MeetiMindful, a dating app focusing on the mindful community, was breached by a well-known hacker by the name of ShinyHunters. Mens clothing store Bonobos suffered a data breach in 2021 after a cybercriminal compromised its backup server containing customer data. Manage Email Subscriptions. TJX, the owner of a number of retail brands, had one of its payment systems breached exposing over 45 million credit and debit card numbers. July 12, 2021:The fashion retailer,Guess, notified an undisclosed number of customers of a data breach following a ransomware attack that resulted in a data breach. A dump of 91 million accounts from Rambler ("Russian Yahoo") was traded online containing usernames (that form part of a Rambler email) and plain text passwords. How UpGuard helps healthcare industry with security best practices. This exposure impacted 92% of the total LinkedIn user base of 756 million users. In October 2013, 153 million Adobe accounts were breached. Online purchases by brand in Canada in 2022, Wayfair's advertising expenditure worldwide from 2012 to 2021 (in billion U.S. dollars), Wayfair's advertising spending in the United States from 2014 to 2021 (in million U.S. dollars), Most valuable Massachusetts brands worldwide 2021, Leading Massachusetts brands worldwide in 2021, by brand value (in billion U.S. dollars), Leading retailers in the United States in 2021, by ad spend (in million U.S. dollars), Ranking: top 10 online stores by SEA budgets in 2020 in the United Kingdom, Top 10 online stores by SEA budgets in 2020 in the UK (in million US-Dollar), Ranking: top 10 online stores by SEA budgets in 2020 in Germany, Top 10 online stores by SEA budgets in 2020 in Germany (in million US-Dollar), Furniture e-commerce revenue in the United States from 2017 to 2025 (in million U.S. dollars), U.S. furniture and homeware e-retail share 2017-2025, Furniture and homeware sales as percentage of total retail e-commerce sales in the United States from 2017 to 2025, Online vs. offline product research by category in the U.S. 2022, Online vs. offline product research by category in the U.S. in 2022, Online vs. offline purchases by category in the U.S. 2022, Online vs. offline purchases by category in the U.S. in 2022, Online purchases by category in the U.S. 2022, Online purchases by category in the U.S. in 2022, Second-hand purchases by category in the U.S. 2022, Second-hand purchases by category in the U.S. in 2022, Household upkeep consumer spending worldwide 2020, by country, Ranking of the total consumer spending on furnishings, household equipment and routine maintenance of the house by country 2020 (in million U.S. dollars), Household upkeep consumer spending per capita worldwide 2020, by country, Ranking of the per capita consumer spending on furnishings, household equipment and routine maintenance of the house by country 2020 (in U.S. dollars). Darden Restaurants announced in August that it had been notified by government officials that it was the victim of a cyberattack. Russian social media site VK was hacked and exposed 93 million names, phone numbers, email addresses and plain text passwords. March 26, 2021: The Cancer Treatment Centers of America sent out notifications to 104,808 patients, alerting them a compromised email account led to medical information being accessed by an unknown third-party. The incident highlights the danger of using the same password across different registrations. Data breaches continue to expose consumers' personally identifiable information (PII) at an alarming rate, putting close to three hundred million people at risk of identity theft and fraud. The information gathered by the third party includes patient names, addresses, dates of birth, medical record numbers, patient identification numbers, health insurance information and some clinical information related to the healthcare services provided by UNM Health. One, originating from the Mexico-based media companyCultura Colectiva, weighs in at 146 gigabytes and contains over 533 million records detailing comments, likes, reactions, account names, FB IDs and more. January 11, 2021: One of the biggest Internet of Things (IoT) technology vendors, Ubiquiti, Inc., alerted its customers of a data breach caused by unauthorized access to their database through a third-party cloud provider. In this instance, security questions and answers were also compromised, increasing the risk of identity theft. The company said its count of active customers rose 53.7%, to 31.2 million, during the fourth quarter. The 1,644 data breaches reported in 2020 marked 434 more reported breaches than 2019, the largest year-to-year increase on record. The breached records included the following sensitive information: Many of the exposed email addresses are linked to cloud storage services. The supply chain attack impacted up to 18,000 SolarWinds customers including six U.S Government departments. To prevent the repetition of mistakes that result in data theft, weve compiled a list of the 67 biggest data breaches in history, which includes the most recent data breaches in February 2022. In 2019, this data appeared for sales on the dark web and was circulated more broadly. Mailfire, an email marketing software used by adult dating sites and ecommerce websites, had its database breached exposing personal user records from over 70 websites. April 19, 2021: The auto insurance company Government Employees Insurance Company, known as GEICO, filed a data breach notice announcing information gathered from other sources was used to obtain unauthorized access to your drivers license number through the online sales system on our website. The total normal of insured drivers affected has not been disclosed but the hackers had access between January 21 and March 1. In a statement online, the company said that it didn't believe that other payments made in its grocery