The Largest Data Breaches of 2018 and What's Coming in 2019
In this digital age we live in, cyber threats are all around us. We can't stop every threat that comes our way, but we can prepare ourselves to mitigate the threats quickly. 2018 has shown us many data breaches and what hackers are capable of. At RB Advisory we want to help you be prepared for any cyber threat. Lets take a look back at some of the top breaches of 2018 according to Business Insider (based on records accessed).
- Aadhar – 1.1 billion records
This breach was discovered in March 2018. Private information on India residents, including names, their 12-digit ID numbers, and information on connected services like bank accounts. A state-owned utility company working with Aadhar, Indane, hadn't secured their API which gave anyone access to Aadhar’s information.
- Marriot Starwood hotels – 500 million records
The breach had started back in 2014 but was announced in November 2018. The hackers were able to access guest information including phone numbers, email addresses, passport numbers, reservation dates, and some payment card numbers and expiration dates. The hackers accessed the reservation database for Marriott's Starwood hotels and stole guest information.
- MyFitnessPal – 150 million records
The breach occurred in February 2018. An "unauthorized party" gained access to data from user accounts on MyFitnessPal and stole usernames, email addresses, and encrypted passwords.
- Quora – 100 million
This breach was discovered in November 2018. A "malicious third party" accessed one of Quora's systems stealing account information including names, email addresses, encrypted passwords, data from user accounts linked to Quora, and users' public questions and answers.
- My heritage – 92 million
The breach occurred on October 26, 2017 but was discovered in June 2018. Email addresses and encrypted passwords of users who have signed up for the service were located on a private server outside of the company’s systems.
- Cambridge Analytica (Facebook) – 87 million
This breach happened in 2015 but was discovered in 2018. An app linked to Facebook improperly passed on the information of millions of users to a firm that created targeted ads for President Trump’s presidential campaign. Only 270,000 people installed the application, but it was able to use Facebook’s sharing policies to gather millions of users data without their direct permission.
- Google+ - 52.5 million
Google+ had several breaches with the first occurring in 2015 and announced in March 2018 and a second occurring in November 2018 and announced in December 2018. A software glitch caused the private information of Google+ profiles, including name, employer and job title, email address, birth date, age, and relationship status to be exposed. This breach has caused google to shutdown Google+ in April 2019.
- Chegg - 40 million
The breach occurred between April 29, 2018 and September 19, 2018. An unauthorized party gained access to a Company database that hosted personal data including names, email addresses, shipping addresses, and account usernames and passwords.
- Facebook – 29 million record
This breach occurred between July 2017 and September 2018. The hackers were able to exploit vulnerabilities in Facebook's code to get full access to compromised users' accounts. They were able to get user locations, contact details, relationship status, recent searches, and devices used to log in.
2018 has shown us many data breaches to a wide range of companies. Hopefully many companies have heard of these breaches and will learn from them to make progress in 2019 against cyber threats. As mentioned earlier, you cannot stop these threats but we can predict what is coming. Below is a forecast for what's to come for cybersecurity in 2019.
- Continued Decline in Ransomware.
Ransomware has seen a decline of nearly 30 percent over the last couple years as cyber criminals find new means to make money. Ransomware will continue to be used but its usage will be reduced to targeted victims rather than randomly selected victims.
- Increase in Cryptojacking.
To combat the decline in ransomware, cryptojacking has seen a nearly 45% rise in number of users attacked in the past year. There are many cryptomining tools accessible to those with nontechnical skills allowing for easy and frequent deployment.
- Increased Effort to Enact More Privacy Laws
Privacy took a big hit with all the data breaches of 2018. Privacy laws like GDPR could persuade more privacy laws to go into effect. The hope is that GDPR will push companies to take data privacy more serious and protect the data they collect. The EU will be looking to make sure its GDPR privacy law is taken serious by assessing fines where necessary. Several states have already enacted their own privacy laws, and more are soon to come into effect. The urgency to protect our privacy is growing.
- Increased Use of Multi-factor Authentication
As the number of users and services online increases, it is important for websites and online services to abandon password-only access and offer additional authentication methods. The extra step may confuse and frustrate users, but the added element of security can reduce the amount of cyber breaches. Consumers want to believe their data is protected, but it starts with the user having the proper security measures in place when accessing their data.
- Spear Fishing will Become More Targeted
Just as ransomware looks to become more targeted, spear fishing will work in the same way that it can increase its chances of success if it knows more about its target. There could be an increase in mortgage fraud as a common tactic is to hack into emails and study the conversations. Once the hacker sees a trend for mortgage payment collection, they will jump in and divert the large amount of funds to themselves. This is one example, but its usage can vary with other financial transactions that relies on trust between multiple email users.
- Internet of Things (IoT) will Increase the Opportunity for Attacks
According to Statista, from 2015 to 2018 the number of IoT devices have increased from 15 billion to 23 billion. Over the next four years, that number looks to almost double to 43 billion devices in 2022. IoT devices are meant to integrate and improve daily functions of business very easily and efficiently. With so many points of exposure, this can lead to large security exploit’s for consumers and businesses as they innocently reap the benefits of smart, connected technology.
- Cyber Insurance and Incident Response Plan to be an Integral Part of a Cybersecurity Plan
A common saying in cybersecurity: “It is not if you will have a cyber breach, but when will you have a cyber breach?”. The best thing to do is be prepared for the worst. By the time you discover a cyber breach it is already too late. You will spend a lot of time and resources to recover your lost data. A cyber insurance plan will not prevent a cyber attack from happening, but the recovery time and cost will be significantly less because you will be prepared. In order to be fully prepared, an organization needs to integrate a cyber incident response plan as well. This helps to map out who is involved, what the responsibilities of everyone is, and the process to mitigate the incident as quickly as possible. With the massive amount of data breaches happening every year, 2019 will prove to be the same and organizations will need to have the proper steps in place to be protected.