The incidence of data breaches, hacks, and malware are a common occurrence and most of us hear about it frequently on tech news. Ranging in intensity, the security breaches happen for different reasons including mishandling of data and having a website that lacks advanced security features.
During the year 2018, many prominent organizations faced data breaches that not only compromised the personal data of their users but also affected their reputation and financial standing.
Here, we list down some of the biggest data breaches of this year, ranked by the number of users affected.
A criminal hack took place on the airline’s website and app that affected bookings made by credit cards.
Personal data such as credit card information, addresses, and phone numbers were stolen when hackers accessed the travel-booking website.
Hackers coordinated a well-planned attack on the Singapore government’s health database. Apart from getting hold of patient’s medical history and the medicines used, information regarding the health of prime minister of Singapore was specifically targeted.
Image: Shutterstock
An international group of hackers accessed T-Mobile servers through an API and got hold of personal data and passwords of the users.
The Facebook app mishandled the data of their user by sharing information with ‘third-parties’ with only limited protection.
A cyber attack was carried out on the online store that compromised login details of the customers.
Passenger data including 860,000 passport numbers, 245,000 Hong Kong identity card numbers, 403 expired credit card numbers, and 27 credit card numbers without card verification value were accessed through unlawful means.
Hackers gained access to the system that contained sensitive information regarding the customer and drivers of the ride-hailing service.
Hackers accessed the cloud computing account of the Timehop website and got hold of personal information including names, email addresses, and phone numbers of the subscribers.
IsHaKdz, the hacker accessed the website and gained access to information about the clients and promoters that utilized Ticketfly’s services.
The hackers made use of the vulnerabilities in the Facebook’s code and gained full access to user’s data that included sensitive information such as user’s location, relationship status, devices used and recent searches.
Unauthorized access was gained on the company’s database that compromised data of consumers including their name, addresses, and login credentials.
Wall Street Journal reported that a software glitch caused Google to expose data of over 500,000 users. The company experienced another security breach in November that compromised data of approximately 52.5 million users. After the recurrent hacking incidents, Google announced that it would shut down Google+ for good by April 2019.
A Facebook app “This is your digital life” mishandled users information and provided access to third parties including the Cambridge Analytica, a data analytics firm that assisted President Trump in creating targeted ads during his presidential campaign.
According to data by Facebook, 270,000 users use the personality prediction app. However, since Facebook allows data sharing, the app was able to gather data of millions of other users as well.
Although not much information regarding the hack was disclosed, a company representative admitted that their database of email addresses and passwords was found on a private server.
A ‘malicious’ third party gained access to the Quora’s system and retrieved account information of user accounts.
Hackers gained access to user-data through illegitimate ways and got hold of confidential account information including addresses and passwords.
A security expert found a vulnerability in the publicly accessed server that exposed detailed information of many US citizens. The information compromised included phone numbers, addresses, and personal preferences of the members.
Hackers accessed the reservation database of the hotel and copied guest information including phone numbers, email addresses, passport numbers, and even credit card numbers.
Aadhar, the Indian government portal for storing information of its residents and biometric info experienced a leak that gave anyone the access to obtain information from the Aadhar website. The compromised information included names of the Indian residents, their ID card numbers, and bank accounts.
During the year 2018, many prominent organizations faced data breaches that not only compromised the personal data of their users but also affected their reputation and financial standing.
Here, we list down some of the biggest data breaches of this year, ranked by the number of users affected.
21. British Airways – 380K Users Data Stolen
Date: August 21, 2018 – September 5, 2018A criminal hack took place on the airline’s website and app that affected bookings made by credit cards.
20. Orbitz — 880K Data Breach
Date: January 1, 2016 – December 22, 2017Personal data such as credit card information, addresses, and phone numbers were stolen when hackers accessed the travel-booking website.
19. SingHealth – 1.5 million user's info leak
Date: May 1, 2015 – July 4, 2018Hackers coordinated a well-planned attack on the Singapore government’s health database. Apart from getting hold of patient’s medical history and the medicines used, information regarding the health of prime minister of Singapore was specifically targeted.
