recent data breaches 2020

Subscribe to our Newsletter for Identity Theft Updates. With over 2,000 confirmed data breaches in 2019 and hundreds in 2020, we've outlined some of the most recent and impactful data breaches over the last two years. Eugene has over 20 years of experience in the areas of Information Technology and software engineering. Capital One Fined $80 Million in Data Breach. “Cybersecurity incidents increased by an overwhelming 185% from 2018 to 2019. In 2020, a major cyberattack by a group backed by a foreign government penetrated multiple parts of United States federal government, leading to a data breach. You can deduct this cost when you provide the benefit to your employees. Town Sports has 185 clubs under various brands, including New York Sports Clubs, Philadelphia Sports Clubs, Boston Sports Clubs, Washington Sports Clubs. January 2, 2020: Restaurant conglomerate Landry’s announced a point-of-sale malware attack that targeted customers’ payment card data – the company’s second data breach since 2015. Recent Data Breach Roundup: April 2020 Posted on April 30, 2020 by Steve Turner in Data Breach & Technology, Personal Login credentials were a jackpot for hackers in April, with companies like Zoom, Facebook, and Nintendo exposing millions of their user’s emails and passwords. June 17, 2020: Cognizant, one of the largest IT managed services company, announced its user’s information was accessed and stolen in a ransomware attack back in April 2020. Vertafore, an insurance software firm, fell victim to a data breach and exposed the personal and driver’s license data of over 27 million Texas citizens. Reports link these profiles back to the data leak discovered in December, with additional PII attached, including email addresses. The third-party data leak affected guests that have booked reservations through travel companies such as Expedia,,, Agoda, Amadeus, Hotelbeds, Omnibees, Sabre and more. An unsecured database belonging to the Christian faith app,, exposed the personal information of over 10 million individuals – including users of the app and their contacts. 15.2 million data records … September 10, 2020:  A database with the customer information of 100,000 gamers who have made purchases with the game tech company, Razer, was found online and unprotected. The biggest hacks, data breaches of 2020 (so far) ... 8,000 individuals who had applied for emergency business loans due to COVID-19 disruption were affected by a data breach. The app has been downloaded 1 million times since launching in 2012. Princess Cruises and the Holland America Line, personal information of T-Mobile customers, Marriott International hotels exposed the information of 5.2 million guests, Marriott hotels exposed the personal information of 500 million guests, San Francisco International Airport (SFO), 4 million login records belonging to the online marketplace Quidd, personal and medical information of over 112,000 employees and patients of Beaumont Health, 267 million Facebook profiles have been listed for sale on the Dark Web, database containing 2.5 million card transaction records, unauthorized third party was granted access to login credentials, third party accessed an undisclosed number of Amtrak Guest Rewards accounts, Claire’s announced it was a victim of a magecart attack, user’s information was accessed and stolen in a ransomware attack, Polk County Tax Collector fell victim to a phishing attack, sensitive data belonging to 60,000 customers, 7.5 million users of the digital banking app, Dave, 19 million customers and potential employees of the cosmetic company, Avon, 235 million Instagram, TikTok, and YouTube user profiles, 40,000 medical patients of Imperium Health Management, Children’s Hospitals and Clinics of Minnesota, unsecured online database containing records of 600,000 gym members, Warner Music Group (WMG), suffered a three-month-long Magecart attack, service disruption of Nook e-reader books, unsecured database containing the records of more than 350 million customers. You can find October 2020’s list of cyber attacks and data breaches here. The Marriott Data Breach Over 5 million hotel guests were compromised on March 31, 2020, the casualties of a data security breach that targeted the Marriott chain of hotels. January 20, 2020: An undisclosed number of shoppers of the children’s clothing retailer, Hanna Andersson, had sensitive payment information exposed. The personal information of T-Mobile customers accessed includes names and addresses, Social Security numbers, financial account information, and government identification numbers, as well as phone numbers, billing and account information, and rate plans and features. The database exposed customer names, postal addresses, email addresses, phone numbers, check-in data, gym location, notes on customer accounts, last four digits of credit card, credit card expiration date, and billing history. July 16, 2020: Over 450,000 residents of Polk County, Florida had their driver’s license numbers and Social Security numbers exposed after an employee at Polk County Tax Collector fell victim to a phishing attack. March 5, 2020: An unknown number of customers’ sensitive information was accessed through a T‑Mobile employee email accounts after a malicious attack of a third-party email vendor. The app allows its users to easily upload and store scans and photos of membership and loyalty cards to a digital folder in their mobile device. The Egress 2020 Insider Data Breach Survey identifies the challenges from the viewpoint of IT leaders and compares them with the perspective of employees regarding data protection and their responsibility. Telephone number, billing address, shipping address(es), and date of birth were also impacted for a portion of their customers. The information accessed from the Princess Cruises and the Holland America Line includes names, addresses, Social Security numbers, government identification numbers, such as passport number or driver’s license number, credit card and financial account information, and health-related information. 