Impact:Theft of up to 78.8 million current and former customers. UpGuard is a leading vendor in the Gartner 2022 Market Guide for IT VRM Solutions. In this instance, security questions and answers were also compromised, increasing the risk of identity theft. Top editors give you the stories you want delivered right to your inbox each weekday. Its speculated that the cybercriminal group gained access through an unauthorized API endpoint, meaning a user/password or any other authentication method wasn't required to connect to the API. The company said that the stolen data "does not include any financial or physical address information" and that it shouldn't have compromised any passwords. Slickwraps, a manufacturer of vinyl skins for phones and tablets, suffered a breach impacting 370,000 of its customers.. The attackers used the bugs on the Exchange servers to access email accounts of at least 30,000 organizations across the United States, including small businesses, towns, cities and local governments. This Los Angeles restaurant was also named in the Earl Enterprises breach. October 13, 2021: Cybersecurity researchers discovered an unsecured database that contained over82 million records belonging to the supermarket Whole Foods Market and Skaggs public safety and uniform company that sells uniforms for Police, Fire and Medical customers all over the United States, and others. It was fixed for past orders in December. There were 4,145 publicly disclosed breaches that exposed over 22 billion records in 2021, approximately 5% fewer than in 2020. Estimates of the amount of affected customers were not released, but it could number in the millions. Employee login information was first accessed from malware that was installed internally. This lethal combination meant that anybody with knowledge of the server IP address could access the leaked sensitive data, and thats exactly what happened. Wayfair had its first decline in annual revenue in 2021, after eight years of increases. Your Wayfair account has been locked for security, so you will have to set up a new one if you still wish to use the retailer. MyHeritage earned praise for promptly investigating and disclosing details of the breach to the public. CSN Stores followed suit in 2011, launching Wayfair. The searchable and well-organized database was leaked to a popular hacking forum, giving hackers access to account credentials, including approximately200 million Gmail addresses and 450 million Yahoo email addresses. Twitter did not disclose how many users were impacted but indicated that the number of users was significant and that they were exposed for several months. The database was stolen at the same time as the attack on 123RF, which exposed over 83 million user records. Replace a Damaged Item. However, this initial breach was just the preliminary stage of the entire cyberattack plan. Once downloaded, the software granted remote access to the company devices and to the customer relationship management (CRM) software containing account records for 4.9 million customers. Date: early 2018 (this is when a Cambridge Analytica whistleblower disclosed the story). While there is evidence to say that the data is legitimate (many users confirmed their passwords where in the data), it is difficult to verify emphatically.. Wayfair is the amalgamation of all of the stores launched by Shah and Conine in the first decade of the companys existence. In October 2013, 153 million Adobe accounts were breached. Whoever is at fault for this breach will likely suffer tough financial regulatory consequences for their security negligence. It was fixed for past orders in December, according to Krebs on Security. According to a study by KPMG, 19% ofconsumers said they would completely stop shopping at a retailer after a breach, and 33% said they would take a break from shopping there for an extended period. June 15, 2021: A third-party marketing services supplier disclosed the personal information of 3.3 million customers of Volkswagen and its Audi subsidiary. was discovered by the security company Safety Detectives. The suspected culprit(s) Gnosticplayers contacted ZDNet to boast about the incident, saying that Canva had detected and remediate the cyber threat that caused the data breach. In late 2016, Uber learned that two hackers were able to access the names, email addresses, and mobile phone numbers of 57 million users of the Uber app. The breach was discovered by Visa and MasterCard in January 2009 when Visa and MasterCard notified Heartland of suspicious transactions. This breach could have been avoided if Slickwraps listened to the warnings of a white hat hacker highlighting the companys terrible cybersecurity. If hackers were to launch successful phishing attacks on these users, they could gain deeper access to personal photos and business information. April 24, 2021: A database containing the personal details of over 5.6 million users of thepopular music instruments online marketplace Reverb was discovered after it was leaked into the Dark Web. Parlers Verified Citizens, or users who had verified their identity by uploading their drivers license or other government-issued photo ID, were also exposed. In one of the biggest data breaches of all time in the education industry, the Los Angeles Unified School District (LAUSD) was attacked by Vice Society, a Russian criminal hacking group. Wayfair, like most online retailers, saw a huge boom in revenues during the pandemic. Data breaches continue to expose consumers' personally identifiable information (PII) at an alarming rate, putting close to three hundred million people at risk of identity theft and fraud. In 2020, Kroll data shows an average 125% growth in breach notification cases for industries which experienced five or more breaches in 2019. A new IRS ruling recognizes employer paid ID theft protection as a non-taxable, nonreportable benefit. 