Data breaches, privacy scandals and misinformation have far-reaching consequences, both for companies and the general public. When companies experience a data breach, they not only face immediate financial losses from costly reparations, legal penalties and operational disruptions, but they also suffer long-term reputational damage. Consumer trust erodes as individuals become wary of sharing personal information, affecting customer loyalty and potentially driving business to competitors. Additionally, privacy scandals reveal systemic issues within a company’s approach to data ethics, often leading to increased scrutiny, regulatory action and strained investor relations.
For individuals, these incidents have a more personal impact. Data breaches expose sensitive personal information, making people vulnerable to identity theft, financial fraud and phishing attacks. Misinformation—often a product of poor data governance or malicious actors exploiting privacy flaws—amplifies public mistrust, spreads confusion and affects decision-making on critical matters, from health to politics. As such, the widespread effects of these issues underscore the need for robust security measures and a strong ethical foundation in data management for companies, while individuals become increasingly cautious in their digital interactions.
How do data breaches occur?
Data breaches occur when unauthorized individuals gain access to sensitive information. This can happen through various methods, like:
- Hacking: Exploiting vulnerabilities in systems or software to steal data.
- Phishing: Trick users into revealing credentials via deceptive emails or websites.
- Malware: Infecting systems with malicious software to steal or corrupt data.
- Insider Threats: Employees or contractors intentionally or unintentionally exposing data.
- Weak Passwords: Using easy-to-guess passwords or reusing credentials across platforms.
- Third-party Vulnerabilities: Breaches occurring through compromised vendors or service providers.
- Unsecured Networks: Data intercepted over insecure public networks.
Breaches often result in the theft of personal, financial or sensitive business information.
How biometrics can avoid data breaches
Biometrics can significantly reduce data breaches by providing secure, unique and difficult-to-replicate forms of identification. Here’s how:
- Enhanced Security: Biometrics like fingerprints, iris scans and facial recognition offer a higher level of security than traditional passwords or PINs, which can be easily stolen or guessed.
- Authentication: Biometrics ensure that only authorized individuals can access sensitive data or systems, reducing unauthorized access.
- Multi-factor Authentication (MFA): When combined with other factors like passwords or smartcards, biometrics add an extra layer of protection.
Facial Recognition: It helps by verifying identity based on unique facial features, ensuring that only the correct person can access systems or data. It works in real-time, preventing unauthorized access and mitigating risks from stolen or compromised credentials.
Data Breaches: Main Events around the world
| Month | Date | Source | Company | Summary |
|---|---|---|---|---|
| January | 01-08-2024 | Hack Read | Hathway | 4 million users impacted by a CMS vulnerability, exposing KYC details; risk of phishing, identity theft. |
| 01/23/2024 | Bleeping Computer | Trello | API vulnerability exposed emails of 15 million users; potential for phishing, spam, identity theft. | |
| 01/24/2024 | The Hacker News | Fortra | GOAnywhere MFT software flaw (CVE-2024-0204); admin account exploit risk; patched in version 7.4.1. | |
| 01/26/2024 | Tech Crunch | Mercedes-Benz | Misplaced token exposed GitHub repository with sensitive data; quickly remediated by revoking token. | |
| 01/23/2024 | Bank Info Security | CoronaLab | Database left unsecured online, exposing 1.3 million COVID-19 test records in the Netherlands. | |
| 01/22/2024 | Bleeping Computer | EquiLend | Cyberattack during private equity acquisition; investigation ongoing. | |
| 01/25/2024 | The Hacker News | HP | Six-month infiltration by Russian hackers (APT29) into cloud email, targeting specific employees. | |
