Skip to Content
© Suwat Rujimethakul | Dreamstime
Security & privacy

Biggest data breaches of 2019: Billions of records exposed

Data breaches are the kind of events that create headlines no matter how small they are. Just the idea that your personal life could be hung out to dry so easily is enough to make the blood run cold — and the financial risks involved only make things worse.

But data breaches in 2019 are a whole different animal from the ones that came before. Unlike in previous years, data breaches have become a common occurrence in much of the world. In fact, 2019 hacks surpassed 2018 as early as August. Tap or click to see how much they increased.

To fully understand the scope of the problem, it’s a good idea to look at the most important data breaches of the year and learn why and how they happened. By learning about them, you can also learn what to do if you fall victim to a digital disaster.

Checkers and Rally’s hit by massive point of sale breach

Restaurants process hundreds of payments from customers every day. That’s why when a restaurant’s point of sale (POS) system is hacked, the financial data of everyone who recently dined there is at risk.

Popular chain restaurants Checkers and Rally’s were hit by a POS hack this year, putting customer names, addresses and credit card numbers at risk of exposure. The restaurants managed to seal the leak and offered free credit-monitoring for those affected, but there’s no telling what might have been lost.

Tap or click to learn more about the hack at Checkers and Rally’s

Dealerleads database left unsecured on the web

SEO, or search engine optimization, is a process used to help new and growing websites shoot to the top of Google search results. This requires careful use of links and written content, which is why keeping data on websites you want to link to is useful.

But good intentions can sometimes lead to drastic consequences. A database for SEO compiled by car-shopping aggregator Dealerleads was left unsecured and open on the web. This data included links to car-buying websites, as well as personal information on millions of car buyers’ records.

Tap or click to learn more about Dealerleads’ mistake.

StockX leak exposes millions of users

StockX is one of the most popular sites on the web for secondhand sales of luxury goods. Items like rare sneakers, designer jeans and collectible items change hands thousands of times per day, and with that exchange comes a good deal of money.

But StockX isn’t immune to data breaches. After being hacked in a large-scale cyberattack, StockX user accounts and passwords were sold on the dark web. Meanwhile, the platform failed to notify users that a hack occurred, instead telling them that a “system update” required a password reset. What a mess.

Tap or click to see what was stolen from StockX.

Collection #1, #2 and #3 are chock full of stolen data

Called “the mother of all data breaches” by some analysts, three massive troves of stolen accounts, passwords and databases were posted online to the filesharing site Mega under the mysterious monikers “Collection #1, #2 and #3.”

These collections included information that spanned multiple sites and platforms. It’s such a large breach that nobody can say for sure where the hackers behind it struck first. Regardless, this event prompted numerous online destinations to force their users to reset their passwords.

Tap or click to see what was inside the “collections.”

Facebook fails to protect user data

What data breach list would be complete without Facebook making an appearance? Starting with debacles like Cambridge Analytica, Facebook has been notoriously lax with user data and security — with user accounts and passwords leaking on numerous occasions.

But the 2018-2019 third-party data leaks are especially bad. This data was harvested by third-party applications as per Facebook’s normal policy. Unfortunately, nobody secured the databases the information was stored on. This led to the exposure of hundreds of millions of Facebook accounts and activity histories.

Tap or click to learn why Facebook was so careless with data this year.

Trouble for Toyota in 2019

Toyota announced in April this year that hackers had broken into the company’s servers. Once they got inside, they pilfered sales information for more than 3.1 million Toyota and Lexus owners.

Thankfully, no financial data appeared to have been touched. But the hackers did manage to make off with thousands of GB of personally identifying information like names, addresses and anything else you’d use to fill out a loan application.

Tap or click to see what hit Toyota this year.

Capital One comes clean about hack

Capital One is one of the nations biggest providers of credit cards and banking services. But its popularity doesn’t make it immune to hacks, and a recent cyberattack on the company ended up affecting over 100 million U.S residents.

Unlike some breaches, this horrific event cost users sensitive data like credit card limits, credit scores, home addresses and worst of all, social security and bank account numbers. Also unlike some of the other stories, the FBI believes it caught the person responsible.

Tap or click here to see what happened to Capital One.

First American Financial leaks entire database

As one of the nation’s largest insurance providers, First American Financial is responsible for the data of millions of consumers. This data includes personal and financial information, which means it requires the utmost secrecy and security.

But First American Financial must not have remembered that when it set up an unsecured server to store consumer info. This server wasn’t protected to the extent this data would normally require, putting millions of people’s data at risk of being stolen or misused.

Tap or click here to see how this company leaked so badly.

Bonus: How can I protect myself if my data is breached?

Data breaches are common, but not everyone is affected. When one does involve your data, there are a few steps you can take to make sure nothing is amiss.

Check your bank accounts

Always check your bank accounts for accuracy following a data breach. It shouldn’t be a surprise, but bank accounts are one of the first places cybercriminals check, and even a little bit of money is useful to them if they’re robbing millions of people at once.

You may want to also speak with your banker about additional security measures for your account.

Check your online accounts

Cybercriminals are increasingly interested in stealing social media accounts, which can give them a mask to use when committing crimes. Make sure the most recent string of posts you see are from you, and check to make sure nobody has recently changed the passwords other than you.

Reset your passwords and create stronger ones

Ordinary passwords are falling by the wayside thanks to stronger security methods like biometrics. But not every website has adopted these new ideas, which is why strong passwords will be useful for some time to come. Reset the ones you’re using, then tap or click here to read our guide to making stronger passwords.

Freeze your credit

A credit freeze can prevent an identity thief from opening up an account in your name, and can help you monitor activity on your credit report for any fraud you might have missed otherwise. Tap or click here to learn how to initiate a credit freeze.

When available, always use 2FA

Two-factor authentication is becoming the standard for safe online logins. When you set this up, your login requires a verification code to proceed. If a hacker doesn’t have access to your phone, they’ll find themselves completely locked out. Tap or click here to learn how to set up 2FA for your favorite websites.

Komando.com App background

Check out the free Komando.com App!

Get the latest tech updates and breaking news on the go, straight to your phone, with the Komando.com App, available in the Apple Store and Google Play Store.

Download Now