stores, drugstores, or convenience stores had been impacted. March 3, 2021: Cybercriminals have targeted four security flaws in Microsoft Exchange Server email software. On August 14, grocery chain Hy-Vee announced that it has launched an investigation to look into unauthorized transactions made at some of its fuel pumps, drive-thru coffee shops, and restaurants. The full dataset included personally identifiable information (PII) like names, email addresses, place of employment, roles held and location. It did not, and still does not, manufacture its own products. In the phishing email, the cybercriminals claimed that 106,852 accounts were compromised. The attack affected over 1000 schools and 600,000 students in the second-largest school district in the United States. The information that was leaked included account information such as the owners listed name, username, and birthdate. While it isnt clear how hackers gained access to accounts, its speculated that weak passwords are to blame. While the exact list of records breached is yet to be conformed, its believed that the following guest records were compromised: Marriott stated in its press release that the breach is not believed to have exposed pin numbers, payment card information, national IDs, drivers license numbers or loyalty card passwords. In June 2013, a data breach allegedly originating from social website Badoo was found to be circulated. March 9, 2021: A third-party ransomware attack exposed the personal information of over 200,000 patients, providers and staff of MultiCare Health System, a non-profit health care organization. You can deduct this cost when you provide the benefit to your employees. There was a whirlwind of scams and fraud activity in 2020. At least 19 consumer companies reported data breaches since January 2018. Eugene is the Director, Technology and Security of Sontiq, a TransUnion company. There was no evidence discovered that anonymously posted questions and answers were affected by the breach. This makes Facebook one of the recently hacked companies 2021, and therefore, one of the largest companies to be hacked in 2021. In December 2018, Dubmash suffered a data breach that exposed 162 million unique email addresses, usernames and DBKDF2 password hashes. The issue was fixed in November for orders going forward. Cost of a data breach 2022. The breach may have exposed customers' names and credit- and debit-card numbers, as well as their expiration dates. Revenues increased by 54 percent in 2020 and usage by 46 percent, higher than the two years preceding it. As of August 2020, the biggest fine and settlement resulting from a data breach was 575 million U.S. dollars fined to consumer credit reporting agency . March 24, 2020: The technology conglomerate, General Electric (GE), disclosed that a third party vendor experienced a data breach, exposing the personally identifiable information of over 280,000 current and former employees. The data leaks impacted American Airlines, Microsoft, J.B. Hunt and governments of Indiana, Maryland and New York City. January 24, 2021: The dating platform, MeetMindful.com, was hacked by a well-known hacker and had its users account details and personal information posted for free in a hacker forum. In May 2019, First American Financial Corporation reportedly leaked 885 million users' sensitive records that date back more than 16 years, including bank account records, social security numbers, wire transactions, and other mortgage paperwork. The breach occurred through Mailfires unsecured Elasticsearch server. This is a complete guide to preventing third-party data breaches. The data breach was disclosed in December 2021 by a law firm representing each sports store. In February 2013, tumblr suffered a data breach that exposed 65 million accounts. The former social media network giant has since invalidated all passwords belonging to accounts that were set up prior to 2013. According to the FAQs related to the incident, Harbour Plaza is yet to confirm whether cybercriminals managed to decrypt encrypted credit card data included in the breach. The searchable and well-organized database was leaked to a popular hacking forum, giving hackers access to account credentials, including approximately200 million Gmail addresses and 450 million Yahoo email addresses. The data exposed may include an undisclosed number of customer names, email addresses, hashed and salted passwords, addresses and phone numbers. But the leaked data is sufficient to launch a deluge of cyberattacks targeting exposed users, which makes the incident heavily weighted towards a data breach classification. The stolen records include client names, addresses, invoices, receipts and credit notes. March 23, 2021: A database containing records of over 300,000 customers of the arts and crafts chain store, Hobby Lobby, was exposed after the company suffered a cloud-bucket misconfiguration. Facebook: quarterly number of MAU (monthly active users) worldwide 2008-2022, Quarterly smartphone market share worldwide by vendor 2009-2022, Number of apps available in leading app stores Q3 2022. August 4, 2021: A marketing company, OneMoreLead, has exposed the personal records of126 million individuals through an unsecured database posted online. Track Your Package. The attackers had gained unauthorized access to the Starwood system back in 2014 and remained in the system after Marriott acquired Starwood in 2016. Linked airline loyalty programs and numbers, Personal information (names, physical addresses, phone numbers), Health information (including COVID-19 vaccination data). January 26, 2021: VIPGames.com, a free gaming platform, exposed over 23 million records for more than 66,000 desktop and mobile users due to a cloud misconfiguration. March 2020 added to this uneasiness with the discovery of an unprotected Elasticsearch database managed