As a result, Vice Society released the stolen data on their dark web forum. returns) 0/30. While viewing a customers account in the CRM, the hacker had access to names, addresses, PINs, cell phone numbers, service plans and billing/usage statements. Home Depot announced that its POS (point-of-sale) systems had been infected with a custom-builtmalware, which posed as antivirus software, affecting customers from across theUS and Canada. In July 2018, Apollo left a database containing billions of data points publicly exposed. January 20, 2021: A database containing 1.9 million user records belonging to Pixlr, a free online photo-editing application, was leaked by a hacker. To prove they weren't bluffing, Conti published 11,000 records on the dark web, which according to the Russian cybercriminals, represents just 1%of the total records that were stolen. Something went wrong while submitting the form. In contrast, the six other industriesfood and beverage, utilities, construction . The exposed data includes their name, mailing address, email address and phone numbers. Visit Business Insider's homepage for more stories. By signing up you agree to our privacy policy. According to the FAQs related to the incident, Harbour Plaza is yet to confirm whether cybercriminals managed to decrypt encrypted credit card data included in the breach. There was no evidence discovered that anonymously posted questions and answers were affected by the breach. British Airways, Marriot, and Ticketmaster all penalized for failing to manage customer data. There were 4,145 publicly disclosed breaches that exposed over 22 billion records in 2021, approximately 5% fewer than in 2020. The data was linked to the airlines EFB software, a solution requiring access to take off, landing, and refueling data and sensitive flight crew information.The AWS bucket misconfiguration meant that anyone had free access to this database, including nearly 400 files with plain text passwords and secret keys. Though Twitch admitted in its statement that a subset of creator payout data was also accessed, the company assures that credit card number and bank information was not compromised. The hackers demanded that parent company Avid Life Media shut down Ashley Madison and sister website Established Men within 30 days to avoid the publication of compromised records. Late last year, that same number of mostly U.S. records was . Online customers were not affected. In February 2018, the diet and exercise app MyFitnessPal (owned by Under Armour) suffered a data breach, exposing 144 million unique email addresses, IP addresses and login credentials such as usernames and passwords stored as SHA-1 and bcrypt hashes (the former for earlier accounts, the latter for newer accounts). The company paid an estimated $145 million in compensation for fraudulent payments. Once downloaded, the software granted remote access to the company devices and to the customer relationship management (CRM) software containing account records for 4.9 million customers. The breach occurred in October 2017, but wasn't disclosed until June 2018. The data consisted of 1.1 terabytes of voter Personal Identifiable Information (PII) including names, addresses and birthdates. A subset of the data was sent to Have I Been Pwned which had 126 million unique email addresses. Mimecast is a cloud-based email management service that provides email security services for Microsoft 365 accounts. If an individual uses a password from the database, Auth0 will notify the site's host and give them the opportunity to notify the affected user. The records exposed the contact information of former hotel guests including Justin Bieber, Twitter CEO Jack Dorsey, and government officials. Canva confirmed the incident, notified users, and prompted them to change passwords and reset OAuth tokens. March 23, 2021: A phishing attack targeting the California State Controllers Office (SCO) Unclaimed Property Division led to an employee clicking on a malicious link, logging into a fake website and granting a hacker access to their email account. The exposed information for each platform varies but includes users names, phone numbers, email addresses, profile links, usernames, profile pictures, profile description, follower and engagement logistics, location, Messenger ID, website link, job profile, LinkedIn profile link, connected social media account login names and company name. In a statement online, the company said that it didn't believe that other payments made in its grocery stores, drugstores, or convenience stores had been impacted. Source: Company data. Amazon began investigating the breach on the day it was disclosed to them with the third-party company involved shutting down the database on 8 February. Left unanswered is why LinkedIn did not further investigate the original breach, or inform more than 100 million affected users, in the intervening four years. In mid 2012, Dropbox suffered a data breach which exposed 68 million records that contained email addresses and salted hashes of passwords (half SHA1, half bcrypt). In March of 2018, it became public that the personal information of more than a billion Indian citizens stored in the worlds largest biometric database could be bought online. Sociallarks, a rapidly growing Chinese social media agency suffered a monumental data leak in 2021 through its unsecured ElasticSearch database. The exposed data included email addresses, names, usernames, cities and passwords stored as bcrypt hashes. Darden Restaurants announced in August that it had been notified by government officials that it was the victim of a cyberattack. Directly accessible data for 170 industries from 50 countries and over 1 million facts: Get quick analyses with our professional research service. Here are the consumer and retail companies that have suffered a data breach since January 2018: Macy's confirmed Tuesday that some of its online shoppers' payment