2019 Top 12 Worst Data Breaches, So far

In 2019 So far, we could not see any signs of a decline in data incidents. Since start it has been a very busy year for data breach incidents. Data Breaches happen almost every week or so. Hardly a week passes without reports of a major security/data breach.

Breached data for sale

Huge collection of stolen and breached data is available on the dark web for sale. We can find stolen credentials such as card data, email IDs, passwords & other personal and important data on the dark web. Here is the worst data breach incidents of 2019, so far.

Top 12 worst data breaches so far

#1 Facebook

In late March, Facebook revealed that passwords of approx 600 million users were stored on the database in plain text for months. Over 550 million Facebook users data found on misconfigured AWS server. This 146 GB AWS server has stored over 550 million user records with user names, Facebook IDs, likes, comments, reactions, and other data used to analyze social media channels and interact with each other. 

#2 Georgia Tech

Georgia Tech is a US university well-known for its computer science programs, notified that over one million former and current students and university staff have had sensitive data illegally accessed by an unauthorized third party. A deep analysis of the security incident revealed that hackers had gained access in early December 2018, by exploiting a web application vulnerability. The flaw was later patched by the university.

#3 FEMA

Federal Emergency Management Agency (FEMA)  :  US Federal Emergency Management Agency has disclosed a data leak exposing banking details , financial and personal information of more than 2.3 million  disaster  survivors.  This 2.3 million record includes survivors of Hurricanes Maria , Harvey, and Irma and the 2017 California wildfire.

#4 Toyota

Toyota  – In February, multiple Toyota corporate IT systems were breached, approx 270 Toyota Australia dealers were affected by this targeted large scale breach. Again after 5 weeks Toyota announced its second major data breach affecting 3.1 million customers. Subsidiaries Affected in the list includes Tokyo Toyopet , Tokyo Tokyo Motor, Toyota Tokyo Sales Holdings, Toyota Tokyo Corolla, Toyota West Tokyo Corolla, Jamil Shoji (Lexus Nerima), Nets Toyota Tokyo and Lexus Koishikawa Sales.

#5 Verification.io

Email validation company Verifications.io. suffered a data breach exposing some 800 million records. Exposed data across 800 million records included name, email IDs, gender, IP address, contact number and other personal information.

#6 Dow Jones

The Dow Jones Watchlist data, a dataset of 4.4 GB , in an open Elasticsearch database containing 2.4 million records of politically exposed persons, their relatives, criminals and national and international sanction lists was found exposed on an AWS server. This Watchlist includes sensitive information about individuals, contains the financial status of companies.  This Watchlist is also used by many of the largest organizations to analyze data & make decisions.

#7 UW Medicine

UW Medicine in Washington state recently announced that Nearly 1 Million Patients personal information was exposed. A database misconfiguration error at UW Medicine created this entire security hole that left patient data exposed on the internet for several weeks resulted in a breach.

#8 500px

500px , an online photography network suffered a massive data breach last summer around July, 2018 but the incident was not disclosed that time, this came into light this February. The breach has affected 14.8 million photographers and users . The data stolen in this incident includes : sensitive information including first and last name, username, email IDs, hashed password, Date of birth, gender and city/state/country.

#9 Cebuana Lhuillier

Philippine financial service firm Cebuana Lhuillier suffered a major data breach affecting 900,000 clients.  Cebuana Lhuillier, having approx 2,500 branches nationwide, is a three-decade-old business that offers loan, remittance, micro loan, and micro insurance. The Data exposed may have include, clients’ names, date of birth, email IDs, mobile numbers and income information.

#10 Amadeus

Amadeus is one of the largest aviation Booking system, serving customers of British Airways , Air France, , Icelandair, and Qantas and many more.  This aviation booking system is being used by approx 140 international airlines. Reservation system was having a security bug , as a result approx 140 Airlines Affected by Major Security Breach.

#11 Town of Salem (video game)

The Town of Salem (browser-based video game) was hit with a major data breach, approx 7.6 million players have been affected  by this major data breach. The leaked data contained nearly 7.6 million unique email IDs, usernames, passwords, card data etc..  Most of the email IDs  belong to Gmail, Yahoo, and Hotmail.

#12 Blur

In the first week of January 2019, Blur announced a security breach due to a misconfigured AWS S3 bucket, resulting in a data leak that impacted 2.4 million users. The password management company, Blur informed their users to change their login credentials and enable two-factor authentication.