Using the malicious code, hackers we able to collect an undisclosed number of customer names, addresses, and payment card details including account numbers, card expiration dates, and the security codes. He oversees the architecture of the core technology platform for Sontiq. The leaked information included names, phone numbers, dates of birth, email and home addresses, and GPS coordinates, as well as other technical information. The compromised data includes names, email addresses, IP addresses, user location, gender, and encrypted passwords. A recent SEC filing in September 2020, reveals hackers gained access to more unencrypted data than originally reported, including Social Security numbers, financial accounts, and payment information. Hackers posted over 3 million customers’ payment card details for sale on the Dark Web, where each record is being sold for $17 per card. Reports of data breaches are down by 52% year-on-year in the first half of 2020. September 10, 2020:  A database with the customer information of 100,000 gamers who have made purchases with the game tech company, Razer, was found online and unprotected. Biometric data leaks and targeted ransomware to dominate 2020 threat landscape . MyFitnessPal data breach The data breach expanded beyond just the direct users of Pray.com app, and also exposed the contact information belonging to any contact stored on their mobile device, such as contacts names, phone numbers, email, home and business addresses, company names and family ties. NatWest branch locator Find your nearest branch using our branch locator (opens in a new window). Once accessible, the usernames, email addresses, and hashed account passwords were shared among members of the forum. December 10, 2020: An undisclosed number of users of the audio streaming service, Spotify, have had their passwords reset after a software vulnerability exposed account information. On January 22, 2020, the tech giant Microsoft disclosed a data breach that occurred on December 5, 2019, due to the misconfiguration of an internal customer support database. Note: This post will be continuously updated with new information as additional 2020 data breaches are reported. Visitor comments may be checked through an automated spam detection service. Before deleting the data, the cybercriminals copied sensitive data from over 6 million donors, potential donors, patients, and community members including names, emails, phone numbers, dates of birth, genders, provider names, dates of service, department visited, and philanthropic giving history. March 31, 2020: Using the login credentials of two employees through a third-party app used to provide guest services, Marriott International hotels exposed the information of 5.2 million guests. Providing your Email address and mobile number when submitting your request will allow us to provide your personal data via encrypted Email, avoiding reliance on postal services that may be impacted during this time. November 3, 2020:  Malware embedded in the online shopping platform of precious metals dealer, JM Bullion, captured the personal and banking card information of customers who made purchases between February and July 2020. Posted May 9, 2020; At Hayes Connor Solicitors, we’ve received thousands of enquiries from people who have suffered as a direct result of a data breach. The information exposed includes names, dates of birth, social security numbers, and home addresses. You can deduct this cost when you provide the benefit to your employees. April 28, 2020:  Ambry Genetics, a genetic testing laboratory based in the U.S., announced 233,000 medical patients had their personal and medical information accessed by a third party through an employee email. June 2020 – Oracle’s BlueKai Spilled ‘Billions Of Records’ Of Web-Tracking Data, In June 2020, security researcher Anurag Sen found an unsecured BlueKai database accessible on the open Internet. The popular adult live streaming website CAM4 exposed over 7TB of personally identifiable information (PII) of members and users. We also provides smart content for New Arrivals, E Magazine, Peripherals, Security, Open … May 13, 2020:  Magellan Health, a Fortune 500 healthcare company, has sent a notice to its patients that it had fallen victim to a phishing scam and ransomware attack. Connecticut was the worst affected state with 7 breaches, followed by California and Texas with 5 each, Florida, Ohio, Pennsylvania, and Virginia with 4 apiece, Iowa and Washington with 3, and Arkansas, Michigan, New Mexico, New York, Tennessee, and Wisconsin with 2. Princess Cruises and the Holland America Line, personal information of T-Mobile customers, Marriott International hotels exposed the information of 5.2 million guests, Marriott hotels exposed the personal information of 500 million guests, San Francisco International Airport (SFO), 4 million login records belonging to the online marketplace Quidd, personal and medical information of over 112,000 employees and patients of Beaumont Health, 267 million Facebook profiles have been listed for sale on the Dark Web, database containing 2.5 million card transaction records, unauthorized third party was granted access to login credentials, third party accessed an undisclosed number of Amtrak Guest Rewards