NormShield Blog

Cyber Nightmares of 2019: The Breach, The Fine and The Reputation

2019 has been a year of massive cyber incidents. Not only have attackers evolved their techniques pushing the limits of AI but they also started to leverage the highest RoI based on the lessons learned from 2018.

With millions of records exposed, including personal health information (PHI) and financial data, account breached and reputations damaged, here is the list of the top ten cyber events that kept the C-suites up all year.

10- Binance Customer Data Breach

Binance, the world’s largest cryptocurrency exchange (by daily trade volume), fell victim to a hacking scandal. 60,000 peoples’ KYC (Know-Your-Customer) data were leaked. KYC is a legal requirement by financial institutions to collect identifying information (generally a photograph of a customer holding an official identity and a piece of paper with a date on it) for all customers attempting to trade, withdraw, and deposit.

9- The Great Hack Documentary

“The Great Hack” documentary examines the Cambridge Analytica scandal and is one of the highlights of this year’s cybersecurity. “The Great Hack” delves into the backstory behind Cambridge Analytica, Facebook, and the 2016 election. The film follows a group of people, each of whom has a different relationship with the Cambridge Analytica data scandal, and enlightens us on the legal aspect of the incident.

8- Deep Fake Incident

Deepfakes are technologically altered videos or audios putting someone else’s words or images into another. These have been a game-changer in social engineering attacks in 2019. According to the Wall Street Journal’s report in August 2019, an executive transferred  €220,000 ($243,000) to an account as instructed by the deepfake audio of the CEO. Considering similar incidents,  it is not unlikely that we will see more of these in 2020.

7- Capital One Credit-Card Data Breach

Capital One is the biggest financial data breach event this year.Approximately 100 million individuals in the United States and approximately 6 million in Canada were affected by the Capital One credit-card data breach. The attacker obtained customer status data, credit scores, credit limits, balances, payment history, contact information, about 140,000 Social Security numbers of credit card customers, about 80,000 linked bank account numbers of secured credit card customers. 

6- Collection #1 Data Breach

Collection #1 is a set of email addresses and passwords totaling 2.6 billion rows, 12 thousand separate files, and more than 87GB of data, which recently leaked to the Internet. The data leak contains 1.2 billion unique combinations of email addresses and passwords where there are 773 million unique email addresses and  22 million unique passwords. 

For further details on the breach and credential stuffing, please check our blog!

5- Equifax Data Breach

Attackers exfiltrated the sensitive personal data of 148 million Americans from Equifax that is one of the biggest consumer credit reporting organizations in the US. Names, home addresses, phone numbers, dates of birth, social security numbers, and driver’s license numbers; and approximately 209,000 customers’ credit card information were stolen during the attack. This breach took place in 2017, but the secret of the incident was the result of the work of security researchers. The password protecting that data was the first one an attacker would guess:  “admin”.  

Noted as the largest data breach in U.S. history, it had some dire consequences.  The recent settlement with FTC includes up to $425 million to help the affected people, making a total of $700 counting the restitution funds. In the ongoing aftermath, Moody’s has downgraded the credit rating of Equifax because of the breach. 

4- Healthcare Data Breaches – AMCA

2019 has been an unfortunate year in terms of health institutions, and the American Medical Collection Agency (AMCA) leak stands out as one of the sensational cyber incidents of 2019. 37.5 million individuals were affected by 332 breaches mostly because of the AMCA incident. The most recent AMCA victims added to the HHS’ Office for Civil Rights’ HIPAA Breach Reporting Tool website.

3- Facebook  – Cultura Colectiva Data Breach

Cultura Colectiva Data Breach is one of the most important breaches of 2019 caused by third parties. A 146GB-size data set (540 million records) with information like Facebook user activity, account names, and IDs including 22,000 passwords were exposed by originating from the Mexico-based media company Cultura Colectiva on cloud servers.  

2- Social Media Profiles Data Breach

Names, email addresses, phone numbers, LinkedIN and Facebook profile information of 1.2 billion people were compromised in the massive data leak. The incident was caused by an ElasticSearch server where the most sensitive data of 4 billion user accounts were in rest online without any protection.  This one of the largest data leaks from a single source organization in history.

1- Mariotte and British Airways Data Breach

Marriott and British Airways were both fined in 2019 under the European Union’s new stricter data protection laws even though both companies were breached in 2018. The two fines Marriott at $130.4 million and British Airways at $241.1 million could be the new record.  That’s why this news made it to the top of our list.