| February | 02-09-2024 | Group IB | Resume Looters | SQL injection attack affected 65 sites, exposing 2 million job seekers’ data in Asia-Pacific. |
| 02/13/2024 | Cyberscoop | Atlassian | GAO breach via Atlassian Confluence affecting 6,600 individuals; compromised through CGI Federal. | |
| 02/13/2024 | Bleeping Computer | PlayDapp | Exploited key to mint 1.79 billion PLA tokens ($290M); double attack, despite mitigation efforts. | |
| 02/14/2024 | SC Media | Prudential Financial | Employee and contractor data stolen; no customer or financial data compromised. | |
| 02/16/2024 | The Hacker News | U.S. State Govt. | Former employee’s account used in VPN breach; escalated access to sensitive government data. | |
| 02/18/2024 | Business Standard | Motilal Oswal | LockBit ransomware attack, exposing data of 6 million clients in India; potential financial data risk. | |
| 02/26/2024 | HackRead | LoanDepot | 17 million customers’ data, including SSNs, exposed; operations disrupted for weeks. | |
| 02/27/2024 | The Record | Lurie Children’s Hosp. | Ransomware attack encrypted data, demanding $3.4 million; patient data at risk on the dark web. | |
| 02/27/2024 | Security Week | U-Haul | 67,000 customer records accessed; names, DOB, license numbers exposed. | |
| 02/29/2024 | ars technica | GitHub | Attack using “typosquatting” to upload malicious code repositories, potentially impacting 100,000 repos. | |
| March | 03-06-2024 | CBS News | American Express | Potential data breach via a third-party payment processor. Cardholder info, including names and card details, may be compromised. Notifications issued. |
| 03-07-2024 | Security Week | Fidelity | Cyberattack on Infosys McCamish Systems exposed data of over 28,000 Fidelity customers, including Social Security numbers. Free credit monitoring offered. | |
| 03/16/2024 | Reuters | IMF | Cyberattack compromised 11 IMF email accounts. Swift action prevented a wider breach; investigation into motives ongoing. | |
| 03/17/2024 | Bleeping Computer | Fujitsu | Malware in internal systems raises data breach concerns. Investigations underway; affected systems disconnected as a precaution. | |
| 03/19/2024 | Tech Crunch | Mintlify | Data breach exposed GitHub tokens for 91 customers. Tokens revoked; GitHub collaboration ongoing to investigate misuse. | |
| 03/27/2024 | The Register | Apple | Phishing campaign targeted users with fake password resets to exploit user fatigue and gain unauthorized access. | |
| 03/28/2024 | The Record | Harvard Pilgrim Health Network | Data breach affected 2.9 million individuals. Hackers accessed personal and health information; credit monitoring offered. | |
| April | 04-02-2024 | Bleeping Computer | OWASP | Misconfigured server exposed resumes from 2006-2014. Security enhancements and member notifications initiated. |
| 04-02-2024 | Cyber News | PandaBuy | Breach exposed personal data of 1.3 million users, including purchase history. Company response pending. | |
| 04-02-2024 | CPO | Prudential Insurance | Data breach exposed data of 36,000 individuals, including addresses and license numbers. Investigation ongoing. | |
| 04/18/2024 | The Hacker News | Fortinet | Vulnerability (CVE-2023-48788) in FortiClient EMS exploited, allowing remote infiltration. Urgent patch advised. | |
| 04/23/2024 | Bleeping Computer | WordPress | Thousands of sites infected with “crypto drainers” targeting crypto wallets via malvertising. Regular updates advised. | |
| 04-09-2024 | Hack Read | Discord | Millions of Discord messages, potentially containing personal info, leaked and on sale. Investigation underway. | |
| May | 05/28/2024 | Fierce Pharma | Cencora | A breach exposed sensitive patient data from assistance programs of various drug companies. Information includes names, addresses, birthdates, diagnoses, and medication details. Cencora is offering credit monitoring to affected individuals. |
| 05/29/2024 | The Guardian | BBC | Data breach compromised information of 25,000+ employees in the pension scheme, exposing names, birthdates, addresses, and national insurance numbers. Financial and health data were reportedly not leaked. | |
