As 2019 comes to a close, the list of data breaches continued to grow. Tax season is right around the corner, and identity thieves will be making plans to use stolen Personally Identifiable Information (PII) in an attempt to file fraudulent tax returns. It’s never too soon to protect yourself, your family, and your employees from tax identity fraud, and other forms of identity crimes that are prevalent all year long.
Here are the recent data breaches that made headlines in December 2019:
American communications company, TrueDialog, left their database unsecured, disclosing tens of millions of SMS text messages as well as the personal information of more than 1 billion subscribers. Exposed information includes names of recipients, account holders and users, email addresses, phone numbers of recipients and users, the content of messages, dates and times messages were sent, message status, and account details.
Over 1.6 billion customers of online retailer, LightInTheBox, had their email addresses, IP addresses, countries of residence, destination pages and user activity exposed due to an unsecured database.
A breach first reported in September 2019 has been updated with confirmation by HaveIBeenPwned that more than 170 million players of Zynga’s popular mobile games Draw Something and Words With Friends had their account information accessed. The data stolen includes names, email addresses, login IDs, hashed passwords, phone numbers, Facebook IDs and Zynga account IDs.
Over 267 million Facebook records were discovered, exposing Facebook users’ names, Facebook IDs, and phone numbers. The unsecured webpage was open to cybercriminals for at least two weeks.
The convenience store and gas station chain, Wawa, has reported the discovery of malware on their payment processing servers. This malicious software captured credit and debit card numbers, cardholder names, and card expiration dates from payments made in-store and at gas pumps. It is still unknown the total number of customers impacted by the breach involving 850 locations along the East Coast.
Smart home device maker Wyze Labs has disclosed a data leak impacting more than 2.4 million customers. Production databases belonging to Wyze were left exposed for most of the month, containing user names and email addresses, WiFi network names, camera names, and tokens that identified smartphone and personal digital assistant device connections. The databases also included personal health information for some users doing beta testing for the company. The company asserts that no passwords or financial account details were included in the database records.