Between January and September 2019 there were over 7.9 billion data records exposed — a 33% increase from the same time in 2018! Although hackers are obvious culprits in uncovering this data, oftentimes they had a helping hand from human error resulting in a data breach.
Last year, we also began to see the Federal Trade Commission (FTC) impose hefty fines and penalties on organizations, such as those relating to the Equifax breach and Facebook data leaks, to settle charges of improper handling of Personally Identifiable Information (PII).
What does 2020 hold? While our hope does spring eternal, with the increase of information insecurity — from exposed databases to phishing attempts, from malware to third-party data leaks — the odds are not looking good. Data breaches aren’t going anywhere and we’re here to keep you up-to-date on the worst data breaches of the year putting you at risk of identity theft.
Note: This post will be continuously updated with new information as additional 2020 data breaches are reported. Breaches appear in descending order, with the most recent appearing at the bottom of the page.
January 2, 2020: Restaurant conglomerate Landry’s announced a point-of-sale malware attack that targeted customers’ payment card data – the company’s second data breach since 2015. The collected Personally Identifiable Information (PII) included credit and debit card numbers, expiration dates, verification codes, and cardholder names.
January 14, 2020: An unsecured database on an Elasticsearch server linking back to Peekaboo Moments, an app where parents post images and videos of their children, was left exposed. An undisclosed number of email addresses, geographic location data, detailed device data, and links to photos and videos posted by parents have been impacted. The app has been downloaded 1 million times since launching in 2012.
January 22, 2020: A customer support database holding over 280 million entries of Microsoft users was left unprotected on the web. Microsoft’s exposed database did not disclose personal information other than email addresses, IP addresses, and support case details.
January 23, 2020: THSuite, a point-of-sale system of marijuana dispensaries across the U.S., disclosed personal information belonging to over 85,000 medical marijuana patients and recreational users after leaving their database unprotected. The data breach impacted names, date of births, phone numbers, emails, street addresses, patient names and medical ID numbers, cannabis variety and quantity purchased, total transaction costs, date received, and photographs of scanned government and employee IDs.