Online customers were not affected. April 12, 2021: A third-party software vulnerability is responsible for exposing 21 million customer records belonging to ParkMobile, a contactless payment parking app. The leaked user records include usernames, emails, IP addresses, hashed passwords, Facebook, Twitter and Google IDs, bets and data on players who were banned from the platform. Learn more about the latest issues in cybersecurity. April 19, 2021: The auto insurance company Government Employees Insurance Company, known as GEICO, filed a data breach notice announcing information gathered from other sources was used to obtain unauthorized access to your drivers license number through the online sales system on our website. The total normal of insured drivers affected has not been disclosed but the hackers had access between January 21 and March 1. Wayfair is responsible for about 1.5% of e-commerce sales in the United States, making it the tenth largest e-commerce retailer in the country. Most of the damages included payments to affected individuals, credit card companies, banks, and lawsuits. We continue to see a surge in the same, moretraditional and regulated, group of industries as we move through 2021. The information that was leaked included account information such as the owners listed name, username, and birthdate. To prevent further breaches, Nintendo posted a tweet asking members to enable 2-step authentication. This text provides general information. 300,000 Nintendo accounts were compromised and used to make unsolicited digital purchases. The data was garnished over several waves of breaches. The cost of a breach in the healthcare industry went up 42% since 2020. This exposure impacted 92% of the total LinkedIn user base of 756 million users. The issue was fixed in November for orders going forward. The following data was compromised in the cyberattack: At the time of writing this, it is unknown whether the compromised credit card numbers were complete or hashed. Most cybercriminals post stolen data for sale after a breach, but the unidentified cybercriminal - who was likely using a proxy server - was not interested in monetary gain. June 21, 2021: A third-party vendor accidentally posted an unsecured database containing more than a billion search records of CVS Health customers. An investigation revealed that users' passwords in clear text, payment card data and bank information were not stolen. According to a study by KPMG, 19% of consumers said they would. May 7, 2021: CaptureRx, a healthcare system IT company, exposed almost 2 million patient records belonging to over 100 hospitals and healthcare organizations after it was targeted by a ransomware attack. The records disclosed could include names, email addresses, phone numbers, home addresses, dates of birth, Social Security numbers as well as information on health insurance, prescriptions and medical history. On May 29, the parent company of fast-food chains Checkers and Rally's informed customers it had found malware at more than 100 restaurants. The data included the following: The hacker scraped the data by exploiting LinkedIn's API. In February 2018, the diet and exercise app MyFitnessPal (owned by Under Armour) suffered a data breach, exposing 144 million unique email addresses, IP addresses and login credentials such as usernames and passwords stored as SHA-1 and bcrypt hashes (the former for earlier accounts, the latter for newer accounts). In September 2017, Equifax, one of the three largest consumer credit reporting agencies in the United States, announced that its systems had been breached and the sensitive personal data of 148 million Americans had been compromised. In 2020, its revenues increased by 54%, the highest percentage increase since 2015. While desperately scouring the client email lists stored in Mailchimps internal tools, the cybercriminals finally found what they were looking for - an email list of customers of the hardware cryptocurrency wallet, Trezor. How UpGuard helps tech companies scale securely. Many of them were caused by flaws in payment systems either online or in stores. The encryption was weak and many were quickly resolved back to plain text, the password hints added to the damage making it easy to guess the passwords of many users. In June of 2018, Florida-based marketing and data aggregation firm Exactis exposed a database containing nearly 340 million records on a publicly accessible server. 8.3 million database records from popular stock photo and vector image seller 123RF were copied and posted for sales on a hacker forum. Because customer credit card information was leaked, this cyber attack exposes Easyjets breach of the General Data Protection Regulation, which could result in a fine of up to 4% of its global annual turnover. In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. A subset of the data was sent to Have I Been Pwned which had 126 million unique email addresses. You can deduct this cost when you provide the benefit to your employees. Customers who visited Darden-owned Cheddar's Scratch Kitchen between November 3, 2017 and January 2, 2018 may have had their credit-card information stolen. The 204 GB leaked database was not password protected and included visitor and session IDs, device information, configuration data, as well as multiple records for medications, including COVID-19 vaccines and CVS products. The full dataset included personally identifiable information (PII) like names, email addresses, place of employment, roles held and location. Cybercriminals are also focusing their time on other lucrative cyberattacks, such as ransomware, credential stuffing, malware and Virtual Private . March 2020 added to this uneasiness with the discovery of an unprotected Elasticsearch database managed by a UK-based security company containing over 5 billion records. 