Cybercrime grows every year, and 2018 was no exception. Cybercriminals can change their attack methods, their targets, or the way they act, but the challenge is always the same: breaking through companies’ corporate cybersecurity and getting access to as much data as possible.
Many companies, unfortunately, learn this lesson the hard way: Adidas, Ticketmaster, T-Mobile and British Airways are just a few. But, serious though these cases were, they didn’t top the list. The following are the seven most serious data breaches of 2018.
1.- Aadhaar: 1.1 billion records.
India has a serious cybersecurity problem. To be more precise, its national ID database, Aadhaar, which contains information on close to 1.1 billion citizens does. The database was leaked, and made available to anyone willing to invest (very little) money to get it.
In January, several Indian journalists discovered that throughout the country, there were circulating several WhatsApp groups in which anyone could buy the file of a specific citizen. The price, 500 rupees (a little under 6 euros), granted access to not only names and surnames, but also to personal data and bank details. Despite the fact that the government denied this leak, it went much further than this: researchers also discovered that, for a period of time, citizens who visited their own profile online could access other citizens’ profiles simply by changing their ID in the private URL on the Aadhaar website.
2.- Marriott: 500 million customers
Marriott is one of the largest hotel groups in the world, and its most serious weak point has just been discovered. The company announced in November that the booking system for other hotel chains in its group had been hacked. The data leak had been in progress since 2014, and had affected no fewer than 500 million customers, whose bank details and personal data are now at the disposal of whoever wants to buy them.
3.- Facebook and its pact with Netflix, Microsoft…
One of the biggest scandals of the year, and yet another black mark for Facebook. The New York Times revealed that Mark Zuckerberg’s social network has, for years, shared its users’ data (without their knowledge) with over 100 tech giants. Among the companies that bought this information were some as important as Amazon, Bing, Yahoo!, and Netflix, all of which had access to users’ publications and even their private messages.
4.- Exactis: 340 million records.
The plans of the American data broker Exactis were laid to waste last June. This time not because of theft, or even a cybercriminal act. So what had happened? The agency had left around 340 million records exposed on a public server.
In this case, there were none of the users’ bank details in the records, but they did contain 150 fields of information, with perhaps even more sensitive information: number of children in a house and their ages; the kind of payment card used by that person; an estimation of the value of their house; if they have shares in companies; their hobbies; the company with which they have their mortgage; their ethnic group; along with many others. The million dollar fines for GDPR infringement won’t take long to arrive.
5.- Under Armour: 150 million records.
If you use MyFitnessPal, one of the most widely used nutrition apps in the world, your data is at serious risk. The company that developed the app, Under Armour, was forced to admit in March that a cybercriminal had accessed the registration details of around 150 million users. Among the data stolen from each user are both the email address used to register and the password used to access the account.
6.- Panera Bread: 37 million records.
Is there anything worse than being the victim of information theft? Yes: ignoring those who have been telling you about it for eight months. This is exactly what happened to the restaurant chain Panera Bread, which had to announce that its website had exposed the registration details of at least 37 million customers. Now these customers know (or at least they should) that their names, email addresses, physical addresses and the last four digits of their credit cards have been at the mercy of whoever wanted to take or buy them.
7.- 35 million US voters
As if the elections in the States hadn’t suffered enough: suspicions of vote tampering, the spreading of all kinds of information using voter details… Then this: in October, it was discovered that a website was selling electoral records of around 35 million voters. This incident, which affected 19 states in the country, wouldn’t have allowed any alteration of votes, but it would have been enough to change voter lists at polling stations, stopping citizens from being able to vote correctly.
As we can see, many companies have been forced to make data protection the leading priority to protect their corporate cybersecurity. To fight this problem, there are tools such as Panda Data Control, the data protection module of Adaptive Defense. It stops uncontrolled access to the company’s personal and sensitive data by monitoring all system processes, sending out alerts in real time about leaks, use, and suspicious, unauthorized movements. Ultimately, it proactively and immediately detects any kind of threat, helping companies not only to protect their corporate cybersecurity, but also to comply with the GDPR and avoid its million euro fines.
The fact is that data has become the oil of the modern age, and this goes far beyond tech companies. Any kind of company, regardless of its sector or its size, can be exposed to cybercriminals. It is therefore essential that they know how to protect their greatest asset: their data.