The number of employees affected and the types of personal information impacted have not been disclosed. June 11, 2021: The personal and shipping information of over 410,000 customers of the baby clothing retailer, Carters, were exposed due to a third-party data breach with the companys online purchases software. returns) 0/30. January 12, 2021: A cybercriminal compromised a certificate used to authenticate Mimecasts Sync and Recover, Continuity Monitor, and Internal Email Protect (IEP) products to Microsoft 365. January 28, 2021: Through a targeted attack on retail employees of U.S. Cellular, the fourth-largest wireless carrier in the U.S., hackers were able to scam employees into downloading malicious software onto company computers. MyHeritage earned praise for promptly investigating and disclosing details of the breach to the public. Wayfair generated $13.7 billion revenue in 2021, a 2.8% contraction on 2020 It posted a net loss in 2021 of $131 million Wayfair has over 30 million active buyers Wayfair overview Wayfair revenue Wayfair had its first decline in annual revenue in 2021, after eight years of increases. In May 2019, First American Financial Corporation reportedly leaked 885 million users' sensitive records that date back more than 16 years, including bank account records, social security numbers, wire transactions, and other mortgage paperwork. The database included names, display names, dates of birth, weight, height, genders and geolocations, the majority of which were from Fitbit devices and Apple Healthkit. 3 As North Carolinians battled the health and economic effects of the COVID-19 pandemic in 2020, hackers and fraudsters looked to take advantage. The stolen information includes names, travelers service card numbers and status level. Read the news article by TechCrunch about the event. Facebook: quarterly number of MAU (monthly active users) worldwide 2008-2022, Quarterly smartphone market share worldwide by vendor 2009-2022, Number of apps available in leading app stores Q3 2022. Prior to the attack, LAUSD was told of potential vulnerabilities in their systems but the school district failed to act to remediate the issues. Besides finger print data points, 81.5 million records were accessed, consisting of email addresses, employee telephone numbers and administrator login information. The leaked records include email addresses, usernames, hashed passwords, users country, whether they signed up for the newsletter and other sensitive information. The 204 GB leaked database was not password protected and included visitor and session IDs, device information, configuration data, as well as multiple records for medications, including COVID-19 vaccines and CVS products. In April 2019, the UpGuard Cyber Risk team revealed two third-party Facebook app datasets had been exposed to the public Internet. Locations of Earl of Sandwich were also affected by the Earl Enterprises breach. Auth0's anomaly detection tool tracks breaches and maintains a database of compromised credentials. A misconfigured AWS bucket led to the compromise of 23 million files belonging to the Turkish airline company Pegasus Airlines. IdentityForce is a leading provider of proactive identity, privacy and credit protection for individuals, businesses, and government agencies. as well as other partner offers and accept our, Rafael Henrique/SOPA Images/LightRocket via Getty Images. The data was linked to the airlines EFB software, a solution requiring access to take off, landing, and refueling data and sensitive flight crew information.The AWS bucket misconfiguration meant that anyone had free access to this database, including nearly 400 files with plain text passwords and secret keys. Youku a Chinese video service exposed 92 million unique user accounts and MD5 password hashes.. The attackers had gained unauthorized access to the Starwood system back in 2014 and remained in the system after Marriott acquired Starwood in 2016. They also got the driver's license numbers of 600,000 Uber drivers. names, the order's billing address, shipping address, phone number, and email address, plus the number of items and total dollar amount for the order, the delivery date, and a tracking link. On August 1, Poshmark released a statement on its website saying that "data from some Poshmark users was acquired by an unauthorized third party." As we hinted at above, exposed and open databases cause sleepless nights in IT offices the world over. Twitter did not disclose how many users were impacted but indicated that the number of users was significant and that they were exposed for several months. UpGuard is a leading vendor in the Gartner 2022 Market Guide for IT VRM Solutions. Each of the data breaches reveals the mistakes that lead to the exposure of up to millions of personal data records . January 11, 2021: One of the biggest Internet of Things (IoT) technology vendors, Ubiquiti, Inc., alerted its customers of a data breach caused by unauthorized access to their database through a third-party cloud provider. The suspected culprit(s) Gnosticplayers contacted ZDNet to boast about the incident, saying that Canva had detected and remediate the cyber threat that caused the data breach. This massive data breach was the result of a data leak on a system run by a state-owned utility company. Thank you! Control third-party vendor risk and improve your cyber security posture. In February 2013, tumblr suffered a data breach that exposed 65 million accounts. Replace a Damaged Item. Macy's did not confirm exactly how many people were impacted. The department store chain alerted customers about the issue in a letter sent out on Thursday. But the leaked data is sufficient to launch a deluge of cyberattacks targeting exposed users, which makes the incident heavily weighted towards a data breach classification. Sensitive information including Social Security numbers, drivers license numbers, passport numbers and/or financial account numbers may have been accessed or acquired. liability for the information