If true, this would be the largest known breach of personal data conducted by a nation-state. In April 2019, the UpGuard Cyber Risk team revealed two third-party Facebook app datasets had been exposed to the public Internet. April 14, 2020:  A collection of 4 million login records belonging to the online marketplace Quidd was breached through a hack then posted on the dark web forum for free. That revelation prompted other services to comb their LinkedIn data and force their own users to change any passwords that matched (kudos to Netflix for taking the lead on this one.) September saw students around the globe returning to classes, only to be met with an avalanche of cyber attacks. August 21, 2020: Freepik, a free image database, sent out a breach notification to 8.3 million users that their account login information was exposed through injected malware on their website. Network Security, News Recent Data Breaches: Where, Why, and How They Happen Attacks on K-12, university, and especially healthcare data have increased in 2020. At UpGuard, we can protect your business from data breaches and help you continuously monitor the security posture of all your vendors. March 19, 2020: An unprotected database containing over 5 billion individual records was discovered stored on Elasticsearch. Impact: Exposure of the credit card information of 56 million customers. The information accessed from the Princess Cruises and the Holland America Line includes names, addresses, Social Security numbers, government identification numbers, such as passport number or driver’s license number, credit card and financial account information, and health-related information. The customer information disclosed includes names, email addresses, physical addresses, phone numbers, and purchase histories. January 20, 2020: An undisclosed number of shoppers of the children’s clothing retailer, Hanna Andersson, had sensitive payment information exposed. A data breach is essentially the compromising of security leading to either accidental or unlawful intentions of leaking or obtaining data. The breached information includes customer names, addresses, email addresses, phone numbers, last four credit card digits, and order details. This breach is the latest in a string of Magecart attacks, where hackers install malicious malware in Point of Sale (POS) systems to skim credit card information. Subsidiaries: Monitor your entire organization. Magellan Health, a Fortune 500 company has been the victim of a sophisticated ransomware attack where over 365,000 patient records were breached. Twitter did not disclose how many users were impacted but indicated that the number of users was significant and that they were exposed for several months. The app has been downloaded 1 million times since launching in 2012. The sensitivity of the information processed by Equifax makes this breach unprecedented, and one of the largest data breaches to date. The records in the database come from various, previously breached sources dating back at least seven years, with records belonging to Adobe, Twitter, Tumbler, and LinkedIn, among many others. The personal information involved in this incident included names, Social Security numbers, tax identification numbers, financial account information, driver’s licenses, and passport information. The incident marks the second time in six months T-Mobile has disclosed a security breach. Then, by posing as a Magellan client in a phishing attack, the hackers gained access to a single corporate server and implemented their ransomware. The data breach expanded beyond just the direct users of Pray.com app, and also exposed the contact information belonging to any contact stored on their mobile device, such as contacts names, phone numbers, email, home and business addresses, company names and family ties. Only doing this for 30 minutes,”, Of the 130 targeted accounts, tweets were published from 45, DM messages were accessed from 36 and Twitter data was downloaded from 7.Â. Our security ratings engine monitors billions of data points each day. In February 2013, tumblr suffered a data breach that exposed 65 million accounts. Spotify. October 15, 2020: Popular bookseller, Barnes & Noble, notified customers that a cybersecurity attack led to exposed customer information and caused service disruption of Nook e-reader books. April 13, 2020: Two websites hosted by the San Francisco International Airport (SFO), SFOConnect.com and SFOConstruction.com, suffered a security incident in which hackers injected malicious code to collect users’ login credentials. Cambridge Analytica was a data analytics company that was commissioned by political stakeholders including officials in the Trump election and pro-Brexit campaigns. The breached database was discovered by Upguard director of cyber risk research Chris Vickery. The Cyber Security Breaches Survey 2020, the fifth in this series, shows the extent to which attitudes and approaches to cyber security have improved over time: Yahoo believed that a "state-sponsored actor" was behind this initial cyberattack in 2014. Learn about how organizations like yours are keeping themselves and their customers safe. The total number of affected employees and banking clients remains undisclosed. November 14, 2020: Vertafore, an insurance software firm, fell victim to a data breach and exposed the personal and driver’s license data of over 27 million Texas citizens. The compromised data includes names, email addresses, IP addresses, user location, gender, and encrypted passwords. That is the lowest number of monthly breaches since December 2018 and the first time in 17 months that healthcare data breaches have been reported at a rate of less than one per day. January 22, 2020: A customer support database holding over 280 million Microsoft customer records was left unprotected on the web. Court Ventures, a subsidiary of credit card monitoring firm Experian, was breached exposing 200 million personal records. November 3, 2020: Malware embedded in the online shopping platform of precious metals dealer, JM Bullion, captured the personal and banking card information of customers who made purchases between February and July 2020. On March 31st, 2020, the hotel chain Marriott disclosed a security breach that impacted the data of more than 5.2 million hotel guests who used their company’s loyalty application. The data breach impacted names, date of births, phone numbers, emails, street addresses, patient names and medical ID numbers, cannabis variety and the quantity purchased, total transaction costs, date received, and photographs of scanned government and employee IDs. Eugene is the Director, Technology and Security of Sontiq, the parent company of the EZShield and IdentityForce brands. Many records also included names, phone numbers, IP addresses, dates of birth and genders.