Adult video streaming website CAM4 has had its Elasticsearch server breached exposing over 10 billion records. Yahoo had become aware of this breach back in 2014, taking a few initial remedial actions but failing to investigate further. The exposed data includes their name, mailing address, email address and phone numbers. The company determined cybercriminals infiltrated its systems and gained access to certain files, including employee names and Social Security numbers. The company states that 276 customers were impacted and notified of the security incident. The hackers published a sample containing 1 million records to confirm the legitimacy of the breach. Locations of Earl of Sandwich were also affected by the Earl Enterprises breach. At the time of the breach, Heartland was processing north of 100 million credit card transactions per month for 175,000 merchants. The Identity Theft Resource Center, in its 16th annual Data Breach Report, says the number of data breaches at corporations was up more than 68% in 2021, beating the previous . The data was dumped in two waves, initially exposing 500 million users, and then a second dump where the hacker "God User" boasted that they were selling a database of 700 million LinkedIn. Experian suffered another breach in 2020, when a threat actor claiming to be Experian's client convinced staff to relinquish customer information for marketing purposes. Read on below to find out more. The email communication advised customers to change passwords and enable multi-factor authentication. Wayfair reported fourth-quarter sales that came up short of expectations. As of August 2020, the biggest fine and settlement resulting from a data breach was 575 million U.S. dollars fined to consumer credit reporting agency . March 2020 added to this uneasiness with the discovery of an unprotected Elasticsearch database managed by a UK-based security company containing over 5 billion records. It was also the second notable phishing scheme the company has suffered in recent years. While viewing a customers account in the CRM, the hacker had access to names, addresses, PINs, cell phone numbers, service plans and billing/usage statements. Something went wrong while submitting the form. March 24, 2020: The technology conglomerate, General Electric (GE), disclosed that a third party vendor experienced a data breach, exposing the personally identifiable information of over 280,000 current and former employees. Payment information was not released, but Under Armour says user names, emails, and encrypted passwords were affected. Encrypted credit-card information was also exposed, and, potentially, the key to decrypt it. Penetration was achieved by the hacker posing as a private investigator from Singapore and convincing staff to relinquish access to the internal database. Three years of payout reports for creators (including high-profile creators. Panera Bread confirmed on April 2, 2018 that it was notified of a data leak on its website. "The company has already begun notifying regulatory authorities. The breach included email addresses and salted SHA1 password hashes. Learn why cybersecurity is important. The compromised account contained patient names, health insurance information, medical record numbers, CTCA account numbers and limited medical information. Instead, their objective was to call a mass disruption to punch Twitch for fostering a toxic community of users. The cyberattack gives the hackers total remote control over affected systems, allowing for potential data theft and further compromise. This is a complete guide to preventing third-party data breaches. In October 2016, Dailymotion a video sharing platform exposed more than 85 million user accounts including emails, usernames and bcrypt hashes of passwords. 8.3 million database records from popular stock photo and vector image seller 123RF were copied and posted for sales on a hacker forum. In 2019, this data appeared for sales on the dark web and was circulated more broadly. Learn more about the Medicare data breach >. The disclosed information included customer names, phone numbers, physical and email addresses, and the last four digits of their payment card, as well as the source code for the companys app. "This may lead to a careless attitude towards their own personal safety, and that would mean more severe damage for all internet users.". Late last year, that same number of mostly U.S. records was . The stolen records include client names, addresses, invoices, receipts and credit notes. January 11, 2021: A Chinese social media management company, Socialarks, suffered a data leak through an unsecured database that exposed account details and Personally Identifiable Information (PII) of at least 214 million social media users from Facebook and Instagram and LinkedIn. Internet users in the 2000s gravitated towards websites that were named after the specific product they were looking for, and they tended to perform better in search rankings. Russian social media site VK was hacked and exposed 93 million names, phone numbers, email addresses and plain text passwords. Learn more about the latest issues in cybersecurity. It was only about two years later that Yahoo publicly disclosed the breach after a stolen database from the company allegedly went up for sale on the black market. My Wayfair account has been hacked twice once back in December and once this mornings. This is the highest percentage of any sector examined in the report. It did not, and still does not, manufacture its own products. To check if you've been impacted, you should perform a thorough risk assessment for each vendor. The stolen information includes names, travelers service card numbers and status level. From 2002 to 2011, Ninaj Shah and Steve Conine launched over 200 niche online stores, such as cookware.com, luggage.com and strollers.com, under the CSN Stores business. The data breach was discovered by the impacted websites on October 15. The breach exposed highly personal information such as people's phone numbers, home, and email