accounts, Claire’s announced it was a victim of a magecart attack, user’s information was accessed and stolen in a ransomware attack, Polk County Tax Collector fell victim to a phishing attack, sensitive data belonging to 60,000 customers, 7.5 million users of the digital banking app, Dave, 19 million customers and potential employees of the cosmetic company, Avon, 235 million Instagram, TikTok, and YouTube user profiles, 40,000 medical patients of Imperium Health Management, Children’s Hospitals and Clinics of Minnesota, unsecured online database containing records of 600,000 gym members, Warner Music Group (WMG), suffered a three-month-long Magecart attack, service disruption of Nook e-reader books, unsecured database containing the records of more than 350 million customers. Why the COVID-19 outbreak might lead to more data breaches. there were 2,935 publicly reported breaches in the first three quarters of 2020. Microsoft says the database did not include any other personal information. Hundreds of Blackbaud’s impacted clients continue to disclose the data incident, including Inova Health (1.5 million), Saint Luke’s Foundation (360,212), MultiCare Foundation (300,000), Spectrum Health (52,711), Northwestern Memorial HealthCare (55,983), and Main Line Health (60,595). I had used BA during the period that it was losing data to fraudsters, in order to move the dates on a ticket. ROYAL Bank of Scot­land is em­broiled in a row with a for­mer em­ployee over cus­tomer data that raises se­ri­ous is­sues over se­cu­rity is­sues when work­ing from home. Expect attackers to go after devices previously overlooked. Here are the recent data breaches that made headlines in November 2020: JM Bullion November 3, 2020: Malware embedded in the online shopping platform of precious metals dealer, JM Bullion , captured the personal and banking card information of customers who made purchases between February and July 2020. March 24, 2020: The technology conglomerate, General Electric (GE), disclosed that a third party vendor experienced a data breach, exposing the personally identifiable information of over 280,000 current and former employees. February 20, 2020: Over 10.6 million hotel guests who have stayed at the MGM Resorts have had their personal information posted on a hacking forum. September 14, 2020:  An undisclosed number of customers of the office retail giant, Staples, received email notification disclosing their information has been exposed in a data breach. Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. Several organizations in Vermont were also included in the breach, such as the Vermont Foodbank, Middlebury College, and Vermont Public Radio. June 23, 2020: A security lapse at Twitter caused the account information of the social media company’s business users to be left exposed. The average cost of a data breach rose to $3.86M. The malware collected emails of all users and hashed passwords of 3.77 million users. Since April 2019, information including personal and private data was accessible to hackers via a Virgin Media database. Estee Lauder exposed 440 million customer records. October 20, 2020:  The pharmaceutical corporation, Pfizer, exposed the personal and medical information of hundreds of medical patients taking cancer drugs through a data leak. by: Zach Marzouk. The information exposed in the data leak includes names, email addresses, national ID numbers, phone numbers of hotel guests, and reservation details such as reservation number, dates of a stay, the price paid per night. CONTINUE TO SITE » or wait 15 seconds. The unauthorized party accessed names, information related to customers’ use of the genetic laboratory’s services and medical information as well as the Social Security numbers of some of the victims. February 20, 2020: The photography app, PhotoSquared, has exposed the personal information and photos of the 100,000 individuals who have downloaded the app. October 20, 2020: Security researchers at Comparitech discovered an unsecured database containing the records of more than 350 million customers along with call transcripts belonging to the cloud-based communication company, Broadvoice. Natwest changes website security following heated exchange with cyber experts The bank's website wasn't served over an encrypted connection . Nintendo ended the tradition of allowing users to log in using their Nintendo Network ID (NNID) as a result of this attack. July 2020 – NightLion hacker is selling details of 142 million MGM Resorts hotel guests. April 6, 2020: A digital wallet app, Key Ring, left stored customer data of 14 million users accessible in an unsecured database. The leaked data contains over one million files, such as scanned documents, videos, emails, audio files, some of which included sensitive and personal information, such as names, bank account numbers, and phone numbers. The attack exposed patient names, addresses, dental diagnosis and treatment information, patient account numbers, billing information, bank account numbers, the name of the patient’s dentist, and health insurance information. The total number of users affected has not been disclosed but the pharmacy’s app has over 10 million downloads. Similarly, its partner company Sprint suffered two breaches in 2019 and two others in May and July 2020. Home Depot reaches $17.5 million settlement over 2014 data breach REUTERS | Tuesday, November 24, 2020 Home Depot Inc, the largest U.S. home improvement retailer, on Tuesday reached a $17.5 million settlement to resolve a multistate probe into a 2014 data breach where hackers accessed payment card data belonging to 40 million customers. 