| 05/29/2024 | The Cyber Express | Shell | Hacker group “888” claimed to have breached Shell’s system, leaking customer information including names, emails, phone numbers, and transaction history, affecting up to 80,000 individuals. | |
| 05/29/2024 | Washington Times | Ticketmaster | A hacker group allegedly accessed names, addresses, phone numbers, and possibly payment details of up to 560 million users. Investigation is ongoing, and the breach raises concerns about identity theft and phishing risks. | |
| June | 06/27/2024 | The Print | Evolve | Evolve Bank suffered a breach exposing customer names, Social Security numbers, birthdates, and account details, heightening the risk of identity theft. Evolve claims to have secured its systems post-breach. |
| 06/26/2024 | Business Standard | BSNL | A second breach in six months exposed 278GB of user data, including phone numbers and internal server details, increasing risks of SIM cloning and unauthorized access. | |
| 06/25/2024 | CRN | Snowflake | A breach impacted Neiman Marcus via the Snowflake platform, exposing customer names, contact information, and gift card numbers. Highlights concerns over cloud security in retail. | |
| 06/25/2024 | Fox News | FBCS | Data of 3 million individuals was compromised, exposing names, Social Security numbers, birthdates, and driver’s license details, heightening risks of financial fraud and identity theft. | |
| 06/28/2024 | The Hacker News | TeamViewer | Internal breach of an employee account potentially exposed employee names, contact details, and encrypted passwords. TeamViewer reported core customer data as secure. | |
| 06/24/2024 | Cyber Security News | Levi’s | A breach exposed personal information of 72,000 Levi’s customers. Affected individuals questioned the lack of identity theft protection services offered by the company. | |
| Jul | 07/30/2024 | Nippon | Sharp Corp | Unauthorized access affected over 100,000 customers on Sharp’s Cocoro Store and Healsio Deli platforms, exposing personal and credit card information. Malware may have infected around 26,000 users. Sites were suspended on July 22. |
| 07/30/2024 | The Record | XDSpy | Cyberespionage group XDSpy targeted entities in Russia and Moldova using phishing emails with malware attachments. Attackers infiltrated a Russian tech firm and Transnistrian organization, deploying a new tool named XDSpy.DSDownloader. | |
| 07/30/2024 | CSO | ServiceNow | Exploited vulnerabilities (CVE-2024-4879, CVE-2024-5217, CVE-2024-5178) in ServiceNow’s platform led to data breaches across 105 organizations, including government bodies. Stolen data sold on dark web. | |
| 07/19/2024 | The Register | WazirX | Security breach in WazirX’s wallet system led to $230 million in cryptocurrency losses. North Korean cybercriminals are suspected. Highlighted vulnerability in wallet systems and AML challenges in cryptocurrency. | |
| 07/31/2024 | Indian Sentinels | S-400 Missile System | Cyber group CyberResistance leaked data on India’s S-400 system via hacked Russian officials’ emails. Released data as “BaumankaLeaks,” raising national security concerns. | |
| Aug | 08-06-2024 | Global News | Park N Fly | Data breach exposed one million Park ‘N Fly customers’ personal info, including names, addresses, credit card details, and reservations. Investigation ongoing, customers advised to monitor for suspicious activity. |
| 08/16/2024 | Dark Reading | Oracle NetSuite | Vulnerability in Oracle NetSuite’s e-commerce platform exposed customer data from thousands of online stores. Oracle is developing a patch to address the security flaw. | |
| 08/26/2024 | The Register | AMD | Sensitive AMD data, possibly including confidential documents and employee info, was leaked on the dark web. Investigation ongoing, posing potential IP theft and financial risks. | |
| 08/21/2024 | CNET | National Public Data (NPD) | Cyberattack on NPD system compromised data, including Social Security numbers and financial info of millions. Authorities urge vigilance for identity theft. | |