addresses, interests, and the number, age, and gender of their children. Despite increased IT investment, 2019 saw bigger data breaches than the year before. The global online shift may be one of the factors driving the scope and magnitude of the year's breaches. After the attack and damages resulting in over $180 million, Home Depot promised to invest in cybersecurity to better protect sensitive financial data. ImagineGroup (the owner of 123RF) assured that no financial information was accessed in the breach and that all user passwords were encrypted. June 21, 2021: A third-party vendor accidentally posted an unsecured database containing more than a billion search records of CVS Health customers. The data breach was disclosed in December 2021 by a law firm representing each sports store. Impact:Personal information of 57 million Uber users and 600,000 drivers exposed. Linked airline loyalty programs and numbers, Personal information (names, physical addresses, phone numbers), Health information (including COVID-19 vaccination data). These breaches affected nearly 1.2 The data compromised included names, home addresses, phone numbers, dates of birth, social security numbers, and drivers license numbers. While desperately scouring the client email lists stored in Mailchimps internal tools, the cybercriminals finally found what they were looking for - an email list of customers of the hardware cryptocurrency wallet, Trezor. The attackers had gained unauthorized access to the Starwood system back in 2014 and remained in the system after Marriott acquired Starwood in 2016. During the third quarter of 2022, approximately 15 million data records were exposed worldwide through data breaches. January 20, 2021: A database containing 1.9 million user records belonging to Pixlr, a free online photo-editing application, was leaked by a hacker. Darden Restaurants announced in August that it had been notified by government officials that it was the victim of a cyberattack. Details about these discoveries can be found in our Aggregate IQ breach series (part 1, part 2, part 3and part 4). By 2014, the move to a single platform had paid off, with Wayfair becoming the largest online-only home furniture retailer in the United States. Twitter did not disclose how many users were impacted but indicated that the number of users was significant and that they were exposed for several months. August 17, 2021: An unauthorized third party gained access to the personal and medical data of over 637,000 patients of UNM Health. Parlers Verified Citizens, or users who had verified their identity by uploading their drivers license or other government-issued photo ID, were also exposed. The exposed information for each platform varies but includes users names, phone numbers, email addresses, profile links, usernames, profile pictures, profile description, follower and engagement logistics, location, Messenger ID, website link, job profile, LinkedIn profile link, connected social media account login names and company name. A misconfigured AWS bucket led to the compromise of 23 million files belonging to the Turkish airline company Pegasus Airlines. The number affected accounts was almost doubled from the originally stated 140,000 upon further investigation. Key Points. The LinkedIn account users data was scrapped or imported from the website into a database, and includes names, LinkedIn account IDs, email addresses, phone numbers, gender, LinkedIn profile links, connected social media profile links, professional titles and other work-related personal data. Even Trezor marveled at the sophistication of this phishing attack. The leaked records include email addresses, usernames, hashed passwords, users country, whether they signed up for the newsletter and other sensitive information. The sensitivity of the information processed by Equifax makes this breach unprecedented, and one of the largest data breaches to date. "We are aware of a data security incident involving a small number of our customers on Macys.com," a representative from Macy's said in a statement to Business Insider on Tuesday. This has now been remediated. On March 31, the company announced that up to 5.2 million records were compromised. Amazon began investigating the breach on the day it was disclosed to them with the third-party company involved shutting down the database on 8 February. The data that is potentially at risk includes customer contact information like email addresses and physical addresses, as well as login information like usernames and passwords. Yahoo forced all affected users to change passwords and to reenter any unencrypted security questions and answers to re-encrypt them. This is the largest compilation of data from multiple breaches, which is where the name Compilation of Many Breaches or COMB comes from. When Zoom sign ups were nearing their pandemic peak in April of 2020, hackers breached 500,000 accounts and either sold or freely published them on the dark web. But the remaining passwords hashed with SHA-512 could not be cracked. Its speculated that the cybercriminal group gained access through an unauthorized API endpoint, meaning a user/password or any other authentication method wasn't required to connect to the API. Connected social media account login names, Seven years worth of credit card payment history, Descriptions of what members were seeking. By changing the link customers received confirming online orders, anyone could access information including customers'names, the order's billing address, shipping address, phone number, and email address, plus the number of items and total dollar amount for the order, the delivery date, and a tracking link. The report for 2020 inspects the development of the effective mitigating approaches that companies have taken to manage insider breach risk. Avid Life Media failed to comply which resulted in wave after wave of categorised data dumps in Pastebin. The attack exposed drivers personal information from the last 20 months of California vehicle registration records, including names, addresses, license