As more and more sensitive data is being stored online, hackers are also making more frequent attempts to try to access this confidential data. In 2019 alone, the data of billions of users has been compromised, and this number seems to grow daily. Here are some of the biggest online data breaches to date, and some details regarding why and how they happened.
The Quest Diagnostics Breach
A data breach at Quest Diagnostics exposed financial and confidential data of 11.9 million patients in June of 2019. Quest claimed that although credit card information, social security numbers, and medical data was stolen, no lab results were breached. Details on how this occurred are still a bit foggy, but the unauthorized user allegedly had access to the information for months between August 1, 2018 and March 30, 2019, which is quite unnerving. American Medical Collection Agency, a debt collector that handled much of the medical data for Quest, was blamed for the intrusion and has since lost many clients and is currently filing for Chapter 11 protection.
Another recurring incident that still has people scratching their heads and wondering "what is cybersecurity?" and "how can it be enforced?" is the seemingly constant ransomware attacks that are holding governments, and even entire cities, hostage. Targets have included the city of Baltimore, a Georgia court agency, some cities in Florida, and several agencies in Texas. Some of those attacked, such as the cities in Florida, ended up paying over one million dollars in ransom. Yet others refused to pay the hackers, and instead chose to spend millions of dollars rebuilding their IT and security systems to hopefully prevent something this catastrophic from happening again.
The Capital One Breach
In July, Capital One announced that they had been impacted by a large breach, which affected more than 100 million of their customers. Anyone who had ever applied for credit from them was at risk. Transaction histories, credit scores, bank balances, and even addresses were stolen. About 140,000 social security numbers and 80,000 bank account numbers were also taken, but credit card information was shockingly not compromised.
Paige Thompson, who previously worked for Amazon Web Services, which was the cloud hosting company that Capital One worked with to store their data, hacked into the bank's servers and attempted to share the information she stole with others online. She had nearly 30 terabytes of stolen data in her possession at the time of her arrest. She is currently in prison awaiting her trial in March of 2020.
The WhatsApp Hack
In May, hackers installed surveillance software on the phones of people who used the WhatsApp application to answer phone calls. WhatsApp, an application owned by Facebook that allows users to make phone calls and send text messages for free, has over 1.5 billion users worldwide. It is not clear how many users were affected by the malware, but it was reported that the software, which was designed by Israel's NSO group, was allegedly used in further hacking attempts on lawyers and journalists who were unfortunate enough to have used the application's calling feature.
The Facebook Breach
This breach, which affected nearly 540,000,000 Facebook users, occurred when personal data entered into popular third-party applications was leaked on Amazon's cloud computing service. The application, At The Pool, exposed databases that stored user IDs, personal photos, friend lists, and public location check-ins, as well as unprotected Facebook passwords for 22,000 users. Currently, measures are being taken to ensure that third-party applications have better control over data provided to them by users.
There have been innumerable devastating data breaches over the years, and so far, 2019 has been a year for the record books. Though it isn't possible to safeguard yourself entirely, it is important to always be wary of what you share online, and ensure that you are only entering private information on websites that you completely trust.