2018 Data Breach Investigations Report Within the 53,000+ incidents and 2,200-odd breaches, you’ll find real takeaways on what not to do, or at the very least, what to watch for. Between January and September 2019 there were over 7.9 billion data records exposed — a 33% increase from the same time in 2018! May 20, 2020: Over 40 million users of the mobile app, Wishbone, had their personal information up for sale on the dark web. The customer information exposed included email addresses, date-of-birth, and hashed passwords. The US Commerce Department confirmed Sunday it has been the victim of a data breach in an attack that is believed to be linked to Russia. In the previous year’s report, IT leaders showed rising concerns for the risk of insider data breaches. The personal information of the hotel guests impacted includes names, mailing addresses, email addresses, phone numbers, loyalty account numbers and points balances, company, genders, birth dates, linked airline loyalty programs and numbers, room preferences, and language preferences. December 10, 2020: A cyberattack on healthcare provider, Dental Care Alliance, exposed sensitive personal and medical information of over 1 million patients. March 18, 2020:  The online guitar lessons website, TrueFire, notified its users that a hacker gained access to names, addresses, payment card account numbers, card expiration dates, and security codes for the past six months. The database contains an undisclosed number of names, email addresses, country, gender, job description, online behavior related details, date of registration, IP addresses, social media profile links, and authentication tokens. November 3, 2020:  Malware embedded in the online shopping platform of precious metals dealer, JM Bullion, captured the personal and banking card information of customers who made purchases between February and July 2020. Estee Lauder exposed 440 million customer records. April 28, 2020:  Ambry Genetics, a genetic testing laboratory based in the U.S., announced 233,000 medical patients had their personal and medical information accessed by a third party through an employee email. April 14, 2020: The credentials of over 500,000 Zoom teleconferencing accounts were found for sale on the dark web and hacker forums for as little as $.02. Since 2005, the US has seen over 10 billion data breaches take place. January 22, 2020: A customer support database holding over 280 million Microsoft customer records was left unprotected on the web. The leaked data contains over one million files, such as scanned documents, videos, emails, audio files, some of which included sensitive and personal information, such as names, bank account numbers, and phone numbers. May 28, 2020: More than 5 million user records belonging to Minted, an online consumer marketplace for art, home decor, and stationary, were sold by a hacker on the dark web. July 16, 2020: An unprotected database belonging to the actor casting company,, exposed the data of roughly 260,000 individuals. July 28, 2020: An unsecured database exposed the Personally Identifiable Information(PII) of 19 million customers and potential employees of the cosmetic company, Avon. IdentityForce has been protecting government agencies since 1995. March 19, 2020: An unprotected database containing over 5 billion individual records was discovered stored on Elasticsearch. The customer data in the data dump includes names, phone numbers, and mailing and email addresses. Making up the biggest portion was a 2016 breach of Yahoo! July 7, 2020: Popular casino gambling app Clubillion has suffered a data leak, exposing the PII of millions of users around the world according to researchers at vpnMentor. He oversees the architecture of the core technology platform for Sontiq. Alarming Healthcare Data Breaches Statistics in 2020. The scraped profile information in the data leak includes names, ages, genders, profile photos, account descriptions, statistics about follower engagement and demographic such as number of likes, followers, follower growth rate, engagement rate, audience demographic (gender, age and location), and whether the profile belongs to a business or has advertisements. The employee information accessed through Canon Business Process Services included names, addresses, Social Security numbers, driver’s license numbers, bank account numbers, passport numbers, and dates of birth. Email addresses, passwords, personal meeting URLs, and host keys are said to be collected through a credential stuffing attack. The database was later put for sale on the Dark Web, impacting members’ full name, email address, MD5 hashed passwords, company name, phone number, address, PayPal email, and IP address. According to research by Risk Based Security, whilst the number of reported data breaches are down, the number of records exposed is more than four-times higher than any previously reported time period. Using exposed emails and passwords, the hackers