details were compromised after hackers cracked into its "Checkout" and "My Wallet" pages. March 2020 added to this uneasiness with the discovery of an unprotected Elasticsearch database managed by a UK-based security company containing over 5 billion records. January 22, 2021: Customer data was stolen from the mens clothing retailer, Bonobos, was found for free in a hacker forum after a cybercriminal downloaded the companys backup cloud data. The breach exposed highly personal information such as people's phone numbers, home, and email addresses, interests, and the number, age, and gender of their children. However, a spokesperson for the company said the breach was limited to a small group of people. The data breach was discovered by the impacted websites on October 15. The researchers bought and verified the information. These records made up a "data breach database" of previously reported . The stolen information included encrypted passwords and other personal information, including names, e-mail addresses, physical addresses, phone numbers and dates of birth. After the stolen data was dumped on a hacker forum, a threat actor claimed to have uncovered 158,000 hashed SHA-256 passwords. At the time, the company said it believed only customers who shopped on and purchased items from the US version of Adidas.com could have been affected by the breach. June 15, 2021: A third-party marketing services supplier disclosed the personal information of 3.3 million customers of Volkswagen and its Audi subsidiary. A report published by cybersecurity firm Shape Security showed that 80-90% of the people who log in to a retailer's e-commerce site are hackers using stolen data. The breach was first reported by Yahoo while in negotiations to sell itself to Verizon, on December 14, 2016. Follow Trezors blog to track the progress of investigation efforts. This Los Angeles restaurant was also named in the Earl Enterprises breach. Find your information in our database containing over 20,000 reports, best-selling e-commerce retailers in the United States, furniture and appliances e-commerce sales, shopping elsewhere than Amazon on Prime Day, United States, the company devoted nearly 1.2 billion to advertising, U.S. retailers with the largest ad spending. The data was dumped in two waves, initially exposing 500 million users, and then a second dump where the hacker "God User" boasted that they were selling a database of 700 million LinkedIn. While there is evidence to say that the data is legitimate (many users confirmed their passwords where in the data), it is difficult to verify emphatically.. The attack wasnt discovered until December 2020. names, the order's billing address, shipping address, phone number, and email address, plus the number of items and total dollar amount for the order, the delivery date, and a tracking link. At the time, it said personal information, including names, addresses, and partial credit card numbers may have leaked, though the company says the investigation is ongoing. Sensitive information including Social Security numbers, drivers license numbers, passport numbers and/or financial account numbers may have been accessed or acquired. To access the fraudulent app, users needed to submit their recovery seed - a list of ordered words used to recover access to a crypto wallet. Date: early 2018 (this is when a Cambridge Analytica whistleblower disclosed the story). Subscribe to our Newsletter for Identity Theft Updates: personally identifiable information (PII), 1.9 million user records belonging to Pixlr, attack on retail employees of U.S. Cellular, T-Mobile customers were affected by SIM swap attacks, security flaws in Microsoft Exchange Server email software, personal data of 533 million Facebook users, 1.3 million scraped Clubhouse userrecords, 21 million customer records belonging to ParkMobile, over 100 hospitals and healthcare organizations, 4.6 million Neiman Marcus customers online accounts, unsecured database that contained over82 million records. Oops! The database was stolen at the same time as the attack on 123RF, which exposed over 83 million user records. But . A million-dollar race to detect and respond . This data exposure was discovered by security expert Vinny Troia, who indicated that the breach included data on hundreds of millions of US adults and millions of businesses. Learn about the difference between a data breach and a data leak. Included in the breached data was patient social security numbers, W-2 information and employee ID numbers. UpGuard's researchers also discovered and disclosed a related breach by AggregateIQ, a Canadian company with close ties to Cambridge Analytica. Estimates of the amount of affected customers were not released, but it could number in the millions. The exposed database contains order information for over 7 million customers, including addresses, phone numbers and account information for 1.8 million registered customers, and 3.5 million partial credit card records. Locations of Earl of Sandwich were also affected by the Earl Enterprises breach. The database contained names, job titles, email addresses, work email addresses, home device IP address, home address, work address, personal phone number, work phone number and employer. September 30, 2021: An unauthorized third-party actor accessed and obtained personal information associated with 4.6 million Neiman Marcus customers online accounts. Harbour Plaza Hotel Management, a hospitality management company in Hong Kong, suffered a breach of its accommodation reservation databases, impacting approximately 1.2 million customers. Top editors give you the stories you want delivered right to your inbox each weekday. 14 19 This incident was the impetus to Joe Biden's Cybersecurity Executive Order that now enforces all organizations to strengthen their supply chain security efforts. April 6, 2021: Over 500 million LinkedIn user profiles were discovered on the Dark Web.