Jump to content

The biggest data breaches of 2019


Recommended Posts

Data breaches peaked to an all-time high in 2019, growing at a never-before-seen rate. Data breaches scare everyone -- from governments and multinational corporations to the layman with no access to technology. Financial risks apart, the mere thought of your personal life being hung out to dry with such ease is enough to trigger panic attacks.


However, the breaches witnessed last year were of a different species altogether, highly evolved from their predecessors. The numbers of disclosed data breaches spiked across the world, both in volume and occurrences, surpassing 2018 as early as August 2019


A significant proportion of data breaches disclosed last year were due to human error rather than attackers. However, they still qualify as data breach, even though unintentional, said Kumar Ritesh, chairman and CEO at CYFIRMA. 


He puts human errors under three broad classifications: intentional data breach/leak, also called insider threat; unintentional data breach/leak, such as an email sent to the wrong recipients with personal employee information; configuration mistakes, where sensitive data is left unguarded.


The rise of ransomware has also contributed to data breaches, he notes. 


“Traditional ransomwares are financially motivated. They demand money after encrypting the file. However, they have started data exfiltration, where your sensitive files get taken out first and then encrypted. Money is demanded to decrypt it. State-sponsored groups have started to use this mechanism,” he explained.


In any case, it is more or less a given that paying ransom does not guarantee the safe return of encrypted data, he agreed.


Industrial cyber-espionage, which grew exponentially last year after nation-states started backing them, has significantly contributed to the rise in data breaches, he said. 


Mitsubishi Electric conceded on 20 January that they suffered a major security breach last year. Japanese dailies that reported the issue blamed China-backed cyber-spy group named Tick (a.k.a.Bronze Butler) for the incident. The threat group has been reportedly behind several similar incidents in Japan. 


“Industrial espionage has become a main vector, where state sponsored groups attack competing companies in other nations to support local companies in the same industry. We have witnessed multiple cases of this in the last six months aiming at intellectual property in industries such as advanced technology, manufacturing, cosmetics, food and beverages and retail,” he told SC Media UK.


Disclosures like that happen only when the breach is discovered by researchers or journalists or when the data is leaked out by the cyber-criminals, noted Ritesh. 


“The actual breaches are almost five times of what is being reported. Given tha there is no regulation in Asia right now (requiring victims) to declare cyber-incidents or breaches, most of the organisations do not disclose cyber-attacks or breaches unless the incident has had a huge financial or reputational impact,” he said. 


“I am aware that several manufacturing and equipment companies in Japan, South East Asia and South Korea have faced a number of breaches, but the only a few got reported.” 


He is sure that the worst is yet to come.


“2019 was a watershed year for cyber-security. Hackers gained momentum in finding new avenues to attack individuals, industries and nations as digital systems remained vulnerable with software programs and applications that are outdated, poorly configured, and laden with weaknesses,” he told SC Media UK.


Threat actors showed a greater affinity for emerging technologies in 2019, with multi-pronged cyber-attacks being operationalised with increased usage of AI/ML. This trend will continue more aggressively in 2020, he warned.


“Hackers have succeeded in automating reconnaissance or data collection or target profiling using AI/ML technologies, which means they are now capable of collecting all information using multiple techniques automatically and quickly,” he said. 


“In 2020, I suspect we will notice advanced automated cyber-attack using new technologies AI/ML as most of the state sponsored hackers are continuously trying to achieve greater accuracy, maximum impact with less effort and leaving no trace behind.” 


SC Media UK has collated the top 10 data breaches that came to light in 2019, ordered according to the number of documents leaked. Companies such as Facebook, which disclosed multiple data breaches, have been slotted under a single entry. The information was gathered from regulatory disclosures, news reports and our own reports published last year.


10. Mobile TeleSystems (MTS)
Geography: Russia
Documents disclosed: 100,000,000
Business: Telecommunications
Cause: Misconfiguration/poor security


9. Justdial
Geography: India
Documents disclosed: 100,000,000
Business: Local classified search
Cause: Unprotected API


8. CapitalOne
Geography: USA, Canada
Documents disclosed: 106,000,000
Business: Financial services
Cause: Unsecured S3 bucket
Read the SC report here.


7. Canva
Geography: Global
Documents disclosed: 140,000,000
Business: Online graphic design
Cause: Hacked
Read the SC report here.


6. Zynga
Geography: Global 
Documents disclosed: 173,000,000
Business: Online gaming
Cause: Hacked
Read the SC report here


5. Microsoft
Geography: Global
Documents disclosed: 250,000,000
Business: Technology
Cause: Data exposed by misconfiguration


4. Truecaller
Geography: India
Documents disclosed: 299,055,000
Business: Online telephone directory
Cause: Unknown


3. Facebook
Geography: Global
Business: social network 

Breach 1
Documents disclosed: 540,000,000
Cause: poor security

Breach 2
Documents disclosed: 267,000,000
Cause: poor security

Breach 3
Documents disclosed: 1,500,000
Cause: Accidentally uploaded
Read the SC reports on breaches 1, 2, and 3


2. First American Corporation
Geography: USA
Documents disclosed: 885,000,000
Business: Financial services 
Cause: Poor security
Read the SC report here.


1. Australian National University
Geography: Australia
Documents disclosed: 19 years of data
Business; Academic services
Cause: Hacked




Edited by aum
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...