IdentityForce LogoIdentityForce Logo
Protect What Matters Most.
Recent Data Breaches May 2019
Posted on June 3, 2019 by in Data Breach & Technology, Identity & Privacy, Personal

May could very well be the worst month of data exposure we’ve see so far in 2019. More than 2 billion consumer records were compromised in security breaches by WhatsApp, Instagram, First American Financial, and many more trusted organizations.

Here are the recent data breaches that made headlines in May 2019:


Hackers were able to infiltrate the systems of the U.S. software company, going undetected and stealing data for approximately 6 months. Information stolen possibly included the names, Social Security numbers, and financial information of current and former Citrix employees.

AMC Networks

More than 1.6 million subscribers of AMC Networks streaming platforms, Sundance Now and Shudder, had their information exposed on an unsecured database. Names, email addresses, last four digits of credit card numbers, IP addresses, and locations were among the data exposed.


A hacker gained access to a database of Wyzant customers’ PII, compromising names, email addresses, and ZIP codes. The online tutoring marketplace has more than 2 million users and 80,000 registered instructors.

Freedom Mobile

Security researchers discovered an unsecured server containing the personal information of about 1.5 million Freedom Mobile customers. Names, email addresses, phone numbers, postal addresses, dates of birth, account numbers, and credit card information were left unprotected.

Indiana Pacers

The ownership group of the Indiana Pacers and the Indiana Fever, Pacers Sports & Entertainment (PSE) announced a security breach after a phishing attack compromised several employees’ email accounts. Possible information involved includes names, addresses, birth dates, passport numbers, health insurance information, driver’s licenses, payment card information, and Social Security numbers.


More than 460,000 customers of Asia’s largest online retailer had their information accessed after Uniqlo was hacked. Full names, addresses, phone numbers, email addresses, gender, dates of birth, and partial payment card information were exposed.


A security flaw within Facebook’s WhatsApp messaging service enabled attackers to install surveillance software on users’ smartphones. This software was developed by NSO Group, a spyware technology company, and allowed hackers to turn on a phone’s camera and microphone, read emails and messages, and collect location data. WhatsApp has 1.5 billion users worldwide.


Within seven days of the WhatsApp breach, another Facebook-owned app experienced a data security incident. More than 49 million records belonging to Instagram influencers and celebrities were left exposed on an unsecured database owned by marketing firm Chtrbox. User bios, profile pictures, number of followers, location, email addresses, and phone numbers could be accessed by anyone who knew where to look.

Inmediata Health Group

More than 1.5 million people may have had their names, addresses, dates of birth, gender, medical information, and Social Security numbers stolen after Inmediata’s website allowed search engines to index internal webpages.

First American Financial Corp.

The leading title insurance provider for real estate transactions in the U.S., First American Financial left documents containing personal and financial details unprotected on its website – meaning anyone could view and download them without credentials. An estimated 885 consumer records dating back to 2003, including Social Security numbers, bank account numbers, financial statements, driver’s license images, and mortgage and tax records were exposed.


A hacker has stolen data on 139 million Canva users. Customers of the popular online design tool had their usernames, real names, email addresses, and location information stolen.


Flipboard, a content aggregator with 150 million monthly users, had its databases compromised by a hacker. Customer names, usernames, hashed passwords, and email addresses were potentially copied. The company has reset all user passwords and notified those impacted.


More than 100 Checkers and Rally’s restaurants had their point-of-sale systems hacked, compromising customers’ full payment card information. The restaurant discovered the attack in April 2019, but found that 15 percent of its location’s systems had been compromised for years. Here is a list of affected stores.

Data Breach Response Plan