| 08/21/2024 | Digit.in | Toyota | Toyota breach exposed 240GB of customer data, including personal and financial information. Customers advised to monitor for suspicious activity. | |
| 08/21/2024 | JDSUPRA | USAA | Breach at USAA affected 32,000 customers’ data, including Social Security numbers and account information. Customers advised to monitor accounts. | |
| 08/20/2024 | Tech Target | Alabama Cardiovascular Group | Data breach at Alabama Cardiovascular Group exposed patient records, Social Security numbers, and financial details. Investigation ongoing; patients advised to monitor accounts. | |
| 08/20/2024 | The 420 | Durex | Durex India data breach exposed sensitive customer information, including purchase history. Customers advised to monitor for signs of identity theft. | |
| Sep | 09-05-2024 | Security Week | Microchip Technology | Ransomware attack on Microchip Technology led to potential exposure of employee and customer data, including Social Security numbers. |
| 09-06-2024 | Bleeping Computer | Avis Budget Group | Data breach via a third-party application affected 299,000 Avis customers’ data, including driver’s license numbers and partial credit card info. | |
| 09/24/2024 | IT Pro | MC2 | Data leak exposed 100 million Americans’ data, including Social Security numbers, through a compromised vendor. Highlighted supply chain vulnerabilities. | |
| 09/25/2024 | Security Company | Transportation Industry | Cyberattacks in the transportation sector exploited system vulnerabilities, using Lumma Stealer and NetSupport malware to steal sensitive data. | |
| 09/24/2024 | Tech Target | Elite Care | Data breach at Elitecare Emergency Hospital exposed patient information, including medical and insurance records. Patients advised to monitor accounts. | |
| 09/19/2024 | CNBC | Disney | Breach in Disney’s Slack workspace potentially exposed internal documents, employee info, and customer data. Investigation ongoing. |
| Year | Organization | Records Lost | Details | Source |
|---|---|---|---|---|
| 2024 | National Public Data (NPD) | 2,90,00,00,000 | Hackers stole sensitive info including full names, addresses, birth dates, and Social Security numbers. | Tech.co |
| Financial Business and Consumer Solutions (FBCS) | 42,00,000 | Hackers stole names, Social Security numbers, birth dates, and more from a national collection agency. | FBCS | |
| Ticketmaster | 56,00,00,000 | Hackers stole customers’ names, addresses, and phone numbers. | Ticketmaster | |
| Change Healthcare | 14,50,00,000 | Ransomware exposed Social Security numbers, medical records, and addresses. | UnitedHealth Group | |
| AT&T | 11,00,00,000 | Hackers stole data from AT&T customers, including locations and phone numbers. | AT&T | |
| Dell | 4,90,00,000 | Customer data breach exposed home addresses and order info. | ||
| 2023 | Indian Council of Medical Research | 81,50,00,000 | COVID testing data was stolen and offered for sale. | Tech Informed |
| X (formerly Twitter) | 20,00,00,000 | Data breach exposed user information. | CNN | |
| MOVEit | 6,20,00,000 | Breach due to software vulnerability. | AP News | |
| T-Mobile | 3,70,00,000 | Data breach of customer information. | T-Mobile | |
| HCA Healthcare | 1,10,00,000 | Data breach exposing patient information. | HCA Healthcare | |
| 2022 | Neopets | 6,90,00,000 | Hackers stole user account information. | CPO Magazine |
| SuperVPN, GeckoVPN, and ChatVPN | 2,10,00,000 | Breach leaked users’ sensitive info. | Cybernews | |
| Singtel Optus Pty Limited | 98,00,000 | Breach exposed customer information. | Bloomberg | |
| Cash App | 82,00,000 | Data breach exposed customer data. | TrendMicro News | |
| X (formerly Twitter) | 54,00,000 | Breach exposed user details. | Malwarebytes | |
| 2021 | Facebook (Meta) | 53,30,00,000 | Data scraped due to a vulnerability in 2019. | Business Insider |
| Syniverse | 50,00,00,000 | Breach exposed personal and corporate information. | SEC | |
| Power Apps (Microsoft) | 3,80,00,000 | Data breach affected users of Power Apps. | Wired | |
| Amazon Vendors | 1,31,24,962 | Breach exposed sensitive vendor data. | Safety Detectives | |
| Pandora Papers | 1,19,00,000 | Data leak of offshore financial records. | The Guardian | |
