Technology has forever changed the way businesses operate, mostly for the better. While technology enables innovation and convenience, it also brings risks. Cybersecurity breaches made the headlines regularly last year, with cyberattacks becoming more sophisticated and costly than ever. According to a recent cyber report, 61% of firms were the victim of a cyberattack in the past year, compared to 41% the previous year, and the cost of an incident climbed from $229,000 to $369,000. To understand the true impact, we’re breaking down the four biggest cybersecurity breaches of 2019.
First American mortgage records breach exposes 885 million records
First American Title Insurance Company, one of the country’s largest title insurance companies, suffered a breach in May 2019. Personal and financial records that included bank account numbers, Social Security numbers, driver’s license images, and tax information were available for anyone to find with an internet connection. In all, over 885 million records were exposed in the breach.
The data that was available was a goldmine for fraudsters, especially those that focus on wire transfers. In August, the U.S. Securities and Exchange Commission began an investigation into the leak. This wasn’t a breach brought on by a cyberattack, rather it appears to be the fault of the company, which did not have adequate procedures or policies in place to protect sensitive data.
U.S. Customs and Border Protection suffers hack via a third-party
In May 2019, a contractor of the U.S. Customs and Border Protection (CBP) was the target of a hack. Cybercriminals were able to steal traveler photos and license plate images of over 100,000 people. The contractor, Perceptics, additionally lost information relating to its surveillance hardware.
The CBP did acknowledge the breach to The Washington Post, noting they had not been breached, but their contractor had and that contractor was in possession of sensitive data. This data then appeared shortly after on the dark web. This is another example of third-party partners being the weak link and a reminder that any company with which you share data must have the capacity to keep it secure.
Healthcare collection agency breach impacts 20 million patients
Healthcare data has always been attractive to cybercriminals, and the industry itself is usually one of the most targeted. In March 2019, a massive hack occurred involving healthcare collection firm American Medical Collection Agency. An unauthorized user gained access to the company’s system, which included personal information of patients of LabCorp and Quest Diagnostics.
In total, 20 million patients were affected with names, dates of birth, phone numbers, addresses, and medical services data being exposed. As a result of the breach, the American Medical’s parent company filed bankruptcy.
Capital One’s cloud is hacked by software engineer
In one of the largest breaches ever, a former Amazon Web Services (AWS) engineer accessed Capital One customer data, impacting over 100 million individuals. The majority of the data related to credit card applications, which contained critical personal data. However, credit card and Social Security numbers were not exposed.
The hacker was able to access the bank’s AWS cloud but was quick to say this wasn’t a cloud issue, as an on-premise server would be just as susceptible. The cybercriminal was quickly arrested after exposing her own hack. At the time of the announcement, Capital One stated they estimated the total cost of the breach to be $150 million.A strong and robust cybersecurity plan is necessary, no matter your industry or your size. Keeping data safe and secure while ensuring your networks aren’t compromised should always be a priority for your business.