18. T-Mobile – 2 million data hack
Date: August 20, 2018
Image: Shutterstock
An international group of hackers accessed T-Mobile servers through an API and got hold of personal data and passwords of the users.
17. myPersonality – 4 million
Date: Facebook banned the app in April 2018The Facebook app mishandled the data of their user by sharing information with ‘third-parties’ with only limited protection.
16. Saks and Lord & Taylor – 5 million
A hacking group announced it had access to credit card information of more than 5 million customers from the Saks and Lord & Taylor database. More details regarding the misdemeanor were never shared with the public.Related: When Was The Last Time You Googled Yourself? - Infographic
15. SheIn.com – 6.42 million
Date: June 2018A cyber attack was carried out on the online store that compromised login details of the customers.
14. Cathay Pacific Airways – 9.4 million
Date: March 2018Passenger data including 860,000 passport numbers, 245,000 Hong Kong identity card numbers, 403 expired credit card numbers, and 27 credit card numbers without card verification value were accessed through unlawful means.
13. Careem – 14 million
Date: January 14, 2018
Hackers gained access to the system that contained sensitive information regarding the customer and drivers of the ride-hailing service.
12. Timehop – 21 million
Date: December 2017 – July 2018Hackers accessed the cloud computing account of the Timehop website and got hold of personal information including names, email addresses, and phone numbers of the subscribers.
11. Ticketfly – 27 million
Date: End of May 2018IsHaKdz, the hacker accessed the website and gained access to information about the clients and promoters that utilized Ticketfly’s services.
10. Facebook – 29 million
Date: July 2017 – September 2018
The hackers made use of the vulnerabilities in the Facebook’s code and gained full access to user’s data that included sensitive information such as user’s location, relationship status, devices used and recent searches.
9. Chegg – 40 million
Date: April 29, 2018 – September 19, 2018Unauthorized access was gained on the company’s database that compromised data of consumers including their name, addresses, and login credentials.
8. GooglePlus – 52.5 million
Date: 2015 – March 2018, November 7, 2018 – November 13, 2018Wall Street Journal reported that a software glitch caused Google to expose data of over 500,000 users. The company experienced another security breach in November that compromised data of approximately 52.5 million users. After the recurrent hacking incidents, Google announced that it would shut down Google+ for good by April 2019.
7. Cambridge Analytica – 87 million
Date: Occurred in 2015 and revealed in 2018A Facebook app “This is your digital life” mishandled users information and provided access to third parties including the Cambridge Analytica, a data analytics firm that assisted President Trump in creating targeted ads during his presidential campaign.
According to data by Facebook, 270,000 users use the personality prediction app. However, since Facebook allows data sharing, the app was able to gather data of millions of other users as well.
6. MyHeritage – 92 million
Date: October 26, 2017Although not much information regarding the hack was disclosed, a company representative admitted that their database of email addresses and passwords was found on a private server.
5. Quora – 100 million
Date: November 2018
A ‘malicious’ third party gained access to the Quora’s system and retrieved account information of user accounts.
4. MyFitnessPal – 150 million
Date: February 2018Hackers gained access to user-data through illegitimate ways and got hold of confidential account information including addresses and passwords.
Related: What Apple, Amazon, Google, Facebook, Microsoft and Twitter Know About You (Infographic)
3. Exactis – 340 million
Date: June 2018A security expert found a vulnerability in the publicly accessed server that exposed detailed information of many US citizens. The information compromised included phone numbers, addresses, and personal preferences of the members.
2. Marriott Starwood hotels – 5 million
Date: 2014 – September 2018Hackers accessed the reservation database of the hotel and copied guest information including phone numbers, email addresses, passport numbers, and even credit card numbers.
1. Aadhar – 1.1 billion users data breach
Date: The breach was discovered in March 2018Aadhar, the Indian government portal for storing information of its residents and biometric info experienced a leak that gave anyone the access to obtain information from the Aadhar website. The compromised information included names of the Indian residents, their ID card numbers, and bank accounts.