| 2020 | Pakistani Mobile Operators | 11,50,00,000 | Breach exposed customer data. | ZD Net |
| SolarWinds | 5,00,00,000 | Supply chain breach affecting numerous organizations. | New York Times | |
| MGM Hotels | 1,06,00,000 | Customer data breach. | ZD Net | |
| Dutch Government | 69,00,000 | Breach of citizen information. | ZD Net | |
| Marriott International | 52,00,000 | Data breach exposing guest data. | Marriott | |
| 2019 | 16 Hackers Websites | 61,70,00,000 | Hackers stole user data from various websites. | The Register |
| MongoDB | 27,52,65,298 | Breach exposed database contents. | Bleeping Computers | |
| Microsoft | 25,00,00,000 | Customer service data breach. | Forbes | |
| 8 Hacked Websites | 12,70,00,000 | Hackers stole data from multiple websites. | TechCrunch | |
| Capital One | 10,00,00,000 | Data breach of personal information. | CSO Online | |
| 2018 | Aadhaar | 1,10,00,00,000 | Breach exposed personal information of Indian citizens. | ZD Net |
| Marriott International | 38,30,00,000 | Breach exposed guest information. | New York Times | |
| X (Formerly Twitter) | 33,00,00,000 | User data breach. | Reuters | |
| Chinese Job-Seeking Websites | 20,20,00,000 | Breach of user data from job-seeking websites. | Hacken | |
| Quora | 10,00,00,000 | Data breach exposing user information. | New York Times | |
| 5,00,000 | Breach exposed user information. | Forbes | ||
| 2017 | River City Media | 1,37,00,00,000 | Spam email operator exposed customer data. | The Guardian |
| Spambot | 71,10,00,000 | Misconfiguration led to leak of emails and passwords. | The Guardian | |
| Malaysian Mobile Phone Numbers | 4,62,00,000 | Data breach exposed phone numbers. | Lowyat | |
| AI.Type | 3,10,00,000 | Breach exposed user data. | ZD Net | |
| 2016 | Yahoo | 50,00,00,000 | Breach exposed account information. | CNBC |
| Friend Finder Network | 41,20,00,000 | Data breach of adult dating network. | ZD Net | |
| Uber | 5,76,00,000 | Data breach exposed user and driver info. | New York Times | |
| Morgan Stanley | 1,50,00,000 | Breach exposed client information. | Reuters | |
| MySpace | 42,70,00,000 | Breach exposed user account details. | Vice | |
| 2015 | Deep Root Analytics | 19,80,00,000 | Data breach exposed political data. | Reuters |
| Experian/T-Mobile | 1,50,00,000 | Breach exposed customer information. | T-Mobile | |
| Anthem | 8,00,00,000 | Breach exposed health insurance data. | New York Times | |
| Securus Technologies | 7,00,00,000 | Breach exposed private communication data. | The Intercept | |
| US Office of Personnel Management | 1,40,00,000 | Data breach exposed government employees’ data. | BBC | |
| 2014 | eBay | 14,50,00,000 | Data breach exposed user information. | Business Insider |
| JPMorgan Chase | 8,30,00,000 | Breach exposed customer data. | New York Times | |
| The Home Depot | 5,60,00,000 | Breach exposed customer payment information. | Krebs on Security | |
| Korea Credit Bureau | 2,00,00,000 | Breach exposed financial data. | Security Week | |
| Sony Pictures | 1,00,00,000 | Breach exposed confidential employee and business information. | BuzzFeed News | |
| 2013 | Yahoo | 3,00,00,00,000 | Data breach exposed account details. | BBC |
| Court Ventures | 20,00,00,000 | Breach exposed personal information. | Krebs on Security | |
| Multiple American Businesses | 16,00,00,000 | Data breach affected various companies. | Technology Review | |
| Target | 7,00,00,000 | Breach exposed customer data. | USA Today | |
| Excellus Health Plan | 93,00,000 | Breach exposed health plan member data. | USA Today | |
| 2012 | Zappos | 2,40,00,000 | Data breach exposed customer information. | Forbes |
| KT Corp | 87,00,000 | Breach exposed customer data. | Korea Times | |
| South Carolina State Department of Revenue | 39,87,000 | Breach exposed taxpayer information. | InfoWorld | |
| Three Iranian Banks | 30,00,000 | Data breach exposed account information. | The Guardian | |
| Gamigo | 80,00,000 | Breach exposed user information. | Bleeping Computers |
Reference
- https://strobes.co/blog/top-data-breaches-in-2024-month-wise/
- https://termly.io/resources/articles/biggest-data-breaches/
