January 2, 2019: Blur announced a data breach after an unsecured server exposed a file containing 2.4 million usernames, email addresses, password hints, IP addresses and encrypted passwords. The password management company urged their users to change their Blur login credentials and enable two-factor authentication.
January 10, 2019: New York-based manufacturer, OXO was hacked in two separate incidents over the past two years, exposing customer information entered on their website. The company discovered unauthorized code on its site which captured customer names, billing and shipping addresses and credit card information.
February 1, 2019: Popular home improvement startup Houzz announced a data breach affecting users of the platform. In a statement, the company said that information such as names, city, state, country, profile description, username and hashed passwords were taken by an unauthorized third party.
February 4, 2019: Patients of North Carolina-based Catawba Valley Medical Center have had their names, birth dates, Social Security numbers and Personal Health Information (PHI) exposed in a cyberattack. Three employee email accounts were hacked in a phishing scam between July and August 2018. An estimated 20,000 patients have been impacted.
February 15, 2019: The accounts of 14.8 million users of 500px have been hacked, revealing full names, usernames, email addresses, birth dates, locations and gender. The photo-sharing website has notified its users and is forcing a password reset.
February 20, 2019: Patients of Florida-based Advent Health Medical Group are being notified of a 16-month long data breach. Approximately 42,000 individuals had their sensitive personal and health information exposed, including medical histories, insurance information, Social Security numbers, names, phone numbers and addresses.
March 1, 2019: A database containing 2,418,862 identity records on government officials and politicians from every country in the world was leaked online from a Dow Jones watchlist. The watchlist is compiled from publicly available information on prominent individuals who have the ability to embezzle money, accept bribes or launder funds.
March 4, 2019: About 45,000 patients of Chicago-based Rush health system were exposed in a data breach. Names, addresses, birthdays, Social Security numbers and health insurance information were compromised after an employee disclosed billing documents to an unauthorized third party.
April 8, 2019: An estimated 12,000 patients of Springfield, MA-based hospital, Baystate Health had their information exposed after a phishing attack compromised the email accounts of several employees. Patient names, dates of birth, health information, and some Medicare and Social Security numbers were involved in this healthcare data breach.
April 22, 2019: The largest online retailer of fitness supplements, Bodybuilding.com announced a data breach that potentially impacted its 7 million registered users. The company has since forced a password reset and notified its customers. The information that could have been stolen by hackers includes names, email addresses, billing/shipping addresses, phone numbers, order history, birth date and information included in BodySpace profiles.
April 29, 2019: Users have been notified of a Docker Hub data breach after hackers exposed the information of 190,000 account holders. The company offers cloud-based services to application developers and programmers. Information stolen in the breach includes usernames, hashed passwords, Github and Bitbucket tokens.
April 29, 2019: Up to 65% of U.S. households have had their information exposed by an unsecured database housed on a Microsoft cloud server. While the owner of the data is unknown, over 80 million households have had their names, addresses, geographic location, age, dates of birth and other demographic information compromised. VPNMentor, whose research team discovered the breach, is asking for help in identifying who the database belongs to.
May 1, 2019: Job recruitment site Ladders exposed the data of 13.7 million users through an unsecured database that was left open without a password requirement. Consumers who used the site for job hunting had their names, email addresses, employment history and salary figures exposed. Many users had their resume details included, work authorizations and even security clearance status. The unsecured database also contained the information of nearly 380,000 recruiters.
May 9, 2019: A data breach of Freedom Mobile has affected an estimated 1.5 million customers after a database of information was found unprotected on an Elasticsearch server. The Canada-based telecommunications company exposed customer names, email addresses, phone numbers, physical addresses, dates of birth, account numbers and credit card information.
May 20, 2019: More than 49 million Instagram influencers, celebrities and brands have had their private contact information exposed after an India-based social media marketing company left the data unprotected on an Amazon Web Services database. TechCrunch reported that the bio, profile photo, location, verification status, email address and phone number of high-profile accounts were exposed.
May 29, 2019: Flipboard announced it was hacked after an unauthorized third party accessed databases containing user information. Names, usernames, email addresses and encrypted passwords are among the data that could have been stolen. Flipboard has 150 million monthly users.
July 1, 2019: The database of smart home IOT devices, Orvibo, exposed the personal information of over 2 billion customers. Impacted information includes email addresses, passwords, account reset codes, precise geolocation, IP address, username, user ID, family name, family ID, smart device, devices that accessed account and scheduling information.
August 5, 2019: The online marketplace, Poshmark, announced in a blog post that a hacker gained access to the names, usernames, genders, city data, email addresses, size preferences and scrambled passwords of its users. Poshmark has over 50 million users but has not confirmed how many were affected by the breach.
August 15, 2019: A database containing 700,000 guest records of the hotel franchise, Choice Hotels, was found exposed and left with a ransom note. The hackers requested 0.4 Bitcoin, approximately $4,000, to stop further exposure of the stolen information, including names, addresses, and phone numbers.
August 16, 2019: Security researchers and the VPNMentor team uncovered a data breach containing the fingerprint data of 1 million individuals along with the facial recognition information, and unencrypted usernames and passwords of 27.8 million individuals. The exposed database belongs to BioStar 2, a biometric security platform used by organizations worldwide.
August 28, 2019: The web hosting company, Hostinger, sent out password reset emails to 14 million clients whose information was hacked through an API server. The company is urging its clients to update their passwords after first names, usernames, email addresses, IP addresses and hashed passwords were exposed in the data breach.
August 30, 2019: Over 328,000 users of Foxit, a PDF Reader software company, were sent a password reset email after they discovered a hacked had access to names, email addresses, passwords, phone numbers, company names and IP addresses.
September 16, 2019: The personal information of 198 million prospective car buyers was left exposed in an unsecured database belonging to Dealer Leader, a digital marketing company for car dealerships. The information exposed included names, email addresses, phone numbers, home addresses and IP addresses.
September 12, 2019: Players of the popular games Draw Something, Words With Friends, and Farmville have been notified by mobile game maker Zynga that their system was breached and user data was accessed illegally. The hacker claiming responsibility says he accessed a database that included data from 218 million Android and iOS players, including names, email addresses, login IDs, hashed passwords, phone numbers, Facebook IDs and Zynga account IDs. The number of users impacted has not been confirmed by Zynga.
October 21, 2019: The cybersecurity team at vpnMentor discovered an open database belonging to Autoclerk, a hotel property management system, impacting the information of hundreds of thousands of individuals, including those belonging to U.S. government and military personnel. The records exposed include names, dates of birth, home addresses, phone numbers, dates and travel costs, check-in times, room numbers and masked credit card details.
October 26, 2019: The account information of over 7.5 million users of Adobe Creative Cloud was exposed due to an unprotected online database, including email addresses, usernames, location, Adobe products, account creation dates, dates of last login, subscriptions and payment status.
November 22, 2019: Security researchers discovered an unsecured server containing four billion records on over 1.2 billion individuals. These records include over 1 billion personal email addresses, over 420 LinkedIn URLs, over 1 billion Facebook URLs and over 400 million phone numbers with more than 200 million U.S.-based valid cell phone numbers. While the data comes from two data aggregators and enrichment companies, the owner of the server and database remains unknown.
December 4, 2019: A database belonging to American communications company, TrueDialog, exposed tens of millions of SMS text messages as well as the personal information of more than 1 billion subscribers. Impacted information includes names of recipients, account holders and users, email addresses, phone numbers of recipients and users, content of messages, dates and times messages were sent, message status and account details. 2b1af7f3a8