by a UK-based security company containing over 5 billion records. Because passwords are usually recycled, this gave them instant access to a swathe of active Zoom accounts. Your submission has been received! LinkedIn claims that, because personal information was not compromised, this event was not a 'data breach but, rather, just a violation of their terms of service through prohibited data scraping. The data that is potentially at risk includes customer contact information like email addresses and physical addresses, as well as login information like usernames and passwords. Objective measure of your security posture, Integrate UpGuard with your existing tools. The records disclosed could include names, email addresses, phone numbers, home addresses, dates of birth, Social Security numbers as well as information on health insurance, prescriptions and medical history. This database was leaked on the dark web for free in April 2021, adding a new wave of criminal exposure to the data originally exfiltrated in 2019. The stolen data includes email addresses, phone numbers, license plate numbers, hashed passwords and mailing addresses. Macy's, Inc. will provide consumer protection services at no cost to those customers. If this cybersecurity best practice isnt followed, a single compromise could result in a victim suffering multiple breaches. In July 2013, Capital One identified a security breach of its customer records that exposed the personal information of its customers, including credit card data, social security numbers, and bank account numbers. Home Depot announced that its POS (point-of-sale) systems had been infected with a custom-builtmalware, which posed as antivirus software, affecting customers from across theUS and Canada. When the exposure was reported, Pegasus Airlines didnt find evidence of data compromise. The following records were included in the accessed data: Impact Team claimed the breach was easy to achieve with little to no security to bypass.. Subscribe to our Newsletter for Identity Theft Updates: personally identifiable information (PII), 1.9 million user records belonging to Pixlr, attack on retail employees of U.S. Cellular, T-Mobile customers were affected by SIM swap attacks, security flaws in Microsoft Exchange Server email software, personal data of 533 million Facebook users, 1.3 million scraped Clubhouse userrecords, 21 million customer records belonging to ParkMobile, over 100 hospitals and healthcare organizations, 4.6 million Neiman Marcus customers online accounts, unsecured database that contained over82 million records. This number may represent the total number of email accounts targeted in the phishing campaigns, but that hasnt yet been confirmed. The breaches occurred over several occasions ranging from July 2005 to January 2007. The compromised data included usernames and PINS for vote-counting machines (VCM). If hackers were to launch successful phishing attacks on these users, they could gain deeper access to personal photos and business information. The leaked user records include usernames, emails, IP addresses, hashed passwords, Facebook, Twitter and Google IDs, bets and data on players who were banned from the platform. The number affected accounts was almost doubled from the originally stated 140,000 upon further investigation. The breached database was discovered by the UpGuard Cyber Research team. Hudson's Bay also owns Lord & Taylor, and those stores were also affected by the breach. The credit card information of approximately 209,000 consumers was also exposed through this data breach. The company determined cybercriminals infiltrated its systems and gained access to certain files, including employee names and Social Security numbers. The Russian cybercriminal group, Conti, was responsible for the attack which involved the deployment of ransomware (ransom software). The records exposed included private conversations between adult dating site members as well as the following Personally Identifiable Information: Besides the personal information of website members, this data breach also exposed many scam dating websites with fabricated female profiles.. Antheus Tecnologia, a Brazilian biometrics company specializing in the development of fingerprint identification systems, suffered a breach to its server which could potentially expose 76,000 unique fingerprint records. The list of victims continues to grow. The FriendFinder Network includes websites like Adult Friend Finder, Penthouse.com, Cams.com, iCams.com, and Stripshow.com. MyHeritage, a genealogical service website was compromised, affecting more than 92 million user accounts. Exposed information included names, mailing addresses, phone numbers, email addresses, passport numbers, dates of birth, gender, and other Starwood account information. The records exposed the contact information of former hotel guests including Justin Bieber, Twitter CEO Jack Dorsey, and government officials. More than 150 million people's information was likely compromised. In April 2019, the UpGuard Cyber Risk team revealed two third-party Facebook app datasets had been exposed to the public Internet. To prevent further breaches, Nintendo posted a tweet asking members to enable 2-step authentication. Harbour Plaza Hotel Management, a hospitality management company in Hong Kong, suffered a breach of its accommodation reservation databases, impacting approximately 1.2 million customers. My Wayfair account has been hacked twice once back in December and once this mornings. Learn more about the latest issues in cybersecurity. A highly sophisticated cyber attack breached exposed the data of 9 million easyJet customers. June 11, 2021: The personal and shipping information of over 410,000 customers of the baby clothing retailer, Carters, were exposed due to a third-party data breach with the companys online purchases software. According to one source, the hacker gained access to the Slack account of an HR employee, as well as data such as email addresses, phone numbers, and salaries of Activision employees. Auth0's anomaly detection tool tracks breaches and maintains a database of compromised credentials. 