• Skip to primary navigation
  • Skip to main content
  • Skip to footer
Logo of Agilient Security Consultants, Australia

Agilient Security Consultants Australia

Cybersecurity & Risk Management Specialists

Menu
  • Home
  • Industries
      • Aviation
      • Defence & Defence Industry
      • Government
      • Health & Hospitals
      • Corrections and Detention
      • Maritime
      • Aged Care Facilities
      • Mining, Oil & Gas
      • Public Venues & Events
      • Rail
      • Research and Education Industry
      • Telecommunications
      • Utilities
    • advice-colleagues-communication-newIndustries
  • Services
      • Cybersecurity
      • Protective Security
      • Business Resilience
      • Building Security Consultants
      • Security Audits
      • Pandemic Planning
      • Electronic Security
      • IT Disaster Recovery Plan
      • Security Consultants
      • CCTV and Security Cameras
      • Duress Alarms
      • Security Risk Assessment Consultants
      • Managed Security Service Provider
      • Protection against Vehicles as a Weapon
    • training-1Services
  • Solutions
    • banner-menuUnisys Solutions
    • CTO-Blog-110619-Header-GraphicLookingGlass Solutions
    • menu-bg-2Dell Technologies (RSA) Solutions
    • Sightline-Visualization-menuSightline Solutions
  • Resources
    • menumanagers-dealing-customer-agreTraining
    • working-together-newJoin The Tribe
    • Webinars_3-1.jpgUpcoming and Past Events
    • hacking-detected-shutterstock_newResources
  • Articles
  • About
    • About Us
      We are an Australian owned and operated security company specialising in risk, cybersecurity, protective security, crisis and business continuity management services.
    • frequently-asked-questions-smallFAQ’s
    • bg-menu-government-institutionsConsultant Registration
  • Contact Us
Contact Us

Top 10 Data Breaches of 2018

You are here: Home / Security News / Top 10 Data Breaches of 2018

2018 has been a year of staggering data breaches, with some famous and unexpected names involved. Most breaches were caused by poor security discipline:

  • Unsecured data;
  • Not fully investigating reported vulnerabilities; and
  • Detected intrusion after a long time or only detected when the confidential data appeared on the Internet.

Table of Breaches

Company Rank Records breached Date Disclosed

(2018)

Classification Summary
PumpUp 10 6 million 31st May Data security indiscipline An unsecured backend server on AWS exposed identity and health information in messages between users.

 

Sacramento Bee 9 19.5 million 7th June Intrusion for Ransom Hackers held databases to ransom including the California voter registry. The ransom was not paid and the databases were deleted to prevent further issues. The hackers had access to the contents of all the databases.

 

Ticketfly 8 27 million 7th June Ignored vulnerability warning Ignored a warning from anonymus about a vulnerability, suffered an attack and was defaced, unable to operate for a week, and the details of all their 27 million customers were stolen (names, addresses, email addresses, phone numbers)

 

Panera 7 37 million 2nd April Ignored vulnerability warning Ignored for eight months a report of a vulnerability leaking customer’s records in plain text that could easily be indexed and processed by automation tools easily.

 

Facebook 6 > 87 million 17th March Exploited a bug Cambridge Analytica used an app that leveraged facebook “View as” feature to scrape all details about people’s total social media presence.

 

MyHeritage 5 92 million 4th June Confidential data found online A security researcher found a file with all the names, email addresses and hashed passwords of new users since 17th October 2017. Payment and DNA information is outsourced to third parties so no more information was available.

 

Under Armour 4 >150 million 25th May intrusion In March UnderArmour learned someone gained unauthorized access to their platform ad were able to access usernames, email addresses and hashed passwords.

 

Exactis 3 340 million 26th June data security indiscipline A security researcher found Exactis left a database on a publicly accessible server that contained 340 customer records including names, email address, street address, phone numbers, and other CRM-type information including names and gender of customers children

 

Mariott 2 500 million 30th November Persistent intrusion In 2014 an “unauthorized party” gained access to Starwood’s guest reservation system and had been copying and encrypting the data. The data included names, addresses, itineraries, passport numbers, and encrypted credit card numbers and expiry dates. Decryption of the data requires 2 pieces of information, Starwood has said the attackers may have had access to both.

This breach falls under EU GDPR so a fine of 20 million Euros or 4% of revenue, whichever is the greater, applies.

 

Aadhaar 1 1.1 billion 3rd January Confidential Data sold online Unknown WhatsApp users sold login credentials for 500 rupees that gave access to Aadhaar information on any Indian citizen via their 12-digit Aadhaar identifier including name, address, photo, phone number and email address. A further 300 rupees gave access to software to print an ID Card for any Aadhaar number. This was available for any of the 1.1 billion registered Indian citizens.

 

Conclusion

These breaches show IT Security is a necessary function, in any business in any industry sector with an Internet presence. The breaches also show security requires proper policy and supporting processes, along with operational diligence.

Agilient has experienced policy and audit consultants to assist in creating and measuring the effectiveness of security policy, directives, guides processes and procedures for any size business.

Follow our LinkedIn page for all the latest security updates, and Contact Us to see how we can assist your business.

Tweet
Share

Security News cybersecurity,  data breach,  Facebook,  IT security,  MyHeritage,  Panera,  security policy,  Ticketfly,  top 10 data breaches

Looking for a security partner? Get in touch with Agilient.

Looking for practical and cost-effective security and risk solutions for your government department, agency or company? Speak with Australia’s leading senior security, risk and resilience experts.


Looking for a pandemic planning partner? Get in touch with Agilient.

Looking for practical and cost-effective risk management solutions for your government department, agency or company? Speak with Australia’s leading senior risk and emergency management experts.



Footer

Agilient is a proud member of

Ai Group Defence Council
Australian Industry & Defence Network
Australian Security Industry Association
Sydney Aerospace & Defence Interest Group

Company and Licensing Details:

ABN: 37 157 911 441
NSW Security Master Licence # 410783087
ACT Security Master Licence # 17502184
Vic Security Registration # 878-460-40S
Qld Security Firm Licence # 3834422

Join The Tribe

Sign up to receive our regular Agilient newsletter including the latest security, risk and resilience updates

Sign up now

Copyright © 2022 Agilient – Level 14, 275 Alfred St, North Sydney NSW 2060 Australia – 1300 341 692