A rush of technology advancements and progress met with opposing forces of breaches and hacks, 2019 has been a year of mixed news. For world-famous organizations, having a contingency plan for hacks or breaches can help them sail through if not completely protect their database. Top IT officials and PR professionals have been on their toes this year in attempts to control damage by fixing bugs and releasing appropriate statements to the public.
For 2019, just the first half exposed 4.1 Billion records being breached, which is 52% higher than in 2018. The sectors affected this year were finance, manufacturing, applications, social media, software, and government organizations.
Recalling all the major data breaches this year, these 7 breaches have had the most impact on users.
7 high profile data breaches that shook 2019
#1 WhatsApp’s Pegasus Spyware
While 2019 recognized a few security bugs in the WhatsApp application, the biggest one has to be the Pegasus spyware that galloped across devices in close to 20 countries!
The spyware was developed and designed by an Israeli surveillance firm called NSO Group and it was used to spy on journalists, activists, lawyers, political dissidents, etc. It is believed to have affected 121 Indian users and 1400 users worldwide. When contacted, NSO Group didn’t have an answer for who ordered hacking but specified that their services are only for government organizations.
#2 iPhone software hack in China
In a devastating revelation by Google’s Project Zero team, iPhone users were said to be at risk of being attacked by malicious websites. Based on a report, the attack was allegedly orchestrated by China to target the Uighur Muslims living in their country.
The attack is said to have acquired sensitive user information such as software information, passwords, messages, and location data.
Apple produced a detailed statement in response to this finding, clarifying what happened and how it has been fixed. Below is an excerpt from their statement published on their official site.
“First, the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones “en masse” as described. The attack affected fewer than a dozen websites that focus on content related to the Uighur community. Regardless of the scale of the attack, we take the safety and security of all users extremely seriously.”
#3 US Customs and Border Protection image database breached
Halfway into 2019, a data breach was caught at the US Customs and Border Protection. The hackers found access to images of people and license plates that were saved in their database. This breach was possible through a transfer from a subcontractor’s network and then stolen by a malicious cyberattack.
The breach has compromised personal data of around 100,000 travelers and the hacker behind this attack hasn’t been revealed.
#4 Quest diagnostics’s data of 12 million patient record compromised
A third party breach was exposed at Quest diagnostics, owned by Fortune 500 healthcare, which exposed 12 million patient records!
The records consisted of bank account numbers, credit card numbers, medical details, and Social security numbers.
The breach was an internal one that was processed through one of their vendors and they were alerted by AMCA (American Medical Collection Agency) of the breach. The news of the breach was made public when they filed with the Securities and Exchange Commission in June.
#5 LockerGoga ransomware hits the manufacturing sector
Manufacturing companies took a hit with ransomware LockerGoga affecting at least 5 companies. LockerGoga displays the characteristic of every other ransomware such as shutting down of computers, equipment and locking users out of their computers.
The damage to a manufacturing firm with the shutting down of physical equipment is tremendous. Norwegian aluminum manufacturing company Norsk Hydro was one company whose systems were infected by LockerGoga.
#6 Capital One’s credit card users information accessed
In what happens to be a massive breach of privacy for financial institute Capital One, there is some relief knowing that the perpetrator was caught.
The company was alerted of a data breach on July 19th, 2019 where an outside individual had hacked into the database that stored personal information of Capital One credit card users. Their banking information was compromised but luckily not their credit card information.
They managed to arrest Paige Thompson who was behind this crime and she would be charged with a $125000 fine and five years jail term.
In a statement made by the company, their CEO, Richard D. Fairbank said this on their website-
“While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened,” said Richard D. Fairbank, Chairman, and CEO. “I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right.”
#7 ToTok- UAE chatting App actually a spy tool
As 2019 comes to a close, the news of data breaches hasn’t stopped. The latest one being of ToTok, a popular messaging App in the United Arab Emirates, which is used to send texts and videos to friends and family. While other messaging platforms are banned in UAE, ToTok does pretty well for communication within the country.
Nevertheless, American officials have found that the app is a spying tool that the government used to snoop on citizens’ movements.
What has led to this increase and how can you be safe?
With the ever-increasing value of data, it is certain that access to that much information could be beneficial for non-benevolent purposes. There have been recurring names that experienced data breaches in the last few years like Facebook and Twitter. Even this December, they have warned users of data breaches through third-party applications.
The need for data security grows bigger especially when an organization stores data of millions of users. In moments of vulnerability, it is advised to keep check of bank accounts and use two-factor authentication for safe online logins.
For organizations, expenditure on setting up a strong security system will be lesser than having to deal with a security breach.