plate numbers and vehicle identification numbers (VINs). In February 2018, the diet and exercise app MyFitnessPal (owned by Under Armour) suffered a data breach, exposing 144 million unique email addresses, IP addresses and login credentials such as usernames and passwords stored as SHA-1 and bcrypt hashes (the former for earlier accounts, the latter for newer accounts). This Las Vegas restaurant was named as possibly being impacted by the Earl Enterprises breach. Wayfairs average order value is one of the few metrics to increase from 2020 to 2021, rising 20% to $269. In October 2016, hackers collected 20 years of data on six databases that included names, email addresses and passwords for The AdultFriendFinder Network. Marriott believes that financial information such as credit and debit card numbers, and expiration dates of more than 100 million customers were stolen, although the company is uncertain whether the attackers were able to decrypt the credit card numbers. In one of the biggest data breaches of all time in the education industry, the Los Angeles Unified School District (LAUSD) was attacked by Vice Society, a Russian criminal hacking group. "Due to frequent cyber-attacks and data leaks, people are becoming less attuned to privacy risks," Daniel Markuson, a digital privacy expert from NordVPN, said in a statement. The data may also include information about a vehicle that has been purchased, leased or inquired about, including vehicle identification numbers, makes, models, years, colors and trim packages. Let's hope SlickWraps finally strengthens their cybersecurity framework after such a tumultuous history. The company paid an estimated $145 million in compensation for fraudulent payments. April 24, 2021: A database containing the personal details of over 5.6 million users of thepopular music instruments online marketplace Reverb was discovered after it was leaked into the Dark Web. The cybercriminals then sent a very convincing phishing email to this entire customer list claiming that a critical security incident occurred, requiring an urgent download of a patched version of the Trezor app. Home Depot announced that its POS (point-of-sale) systems had been infected with a custom-builtmalware, which posed as antivirus software, affecting customers from across theUS and Canada. In June 2012, LinkedIn disclosed a data breach had occurred, but password-reset notifications at the time indicated that only 6.5 million user accounts had been affected. If your business isn't concerned about cybersecurity, it's only a matter of time before you're an attack victim. MeetiMindful, a dating app focusing on the mindful community, was breached by a well-known hacker by the name of ShinyHunters. April 6, 2021: Over 500 million LinkedIn user profiles were discovered on the Dark Web. A dump of 91 million accounts from Rambler ("Russian Yahoo") was traded online containing usernames (that form part of a Rambler email) and plain text passwords. In February 2013, tumblr suffered a data breach that exposed 65 million accounts. The attack also exposed customer information including names, addresses, email addresses, account numbers, social security numbers (SSNs), account personal identification numbers (PIN), account security questions and answers, date of birth, plan information and the number of lines subscribed to their accounts. CSN Stores followed suit in 2011, launching Wayfair. Each of the data breaches reveals the mistakes that lead to the exposure of up to millions of personal data records . Hacking group identified as Impact Team compromised 35 million user records from the cheating website Ashley Madison. Manage Email Subscriptions. It was fixed for past orders in December, according to Krebs on Security. This event was one of the biggest data breaches in Australia. Macy's did not confirm exactly how many people were impacted. February 26, 2021: An undisclosed number of T-Mobile customers were affected by SIM swap attacks, or SIM hijacking, where scammers take control of and switch phone numbers over to a SIM card they own using social engineering. The UK's Information Commissioner's Office (ICO) issued more than 42 million ($59m) worth of fines in 2020 to companies that breached data protection and privacy regulations. Thank you! For the 12th year in a row, healthcare had the highest average data . According to the 2021 Year End Report: Data Breach QuickView, by Risk Based Security and Flashpoint, additional incidents continue to surface.It is typical for the number of breaches disclosed for a given year to subsequently increase by 5% to 10% as the data matures. Visit Business Insider's homepage for more stories. CAM4 Data Breach Date: March 2020 Impact: 10.88 billion records. Online customers were not affected. The 204 GB leaked database was not password protected and included visitor and session IDs, device information, configuration data, as well as multiple records for medications, including COVID-19 vaccines and CVS products. January 11, 2021: One of the biggest Internet of Things (IoT) technology vendors, Ubiquiti, Inc., alerted its customers of a data breach caused by unauthorized access to their database through a third-party cloud provider. Find your information in our database containing over 20,000 reports, best-selling e-commerce retailers in the United States, furniture and appliances e-commerce sales, shopping elsewhere than Amazon on Prime Day, United States, the company devoted nearly 1.2 billion to advertising, U.S. retailers with the largest ad spending. Left unanswered is why LinkedIn did not further investigate the original breach, or inform more than 100 million affected users, in the intervening four years. Follow Trezors blog to track the progress of investigation efforts. We continue to see a surge in the same, moretraditional and regulated, group of industries as we move through 2021. The accessed data also contained comprehensive voter analysis based on Reddit post activity which could be used to predict how somebody would vote on a particular issue.