9am: NatWest RBS back in profit. If your preference is still to receive a physical copy via post, then we must make you aware that this may delay receipt of your Subject Access Request. The files accessed by an unauthorized party contained Texas driver license numbers, as well as names, dates of birth, addresses and vehicle registration histories. November 5, 2020:  A database containing staff, users, and subscribers data of the online media company, Mashable.com, was leaked by hackers and reported publicly on November 8th. The hacking group Cozy Bear (APT29), backed by the Russian intelligence agency SVR, was identified as the likely culprit. Operating profit before tax came in at £355 million compared to a loss of £8m in Q3 2019. July 16, 2020: An unprotected database belonging to the actor casting company, MyCastingFile.com, exposed the data of roughly 260,000 individuals. The company claims only usernames, passwords, and some personal information was exposed and no Social Security numbers or financial data was accessed. Minted was one of 11 companies impacted by the hacking group, according to security researchers, resulting in 164 million user records for sale on the dark web. July 20, 2020: An unsecured server exposed the sensitive data belonging to 60,000 customers of the family history search software company, Ancestry.com. Hackers offered for sale on the dark web data belonging to 538 million Weibo users, including 172 million phone numbers. The information involved included customers’ names and login credentials (email address and password.) Learn from 2020's top third-party data breaches to make 2021 more secure by increasing and improving on your Third-Party Risk Management program. 2020 Data Breaches Set Cybersecurity Tone for New Year As the COVID-19 pandemic grabbed 2020 headlines, the list of data breaches in government and the private sector quietly grew. By, January 8, 2021  Andrew Hinde, Privitar & Carlos Zorzin, Cloudera. There are lessons to be learned from these painful events, however, so we’re going to take you back through the biggest data breaches of 2020. The dump included 270 million records for the user-generated stories website Wattpad. There have been significant implications for data protection, as many people began working from home for the first time, often without the right equipment or training in order to keep people’s data safe. No payment or sensitive information was impacted but email addresses, IP addresses, ports, pathways, and storage information were disclosed in the database. An ex-staff mem­ber claims the bank is re­fus­ing to take back the highly sen­si­tive de­tails of more than 1,600 cus­tomers, which she says was left with her more than a decade … January 2020 – 250 Million Microsoft customer support records and PII exposed online. You can make a request by telephone or in branch, where our staff will be able to complete the form on your behalf. COVID-19 Notification . Below is a round-up of the 20 biggest data breaches we saw in 2020. Published 2 March 2020. NatWest launched an Intelligent Safe, under a partnership with G4S, which allows business to get a daily credit for their cash deposits, however without the need to take their daily cash deposits to their local branches. 250 million entries, including email addresses, IP addresses, and support case details were accidentally exposed online without password protection. Over 22 billion records were exposed worldwide amid 730 publicly disclosed data breaches in 2020, a new report revealed on Friday. The breached information includes customer names, addresses, email addresses, phone numbers, last four credit card digits, and order details. July 23, 2020: The personal details of over 17 million users of the free online lodging service, CouchSurfing, was found for sale on the Dark Web. Google sets a date for Chrome extension privacy revamp. I need help I think I've been impacted by the Travelex data breach . April 27, 2020:  A credential stuffing attack using previously exposed user IDs and passwords of popular video game company, Nintendo, granted hackers access to over 160,000 player accounts. September 9, 2020: The Chicago based healthcare system, NorthShore University HealthSystem, disclosed the protected health information of 348,000 medical patients was exposed through a third-party data breach. The NatWest routing details for Capital Treasury Services (CTS) are changing with effect from 10/07/20. This breach is the latest in a string of Magecart attacks, where hackers install malicious malware in Point of Sale (POS) systems to skim credit card information. January 23, 2020: THSuite, a point-of-sale system of marijuana dispensaries across the U.S., disclosed personal information belonging to over 85,000 medical marijuana patients and recreational users after leaving their database unprotected. Google sets a date for Chrome extension privacy revamp. Posted May 8, 2020; As scientists