Another year, another set of massive security incidents.
The severity of data breaches and malware events seems to escalate almost every year, and the retrospective at 2019’s end isn’t particularly positive. Millions of Americans had their data compromised across the year … and many people gave up far more than their information.
Let’s look at what went wrong over the past 12 months, with an eye toward creating a more secure 2020.
AMCA Data Breach
The American Medical Collection Agency (AMCA) – a medical bill and debt collector – disclosed in June that it had suffered a data breach impacting major marquee clients, including Quest Diagnostic and Sunrise Laboratories, among others. These labs and other third-party vendors fell victim because they accessed AMCA’s compromised payment portal.
The hacker responsible took to the site to collect a range of personally identifiable data for identity theft, including names, payment info and Social Security numbers.
The aftermath included a significant financial blow to AMCA’s parent corporation, which eventually was forced to file for bankruptcy protection.
Baltimore, Other Government Security Incidents
2019 was a big year for ransomware attacks directed at municipal governments. One of the most significant was directed at the city of Baltimore. Hackers in May used a new variant of the RobbinHood malware to take the city hostage, threatening to bring several departments to a standstill unless the city paid up $102,000.
The Federal Emergency Management Agency (FEMA) and Palm Bay, Florida, were among other victims of government-focused cybersecurity attacks.
Elasticsearch Server Hit
In terms of number of users affected, one of the most substantial incidents of 2019 involved an Elasticsearch server containing about 4 terabytes of data. This data, primarily supplied by two data enrichment companies, included email addresses, social media profiles and phone numbers, among others, and the information was not encrypted or password-protected.
The number of individuals impacted: about 1.2 billion.
Capital One Breach
Banks tend to have tighter security controls then some other industries. But they are by no means immune to cyber attacks.
Case in point: a Capital One breach reported in July exposed the private information of about 106 million credit card customers and applicants across the U.S. and Canada. Worse: That information spans more than a decade, collected between 2005 and 2019.
Facebook’s Questionable Password Storage
Facebook has been in the hotseat over privacy concerns for several years, and 2019 wasn’t any different. But the headline the social-media company made in March was among its most upsetting.
Namely: The company apparently stored hundreds of millions of passwords in plain text. While Facebook claimed it had found no indications that employees had abused access to that info, it’s a colossal data-management failure that’s beneath what one would expect from a resource-rich company such as Facebook.
What Have We Learned From 2019’s Security Incidents?
In short, make sure your organization is prepared to buck the trend of escalating cyber attacks and other security incidents in 2020. We have filled our blog pages with numerous ways to help, whether it’s showing you the anatomy of a strong password, outlining the hacking dangers inherent in Bluetooth technology or pointing out corporate cybersecurity risks.