The 7 Biggest Data Breaches of 2018

Google+ suffered a data breach that affected all of its 52.5 users before an announcement it would shut down in 2019.

Even as cybersecurity gets better and more IT professionals enter the field, large data breaches involving more than 100 million records continue to occur at record levels. The size of the breach is only one aspect of its seriousness; a breach involving smaller numbers of records may be “bigger” in seriousness if it exposed personal ID numbers, addresses or payment information. Here are some of the biggest data breaches of 2018, out of a total of 3,676 reported breaches that compromised the information of more than 3.6 billion people last year. 

1. Aadhar

The Indian equivalent of the Social Security Administration, Aadhar issues unique identification numbers to Indian residents. A data breach discovered in March 2018 exposed 1.1 billion records including ID numbers and some connected bank account information. The breach occurred because the Indian government failed to secure the database, leaving it open for anyone to access. 

2. Mariott Starwood Hotels

Personal information of up to 500 million people including phone numbers, email addresses, passport numbers, and some credit cards and expiration dates was exposed between 2014 and September 2018 when hackers accessed and stole the information from the company database.

3. Exactis

The personal information of just about every U.S. resident—340 million people in all—was found on a database by a security expert and reported to the FBI and marketing firm Exactis, to whom the data belonged, in June 2018. Addresses, phone numbers, personal characteristics, and preferences were included. 

4. Cambridge Analytica

This marketing organization collected the Facebook profiles and personal preferences and interests of 87 million people using a Facebook quiz, then passed it on to third parties including the 2016 Trump presidential campaign. 

A data breach of Mariott Starwood Hotels exposed sensitive records of up to 500 million people.

5. My Fitness Pal

The email addresses, usernames and encrypted passwords of 150 million users were accessed by an “unauthorized party” in February 2018. This information could be used to gain other information like names, locations and purchasing preferences.   

6. Google+

The soon-to-be-defunct social networking branch of Google reported two data breaches impacting 52.5 million users, one in March 2018 and one in December. The breaches exposed the personal profile data of users. 

7. Cathay Pacific Airlines

This serious breach, discovered in March 2018, affected 9.4 million customers and exposed 860,000 passport numbers, 245,000 Hong Kong identity card numbers and a small number of expired and incomplete credit card numbers. 

These breaches are only the tip of the iceberg. They highlight a dire need for cybersecurity professionals that can identify vulnerabilities to prevent breaches before they occur, as well as recognize when breaches may have occurred so that systems can be fixed and secured to prevent further exposure. Currently, severe shortages in cybersecurity personnel exist around the world and make it more difficult to protect databases that house personal information, even credit card and social security numbers. 

PC AGE offers courses that teach cybersecurity skills and lead to certifications in the area of cybersecurity. Request info about all the courses we offer and how you can fill a dire need for cybersecurity professionals.