Unsecured servers, phishing scams, and cyberattacks were the story of security incidents in January 2019. However, as always, data breaches remain industry agnostic.
Here are the recent data breaches that made headlines in January 2019:
Nearly 2.4 million users of password management tool Blur had their names, email addresses, password hints, and encrypted passwords exposed on an unsecured server.
Hackers were able to place malicious code onto the checkout page of DiscountMugs.com, an online retailer of custom giveaways. This breach occurred over a four-month period, giving the hackers access to customers’ full payment card information, names, addresses, phone numbers, email addresses, and postal codes.
An employee of HR, payroll, and benefits services company, BenefitMall fell for a phishing attack and had their email login credentials compromised. Names, addresses, Social Security numbers, dates of birth, bank account numbers, and insurance information is among the potentially exposed data.
A data breach of OXO, a New York manufacturer of home goods, exposed customer data over the course of two years. Hackers performed a card skimming attack by placing malicious code onto the company’s online retail store.
Security research firm, Check Point, discovered a vulnerability in wildly popular video game Fortnite that gave hackers access to player accounts. Fornite has 200 million users worldwide.
Spreadsheets displaying names, emails, and assets of as many as 20,000 financial advisors was accidentally posted online by asset management firm BlackRock. The spreadsheets were shared as a link on the company’s iShares ETF website.
A server security lapse exposed a decades worth of data on millions of U.S. consumers, including loan and mortgage documents, repayment schedules, and financial and tax information. This data leak was traced back to analytics company Ascension, but contains information from many of the nation’s top banks and lenders.
Alaska Department of Health & Social Services (DHSS)
More than 100,000 Alaska households have been affected in a cyberattack targeting the state’s Department of Health and Social Services. The cybercriminal(s) accessed names, Social Security numbers, dates of birth, addresses, health information, benefit information, and other personal information such as income.
A massive database containing information on the corporate clients of IT security company, Rubrik, sat open on an unprotected server, allowing anyone who knew where to look to find it. Some of the information included customer email signatures, company data, and the product configurations that they used.
Be sure to check back next month for the latest major data breaches in 2019.