Company data breaches are difficult to keep track of these days and have become more troublesome for consumers. With news story after news story, Cybint to compiled some of the most wide-spread hacks that may have exposed your data to hackers and how to check:
1. Orbitz
As many as 880,000 customers may have had personal information such as their names, dates of birth, email addresses, phone numbers, and payment information compromised in a security breach. On March 1, 2018 Orbitz discovered that someone had gained unauthorized access to one of its legacy travel booking platforms. The travel fare aggregator service believes the attacker had the permissions required to view the sensitive information, however, no evidence was found to suggest the incident exposed customers’ passports, travel itineraries, or Social Security Numbers. The breach period occurred between January 1st, 2016 and December 22nd, 2017, leaving customers in the dark about this exposure for over two years.
The company urges customers to take measures to protect their account by getting new payment cards, signing up for a credit monitoring system, and freezing credit lines.
2. Adidas
On June 28th, 2018, sportwear company, Adidas, announced that an “unauthorized party” had gained access to customer data. Currently, the company is not disclosing the breach period or scope of the incident but is estimated at “a few million.” Those potentially affected are believed to be customers who made purchases on the Adidas’ US website. Exposed information is likely to include: contact information, usernames, passwords, and possibly credit card information.
Adidas says it’s working with data security firms and law enforcement as it investigates the incident. It’s also alerting any customers that might have been affected.
3. Saks Fifth Avenue and Lord & Taylor
In March 2018, Gemini Advisory, a security firm, came across an announcement from the hacking syndicate “JokerStash” which was offering nearly 5 million stolen credit and debit cards up for sale. These were traced back to a total system database of luxury department stores, Saks Fifth Avenue and Lord & Taylor. A spokesperson for the Hudson’s Bay Company, which owns the two claims, confirmed a breach involving North American customer payment card data at both stores. After investigating, it was determined that the breach period was between May 2017 and March 2018 when new database systems were installed.
Hudson’s Bay said customers could get further information on dedicated pages on the websites of Saks Fifth Avenue, Saks Off 5th and Lord & Taylor. Customers, such as Bernadette Beekman, have joined a class action lawsuit on behalf of all customers who used a payment card at either Lord & Taylor or Saks Fifth avenue during the breach period. In the lawsuit, Beekman stated that the companies “failed to comply with security standards and allowed its customers’ financial and other private information to be compromised.”
4. Sacramento Bee
Two databases for the Sacramento Bee, a daily newspaper published in Sacramento California, were seized in January 2018 by an anonymous hacker who demanded a Bitcoin ransom. Discovered in early February, an employee for the Bee noticed one of the exposed databased contained California Voter Registration info and the other database contained activated Bee Subscriber digital account information. The Bee did not pay the ransom and has deleted the databases to prevent further attacks.
According to the Sacramento Bee, the hack exposed 53,000 subscribers’ information along with the personal data of 19.4 million California voters. The Bee has since notified affected subscribers.
5. MyHeritage
On June 24th, 2018, a security researcher reached out to the Chief Information Security Officer of online genealogy platform MyHeritage and revealed they had found a file labeled “myheritage” on a private server outside the company. After investigating the file, officials at MyHeritage determined that the asset contained the email addresses only and that DNA and credit card information was stored elsewhere and was not affected. At least 92 million account details were compromised, and the breach period was said to have occurred on or prior to October 26th, 2017.
MyHeritage has since set up a response team that is investigating the incident and is “taking immediate steps to engage a leading, independent cybersecurity firm” to look into the scope of the breach. They also encourage users to reach out to their privacy team with any questions or concerns.
6. Facebook
So far 2018 has been a tough PR year for Facebook…Not only did reports emerge in March 2018 around Cambridge Analytica, a political data firm hired by President Trump’s 2016 election campaign, gaining access to private information of 50 million Facebook users for aggressive political advertising, but several other breaches followed. On June 27, security researcher Inti De Ceukelaire disclosed another app called Nametests.com had publicly exposed information of more than 120 million users. And more recently roughly 90 million users were affected by a “security issue” that compromised account information, allowing hackers to infiltrate connected accounts such as Spotify and other apps.
So if you’re still a devote Facebook user, it’s probably best you take a few basic steps to protect your data and secure your account before anything else happens.. there are still a few months left before 2019.
7. Under Armour
An estimated 150 million users were affected by a breach that occurred to Under Armour’s food and nutrition application, MyFitnessPal. Under Armour first became aware of a potential breach on March 25, 2018, when the company discovered an unauthorized party had accessed the app’s user data the month previous. Under Armour, Inc. notified users that data such as usernames, email addresses, and passwords but were able to protect other information such as birthdays, location, and payment cards.
Under Armour encourages users to change passwords and use account security steps to help protect information. Additionally, they are now working with data security firms and law enforcement to assist in its investigation.
8. Equifax
Perhaps the most devasting of all breaches to happen in recent memory, is the Equifax hack. Not only are the numbers startling, approximately 145.5 million or more affected, but the types of data exposed included names, social security numbers, birthdates, and driver’s license numbers, as well as some credit card information. Equifax is a credit reporting agency, which makes them a treasure trove for hungry hackers. In July 2017, the company discovered US and Canadian accounts were breached by attackers through a web-application vulnerability patch that occurred in March earlier that year. Adding to this already horrific scandal, three of the company’s top executives sold Equifax shares just days after the breach was discovered, which had not been publicly disclosed yet.
Equifax and the Federal Trade Commission are urging people to take the steps to protect your information from being misused. Additionally, you can learn more about how to add a credit freeze to your account and check your credit report.
