We love Halloween and the scary stories that come along with it. In IT, there are plenty of terrifying tales to share in the spirit of the season. Last week, we brought you Five IT Horror Stories: Top Tech Nightmares and How to Avoid Them and today we want to highlight the scariest cyberattacks of 2019. Ransomware, breaches and viruses oh my!
Though 2019 isn’t over yet, it’s already setting the stage for one of the most alarming years of cyberattacks across several industries, including healthcare, financial services, social media and local governments. According to QuickView’s Data Breach Report, the first six months of 2019 saw more than 3,800 publicly disclosed breaches exposing 4.1 billion records. These are the most chilling breaches to date, and we dare you to keep reading below about the scariest cybersecurity stories of the year.
The healthcare sector continues to be a major target for data breaches. In 2018, it was estimated that 15 million patient records were compromised in 503 breaches, according to Protenus Breach Barometer. Sadly, 2019 is already on pace to double the number of records with 32 million patient records breached in the first half of 2019. This is affecting health insurers, labs, vendors, hospitals, etc. The biggest breach in the healthcare sector thus far has been the American Medical Collection Agency (AMCA).
In June, AMCA notified its clients (Quest Diagnostics, LabCorp, BioReference Labs, Carecentrix and Sunrise Laboratories) that an unauthorized third-party accessed its systems and took control of its payment page between August 1, 2018, and March 30, 2019.
The largest clinical test network, Quest Diagnostics, disclosed a data breach that impacted the personal information of nearly 12 million patients. LabCorp followed a day later announcing they were also breached with up to 8 million records impacted. When all’s said and done, the breach impacted 20 million US citizens. Following the breach, AMCA filed for bankruptcy protection.
Facebook and its companies (WhatsApp and Instagram) have not had an easy 2019 when it comes to cyberattacks.
In March, Facebook admitted that passwords of 600 million users were stored in the plain text were able to be accessed by more than 20,000 of the company’s employees.
The next month, two third-party apps were left exposed online. Cultura Colectiva exposed 540 million records that included account names, Facebook IDs, and user activity, while the second application, At the Pool, disclosed passwords along with the various Facebook activity.
Later in May, the Facebook-owned messaging app, WhatsApp discovered a security flaw that exposed people using the app to spyware designed by the NSO Group. People could be spied on through their phones and microphone and camera, WhatsApp messages and other connected apps.
In the same month, TechCrunch reported 49 million Instagram Users’ contact information (phone and email) was left exposed) on a database hosted by Amazon Web Services without a password. Most of these accounts consisted of influencers, celebrities and brands. Instagram denies this database was accessed and that it only contacts 350,000 people and not 49 million.
Most recently, in September, it was discovered that 419 million records of phone numbers and users’ Facebook IDs linked to Facebook accounts have been found online. Some records also had user names, gender and location by country. All of this was due to a server not having password protection.
A hacker gained access to a Capital One server and uncovered personal information from credit card applications from 2005 to early 2019 for consumers, applicants and small businesses. Of the 106 million records, 140,000 social security numbers and 80,000 linked bank account numbers were exposed. Luckily, the hacker left an online trail and was arrested for computer fraud and abuse in July.
Toyota has been a victim of a series of data breaches over the years, but the most recent one impacted the headquarters in Japan and was the most serious, affecting 3.1 million customers. Toyota assured no credit card information was stolen, but hackers still took sensitive information such as names, dates of birth and employee information.
First American Financial Corp.
885 million sensitive financial records of Social Security numbers, tax document and more personal financial information were left exposed on a public web page for years by the leading title insurer for U.S. real estate market, First American Financial Corp., until May 2019. It is unclear if the records were stolen from the public site and used by malicious actors.
This past year has seen more than 40 municipalities victimized due to ransomware attacks. Some of the victims have been the city of Baltimore, and various cities in Florida that have had their computers and systems hijacked. Lake City Fla. Experienced a ransomware attack and paid half a million dollars to the attackers this past summer, while Baltimore voted to transfer $6 million from parks and public facilities budget to help pay for the cyberattack and rebuild its systems.
These alarming cyberattacks aren’t stopping anytime soon, and a comprehensive approach to cybersecurity is the best way to protect your data and your business. The best way to reduce your risk of becoming a victim of these scary cyberattacks is to maintain a proactive and multi-layered cybersecurity strategy.
Our team of experts can assist you by helping you assess your current cybersecurity strategy and create a cybersecurity solution that fits your business. Get started today with a security risk assessment of your business that conducts a quick diagnostic scan for network vulnerabilities. You can also give us a call at 877-599-3999 or email firstname.lastname@example.org.