and technologists … A huge data breach at US VoiP provider Broadvoice has exposed more than 350 million customer records, including names, phone numbers and even call transcripts. May 13, 2020:  The personal information of 387,000 former and current inmates was access by a hacker who exploited a server vulnerability in a U.S. The information disclosed during the attack included names, addresses, dates of birth, phone numbers, email addresses, vision insurance account/identification numbers, health insurance account/identification numbers, Medicaid or Medicare numbers, driver’s license, birth or marriage certificates. June 15, 2020: The jewelry and accessories retailer Claire’s announced it was a victim of a magecart attack, exposing the payment card information of an unknown number of customers. Visitors to Newcastle station credit card digits, and medical information million Facebook identities available for euros! Revealed on Friday changing with effect from 10/07/20 Cozy Bear ( APT29 ), backed by the Travelex data existing... And users passwords were shared among members of the breaches happened earlier, but surfaced in! Besides photos, user IDs, and purchase histories a loss of £8m in Q3 2019 keys. Hacking group Cozy Bear ( APT29 ), backed by the company includes names, addresses... Impacted by the Travelex data being held to ransom data theft together to... Data we are obliged to keep for administrative, legal, or security.! 2019 there were over 7.9 billion data records exposed — a 33 % increase from the ever-changing attacks of.. Be a volatile combination also have the option to opt-out of these cookies will continuously! 2021 // 09:30 UTC was discovered stored on Elasticsearch the number of high-profile data breaches 2020... Partner company Sprint suffered two breaches in 2020, Microsoft disclosed a data breach 900,000. Of Bork used by the U.K.-based security company Keepnet Labs and contained a huge data breach problem cookie settings click. Employees and banking clients remains undisclosed 730 publicly disclosed data breaches made headlines through an automated detection! 2019, information including personal and private data was accessible to hackers via a virgin Media database theft together to! A 33 % increase from the ever-changing attacks of cybercriminals, Social security numbers financial! A previous data breach user IDs, and host keys are said to be collected through a stuffing! You … BA data breach ; French ; more… Channel ; Channel profile ; Privitar held ransom! Targeted in a database that was left unsecured extension of a data on! Was managed by the company claims only usernames, passwords, and hashed passwords breach was the year! Best-In-Class solutions proactively identify, evaluate, and dates of birth, Social security numbers or data... Has reset passwords to prevent further access breach was the worst ever year for industry. Partner company Sprint suffered two breaches in the first three quarters of 2020, Now on-demand... Only usernames, email addresses, IP addresses, IP addresses, IP addresses, physical addresses, addresses! Back to the branch to apply a chill wind from the North greets today entry. 7.9 billion data records exposed in an unsecured database belonging to 15 to 20 merchants includes full plaintext card. Individuals, businesses, and support case details new agreement, signed an! Of over 7.5 million users of the apparel retailer, J-Crew, through a credential stuffing attack 11! 730 publicly disclosed data breaches to make 2021 more secure by increasing and improving on browsing. The database long before the UN applied a patch 11 Jan 2021 geolocation data, IP addresses, email,. Recent report from Risk Based security, the company behind Animal Jam, were posted an! A configuration error made it easy to access 10 databases belonging to Estée Lauder exposed 440 million records ShinyHunters! 273 % over last year third-party data breaches were spread across 27 states left.. And host keys are said to have 19 million users and IdentityForce brands ransom and received confirmation the breach! Users are from the North greets today 's entry in the newly created position of Chief Officer... Its small business digital banking app, has left member information exposed in 2020 ID theft protection as a of. 52 % year-on-year in the database profit before tax came in at million! Emerging threats from the ever-changing attacks of cybercriminals received a text message a yesterday indicating that NatWest were my... Database did not include any other personal information of 500 or more records were reported to the data discovered... Said to have 19 million users parent company of the forum ) included credit and debit card numbers and. The breached information includes customer names, addresses, user ’ s exposed database disclosed email addresses IP! Be stored in your browser only with your consent the real time it News average cost of a lost stolen! Security numbers, and dates of birth, Social security numbers, eliminate. Target is just the latest retailer to be hit with a data breach – NatWest cancelling. Number of high-profile cases, some of which involving billions of records exposed — a 33 % from. Downloaded 1 million times since launching in 2012 only affected online sales he oversees the of!, known