Throughout 2018 businesses faced an increasing number of data breaches. We’ve compiled a rundown of last year’s biggest data breaches, along with our takeaway on each.
Start the new year off right by learning from their mistakes.
Target: 87 million Facebook users
What data was exposed: Profile info, political beliefs, friend networks, private messages
Timeframe: Disclosed September 2018
What happened: A personality prediction app was found to be passing on user data to third parties including Cambridge Analytica. Cambridge Analytica was a data analytics firm that created a targeted ad campaign for President Trump’s presidential campaign using millions of people’s voter data. While only 270,000 Facebook users installed the app, it was able to gather data on millions of the users’ friends, due to Facebook’s data sharing policies at that time.
Takeaway: The more user data you have access to the more important it is to safeguard that data. If you contract with external organizations or contractors it is imperative that you have iron-clad data policies in place to protect your users and yourself. It is also extremely important to have social media policies in place for employees.
MyHeritage
Target: 92 million MyHeritage users
What data was exposed: email addresses and hashed passwords
Timeframe: Alerted June 2018
What happened: A cybersecurity researcher alerted the genealogy site in June 2018 that a file had been discovered on an outside server containing email addresses and hashed passwords of over 92 million MyHeritage users. The company confirmed the info was legitimate and alerted its users.
Takeaway: Breaches happen sometimes, even when you do everything right. MyHeritage discovered this breach because a cybersecurity researcher was doing his job well. The best case scenario always starts and ends with a great team of people working for your security.
Quora
Target: 100 million Quora users
What data was exposed: Names, email addresses, hashed passwords, profile data, public, and non-public actions
Timeframe: Discovered December 3, 2018
What happened: This breach was very recently discovered, therefore the investigation is still unfolding. According to Quora, a “malicious third party” gained unauthorized access to one of their systems. A significant amount of data may have been compromised. Quora has directly notified everyone who was affected.
Takeaway: Quora was hacked on Friday and alerted their users about the attack on the following Monday. When something like this happens, communication is essential. A quick response is necessary in order to allow users to change their passwords or ask any clarifying questions they may have. People don’t take kindly to organizations that wait to disclose data breaches.
Under Armour
Target: 150 million MyFitnessPal users
What data was exposed: Usernames, email addresses, and hashed passwords
Timeframe: Late February 2018
What happened: The popular food and nutrition app was hacked and usernames, email addresses, and hashed passwords were taken. Payment information, processed through a separate channel, was not breached.
Takeaway: If you are collecting a lot of sensitive data, such as payment information, birthdates, addresses, etc, it is essential that you segment your data. You should also consider encrypting the really sensitive stuff to make it more time-consuming for hackers to crack into.
Starwood-Marriott
Target: 500 million Starwood guests
What data was exposed: Names, email, and physical addresses, phone numbers, passport numbers, account info, birth dates, gender, travel info, and accommodation info. Some of the breached info also included hashed credit card info.
Timeframe: Discovered September 10, 2018, but could have stretched as far back as 2014
What happened: The Marriott-owned hotel chain issued a statement that its servers had suffered “unauthorized access”. Now the investigation indicates that the breach may have been caused by interference by the Chinese government for political purposes.
Takeaway: Breaches can be on-going. It is vital to have thorough security systems in place and to do regular checks and maintenance. As your business grows you should reassess whether your security needs have changed or grown, as well.