were able to login to an unknown number of J-Crew customer accounts and gain access to stored information including the last four digits of credit card numbers, expiration dates, card types, billing addresses, order numbers, shipping confirmation numbers, and shipment status. The data dump exposed includes names, home addresses, phone numbers, emails, and dates of birth of former hotel guests. May 5, 2020:  A reported ransomware attack on the Fresenius Group, a global healthcare company and one of the largest dialysis equipment providers in the U.S., impacted the company’s operations around the world. The information exposed in the data leak includes names, email addresses, national ID numbers, phone numbers of hotel guests, and reservation details such as reservation number, dates of a stay, the price paid per night. September 24, 2020:  A researcher at Comparitech discovered an unsecured online database containing records of 600,000 gym members of the fitness chain, Town Sports International. More recent data breaches in 2020 in K-12 schools. Updated July, 15 2020: Researchers found 142 million personal records from former guests at the MGM Resorts hotels for sale on the Dark Web, hinting that the original breach was larger than previously announced. July 23, 2020: The personal details of over 17 million users of the free online lodging service, CouchSurfing, was found for sale on the Dark Web. November 12, 2020: A popular stock photo and vector site, 123RF, experienced a data breach, and exposed 8.3 million user records. The exposed information included name, email, phone number, customer internal ID, order number, order details, billing and shipping address. Researchers are still uncertain how this data was exposed originally, but have noted that 16.8 million of the Facebook profiles now include more data than originally exposed. June 2, 2020: In a notification to its users, the passenger railroad service Amtrak announced an unknown third party accessed an undisclosed number of Amtrak Guest Rewards accounts. The breached data was later detected on the Dark Web on December 16th. For a smaller number of members, partial or full social security numbers and/or financial information, medical diagnoses and conditions, treatment information, and passport numbers were also included. August 26, 2020: A motion rehabilitation device manufacturer, Dynasplint Systems, experienced an encryption attack on its business devices that exposed the personal and medical information of 103,000 patients. January 2, 2020: Restaurant conglomerate Landry’s announced a point-of-sale malware attack that targeted customers’ payment card data – the company’s second data breach since 2015. US e-commerce sales are expected to … April 14, 2020:  A collection of 4 million login records belonging to the online marketplace Quidd was breached through a hack then posted on the dark web forum for free. The breached information includes customer names, addresses, email addresses, phone numbers, last four credit card digits, and order details. The information accessed through the attack includes patient names, addresses, dates of birth, medical record numbers, account numbers, health insurance information, Medicare numbers, Medicare Health Insurance Claim Numbers (which can include Social Security numbers), and limited clinical and treatment information. April 6, 2020: A digital wallet app, Key Ring, left stored customer data of 14 million users accessible in an unsecured database. The personal information disclosed includes names, physical addresses, email addresses, phone numbers, work histories, dates of birth, height and weight, ethnicity, and physical characteristics, such as hair color and length. Subscribe to our Newsletter for Identity Theft Updates: September 16, 2019, to  November 11, 2019, had their, names, shipping addresses, billing addresses, payment card numbers, CVV codes, and expiration dates skimmed and put for sale on the, Call (866) 709-4507 to Speak with a Live Agent, Personally Identifiable Information (PII), 85,000 medical marijuana patients and recreational users. July 20, 2020: An unsecured server exposed the sensitive data belonging to 60,000 customers of the family history search software company, The collected Personally Identifiable Information (PII) included credit and debit card numbers, expiration dates, verification codes, and cardholder names. Usernames, emails, phone numbers, location information and hashed passwords were exposed in a data breach before being advertised in a hacking forum. A recent SEC filing in September 2020, reveals hackers gained access to more unencrypted data than originally reported, including Social Security numbers, financial accounts, and payment information. ... 