Last year Experian exposed virtually everyone – this year is no better.
In July 2018, Dark Reading marketed the mid-way point of 2018 by publishing a list of the year’s biggest data breaches – so far. It used to be lists like these would be produced every few years, then once a year, soon we expect them to be published every month. The problem of exposing the identities of consumers to hackers and those committed to perpetrating fraud was supposed to get better. In reality, it has gotten much, much worse.
Data breaches used to be pretty simple. You could almost say they were boring. Today it’s not a lost laptop but a hospital’s hacked patient database. It’s not improperly disposed of paper records but malware installed on a bank’s computer that copies all customer records and transactions to a computer in Russia. It’s not a lone employee cloning credit cards but hackers getting into the Wifi wireless network transmitting credit card transactions between cash registers and the main computer at a major retailer and copying everything that passes through the store.
Today, the hacking is deliberate and know that the bad guys are after the data. We know they plan to use and sell your information. We know for a fact that identities will be stolen, companies defrauded, accounts manipulated, money lost and lives destroyed. The sheer creativity and variety of hacks almost makes you wonder at the creativity involved.
The only bright news for 2018 is that we have yet to see a massive data breach like Yahoo! that exposed billions of records. But sheer numbers are only part of the story. A data breaches that exposes the names, birthdates and social security numbers of 1 million people is arguably more serious than a breach that exposes credit card transactions of 10 million people which is more serious than one that exposes the online account credentials of 100 million people. In the first case, the criminals have everything they needs to assume your identity and commit fraud in your name.
So, while recognizing that “biggest” and “worst” do not mean the same thing, here are the most notable data breaches from 2018 (so far) according to Dark Reading.
- Ticketfly – 27 million customer usernames, phone numbers addresses and emails
- Under Armour – 150 million usernames, emails and passwords of their MyFitnessPal app
- Strava – fitness app exposed critical information about personnel at US military bases
- Panara Bread – 37 million customer names, email addresses, physical addresses, birthdays and credit card info
- Amazon Web Services (1) – a misconfigured server used by FedEx exposed more than 100,000 sensitive documents including passports and other government identification
- Amazon Web Services (2) – a Wal-Mart partner using AWS exposed the personal data of 1.3 million shoppers and later a team found another 48 million records of names, addresses dates of birth and other data scrapped from social media.
- Amazon Web Services (3) exposed the health and human services records for Los Angeles county including information from 3 million calls and 200,000 rows of detailed information about elder abuse, child abuse and suicidal distress often with rich personal information
- Sears, Delta Airlines and Best Buy – a single third-party partner of these companies exposed personal identifiable information (PII) for consumers including names, addresses, credit card numbers and more.
- Orbitz – software from a partner disclosed 880,000 payment card records
- Sun-Trust Bank – an employee stole the PII and account information for 1.5 million bank clients
At MyProfyle, we believe this carelessness is further proof that everyone’s information is at risk from many different sources and that we are all exposed multiple times per year. The solution to identity fraud is not to try to lock your identity or seek unobtainable privacy but to control your identity – not just your credit – by putting yourself in the position know of, approve or decline activity conducted in your name. That’s MyProfyle Free For Life ™ Identity Protection.