2020, meanwhile, brought unexpected challenges, as Covid-19 spurred sudden shifts in standard operating . The FriendFinder Network includes websites like Adult Friend Finder, Penthouse.com, Cams.com, iCams.com, and Stripshow.com. The breach exposed highly personal information such as people's phone numbers, home, and email addresses, interests, and the number, age, and gender of their children. The ransomware attack occurred over Labor Day weekend, and prevented LAUSD officials from accessing important data, including: After consulting with CISA and the FBI, LAUSD released a statement saying they would not be paying the ransom that Vice Society had demanded. The data leaks impacted American Airlines, Microsoft, J.B. Hunt and governments of Indiana, Maryland and New York City. "We have investigated the matter thoroughly, addressed the cause and have implemented additional security measures as a precaution.". California State Controllers Office (SCO). One, originating from the Mexico-based media companyCultura Colectiva, weighs in at 146 gigabytes and contains over 533 million records detailing comments, likes, reactions, account names, FB IDs and more. has been cause for concern in the recent past, Read more about this Facebook data breach here, biggest data breaches in the financial services sector, personally identifiable information (PII), biggest data breaches of all time in the education industry, Los Angeles Unified School District (LAUSD), was told of potential vulnerabilities in their systems, Joe Biden's Cybersecurity Executive Order, biggest breach in the nations security history. The encryption was weak and many were quickly resolved back to plain text, the password hints added to the damage making it easy to guess the passwords of many users. In November 2018, Marriott International announced that hackers had stolen data about approximately 500 million Starwood hotel customers. Start A Return. Eugene is the Director, Technology and Security of Sontiq, a TransUnion company. The data breach was discovered by the impacted websites on October 15. April 12, 2021: A third-party software vulnerability is responsible for exposing 21 million customer records belonging to ParkMobile, a contactless payment parking app. This cyber incident highlights the frightening sophistication some phishing attackers are capable of. Due to varying update cycles, statistics can display more up-to-date After being ignored, the hacker echoed his concerts in a medium post. Learn why security and risk management teams have adopted security ratings in this post. February 26, 2021: An undisclosed number of T-Mobile customers were affected by SIM swap attacks, or SIM hijacking, where scammers take control of and switch phone numbers over to a SIM card they own using social engineering. Between 2013 and 2016, anyone who gained access to this breached information could have taken over any Myspace account. Learn about the difference between a data breach and a data leak. A subset of the data was sent to Have I Been Pwned which had 126 million unique email addresses. Harbour Plaza Hotel Management, a hospitality management company in Hong Kong, suffered a breach of its accommodation reservation databases, impacting approximately 1.2 million customers. Hackers initially canvassed dark web databases of previously compromised login credentials dating back to 2013. Click here to request your free instant security score. Panera Bread confirmed on April 2, 2018 that it was notified of a data leak on its website. Details about these discoveries can be found in our Aggregate IQ breach series (part 1, part 2, part 3and part 4). Statista assumes no A highly sophisticated cyber attack breached exposed the data of 9 million easyJet customers. 300,000 Nintendo accounts were compromised and used to make unsolicited digital purchases. The data compromised included names, home addresses, phone numbers, dates of birth, social security numbers, and drivers license numbers. If an individual uses a password from the database, Auth0 will notify the site's host and give them the opportunity to notify the affected user. Learn why cybersecurity is important. How UpGuard helps tech companies scale securely. August 13, 2021: Cybersecurity researchers found an unsecured database containing over 3 million personal records of members belonging to a senior living review site, SeniorAdvisor. There was a whirlwind of scams and fraud activity in 2020. Marketplace | News & Insights | Data | Events, Pinterest Revenue and Usage Statistics (2023), E-commerce App Revenue and Usage Statistics (2023), Depop Revenue and Usage Statistics (2023), Shein Revenue and Usage Statistics (2023), Niraj Shah (CEO, co-founder), Steve Conine (co-founder), Wayfair Revenue and Usage Statistics (2023), Wayfair generated $13.7 billion revenue in 2021, a 2.8% contraction on 2020, It posted a net loss in 2021 of $131 million, Wayfair has over 30 million active buyers. Monitor your business for data breaches and protect your customers' trust. The information that was exposed included names, contact information, passport number, Starwood Preferred Guest numbers, travel information, and other personal information. One state has not posted a data breach notice since September 2020. March 4, 2021: The global IT company, SITA, which supports 90% of the worlds airlines confirmed it fell victim to a cyberattack, exposing the personally identifiable information (PII) belonging to an undisclosed number of airline passengers. Experian suffered another breach in 2020, when a threat actor claiming to be Experian's client convinced staff to relinquish customer information for marketing purposes. Just wanted to share my experience to warn other people and see if anyone else has had this experience as well. The stolen information includes names, travelers service card numbers and status level. January 22, 2021: Customer data was stolen from the mens clothing retailer, Bonobos, was found for free in a hacker forum after a cybercriminal downloaded the companys backup cloud data. In mid 2012, Dropbox suffered a data breach which exposed 68 million records that contained email addresses and salted hashes of passwords (half SHA1, half bcrypt). According to a study by KPMG, 19% of consumers said they would. Yahoo disclosed that a breach in August 2013 by a group of hackers had compromised 1 billion accounts. This makes Facebook one of the recently hacked companies 2021, and therefore, one of the largest companies to be hacked in 2021. As of August 2020, the biggest fine and settlement resulting from a data breach was 575 million U.S. dollars fined to consumer credit reporting agency . The following categories of data were accessed, amounting to the 12.3 million total: This database was not connected to Bonobos private data, which was siloed for protection. May 7, 2021: CaptureRx, a healthcare system IT company, exposed almost 2 million patient records belonging to over 100 hospitals and healthcare organizations after it was targeted by a ransomware attack. That revelation prompted other services to comb their LinkedIn data and force their own users to change any passwords that matched (kudos to Netflix for taking the lead on this one.) The data was stolen when the 123RF data breach occurred. The company said its count of active customers rose 53.7%, to 31.2 million, during the fourth quarter. Some of the high-profile customers reportedly impacted by this breach include: Impact: 1000 schools / 600,000 students / 500GB of data. Free Shipping on most items.