2020 … Although hackers are obvious culprits in uncovering this data, oftentimes they had a helping hand from human error resulting in a data breach. Although the passwords were hashed, cybercriminals are unhashing them and selling the data again. Rock says another area of critical concern lately is K-12. The total number of users affected has not been disclosed but the pharmacy’s app has over 10 million downloads. The exposed payment transaction belonging to 15 to 20 merchants includes full plaintext credit card number, expiry date, and the amount spent. State of the breach June 2020: AT LEAST 16 billion records, including credit card numbers, home addresses, phone numbers and other highly sensitive information, have been exposed through data breaches since 2019. March 11, 2020: Whisper, an anonymous secret-sharing app, has left member information exposed in an unsecured database. The user information disclosed included names, email addresses, user IDs, and CouchSurfing account settings but no passwords. Hackers posted over 3 million customers’ payment card details for sale on the Dark Web, where each record is being sold for $17 per card. In 2019, more than 59% of data breaches reported to the HHS’ Office for Civil Rights were the result of hacking, malware, ransomware, phishing attacks, and other IT security breaches. Note: This post will be continuously updated with new information as additional 2020 data breaches are reported. The data breach comes at a time when bookstores are relying on online sales and competing with Amazon. January 23, 2020: THSuite, a point-of-sale system of marijuana dispensaries across the U.S., disclosed personal information belonging to over 85,000 medical marijuana patients and recreational users after leaving their database unprotected. This “database of data breaches” was managed by an undisclosed U.K.-based security firm, and has since been taken offline according to the security researcher who discovered the leak. He also manages the security and compliance program. The data breach impacted names, date of births, phone numbers, emails, street addresses, patient names and medical ID numbers, cannabis variety and the quantity purchased, total transaction costs, date received, and photographs of scanned government and employee IDs. The malware gained access to usernames and passwords used to log on to the impacted websites. Although the app does not collect names, the database included nicknames, ages, ethnicities, genders, and location data of over 900 million users. November 14, 2020: Vertafore, an insurance software firm, fell victim to a data breach and exposed the personal and driver’s license data of over 27 million Texas citizens. May 20, 2020: The information belonging to 8 million users of the home meal delivery service, Home Chef, was found for sale on the dark web after a data breach. Each of the data breaches in this article has something to teach companies and customers on how the most likely can exposure to confidential data is in 2020. Data breaches aren’t going anywhere and we’re here to keep you up-to-date on the worst data breaches of the year putting you at risk of identity theft. Recent Data Breach Roundup: June 2020 | IdentityForce® Posted on June 30, 2020 by Steve Turner in Data Breach & Technology, Identity & Privacy, Personal With an increase in financial data being exposed, credit card fraud is a potential consequence of identity theft if your information gets in the hands of criminals. 850,000 customers in an unprotected database. A new study, conducted by Omnisend, has revealed the US companies that have had the largest number of data breaches across America. December 10, 2020: An undisclosed number of users of the audio streaming service, Spotify, have had their passwords reset after a software vulnerability exposed account information. The company has reset passwords to prevent further access. IdentityForce is a leading provider of proactive identity, privacy and credit protection for individuals, businesses, and government agencies. April 27, 2020:  A credential stuffing attack using previously exposed user IDs and passwords of popular video game company, Nintendo, granted hackers access to over 160,000 player accounts. Once accessible, the usernames, email addresses, and hashed account passwords were shared among members of the forum. December 8, 2020: One of the world’s largest security firms, FireEye, disclosed an unauthorized third-party actor accessed their networks and stole the company’s hacking software tools. The information exposed includes names, dates of birth, social security numbers, and home addresses. November 25, 2020: Cannon, a popular camera manufacturer, publicly disclosed a ransomware attack and resulting data breach targeting the firm had occurred for several weeks in July and August of 2020. Eugene is the Director, Technology and Security of Sontiq, the parent company of the EZShield and IdentityForce brands. The data included information related to children and parent accounts, including user names, emails, passwords, birth dates, and billing addresses connected to PayPal accounts. The organization claims their system was affected by a computer virus, but a source confirmed the hacker held the healthcare’s IT systems and data hostage in exchange for payment in bitcoin. The data breach exposed patient names, dates of birth, addresses, phone numbers, e-mails, admission and discharge dates, locations of services, and physician names and specialties. The impacted information includes photos uploaded by the app’s users, names, home and email addresses, phone numbers, marital status, and login information. June 23, 2020: A security lapse at Twitter caused the account information of the social media company’s business users to be left exposed. What does 2020 hold? The retailer has 3,500 locations worldwide and e-commerce operations and claims the breach only affected online sales.

Salida Ca Weather Monthly, Fennel Seed Toner Benefits, Peaceful Evening Quotes, Turkey Spaghetti Calories, Chamberlain Rn To Bsn Reviews, 15-0-15 Fertilizer For Centipede Grass, Honda Accord 2021,

Comments are closed.

This entry was posted on decembrie 29, 2020 and is filed under Uncategorized. Written by: . You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.