IdentityForce Logo IdentityForce Logo
Protect What Matters Most.
2019 Data Breaches
Posted on January 3, 2019 by in Data Breach & Technology, Personal

Did you know that one in three data breach victims later go onto experience an identity crime? By now, it’s safe to assume that at least some of your Personally Identifiable Information (PII) has been compromised in a breach.

It’s for this reason that IdentityForce has been tracking all major breaches for the past 5 years, and will continue to do so. Check back often to read up on the latest breach incidents in 2019, and read our data breach resources to stay protected.

Note: This post will be continuously updated with new information as additional 2019 data breaches are reported. Breaches appear in descending order, with the latest appearing at the bottom of the page.

You may also be interested in:


January 2, 2019: It didn’t take long for the first major breach announcement of 2019. Blur announced a breach after an unsecured server exposed a file containing 2.4 million user names, email addresses, password hints, IP addresses, and encrypted passwords. The password management company urged their users to change their Blur login credentials and enable two-factor authentication.

Town of Salem Video Game

January 3, 2019: The information of 7.6 million gamers was stolen in a hack of Town of Salem. BlankMediaGames (BMG) announced that its server was compromised and usernames, email addresses, IP addresses, game & forum activity, and purchased game premium features were exposed.

January 4, 2019: Online retailer of custom mugs and apparel, was hacked for a four-month period in the latter half of 2018. The company announced that it had discovered malicious card skimming code placed on its payment website. Hackers were able to steal full payment card details (number, security code, and expiration date), names, addresses, phone numbers, email addresses, and postal codes.


January 7, 2019: U.S. provider of payroll, HR, and employer services, BenefitMall announced a data breach that occurred after an email phishing attack compromised employee login credentials. Though the exact number of records exposed hasn’t been released, the emails may have included customer names, addresses, Social Security numbers, dates of birth, bank account numbers, and information on the payment of insurance premiums.


January 10, 2019: New York-based manufacturer, OXO was hacked in two separate incidents over the past two years, exposing customer information entered on their website. The company discovered unauthorized code on its site which captured customer names, billing and shipping addresses, and credit card information.

Managed Health Services (MHS) of Indiana

January 11, 2019: The personal health information of more than 31,000 patients of Managed Health Services of Indiana has been exposed following a phishing attack. Names, insurance ID numbers, addresses, dates of birth, and medical conditions are among the potentially compromised data.


January 16, 2019: A flaw within the online video game Fortnite has exposed players to being hacked. According to the security firm Check Point, who discovered the vulnerabilities, a threat actor could take over the account of any game player, view their personal account information, purchase V-bucks (in-game currency), and eavesdrop on game chatter. Fortnite has 200 million users worldwide, 80 million of whom are active each month.

Oklahoma Department of Securities

January 17, 2019: Millions of government files, including records pertinent to FBI investigations, were left unprotected on an open storage server belonging to the Oklahoma Department of Securities (ODS). The oldest records exposed dated back to 1986 and ranged from personal data to login credentials and internal communication records.

Collection 1

January 17, 2019: Security researcher Troy Hunt discovered a massive database on cloud storage site, MEGA, which contained 773 million email addresses and 22 million unique passwords collected from thousands of different breaches dating back to 2008. The information was shared on a popular hacking forum where they could be shared about. If you’re concerned if your credentials could may have been compromised, visit Have I Been Pwned?


Data Breach Response Plan