2019 has seen countless headlines about data breaches around the world. We’ve rounded up seven of the most notable breaches of more than 4 billion exposed records.
- In October this year, two security researchers found an unsecure Elasticsearch server which exposed 622 million email addresses in addition to names, phone numbers, social media profiles and locations. There were a total of 1.2 billion unique records exposed in the breach.
- Facebook had multiple reported breaches this year, with millions of users’ records being exposed. In April, a public Amazon server showed millions of Facebook records including 22,000 user passwords. An approximate 540 million records were exposed in total. In September, the social media site leaked the phone numbers of 419 million users. This meant that hackers could access accounts without the need for passwords. 18 million of these users were from the UK.
- The ICO dished out its first fine this year to a London-based pharmacy Doorstep Dispensaree Ltd for a data breach which saw the exposure of half a million documents. These documents, which included names, addresses, dates of births and medical histories, were left in unlocked files in their offices in Edgware, North London. The fine given by the ICO amounted to £275,000 with the Director of Investigations stating that the incident “fell short” of what was expected.
- In September, almost the entire population of Ecuador, including the WikiLeaks founder Julian Assange and the President, were subject to a massive data breach. The data, which affected an approximate 20 million people, included names, birth dates and bank information which was obtained from sources such as the National Bank and government registries. The breach was found on an Elasticsearch server which is owned by an Ecuadorian company Novaestrat. Since the incident, the company’s manager has since been detained.
- Ecuador wasn’t the only country to have a major data breach this year. Bulgaria also suffered with a data security issue that impacted almost all of the adults in the country. An email was sent to Bulgarian news outlets claiming that a Russian hacker was responsible for the attack which claimed to have infiltrated over 100 databases containing confidential information. It is reported that hackers gained access to the database by finding a weakness when filing tax returns from abroad.
- In July, Orvibo, a company specialising in ‘smart-home’ technology was found to have leaked more than 2 billion records including passwords and reset codes. This massive data breach led researchers to find that password protection was not being used. Files were left at risk of “hackers, viruses and security problems”. Further unprotected information included names and email and home addresses.
- Most recently, the British Government had to make an apology on the 29th December after a file containing addresses of over 1000 New Year Honour recipients was published online. The database, containing the personal information of high-profile individuals such as Sir Elton John and Nadiya Hussain, was uploaded to the official website on Friday 27th, and removed a day later. The incident was reported to the ICO who are reported to be “making enquiries” following the data breach.
Jamal Ahmed, Fellow of Information Privacy and Director of Kazient Privacy Experts gave his opinion, saying:
“Most of these types of incidents can be easily avoided where organisations employ appropriate technical and organisational controls. Businesses have a responsibility to invest in adequate training and awareness of their personnel; this can often mitigate effectively against the risk of such incidents occurring.”
Ahmed spoke further about the year, giving advice for organisations,
“Make sure your organisation has strong data privacy and data security training and awareness throughout 2020 and beyond so you can safeguard the data of your stakeholders and uphold your reputation.”
We hope 2020 brings you peace, prosperity, and data security!
Kazient Privacy Experts offer bespoke Data Protection, Privacy and GDPR compliance solutions in a language you understand to UK and international organisations, and has received positive media coverage across Europe. Kazient’s GDPR consultants are fully certified to be your outsourced Data Protection Officer or EU Representative. Get in touch to find out how we can help your business by visiting our website www.kazient.co.uk or calling us on 0330 022 9009.