Online retailers, financial institutions, airlines, food chains, health networks, and beyond experienced data breaches in September. Were you or someone you know one of the millions of records exposed?
Here are the recent data breaches that made headlines in September 2018:
More than 50,000 account holders of Pennsylvania-based, Orrstown Bank had their information exposed after two of the bank’s employees fall for a phishing scam. Customers are being provided two years of free identity and credit monitoring services.
Alabama-based chicken finger chain Foosackly’s warned customers of a data breach of its payment system. It’s estimated that 165,000 customers may have had their payment card information stolen.
Hackers breached the British Airways mobile app and website, and captured 380,000 customer names, email addresses, physical addresses, and full credit card information. Travelers who booked flights between August 21 and September 5, 2018 were compromised.
Government Payment Services, Inc., an online system that facilitates the payments of traffic citations, court fees, child support, and other government fees, leaked data on more than 14 million customers in 36 states. The unsecured data included names, addresses, phone numbers, and partial credit card information dating back to 2012.
In another data leak, 11 million records detailing personal information was found sitting online, unprotected on a MongoDB server. While the ownership of the database remains unknown, the information exposed includes names, email and physical addresses.
Online retailer of computer hardware and consumer electronics, Newegg was hacked, leading to a month-long data breach. The cyberattack installed 15 lines of skimming code onto the Newegg website’s payment page and captured credit card information of anyone who made a purchase between August 14 and September 18, 2018.
Independence Blue Cross
Philadelphia-based insurer, Independence Blue Cross disclosed a data breach that impacted 17,000 members. The breach occurred after an employee uploaded confidential patient information onto a public-facing website. Names, birth dates, and diagnoses codes were exposed.
Women’s online fashion retailer, SHEIN announced a breach affecting 6.42 million customers. The company’s servers were targeted by hackers, who were able to capture email addresses and encrypted password credentials.
One of September’s largest data breaches came from educational tech company, Chegg. The company announced that 40+ million customers personal information including names, emails, addresses, and passwords were accessed by an unauthorized third party. Chegg is notifying its customers and resetting all user passwords.
In yet another data security issue, Facebook announced that about 90 million user accounts may have been compromised by hackers. A weakness in a line of code exposed a vulnerability in Faceboook’s “View As” feature, allowing hackers to exploit access tokens – the digital keys that let users stay logged in without having to enter their password every time they visit the site or app. Facebook has reset the tokens for all 90 million accounts, meaning those affected will need to re-enter their password the next time they return.
Be sure to check back next month for the latest major data breaches in 2018.