given being complete or correct. The supply chain attack impacted up to 18,000 SolarWinds customers including six U.S Government departments. The breach allowed access to private information of Aadhaar holders, exposing their names, their unique 12-digit identity numbers, and their bank details. The searchable and well-organized database was leaked to a popular hacking forum, giving hackers access to account credentials, including approximately200 million Gmail addresses and 450 million Yahoo email addresses. Objective measure of your security posture, Integrate UpGuard with your existing tools. Encrypted credit-card information was also exposed, and, potentially, the key to decrypt it. Some of the records accessed include. Most of the passwords were protected only by the weak SHA-1 hashing algorithm, which meant that 99% of them had been cracked by the time LeakedSource.com published its analysis of the entire data set on November 14. However, this initial breach was just the preliminary stage of the entire cyberattack plan. The leaked user records include usernames, emails, IP addresses, hashed passwords, Facebook, Twitter and Google IDs, bets and data on players who were banned from the platform. Home Depot announced that its POS (point-of-sale) systems had been infected with a custom-builtmalware, which posed as antivirus software, affecting customers from across theUS and Canada. February 26, 2021: An undisclosed number of T-Mobile customers were affected by SIM swap attacks, or SIM hijacking, where scammers take control of and switch phone numbers over to a SIM card they own using social engineering. The health network notified affected individuals that the accessed information includes names, addresses, dates of birth, medical record numbers, health insurance information, physician notes, laboratory results, imaging, diagnosis information, treatment information, and/or prescription information and a limited number of Social Security numbers and drivers license numbers. Exposed information included names, mailing addresses, phone numbers, email addresses, passport numbers, dates of birth, gender, and other Starwood account information. The encryption was weak and many were quickly resolved back to plain text, the password hints added to the damage making it easy to guess the passwords of many users. This text provides general information. This breach could have been avoided if Slickwraps listened to the warnings of a white hat hacker highlighting the companys terrible cybersecurity. A million-dollar race to detect and respond . The passwords were stored with an encryption, however, which would need to be unencrypted before they could be used. The exposed database contains order information for over 7 million customers, including addresses, phone numbers and account information for 1.8 million registered customers, and 3.5 million partial credit card records. The PII included clients names, dates of birth, drivers license or personal identification card numbers, Social Security Numbers, payment account numbers, payment card information, biometric data including but not limited to medical information and history, medical diagnosis and treatment information, health insurance information and other personal information. A subset of the data was sent to Have I Been Pwned which had 126 million unique email addresses. A highly sophisticated cyber attack breached exposed the data of 9 million easyJet customers. Magellan Health, a Fortune 500 company has been the victim of a sophisticated ransomware attack where over 365,000 patient records were breached. The report for 2020 inspects the development of the effective mitigating approaches that companies have taken to manage insider breach risk. The cyberattack gives the hackers total remote control over affected systems, allowing for potential data theft and further compromise. In one of the biggest data breaches of all time in the education industry, the Los Angeles Unified School District (LAUSD) was attacked by Vice Society, a Russian criminal hacking group. Get the Cost of a Data Breach Report 2022 for the most up-to-date insights into the evolving cybersecurity threat landscape. Even Trezor marveled at the sophistication of this phishing attack. A security researcher discovered a file on a private server containing email addresses and encrypted passwords. Date: early 2018 (this is when a Cambridge Analytica whistleblower disclosed the story). Given that FireEyes clientbase includes government entities, it is further speculated that these Red Team Assessment tools made the U.S. Government data breach possible - an attack labeled by cyber security experts as the biggest breach in the nations security history. Darden Restaurants announced in August that it had been notified by government officials that it was the victim of a cyberattack. The data leaks impacted American Airlines, Microsoft, J.B. Hunt and governments of Indiana, Maryland and New York City. Between February and March 2014, eBay was the victim of a breach of encrypted passwords, which resulted in asking all of its 145 million users to reset their password. Penetration was achieved by the hacker posing as a private investigator from Singapore and convincing staff to relinquish access to the internal database. Whoever is at fault for this breach will likely suffer tough financial regulatory consequences for their security negligence. If hackers were to launch successful phishing attacks on these users, they could gain deeper access to personal photos and business information. When Zoom sign ups were nearing their pandemic peak in April of 2020, hackers breached 500,000 accounts and either sold or freely published them on the dark web. Most cybercriminals post stolen data for sale after a breach, but the unidentified cybercriminal - who was likely using a proxy server - was not interested in monetary gain. The records of 200 million voters was accessed from Deep Root Analytics, a firm working on behalf of the Republican National Committee (RNC).