The victims are still not out of the shock as 2018 has witnessed worst cyber attacks in history of mankind. Some big names an uncountable SMBs suffered billions of dollars in some of the biggest data breach incidents world has ever seen. The giants who must be very proud of their application & information security protocol including but not limited to Google, Facebook, Quora, Marriot International has been victim of millions of records falling into the hands of intruders. Since we are wrapping it up lets have a recap of most significant breach incidents of last year.
We have ranked the incidents according to the number of effected records in the database starting from the lowest number of effected records among the top 10 breaches –
The flagship carrier of the United Kingdom, The British Airways suffered a massive data breach, the greatest it ever faced during its online operational history of 20 years, causing 380,000 customer and credit card records falling into wrong hand. The report fast came into notice when British Airways published a notice of apology on Sept 6 conceding that all users booking transaction records between Aug 21 – Sept 05 has been compromised including names, street and email addresses, credit card numbers, expiry dates and security codes – sufficient information to steal from accounts.
Orbitz, another big travel player now owned by Expedia has suffered loss off 880,000 customer records including payment card information. During the third week pf march Orbitz published a report that it acquired significant evidence of a security breach on 1st of March which is responsible for 880,000 customers and payment card records being compromised. It also reported that the stolen records are associated with transaction made during the period of Jan 1, 2016 to Dec 22, 2017 on one of its old website.
In the biggest and most significant cyber attack on Singapore during July last year hackers have been able to access information of 1.5 Million patients who has been given outpatient medication in SingHealth’s specialist outpatient clinics and polyclinics from May 1 2015 to July 4 2018. Notoriously the stolen records also includes the details of prime minister Lee Hsien Loong. The incident came into notice when Singhelath published it in a report on July 20 on its website. The attackers also has been successful in acquiring personal data of effected patients such as the name, NRIC number, address, gender, race, and date of birth.
Cathay Pacific Airways
To confirm continued claim of a bigger stake from the travel industry Cathay Pacific Airways reported another major incident in the last quarter of 2018 which involves loss of information of 9.4 million passengers including 860,000 passport numbers, 245,000 Hongkong identity card numbers and only a few credit card information. The airline also concedes that has noticed the trail of the incident back in March, and has been continuing its investigation jointly with a leading IT security firm and HongKong police since then before closing to the amount of information it has been able to retrieve so far.
In Event industry Ticketfly the ticket distribution web application of Eventbrite has taken the biggest hit. It one of its kind the attack not only stolen over 26 Million of user information but also defaced the home page of the website and put the website in a downtime of over 5 days. The incident first have its official acknowledgement from the victim on July 3 when the company published a FAQ about the breach without disclosing the amount of records falling in the wrong hand. However earlier the intruder himself has published a report including samples of stolen data claiming that it has access to total 26,151,608 records. The attacker also claims that it has priorly informed Ticketfly about the existence of the vulnerability he exploited and asked for 1 Bitcoin to assist in fixing.
In the most debated incident of 2018 Facebook, of the world largest company in terms of number of clients it serves and also its annual revenue, suffered its biggest tragedy since its inception. The incident first came into light at the end of September when Facebook first acknowledge it in a news followed up by detailed report published on October 12. Total 50 million user information of different magnitude of details has been stolen including their names, email addresses or phone numbers, username, gender, date of birth, religion, relationship status, current city, home town, work, education, devices the used to access Facebook and last 10 places they have checked in.
MyHeritage, a renowned Family genealogy and DNA testing site lost over 92 million user account information first reported on June 4th. The company concedes that all the users who was registered with MyHeritage prior to October 26th, 2017 has been affected in the attack. However the report indicates that only the registered email address and hashed password was stolen declining chance of payment card information discloser.
Taking the number of effected users in a single breach to 100 million for the first time in 2018, Quora on Dec 4 announced its biggest cyber tragedy since the inception. CEO Adam D’Angelo published in a blog post confirming that around 100 million registered quora users lost all account information including all private contents such as private messages sent to other quora users. However since quora does not collect users credit card information the stolen records are not expected to be used for payment transaction frauds.
US fitness brand Under Armour witnessed the biggest attack of the first half of 2018 which is also the second biggest incident of the year in terms of number of users affected. The incident was discovered only in late march which originally occurred about a moth earlier according to report published by Under Armour on its own website. The incident is associated with a fitness app owned by Under Armour, namely MyFitnessPal and effected over 150 millions MyFitnessPal users. Though the company claimed that only the usernames, email addresses and strongly encrypted passwords has fallen to attackers hand, however it also did not declined the possibility of more sensitive information being disclosed.
In the largest and most lethal intrusion of the year Marriot International suffered the biggest data loss after 2013 yahoo security breach disaster. The number of victims of the incident has been over 500 millions, the guests who made a reservation at a Starwood property. Over three forth portion of this users has lost sensitive information like name, mailing address, phone number, email address,, date of birth, gender, arrival and departure information, reservation date,communication preferences, passport number, and Starwood Preferred Guest (“SPG”) account information. The list information also may include payment card information of the users which Marriot could not confirm either way revealing the possibility of record number of credit card information being stolen in a single incident since the history of mankind.