 30 million users, but Facebook said that was less than half of the true total. In April, the company informed 87 million Facebook users that their data had been shared.

7) Panera Bread[11]

37 million records breached

Information Exposed: Names, email addresses, phone numbers, birthdays, addresses

Date disclosed: April 2, 2018

On April 2, information security journalist Brian Krebs reported that exposed customers’ records in plaintext. That means the information could easily be collected using automated data collection tools. After Krebs published his report, Panera Bread temporarily took its website offline.

8) Ticketfly

27 million records breached

Information Exposed: Names, addresses, email addresses, and phone numbers

Date disclosed: June 7, 2018

On May 31, Ticketfly’s website was vandalized by a hacker for a week. The hacker previously warned Ticketfly of a security vulnerability and demanded a ransom. When Ticketfly didn’t pay, the hacker took control of the Ticketfly website and stole a directory of customer and employee data.

9) Sacramento Bee

19.5 million records breached[12]

Information Exposed: Voter registration data

Date disclosed: June 7, 2018

Two Sacramento Bee databases on a third-party computer server were seized by an anonymous hacker. The hacker demanded the daily newspaper to pay a ransom to get the data back. The Bee refused and deleted the databases to prevent further attacks.

There are almost certainly a lot more data breaches that we don’t even know about yet, because…

Data Breach Reporting Is Slow

Average Time for a Company to Publicly Disclose a Data Breach

2017: 47 Days

2018: 47.5 Days[13]

Despite rampant data leaks and pressure from lawmakers, companies aren’t getting any better at quickly reporting data breaches to consumers.

Companies Rarely Find Breaches Themselves

According to Risk Based Security

13% of Data Breaches were discovered internally

59% Data Breaches weren’t discovered until a third party informed the company.

The Risks Are Real

Exposed data means big paydays for data thieves.

Here’s how much your data can sell for on the Dark Web.

Credit card with a $5,000 limit: $450

Credit card with a $10,000 limit: $400[14]

Subscription service logins: $1-$10

Driver’s license: $20

Passports (US): $1000-$2000[15]

Data Breach Tsunami 2018

The Bottom Line

  • Modern data breaches are massive
  • More personal information is exposed than ever
  • Companies are slow to report data breaches and rarely find data breaches themselves
  • Your breached information is valuable on the dark web
  • Consumers can’t count on government regulators to secure their data
  • If you want to protect your personal data, you’ll have to do it yourself
















The post Data Breach Tsunami 2018 [INFOGRAPHIC] appeared first on ValueWalk.