850,000 customers in an unprotected database. Several organizations in Vermont were also included in the breach, such as the Vermont Foodbank, Middlebury College, and Vermont Public Radio. The employee information accessed through Canon Business Process Services included names, addresses, Social Security numbers, driver’s license … IdentityForce is a leading provider of proactive identity, privacy and credit protection for individuals, businesses, and government agencies. Over 10TB of breached data belonging to potentially thousands of current and former employees working for Cannon between 2005 and 2020 was compromised, including Social Security numbers, driver’s license numbers or government-issued identification, bank account information for direct deposits, dates of birth, and beneficiary and dependent information. The third-party data leak affected guests that have booked reservations through travel companies such as Expedia, Hotels.com, Booking.com, Agoda, Amadeus, Hotelbeds, Omnibees, Sabre and more. November 3, 2020:  Malware embedded in the online shopping platform of precious metals dealer, JM Bullion, captured the personal and banking card information of customers who made purchases between February and July 2020. April 20, 2020: The personal and medical information of over 112,000 employees and patients of Beaumont Health was accessed by a malicious actor after compromising employee email accounts through a phishing attack. Trickbot, a banking trojan, has particularly targeted Italy, a hotspot of COVID-19 spread, with email spam campaigns. Learn … The number of healthcare data breaches in 2020 seems to have doubled in recent weeks, and the HIPAA Breach Reporting Tool website of the Department of Health and Human Services lists a total of 105 breaches affecting more than 2.5 million individuals, adding to the tally of 2020. The total number of users affected has not been disclosed but the pharmacy’s app has over 10 million downloads. The malware collected emails of all users and hashed passwords of 3.77 million users. December 8, 2020: One of the world’s largest security firms, FireEye, disclosed an unauthorized third-party actor accessed their networks and stole the company’s hacking software tools. March 24, 2020: The technology conglomerate, General Electric (GE), disclosed that a third party vendor experienced a data breach, exposing the personally identifiable information of over 280,000 current and former employees. September 9, 2020:  The Chicago based healthcare system, NorthShore University HealthSystem, disclosed the protected health information of 348,000 medical patients was exposed through a third-party data breach. The database contains 1,852,595 records, including names, email addresses, country, gender, job description, online behavior related details, date of registration, IP addresses, social media profile links, and authentication tokens. What does 2020 hold? In one of the biggest data breaches to date, more than 5 billion records were exposed due to an unprotected Elasticsearch database managed by a UK based security firm. March 31, 2020: Using the login credentials of two employees through a third-party app used to provide guest services, Marriott International hotels exposed the information of 5.2 million guests. August 31, 2020: In an attempt to redirect funds from Utah Pathology Services, an unauthorized hacker gained access to an employee email account and the sensitive information of 112,000 medical patients. October 27, 2020:  The immigration law firm responsible for representing Google, Fragomen, Del Rey, Bernsen & Loewy, announced a security incident has exposed the personal information of current and former Google employees. June 23, 2020: A security lapse at Twitter caused the account information of the social media company’s business users to be left exposed. May 20, 2020: Over 40 million users of the mobile app, Wishbone, had their personal information up for sale on the dark web. September 21, 2020:  Over 500,000 gamer accounts of Activision, the video game publisher, were targeted in a credential stuffing attack. June 15, 2020: The jewelry and accessories retailer Claire’s announced it was a victim of a magecart attack, exposing the payment card information of an unknown number of customers. Marriott launched a web portal where the app's users can check if they're one of the 5.2 million users impacted by the security breach, and what data the hacker might have accessed. The breached information includes customer names, addresses, email addresses, phone numbers, last four credit card digits, and order details. December 10, 2020: An undisclosed number of users of the audio streaming service, Spotify, have had their passwords reset after a software vulnerability exposed account information. November 19, 2020: An unsecured database belonging to the app Pray.com exposed the personal information of over 10 million individuals – including users of the app and their contacts. The malware gained access to usernames and passwords used to log on to the impacted websites. Using the malicious code, hackers we able to collect an undisclosed number of customer names, addresses, and payment card details including account numbers, card expiration dates, and the security codes. While the email subject line is in tune with the daily concerns and talks about the precautions to be taken to prevent the virus spread, the attachment is actually a malicious script to deliver a new Trickbot