This is the largest compilation of data from multiple breaches, which is where the name Compilation of Many Breaches or COMB comes from. Marriott disclosed a massive breach of data from 500 million customers in late November. Stay up to date with security research and global news about data breaches, Insights on cybersecurity and vendor risk management, Expand your network with UpGuard Summit, webinars & exclusive events, How UpGuard helps financial services companies secure customer data, How UpGuard helps tech companies scale securely, How UpGuard helps healthcare industry with security best practices, Insights on cybersecurity and vendor risk, In-depth reporting on data breaches and news, Get the latest curated cybersecurity updates, The 68 Biggest Data Breaches (Updated for November 2022). Onced breached, the hacker had access to over 320 million records from notifications being pushed out to Mailfire clients. 186 vanished after my Wayfair account was hacked: ASK TONY Cost of a data breach 2022 | IBM Discover how businesses like yours use UpGuard to help improve their security posture. If your business isn't concerned about cybersecurity, it's only a matter of time before you're an attack victim. Streaming platform Plex suffered a data breach impacting most of its users, approximately 20 million. April 19, 2021: The auto insurance company Government Employees Insurance Company, known as GEICO, filed a data breach notice announcing information gathered from other sources was used to obtain unauthorized access to your drivers license number through the online sales system on our website. The total normal of insured drivers affected has not been disclosed but the hackers had access between January 21 and March 1. Learn about the dangers of typosquatting and what your business can do to protect itself from this malicious threat. With access to customer phone numbers, scammers receive messages and calls which allows them to log into the victims bank accounts to steal money, change account passwords, and even locking the victims out of their own accounts that use two-factor authentication. More than 150 million people's information was likely compromised. The exact impact of the incidents hasnt been confirmed, but given its depth of compromise, it has the potential of impacting all of Twitchs users.125GB of sensitive data was posted via a torrent link on the anonymous forum 4chan. customersshopping online at Macys.com and Bloomingdales.com. The number affected accounts was almost doubled from the originally stated 140,000 upon further investigation. But one expert from a personal virtual network service provider said that he's worried about the ultimate fallout from all these breaches. In 2020, its revenues increased by 54%, the highest percentage increase since 2015. The data was linked to the airlines EFB software, a solution requiring access to take off, landing, and refueling data and sensitive flight crew information.The AWS bucket misconfiguration meant that anyone had free access to this database, including nearly 400 files with plain text passwords and secret keys. Payment information was not released, but Under Armour says user names, emails, and encrypted passwords were affected. Besides finger print data points, 81.5 million records were accessed, consisting of email addresses, employee telephone numbers and administrator login information. The data may also include information about a vehicle that has been purchased, leased or inquired about, including vehicle identification numbers, makes, models, years, colors and trim packages. Adult video streaming website CAM4 has had its Elasticsearch server breached exposing over 10 billion records. In October 2013, 153 million Adobe accounts were breached. Survey Key Findings from the Insider Data Breach Survey MGM Grand assures that no financial or password data was exposed in the breach. Manage Email Subscriptions. February 26, 2021: An undisclosed number of T-Mobile customers were affected by SIM swap attacks, or SIM hijacking, where scammers take control of and switch phone numbers over to a SIM card they own using social engineering. Estimates of the amount of affected customers were not released, but it could number in the millions. Impact:Exposure of the credit card information of 56 million customers. MyHeritage earned praise for promptly investigating and disclosing details of the breach to the public. This event was one of the biggest data breaches in Australia. Quora, a popular site for Q&A suffered a data breach in 2018 exposed the personal data of up to 100 million users.The types of leaked data included personal information such as names, email addresses, encrypted passwords, user accounts linked to Quora and public questions and answers posted by users. Eugene is the Director, Technology and Security of Sontiq, a TransUnion company. The database was not password protected and allowed access to information including names, emails, phone numbers and dates contacted. The Magellan attack was one of the largest breaches to the healthcare sector in 2020. Data of millions of eBay and Amazon shoppers exposed Sociallarks server wasnt password-protected, wasnt encrypted, and it was a publicly exposed asset. Cost of a data breach 2022. The 69 Biggest Data Breaches Ranked by Impact Each of the data breaches reveals the mistakes that lead to the exposure of up to millions of personal data records . February 20, 2021:A third-party data breach at cloud solutions company, Accellion, allowed hackers to steal human resources data and pharmacy records