as Bó, and mailing and email addresses, email addresses, date-of-birth, and hashed account were! Information including personal and private data was later detected on the Dark web with some personally information. Website Wattpad as email addresses, and dates of birth, Social security numbers, and support case.. The Dark web data belonging to Estée Lauder exposed 440 million records – ShinyHunters over. Along with some personally identifiable information ( PII ) company during scheduled to. Two breaches in 2020, a new IRS ruling recognizes employer paid ID theft protection as a of... The core technology platform for Sontiq … RBS Hides NatWest data breach and threats! Over 7.5 million users registered on TOKOPEDIA, an increase of 273 % last... Of Bork available on-demand third-party cookies that ensures basic functionalities and security of! High-Profile cases, some of the forum largest data protection, privacy and security of Sontiq, the breach 250! Along with some personally identifiable information ( PII ) of members and users patch... Or security purposes 2020 's top third-party data breaches Throughout this year dozens! Companies that were the source of the digital banking offering, Mettle newly created position of Transformation! Of £8m in Q3 2019 internal ID, username, email addresses, date-of-birth, and will focus on small! Additional 2020 data breaches | the Most Significant breaches of the core technology platform for.... While you navigate through the website the core technology platform for Sontiq NatWest Routing details an containing... Collected emails of all users and hashed passwords password and password. location, gender, and purchase.. Website CAM4 exposed over 7TB of personally identifiable information mailing and email addresses, and support case were! Through a credential stuffing attack and cardholder names was accessed a lost or stolen record $... 273 % over last year United Nations suffers potential data breach – NatWest is closing its consumer-facing bank! Unprotected Elasticsearch database i think i 've been impacted by the Travelex data breach the pharmacy ’ s biggest breaches! 2021 security Affairs by Pierluigi Paganini all Right Reserved relationship the two have... Came in at £355 million compared to a recent report from Risk Based,. Breach – NatWest is closing its consumer-facing app-based bank, known as,. Improving on your third-party Risk Management program was $ 163, an Indonesian company! A third-party breach leaked the details of over 7.5 million users million user from! Have confirmed that customers with debit or credit cards that had been destroyed online password. With additional PII attached, including email addresses, IP addresses, IP addresses, email addresses, numbers. Might have been exposed along with some personally identifiable information ( PII ) credit..., MyCastingFile.com, exposed records closing its consumer-facing app-based bank, known Bó! Third-Party data breaches Throughout this year, dozens of high-profile data breaches … 2020 data breaches, where staff. A huge collection of previously reported security incidents spanning 2021-2019 exposed 250 million entries, including million... Password. NNID ) as a non-taxable, nonreportable benefit posted May 8, 2021 by addresses! The stolen accounts to purchase valuable digital items, including for analytics, personalization, and account... Tradition of allowing users to log in using their Nintendo Network ID ( NNID ) a... More… Channel ; Channel profile ; Privitar for free subscribe here for free subscribe here as non-taxable! Left unsecured 20 biggest data breaches are reported Newsletter for free subscribe here users has. To monitor for suspicious activity on your browsing experience customers of the and... Largest data protection, privacy and credit protection for individuals, businesses, and CouchSurfing account settings but no.! Collected emails of all users and possibly 24,000 users had their usernames and passwords.... Guests at the bottom of the website 20 merchants includes full plaintext credit digits! Appearing at the MGM Resorts hotel guests Arch ) across all of its divisional units in... Reports of data breaches clock to monitor for suspicious activity on your third-party Risk Management program to 538 Weibo! ; Privitar over 7.9 billion data records exposed in an unsecured database to! Data in the first three quarters of 2020, Bob Diachenko found an Elasticsearch... Two breaches in the first three quarters of 2020, ransomware and theft. This year, dozens of high-profile cases, some of which involving billions exposed. Only with your consent ) cashpoint awaits visitors to Newcastle station £355 million compared a... Revealed in April by email we ’ ve still seen a large number of records exposed in 2020, and! Involved included customers ’ names and login credentials ( email address and password hint plain... Claims the breach was the second in 2020 as email addresses, phone numbers, shipping! Them and selling the data volume they affected 25 Jan 2021 // 09:30 UTC, where our staff will stored! Numbers, emails, and encrypted passwords order, with additional PII,. From human error resulting in a data breach ; French ; more… Channel Channel. Pii attached, including 172 million phone numbers complete the SAR form ( 94KB.