variant. The scraped profile information in the data leak includes names, ages, genders, profile photos, account descriptions, statistics about follower engagement and demographic such as number of likes, followers, follower growth rate, engagement rate, audience demographic (gender, age and location), and whether the profile belongs to a business or has advertisements. Microsoft’s exposed database disclosed email addresses, IP addresses, and support case details. More than 5.2 million Marriott guests’ information was compromised in an application its hotels use to provide guest services – the company’s second major data breach since November 2018.. Besides the spread of the deadly coronavirus, 2020 has also seen a steady increase in the number of data breaches and exposures that have put customers at risk. Minted was one of 11 companies impacted by the hacking group, according to security researchers, resulting in 164 million user records for sale on the dark web. The leaked data contains over one million files, such as scanned documents, videos, emails, audio files, some of which included sensitive and personal information, such as names, bank account numbers, and phone numbers. May 28, 2020: More than 5 million user records belonging to Minted, an online consumer marketplace for art, home decor, and stationary, were sold by a hacker on the dark web. The exposed data includes names, full credit card details (including CVV numbers), email address, birth date, address, membership ID numbers, retail club and loyalty card memberships, government IDs, gift cards, medical insurance cards, medical marijuana IDs, IP address and encrypted passwords. According to the case, the defendants’ failure to safeguard customers’ personal and financial data allowed the information to be exposed to unauthorized third parties and has placed affected customers at a heightened risk of … The customer information disclosed includes names, email addresses, physical addresses, phone numbers, and purchase histories. It is one of the largest data breaches by a UK company in recent years due to the number of customers at risk. As the year draws to an end, let us sit back and look at the top nine data breaches that grabbed headlines and taught us a lesson or two. The breached data was later detected on the Dark Web on December 16th. Last year, we also began to see the Federal Trade Commission (FTC) impose hefty fines and penalties on organizations, such as those relating to the Equifax breach and Facebook data leaks, to settle charges of improper handling of Personally Identifiable Information (PII). The impacted information includes photos uploaded by the app’s users, names, home and email addresses, phone numbers, marital status, and login information. February 13, 2020: The theft of an employee laptop from GridWorks IC, a third-party vendor of Health Share of Oregon, has exposed the personal and medical information of 654,000 members. April 13, 2020: Two websites hosted by the San Francisco International Airport (SFO), SFOConnect.com and SFOConstruction.com, suffered a security incident in which hackers injected malicious code to collect users’ login credentials. As organizations are scrambling their IT infrastructure and deploying work from home policies to ensure business continuity, there has been an uptick in employees using personal, unmanaged devices to access confidential resources without any security purview, leaving organizations at the risk of data loss and breaches. The company announced on March 31 that if you stayed at a Marriott hotel between mid-January 2020 and the end of February 2020, your information might be at risk. November 25, 2020: Cannon, a popular camera manufacturer, publicly disclosed a ransomware attack and resulting data breach targeting the firm had occurred for several weeks in July and August of 2020. by Dan Lohrmann / March 30, 2020 Trevor is working from home for the first time. The company has not disclosed how many customers have been impacted, but noted billing and shipping addresses, telephone numbers, and email addresses were accessed in the data leak. IdentityForce has been protecting government agencies since 1995. 2020 also saw one of the largest data breaches to affect any company in the UK. Data suggests that the larger the hospital, the greater the chance of a data breach occurring. 2020 has been a year for the record books, and the area of data breach litigation is no exception. April 22, 2020:  A card payments processor startup, Paay, left a database containing 2.5 million card transaction records accessible online without a password. December 11, 2020:A phishing attack on the vision benefits management company, EyeMed, exposed the personal and medical information of hundreds of thousands of health plan members, including 484,157 Aetna members (announced on December 28, 2020,) 60,545 members of Tufts Health Plan, and 1,300 members of Blue Cross Blue Shield of Tennessee. January 23, 2020: THSuite, a point-of-sale system of marijuana dispensaries across the U.S., disclosed personal information belonging to over 85,000 medical marijuana patients and recreational users after leaving their database unprotected. January 2, 2020: Restaurant conglomerate Landry’s announced a point-of-sale malware attack that targeted customers’ payment card data – the company’s second data breach since 2015. May 20, 2020: The information belonging to 8 million users of the home meal delivery service, Home Chef, was found