14 19 The data that is potentially at risk includes customer contact information like email addresses and physical addresses, as well as login information like usernames and passwords. 2020, meanwhile, brought unexpected challenges, as Covid-19 spurred sudden shifts in standard operating . The data leaks impacted American Airlines, Microsoft, J.B. Hunt and governments of Indiana, Maryland and New York City. Buca di Beppo's parent company, Earl Enterprises, was hit with a major data breach that potentially lasted from May 23, 2018 to March 18, 2019. MyHeritage earned praise for promptly investigating and disclosing details of the breach to the public. April 3, 2021: The personal data of 533 million Facebook users from 106 countries has been posted online for free in a low-level hacking forum. August 17, 2021: An unauthorized third party gained access to the personal and medical data of over 637,000 patients of UNM Health. Darden Restaurants announced in August that it had been notified by government officials that it was the victim of a cyberattack. They also got the driver's license numbers of 600,000 Uber drivers. The email communication advised customers to change passwords and enable multi-factor authentication. The leaked database from the audio chat social network includesuser ID, name, photo URL, username, Twitter handle,Instagram handle, number of followers, number of people followed by the user, and account creation date all of which the company claims is public information. The former social media network giant has since invalidated all passwords belonging to accounts that were set up prior to 2013. has been cause for concern in the recent past, Read more about this Facebook data breach here, biggest data breaches in the financial services sector, personally identifiable information (PII), biggest data breaches of all time in the education industry, Los Angeles Unified School District (LAUSD), was told of potential vulnerabilities in their systems, Joe Biden's Cybersecurity Executive Order, biggest breach in the nations security history. Data breaches arent going anywhere and were here to keep you up-to-date on the worst data breaches of the year putting youat risk of identity theft. At the time of the breach, Heartland was processing north of 100 million credit card transactions per month for 175,000 merchants. Key Points. UpGuard named in Gartner 2022 Market Guide for IT VRM Solutions, Take a tour of UpGuard to learn more about our features and services. The attack wasnt discovered until December 2020. Hudson's Bay also owns Lord & Taylor, and those stores were also affected by the breach. Top editors give you the stories you want delivered right to your inbox each weekday. June 11, 2021: The personal and shipping information of over 410,000 customers of the baby clothing retailer, Carters, were exposed due to a third-party data breach with the companys online purchases software. Once downloaded, the software granted remote access to the company devices and to the customer relationship management (CRM) software containing account records for 4.9 million customers. Click here to request your free instant security score. Hackers gained access to over 10 million guest records from MGM Grand. The database was not password protected and allowed access to information including names, emails, phone numbers and dates contacted. Details about these discoveries can be found in our Aggregate IQ breach series (part 1, part 2, part 3and part 4). A misconfigured AWS bucket led to the compromise of 23 million files belonging to the Turkish airline company Pegasus Airlines. The leaked details of more than 2.28 million users registered included names, email addresses, location details, dating preferences, marital status, birth dates, IP addresses, Bcrypt-hashed account passwords, Facebook user IDs and Facebook authentication tokens. Wayfair generated $13.7 billion revenue in 2021, a 2.8% contraction on 2020 It posted a net loss in 2021 of $131 million Wayfair has over 30 million active buyers Wayfair overview Wayfair revenue Wayfair had its first decline in annual revenue in 2021, after eight years of increases. In contrast, the six other industriesfood and beverage, utilities, construction . 5,000 brands of furniture, lighting, cookware, and more. The Identity Theft Resource Center, in its 16th annual Data Breach Report, says the number of data breaches at corporations was up more than 68% in 2021, beating the previous . Learn why security and risk management teams have adopted security ratings in this post. ImagineGroup (the owner of 123RF) assured that no financial information was accessed in the breach and that all user passwords were encrypted. A security researcher discovered a file on a private server containing email addresses and encrypted passwords. The 1,644 data breaches reported in 2020 marked 434 more reported breaches than 2019, the largest year-to-year increase on record.