Now that it’s 2019, it’s time to think back. How was 2018 for you? In particular, did you do anything that might have exposed your personal data? Did you ever stay at a Marriott hotel? Banked with HSBC? Kept track of your calories with MyFitnessPal? Answered questions with Quora? Connected with other people on Facebook?
If you did any of that, you — plus millions of others — may have had your data exposed in a data breach. All of these organizations (plus countless more) exposed massive amounts of personal data in 2018. Unfortunately, this isn’t a new problem. There have been major data leaks for decades. But in recent years, as more people trust businesses to protect their personal data, the problem has accelerated.
Tragically, data breaches can have painful consequences. If private information such as social security numbers, email addresses, or even credit card numbers are hacked and sold on the dark web, it might be snatched up by identity thieves. And a stolen identity can take months or years to fix after the crime has been discovered.
To help people better understand the serious issue of data breaches, TruthFinder put together this infographic. It reveals just how widespread the problem is.
Data Breach Tsunami 2018
Breached data gushed all over the internet in 2018.
Your personal data almost certainly was exposed.
The Problem of Exposed Data Is Worse Than You Realize
“Breaches are not going away; the problem is not getting better. There is still money to be made by stealing sensitive and confidential data.” – Inga Goddijn, executive vice president of Risk Based Security
Data Breaches By Year
Breach Data from the Identity Theft Resource Center
During the first six months of 2018, the equivalent of 291 records was stolen or exposed every second, including medical, credit card, and/or financial data or personally identifiable information.
So many major organizations exposed personal data, it’s impossible to keep track of them all.
Biggest Data Breaches of 2018
500 Million records breached
Information Exposed: Names, addresses, phone numbers, email addresses, passport numbers, dates of birth, gender, loyalty program account information, and reservation information.
Date Disclosed: November 30, 2018
In September, Marriott received an alert from an internal security tool regarding an attempt to access the Starwood guest reservation database. Marriott learned during the investigation that there had been unauthorized access to the Starwood network since 2014. On November 30, Marriott revealed that the breach affected 500 million guests.
340 million records breached
Information Exposed: Email addresses, addresses, phone numbers, and a lot more.
Date disclosed: June 26, 2018
In June it was discovered that two terabytes of personal data from Exactis, a Florida data aggregation firm, was available on a publicly accessible server. The breach exposed information on just about every single U.S. Citizen.
3) Under Armour
150 million records breached
Information Exposed: Usernames, email addresses, and passwords
Date disclosed: March 25, 2018
On March 25, Under Armour discovered that someone gained unauthorized access to the fitness platform MyFitnessPal. While usernames, emails, and passwords were exposed, no credit card data was breached. Under Armor stock fell 3.8 percent in reaction to news of the breach.
100 million records breached
Information exposed: Names, email addresses, encrypted passwords , data imported from linked networks when authorized by users
Date Disclosed: December 3, 2018
On November 30, the question-and-answer website Quora discovered that some user data was compromised by a third party who gained unauthorized access to one of their systems
92 million records breached
Information Exposed: Email addresses
Date disclosed: June 4, 2018
On June 4, MyHeritage revealed that all users who signed up for the genealogy service prior to October 26, 2017, had their email address exposed. Credit card information and other personal records information managed by MyHeritage was not exposed.
87 million records breached
Information Exposed: Facebook profiles
Date disclosed: March 17, 2018
In March, it was revealed that Cambridge Analytica, a political data firm, collected the personal information of 50 million Facebook users. Cambridge Analytica initially claimed it collected data on 30 million users, but Facebook said that was less than half of the true total. In April, the company informed 87 million Facebook users that their data had been shared.
7) Panera Bread
37 million records breached
Information Exposed: Names, email addresses, phone numbers, birthdays, addresses
Date disclosed: April 2, 2018
On April 2, information security journalist Brian Krebs reported that Panerabread.com exposed customers’ records in plaintext. That means the information could easily be collected using automated data collection tools. After Krebs published his report, Panera Bread temporarily took its website offline.
27 million records breached
Information Exposed: Names, addresses, email addresses, and phone numbers
Date disclosed: June 7, 2018
On May 31, Ticketfly’s website was vandalized by a hacker for a week. The hacker previously warned Ticketfly of a security vulnerability and demanded a ransom. When Ticketfly didn’t pay, the hacker took control of the Ticketfly website and stole a directory of customer and employee data.
9) Sacramento Bee
19.5 million records breached
Information Exposed: Voter registration data
Date disclosed: June 7, 2018
Two Sacramento Bee databases on a third-party computer server were seized by an anonymous hacker. The hacker demanded the daily newspaper to pay a ransom to get the data back. The Bee refused and deleted the databases to prevent further attacks.
There are almost certainly a lot more data breaches that we don’t even know about yet, because…
Data Breach Reporting Is Slow
Average Time for a Company to Publicly Disclose a Data Breach
2017: 47 Days
2018: 47.5 Days
Despite rampant data leaks and pressure from lawmakers, companies aren’t getting any better at quickly reporting data breaches to consumers.
Companies Rarely Find Breaches Themselves
According to Risk Based Security
13% of Data Breaches were discovered internally
59% Data Breaches weren’t discovered until a third party informed the company.
The Risks Are Real
Exposed data means big paydays for data thieves.
Here’s how much your data can sell for on the Dark Web.
Credit card with a $5,000 limit: $450
Credit card with a $10,000 limit: $400
Subscription service logins: $1-$10
Driver’s license: $20
Passports (US): $1000-$2000
The Bottom Line
- Modern data breaches are massive
- More personal information is exposed than ever
- Companies are slow to report data breaches and rarely find data breaches themselves
- Your breached information is valuable on the dark web
- Consumers can’t count on government regulators to secure their data
- If you want to protect your personal data, you’ll have to do it yourself