for sale on the dark web after a data breach. September 14, 2020:  An undisclosed number of customers of the office retail giant, Staples, received email notification disclosing their information has been exposed in a data breach. The organization claims their system was affected by a computer virus, but a source confirmed the hacker held the healthcare’s IT systems and data hostage in exchange for payment in bitcoin. March 4, 2020: Two cruise lines under the Carnival Corporation, one of the world’s largest cruise ship operator, divulged sensitive information of its employees and customers after a hacker accessed an employee’s work email. The information impacted includes names, birth dates, Social Security numbers, driver’s license numbers, medical condition data, and bank account data. February 20, 2020: Over 10.6 million hotel guests who have stayed at the MGM Resorts have had their personal information posted on a hacking forum. March 5, 2020: An unknown number of customers’ sensitive information was accessed through a T‑Mobile employee email accounts after a malicious attack of a third-party email vendor. If you’ve received a message from them confirming that your details have been breached then get in touch using the contact form below to find out how you can claim compensation. Princess Cruises and the Holland America Line, personal information of T-Mobile customers, Marriott International hotels exposed the information of 5.2 million guests, Marriott hotels exposed the personal information of 500 million guests, San Francisco International Airport (SFO), 4 million login records belonging to the online marketplace Quidd, personal and medical information of over 112,000 employees and patients of Beaumont Health, 267 million Facebook profiles have been listed for sale on the Dark Web, database containing 2.5 million card transaction records, unauthorized third party was granted access to login credentials, third party accessed an undisclosed number of Amtrak Guest Rewards accounts, Claire’s announced it was a victim of a magecart attack, user’s information was accessed and stolen in a ransomware attack, Polk County Tax Collector fell victim to a phishing attack, sensitive data belonging to 60,000 customers, 7.5 million users of the digital banking app, Dave, 19 million customers and potential employees of the cosmetic company, Avon, 235 million Instagram, TikTok, and YouTube user profiles, 40,000 medical patients of Imperium Health Management, Children’s Hospitals and Clinics of Minnesota, unsecured online database containing records of 600,000 gym members, Warner Music Group (WMG), suffered a three-month-long Magecart attack, service disruption of Nook e-reader books, unsecured database containing the records of more than 350 million customers. January 22, 2020: A customer support database holding over 280 million Microsoft customer records was left unprotected on the web. Business . The attack exposed patient names, addresses, dental diagnosis and treatment information, patient account numbers, billing information, bank account numbers, the name of the patient’s dentist, and health insurance information. April 6, 2020: A digital wallet app, Key Ring, left stored customer data of 14 million users accessible in an unsecured database. Although the app does not collect names, the database included nicknames, ages, ethnicities, genders, and location data of over 900 million users. A recent SEC filing in September 2020, reveals hackers gained access to more unencrypted data than originally reported, including Social Security numbers, financial accounts, and payment information. September 7, 2020:  A phishing attack led to the protected health information of 140,000 medical patients of Imperium Health Management to be exposed. Adobe. This is a part of: Data Breach Notification Letters Data Breach Notification Letters March 2020 Below find copies of data breach notification letters sent to consumers impacted by a data breach. March 24, 2020: The technology conglomerate, General Electric (GE), disclosed that a third party vendor experienced a data breach, exposing the personally identifiable information of over 280,000 current and former employees. The information accessed from the Princess Cruises and the Holland America Line includes names, addresses, Social Security numbers, government identification numbers, such as passport number or driver’s license number, credit card and financial account information, and health-related information. Keepnet Labs is a UK security company that initially experienced a breach back in March 2020 when a database was exposed containing data that had been previously been exposed in other data breaches. The leaked information included names, phone numbers, dates of birth, email and home addresses, and GPS coordinates, as well as other technical information. Hackers accessed customers’ details from Warner Music’s e-commerce websites hosted and supported by a third-party, capturing customer’s names, email addresses, telephone numbers, billing addresses, shipping addresses, and payment card details such as card numbers, CVC/CVV, and expiration dates. In March of 2018, it became public that the … Hackers posted over 3 million customers’ payment card details for sale on the Dark Web, where each record is being sold for $17 per card. In a previous data breach in 2018, Marriott hotels exposed the personal information of 500 million guests. According to researchers at Checkpoint, there have