Every week seems to bring news of corporate data breaches that are putting millions of Americans’ information in peril. The year isn’t even over, but 2019 is shaping up to be the worst in terms of data breaches.
Major names such as Capital One to small e-commerce sites have been hit this year. As we’re finding out, it’s not only the amount of data hacked that is important but also the kind of information stolen that could spell all sorts of trouble for consumers.
We’ll look at how 2019 is measuring up t0 2018 and what have been the most egregious breaches so far. As always, we have ways to protect yourself if you find that your data has been stolen.
Data breaches in 2019 will surpass 2018
For the first six months of 2019, the number of data breaches increased by 54% compared to the same time last year. That’s according to a new mid-year report by RiskedBased Security.
Through June 30, 2019, 3,813 data breaches had been reported, exposing more than 4.1 billion records. The number of records exposed so far this year is up 52% compared to the same time last year.
The business sector accounted for 67% of reported breaches, with medical coming in at 14% and government at 12%. Over the first two quarters of 2019, eight breaches exposed 3.2 billion records or 78% of all records exposed through June 30.
Hacking remains the No. 1 tool for breaches, accounting for 82% of all reported incidents. About 70% of the data exposed was email addresses. Passwords made up about 65% of data exposed in breaches.
Why do emails and passwords remain so prized by hackers? They are sold on the dark web as access to credentials continues to be the most popular way to gain access to systems and servers.
Third-party companies made up just 137 of the data breaches in the first half of 2019. Most were negligible but at least two were major.
Related: Sensitive FBI files, emails, Social Security numbers and passwords exposed
Major 2019 data breaches to date
The two major third-party breaches exposed millions of records from Facebook and a medical collection agency. The latter has had a calamitous effect on three major health care companies.
American Medical Collection Agency
American Medical Collection Agency (AMCA) suffered a massive data breach that affected three of its major clients — Quest Diagnostics, LabCorp and Clinical Pathology Laboratories (CPL).
An unauthorized user had access to AMCA’s web payment system. The breach was not detected for eight months. The affected companies said lab results were not accessed.
The data of 11.9 million Quest, 2.2 million CPL and 7.7 million LabCorp patients were exposed. Data from Quest customers included banking information and credit card numbers, medical records and Social Security numbers.
Companies in the banking and financial sector also were hard hit. Three companies alone account for 924 million compromised accounts.
Capital One’s servers were hacked, exposing more than 100 million U.S. customers. Data analytics firm Ascension exposed about 24 million financial and banking documents related to loans and mortgages due to a misconfigured server. It’s not known if any of the information was stolen.
But by far, the largest number of data exposed by one company is courtesy of First American Financial. What’s worse is that the data was compromised due to the company’s own negligence.
First American Financial
First American Financial, one of the nation’s leading settlement and insurance providers, exposed 800 million records containing sensitive data. A flaw in its database design made critical data visible to anyone using a web browser for more than two years.
On its public-facing website, private mortgage information, tax records, and even Social Security and bank account numbers could be seen by anyone with an internet connection. And First American literally handed people access to the data.
The company sends users links to documents with each file labeled by number in the web address. All you would need to do to access another person’s information would be to change the number in the URL.
Related: The mother of all data breaches is now three times bigger
Protecting yourself from corporate data breaches
You can protect your personal information on your home PC, but it won’t matter if a company you do business with exposes that same information. It’s frustrating, but there are things you can do to contain the effects of a breach on you.
The most important step to take, first and foremost is to get into a routine of changing your online account passwords every three months. That means something new and different for each account because if one gets breached, that compromises so much more if you’re using the same password.
Consider using a password manager to help simplify the task, such as RoboForm. Right now, you can take advantage of a limited-time offer and get 50% off RoboForm password manager.
Here are more tips to protect yourself:
- Be on the lookout for phishing scams. Hackers will create emails pretending to be the affected company in hopes of getting you to click on malicious links. If the email provides a link back to the company, don’t click on it. Type the company’s actual URL on your browser to avoid a spoof site.
- Frequently check your bank statements for signs of suspicious activity. If you see anything strange, report it immediately.
- If you see suspicious activity on your credit cards, call your credit card company and put a freeze on your accounts as soon as possible.
- Install strong security software not just on your PC but also on your smartphones.
With hackers seemingly always one step ahead of companies’ cybersecurity efforts, don’t be surprised if your personal information is exposed. But, following the tips above, you can always be prepared.
Be sure to visit Komando.com to keep up with the latest information on data breaches and tips on how to protect yourself.