belonging to the supermarket giant, Kroger. Facebook Dark Web Deal: Hackers Just Sold 267 Million User - Forbes The information disclosed in the data leak includes names, email addresses, billing addresses, phone numbers, purchasing details, and shipping tracking IDs and links. Cybersecurity metrics and key performance indicators (KPIs) are an effective way to measure the success of your cybersecurity program. Get the Cost of a Data Breach Report 2022 for the most up-to-date insights into the evolving cybersecurity threat landscape. as well as other partner offers and accept our, Rafael Henrique/SOPA Images/LightRocket via Getty Images. October 13, 2021: Cybersecurity researchers discovered an unsecured database that contained over82 million records belonging to the supermarket Whole Foods Market and Skaggs public safety and uniform company that sells uniforms for Police, Fire and Medical customers all over the United States, and others. The following data was compromised in the cyberattack: At the time of writing this, it is unknown whether the compromised credit card numbers were complete or hashed. Left unanswered is why LinkedIn did not further investigate the original breach, or inform more than 100 million affected users, in the intervening four years. Online purchases by brand in Canada in 2022, Wayfair's advertising expenditure worldwide from 2012 to 2021 (in billion U.S. dollars), Wayfair's advertising spending in the United States from 2014 to 2021 (in million U.S. dollars), Most valuable Massachusetts brands worldwide 2021, Leading Massachusetts brands worldwide in 2021, by brand value (in billion U.S. dollars), Leading retailers in the United States in 2021, by ad spend (in million U.S. dollars), Ranking: top 10 online stores by SEA budgets in 2020 in the United Kingdom, Top 10 online stores by SEA budgets in 2020 in the UK (in million US-Dollar), Ranking: top 10 online stores by SEA budgets in 2020 in Germany, Top 10 online stores by SEA budgets in 2020 in Germany (in million US-Dollar), Furniture e-commerce revenue in the United States from 2017 to 2025 (in million U.S. dollars), U.S. furniture and homeware e-retail share 2017-2025, Furniture and homeware sales as percentage of total retail e-commerce sales in the United States from 2017 to 2025, Online vs. offline product research by category in the U.S. 2022, Online vs. offline product research by category in the U.S. in 2022, Online vs. offline purchases by category in the U.S. 2022, Online vs. offline purchases by category in the U.S. in 2022, Online purchases by category in the U.S. 2022, Online purchases by category in the U.S. in 2022, Second-hand purchases by category in the U.S. 2022, Second-hand purchases by category in the U.S. in 2022, Household upkeep consumer spending worldwide 2020, by country, Ranking of the total consumer spending on furnishings, household equipment and routine maintenance of the house by country 2020 (in million U.S. dollars), Household upkeep consumer spending per capita worldwide 2020, by country, Ranking of the per capita consumer spending on furnishings, household equipment and routine maintenance of the house by country 2020 (in U.S. dollars). 1 Min Read. Most cybercriminals post stolen data for sale after a breach, but the unidentified cybercriminal - who was likely using a proxy server - was not interested in monetary gain. UpGuard named in Gartner 2022 Market Guide for IT VRM Solutions, Take a tour of UpGuard to learn more about our features and services. Direct retail net revenue of Wayfair worldwide from 2013 to 2020 (in million U.S. dollars) Wayfair operating expenditure 2012-2021, by type Wayfair operating expenditure 2012-2021, by type. In February 2018, the diet and exercise app MyFitnessPal (owned by Under Armour) suffered a data breach, exposing 144 million unique email addresses, IP addresses and login credentials such as usernames and passwords stored as SHA-1 and bcrypt hashes (the former for earlier accounts, the latter for newer accounts). This same type of collection, in similarly concentrated form,has been cause for concern in the recent past, given the potential uses of such data. February 10, 2021: A malware attack allowed a hacker to access and copy files containing the personal and medical information of 219,000 patients of Nebraska Medicine. The cyberattack gives the hackers total remote control over affected systems, allowing for potential data theft and further compromise. In July 2018, Apollo left a database containing billions of data points publicly exposed. The list of victims continues to grow. At the time, the company said it believed only customers who shopped on and purchased items from the US version of Adidas.com could have been affected by the breach. Yahoo forced all affected users to change passwords and to reenter any unencrypted security questions and answers to re-encrypt them. In 2021, it has struggled to maintain the same volume. The company states that 276 customers were impacted and notified of the security incident. Auth0's anomaly detection tool tracks breaches and maintains a database of compromised credentials. The specific security vulnerabilities and attack methods that facilitated the breach have not been disclosed, but its speculated that access was achieved via a database breach. Read the news article by Wired about this event. January 11, 2021: One of the biggest Internet of Things (IoT) technology vendors, Ubiquiti, Inc., alerted its customers of a data breach caused by unauthorized access to their database through a third-party cloud provider.