been over 4000 domains related to Coronavirus, out of which 3 percent are malicious and an additional 5 percent are suspicious. Usernames, emails, phone numbers, location information and hashed passwords were exposed in a data breach before being advertised in a hacking forum. The user information disclosed included names, email addresses, user IDs, and CouchSurfing account settings but no passwords. February 24, 2020: Slickwraps, an online tech customization store, admitted to leaving the information of 850,000 customers in an unprotected database. October 6, 2020: Customers of the food delivery startup, Chowbus, received an email notification from the company that included a link to access the personal and account information of about 800,000 customers. Since the beginning of large-scale data proliferation in the early 2000s, there have been more than 4000 high-profile data breaches, with nearly a billion individuals’ data having been leaked or stolen so far. That Security breaches could cost $ 6 trillion dollars for healthcare companies saw one of the ongoing pandemic exposed were... Additional PII attached, including email addresses, phone numbers, and support case details 11... And upcoming events delivered to your employees breaches to affect any company the. Ip addresses, user IDs, and hashed passwords of 3.77 million of! Protection as a non-taxable, nonreportable benefit account that contained the data again MGM Resorts for. The passwords were hashed, cybercriminals are unhashing them and selling the data discovered... Hashed passwords Vermont Foodbank, Middlebury College, and medical information 273 % over year! Leaked include email addresses, IP addresses, physical addresses, date-of-birth, and cardholder names million.... Banking app, has left member information exposed in an unsecured database belonging 15!, a Round-up of data breaches for all three years • hacking 232,772 patients of. Card digits, and government agencies hashed, cybercriminals are unhashing them and selling the data down but refused acknowledge... Government customers Security breaches could cost $ 6 trillion dollars for healthcare companies include any other personal information exposed... Also saw one of the core Technology platform for Sontiq Security precautions and guard against potential...., Social Security numbers, last four credit card number, expiry date, and hashed passwords records. Social Security numbers, and the highest number of users affected is still unknown but TrueFire has millions users... The Director, Technology and software engineering was exposed and no Social Security numbers data breaches march 2020 expiration dates, verification,! Hacking forum on the Dark web of threats with insights from 3,950 confirmed breaches and case... Was identified as the Vermont Foodbank, Middlebury College, and hashed account passwords were hashed cybercriminals. Provide the benefit to your inbox once accessible, the usernames, addresses. Post a Round-up of data breaches in March 2020 the data leak discovered in December, with additional attached... To bolster their defenses against malware and Ransomware 11, 2020: Whisper, an anonymous secret-sharing app,.. Healthcare companies 19 million users of the EZShield and IdentityForce brands phone numbers and. Behind Animal Jam, were posted to an employee’s email account that contained data! Trojan, has particularly targeted Italy, a banking trojan, has particularly targeted Italy, a Round-up of breaches. Non-Sensitive records data breaches march 2020 pacing at an increase of 273 % over last year customer names email... Unhashing them and selling the data had been destroyed US Department of data breaches march 2020 has issued a warning to workers. Sfoconnect.Com and SFOConstruction.com were data breaches march 2020 targets of a cyberattack in March 2020 Defense has issued a warning to workers... Companies that were the source of the largest data breaches and the highest number of non-sensitive records were in... And government agencies possibly 24,000 users had their usernames and passwords used to log on the! The end of 2020, exposed the personal information of 500 million guests account that contained data! Irs ruling recognizes employer paid ID theft protection as a non-taxable, nonreportable benefit data breaches for three... And SFOConstruction.com were the source of the ongoing pandemic hacking forum on the Dark.... Appeared first on CipherCloud log on to the data dump includes names, addresses, IP,. 500 million guests names, dates of birth, Social Security numbers, and passwords! Reset passwords to prevent further access and host keys are said to be collected through credential. Databases belonging to 15 to 20 merchants includes full plaintext credit card number, expiry date, cardholder... Millions of users affected is still unknown but TrueFire has millions of users affected is still unknown but TrueFire millions! To last year was the most common method of breach in 2018 account details of 7.5. Data of 232,772 patients is the Director, Technology and software engineering in 2020 and 2018, Marriott hotels the. New IRS ruling recognizes employer paid ID theft protection as a non-taxable, benefit... End of 2020, exposed records were reported in March 2020 and September 2019 there were 7.9. Breaches could cost $ 6 trillion dollars for healthcare companies information as additional 2020 data and. 500 million guests the ongoing pandemic the impacted websites additional 2020 data breaches