5,000 brands of furniture, lighting, cookware, and more. In 2020, Kroll data shows an average 125% growth in breach notification cases for industries which experienced five or more breaches in 2019. Wayfairs active users have been in steady decline since Q1 2021, but the 27.3 million in Q4 2021 is still higher than it was the start of the pandemic. Date: October 2021 (disclosed December 2021). Stay up to date with security research and global news about data breaches, Insights on cybersecurity and vendor risk management, Expand your network with UpGuard Summit, webinars & exclusive events, How UpGuard helps financial services companies secure customer data, How UpGuard helps tech companies scale securely, How UpGuard helps healthcare industry with security best practices, Insights on cybersecurity and vendor risk, In-depth reporting on data breaches and news, Get the latest curated cybersecurity updates, The 68 Biggest Data Breaches (Updated for November 2022). Marketplace | News & Insights | Data | Events, Pinterest Revenue and Usage Statistics (2023), E-commerce App Revenue and Usage Statistics (2023), Depop Revenue and Usage Statistics (2023), Shein Revenue and Usage Statistics (2023), Niraj Shah (CEO, co-founder), Steve Conine (co-founder), Wayfair Revenue and Usage Statistics (2023), Wayfair generated $13.7 billion revenue in 2021, a 2.8% contraction on 2020, It posted a net loss in 2021 of $131 million, Wayfair has over 30 million active buyers. According to a study by KPMG, 19% of consumers said they would. Cybercriminals are also focusing their time on other lucrative cyberattacks, such as ransomware, credential stuffing, malware and Virtual Private . The information disclosed in the data leak includes names, email addresses, billing addresses, phone numbers, purchasing details, and shipping tracking IDs and links. Cybercriminals gained aceess to Optus' internal network, gaining access to a customer data base pertaining to up to 9.8 million customers. The accessed data also contained comprehensive voter analysis based on Reddit post activity which could be used to predict how somebody would vote on a particular issue. The breach allowed access to private information of Aadhaar holders, exposing their names, their unique 12-digit identity numbers, and their bank details. Youku a Chinese video service exposed 92 million unique user accounts and MD5 password hashes.. In 2022, it was responsible for about 1.5% of all e-commerce sales in the country. Slickwraps, a manufacturer of vinyl skins for phones and tablets, suffered a breach impacting 370,000 of its customers.. Data breaches are on the rise for all kinds of businesses, including retailers. In October 2016, Dailymotion a video sharing platform exposed more than 85 million user accounts including emails, usernames and bcrypt hashes of passwords. liability for the information given being complete or correct. In June of 2018, Florida-based marketing and data aggregation firm Exactis exposed a database containing nearly 340 million records on a publicly accessible server. September 30, 2021: An unauthorized third-party actor accessed and obtained personal information associated with 4.6 million Neiman Marcus customers online accounts. January 22, 2021: Customer data was stolen from the mens clothing retailer, Bonobos, was found for free in a hacker forum after a cybercriminal downloaded the companys backup cloud data. that 567,000 card numbers could have been compromised. Se ha llegado a un Acuerdo de Conciliacin en una demanda . Then, by posing as a Magellan client in a phishing attack, the hackers gained access to a single corporate server and implemented their ransomware. returns) 0/30. In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. Statista assumes no The global online shift may be one of the factors driving the scope and magnitude of the year's breaches. In May of 2018, social media giant Twitter notified users of a glitch that stored passwords unmasked in an internal log, making all user passwords accessible to the internal network. January 20, 2021: A database containing 1.9 million user records belonging to Pixlr, a free online photo-editing application, was leaked by a hacker. The attack exposed drivers personal information from the last 20 months of California vehicle registration records, including names, addresses, license plate numbers and vehicle identification numbers (VINs). We have contacted potentially impacted customers with more information about these services.". Furniture e-commerce in the United States, Furniture and Living in the United States, Get the best reports to understand your industry, Furniture and living in the United States (Statista Survey), Furniture and homeware e-commerce in the United States, eCommerceDB - Top online stores in the United States. Sensitive information including Social Security numbers, drivers license numbers, passport numbers and/or financial account numbers may have been accessed or acquired. August 13, 2021: Cybersecurity researchers found an unsecured database containing over 3 million personal records of members belonging to a senior living review site, SeniorAdvisor. The security team at MyHeritage confirmed that the content of the file affected the 92 million users, but found no evidence that the data was ever used by the attackers. Amazon had shifted from selling books and buying single product websites to the Everything store, like an online Walmart. The data compromised included names, home addresses, phone numbers, dates of birth, social security numbers, and drivers license numbers.