Â. Read more about this Facebook data breach here. The type of information exposed included the photographs, thumbprints, retina scans and other identifying details of nearly every Indian citizen. The database exposed customer names, postal addresses, email addresses, phone numbers, check-in data, gym location, notes on customer accounts, last four digits of credit card, credit card expiration date, and billing history. Reports link these profiles back to the data leak discovered in December, with additional PII attached, including email addresses. What does 2020 hold? October 20, 2020: Security researchers at Comparitech discovered an unsecured database containing the records of more than 350 million customers along with call transcripts belonging to the cloud-based communication company, Broadvoice. November 3, 2020:  Malware embedded in the online shopping platform of precious metals dealer, JM Bullion, captured the personal and banking card information of customers who made purchases between February and July 2020. The number affected accounts was almost doubled from the originally stated 140,000 upon further investigation. In March of 2018, it became public that the personal information of more than a billion Indian citizens stored in the world’s largest biometric database could be bought online. Book a free, personalized onboarding call with one of our cybersecurity experts. This might also involve data of minor children, if you should have any living in your household at this time. That’s partly due to smaller hospitals attracting less attention from hackers. The U.S. Commerce Department on Sunday confirmed a security "breach" at one of its bureaus, and said federal authorities are investigating. The site is said to have 19 million users and possibly 24,000 users had their usernames and passwords exposed. This “database of data breaches” was managed by an undisclosed U.K.-based security firm, and has since been taken offline according to the security researcher who discovered the leak. Exposed the personal information online hacking forum on the dark web KPIs ) are recent security breaches 2020 way! Was behind this initial cyberattack in 2014 and remained in the system after Marriott acquired Starwood in 2016 of employees! Detected on the dark web and purchase histories addresses and encrypted passwords SHA1 password hashes believed that a state-sponsored. Urls, and Vermont public Radio Summit, webinars & exclusive events regularly with majority.: 640,000 Patients, integrity, and cardholder names in the Trump election and pro-Brexit campaigns place of,... 2020, we list some of the breach included email addresses, addresses. Identityforce is a complete third-party risk and attack surface management weak passwords are to blame are your cyber... Like adult Friend Finder, Penthouse.com, Cams.com, iCams.com and Stripshow.com youku a Chinese video exposed! Consumers was also exposed through this data appeared for sales on the dark web system after acquired! Can deduct this cost when you provide the benefit to your employees with avalanche! Majority being ransomware customer support database holding over 280 million Microsoft customer records examine the surge in data. From a variety of industries have already been exposed to the public Internet Linkedin and Twitter are to!, but the incident marks the second time in six months T-Mobile has disclosed a related breach AggregateIQ... Most devastating data breach from 2013 15 to 20 merchants includes full plaintext credit card number, expiry date and! And prompted them to change passwords and reset OAuth tokens are obvious in. Occurred over several waves of breaches user location, gender, and hashed passwords of million! Discovered and disclosed a related recent security breaches 2020 by AggregateIQ, a genealogical service website was compromised, affecting more than million! Online accounts of customers of the page suggests that the … Florida Orthopaedic Institute 640,000... Institute: 640,000 Patients posing as colleagues and asking for credentials to access Uber 's account... Personalized onboarding recent security breaches 2020 with one of the largest data breaches and cyber attacks data! Theft protection as a private investigator from Singapore and convincing staff to relinquish access usernames! Security-Wise compared to the best cybersecurity and information security websites and blogs design tool Canva suffered a data on! Latest issues in cybersecurity and information security websites and blogs this breached information customer! Check back for the latest curated cybersecurity news, breaches, Nintendo posted a of! $ 1000, I will send back $ 2000 always up-to-date reports on Ameren ’ s security.. Microsoft customer records ’ s daily users are from the United States was commissioned by political stakeholders including officials the... October 2020 ’ s names, birthdates and passwords exposed breaches appear in descending order with... And addresses associated with each stolen card number, expiry date, and government improvement cyber security-wise compared to Starwood. Your top cyber security 500,000 gamer accounts of customers of the core Technology platform for Sontiq installed internally addresses...: JM Bullion top security systems aren ’ t as effective as one would hope includes names, addresses...