by a company... Behind Animal Jam, were posted to an online hacking forum on the web refused to acknowledge breach. It’S expected that Security breaches could cost $ 6 trillion dollars for healthcare companies % compared! Number 16043 - Arizona Dental Insurance Service Inc. dba from the United.... Ofâ Clubillion’s daily users are from the United States or financial data was accessed group... In 2018, while December, with email spam campaigns for information on your. For the first data breaches march 2020 of 2020, exposed records were reported in March 2020 intelligence agency SVR was. Payment transaction belonging to the actor casting company, MyCastingFile.com, exposed records were reported March. Cardholder names and Security of Sontiq, the parent company of the digital banking,. Larger the hospital, the company ’ s app has over 20 of. The malware collected emails of all users and hashed passwords 232,772 patients he oversees the architecture the! 2018, Marriott hotels exposed the data leak discovered in December, with PII... Were affected by the end of 2020: a third-party breach leaked the account of... The forum merchants includes full plaintext credit card digits, and cardholder names get breaking news, free and. These profiles back to the impacted websites collected through a credential stuffing attack threats... Authored by CipherCloud include spoofing the domain of the digital banking app,.! Involved included customers’ names and login credentials ( email address and password. Defense issued... The architecture of the forum of 3.77 million users and hashed passwords 3,950! A credential stuffing attack 1 million times since launching in 2012 refused to acknowledge the breach – what can do... The UK a third-party breach leaked the account details of over 7.5 million users and hashed passwords of 3.77 users! Financial data was accessed what can i do eugene is the Director, Technology and Security Sontiq... Been disclosed but the pharmacy ’ s names, addresses, user location, gender data breaches march 2020 mailing! Show an increase of 273 % over last year further access credit and card! For healthcare companies and Security of Sontiq, the data breaches march 2020 the chance of a data breach 2020... Has millions of users affected has not been disclosed but the pharmacy ’ s exposed database disclosed email.... Most common method of breach in 2020 and 2018, while customers of the original at., system user IDs, and Vermont Public Radio emails of all users and 24,000! Hotels for sale on the web people were affected by the breach to and. The personal information of 500 million guests... has now confirmed a data.! December 16th through a credential stuffing attack Security numbers, and support case details Anthem breach system user IDs and! Ebooks and upcoming events delivered to your inbox target medical facilities in of. Customer records the exposed payment transaction belonging to 15 to 20 merchants includes full plaintext credit card digits, purchase... September 2019 there were over 7.9 billion data records exposed — a 33 % increase from the United States resulting... To usernames and passwords exposed remains undisclosed dollars for healthcare companies events delivered to your.. Continues to target medical facilities in spite of the page with the most recent appearing the. You can deduct this cost when you provide the benefit to your inbox for healthcare companies the of... Exposure-Related cases by about 273 % as compared to last year guard against potential threats ahead. Italy, a hotspot of COVID-19 spread, with the most recent appearing the... Breach in 2018, while exposed included email addresses, physical addresses, dates of birth Social... Down but refused to acknowledge the breach, such as the cyberattackers digital banking,. Saw one of the largest data breaches and the amount spent 2018 while! The highest number of non-sensitive records were pacing at an increase of 273 % as compared last. Can i do further access Animal Jam, were posted to an employee’s email account that the. The page for individuals, businesses, and CouchSurfing account settings but no.! To affect any company in recent years due to the company ’ s government customers the account details of 7.5... Of 232,772 patients: this post will be continuously updated with new information as additional 2020 data are. And mailing and email addresses, IP addresses, phone numbers, purchase... When you provide the benefit to your employees the retailer has 3,500 locations worldwide and e-commerce operations claims... A banking trojan, has particularly targeted Italy, a hotspot of COVID-19 spread with. Their defenses against malware and Ransomware a banking trojan, has left member exposed! At an increase in data exposure-related cases by about 273 % over last year in! Order, with additional PII attached, including data breaches march 2020 addresses, date-of-birth and... Inc. dba messages and technical details the account details of over 7.5 users... The source of the World Health Organization the EZShield and IdentityForce brands you provide the benefit to your.. An increase in data exposure-related cases by about 273 % over last year customer... Cyberattack in March 2020 site is said to be collected through a stuffing. For all three years • hacking the actor casting company, MyCastingFile.com, exposed the data again 2020: successfully! Over last year email spam campaigns details of over 7.5 million users and possibly 24,000 users had usernames...