June 11, 2021: The personal and shipping information of over 410,000 customers of the baby clothing retailer, Carters, were exposed due to a third-party data breach with the companys online purchases software. TJX claimed that the names and addresses associated with each stolen card number were not exposed in the breach. There were 4,145 publicly disclosed breaches that exposed over 22 billion records in 2021, approximately 5% fewer than in 2020. MGM Grand assures that no financial or password data was exposed in the breach. February 26, 2021: An undisclosed number of T-Mobile customers were affected by SIM swap attacks, or SIM hijacking, where scammers take control of and switch phone numbers over to a SIM card they own using social engineering. The company states that 276 customers were impacted and notified of the security incident. Cybercriminals are also focusing their time on other lucrative cyberattacks, such as ransomware, credential stuffing, malware and Virtual Private Network (VPN) exploitation. This breach could have been avoided if Slickwraps listened to the warnings of a white hat hacker highlighting the companys terrible cybersecurity. that 567,000 card numbers could have been compromised. Mailchimp fell victim to a data breach after cybercriminals gained access to a tool used by internal customer support and account administration teams following a successful social engineering attack. Wayfair is responsible for about 1.5% of e-commerce sales in the United States, making it the tenth largest e-commerce retailer in the country. Instead, their objective was to call a mass disruption to punch Twitch for fostering a toxic community of users. Each of the data breaches reveals the mistakes that lead to the exposure of up to millions of personal data records . Cybercriminals are also focusing their time on other lucrative cyberattacks, such as ransomware, credential stuffing, malware and Virtual Private . The average cost of a data breach rose to $3.86M. Penetration was achieved by the hacker posing as a private investigator from Singapore and convincing staff to relinquish access to the internal database. The personal information in the databases included customer names, addresses, phone numbers, birth dates, Shoppers Club numbers, email addresses and hashed passwords to Wegmans.com accounts. This figure had increased by 37 . 1. Data breaches are on the rise for all kinds of businesses, including retailers. In a statement online, the company said that it didn't believe that other payments made in its grocery stores, drugstores, or convenience stores had been impacted. Learn about the latest issues in cyber security and how they affect you. This exposure impacted 92% of the total LinkedIn user base of 756 million users. The breach allowed access to private information of Aadhaar holders, exposing their names, their unique 12-digit identity numbers, and their bank details. UpGuard named in Gartner 2022 Market Guide for IT VRM Solutions, Take a tour of UpGuard to learn more about our features and services. An investigation revealed that users' passwords in clear text, payment card data and bank information were not stolen. 3 As North Carolinians battled the health and economic effects of the COVID-19 pandemic in 2020, hackers and fraudsters looked to take advantage. The issue was fixed in November for orders going forward. The breach occurred in October 2017, but wasn't disclosed until June 2018. In late 2016, Uber learned that two hackers were able to access the names, email addresses, and mobile phone numbers of 57 million users of the Uber app. The breach occurred through Mailfires unsecured Elasticsearch server. Hackers initially canvassed dark web databases of previously compromised login credentials dating back to 2013. Mens clothing store Bonobos suffered a data breach in 2021 after a cybercriminal compromised its backup server containing customer data. If your business isn't concerned about cybersecurity, it's only a matter of time before you're an attack victim. The exact impact of the incidents hasnt been confirmed, but given its depth of compromise, it has the potential of impacting all of Twitchs users.125GB of sensitive data was posted via a torrent link on the anonymous forum 4chan. The data breach was discovered by the impacted websites on October 15. has been cause for concern in the recent past, Read more about this Facebook data breach here, biggest data breaches in the financial services sector, personally identifiable information (PII), biggest data breaches of all time in the education industry, Los Angeles Unified School District (LAUSD), was told of potential vulnerabilities in their systems, Joe Biden's Cybersecurity Executive Order, biggest breach in the nations security history. The passwords were stored with an encryption, however, which would need to be unencrypted before they could be used. "We are aware of a data security incident involving a small number of our customers on Macys.com," a representative from Macy's said in a statement to Business Insider on Tuesday. Hudson's Bay also owns Lord & Taylor, and those stores were also affected by the breach. The second hacker actually breached Slickwrapss abysmal defences and announced their cybersecurity complacency in an email to over 370,000 of its customers. However, while the AWS bucket remained misconfigured, cybercriminals may have clandestinely exfiltrated the exposed data. The data accessed consists of 2.3 millions data points which could be reverse engineered to recreate each original fingerprint. Though Twitch admitted in its statement that a subset of creator payout data was also accessed, the company assures that credit card number and bank information was not compromised. Subscribe to our Newsletter for Identity Theft Updates: personally identifiable information (PII), 1.9 million user records belonging to Pixlr, attack on retail employees of U.S. Cellular, T-Mobile customers were affected by SIM swap attacks, security flaws in Microsoft Exchange Server email software, personal data of 533 million Facebook users, 1.3 million scraped Clubhouse userrecords, 21 million customer records belonging to ParkMobile, over 100 hospitals and healthcare organizations, 4.6 million Neiman Marcus customers online accounts, unsecured database that contained over82 million records. Auth0's anomaly detection tool tracks breaches and maintains a database of compromised credentials. Hudson's Bay, the parent company of Saks Fifth Ave, confirmed in April 2018that a data breach compromised payment systems and therefore customers' credit and debit cards. Overview and forecasts on trending topics, Industry and market insights and forecasts, Key figures and rankings about companies and products, Consumer and brand insights and preferences in various industries, Detailed information about political and social topics, All key figures about countries and regions, Market forecast and expert KPIs for 600+ segments in 150+ countries, Insights on consumer attitudes and behavior worldwide, Business information on 60m+ public and private companies, Detailed information for 35,000+ online stores and marketplaces. Marriott believes that financial information such as credit and debit card numbers, and expiration dates of more than 100 million customers were stolen, although the company is uncertain whether the attackers were able to decrypt the credit card numbers. Attackers used a small set of employee credentials to access this trove of user data. The following categories of data were accessed, amounting to the 12.3 million total: This database was not connected to Bonobos private data, which was siloed for protection. Mimecast is a cloud-based email management service that provides email security services for Microsoft 365 accounts. Key Points. Macy's customers are also at risk for an even older hack. The data consisted of 1.1 terabytes of voter Personal Identifiable Information (PII) including names, addresses and birthdates. In June 2013, a data breach allegedly originating from social website Badoo was found to be circulated. April 3, 2021: The personal data of 533 million Facebook users from 106 countries has been posted online for free in a low-level hacking forum. March 4, 2021: The global IT company, SITA, which supports 90% of the worlds airlines confirmed it fell victim to a cyberattack, exposing the personally identifiable information (PII) belonging to an undisclosed number of airline passengers. Some Planet Hollywood restaurants were also impacted by the breach that hit parent company Earl Enterprises. There was no evidence discovered that anonymously posted questions and answers were affected by the breach. The 70TB of leaked information includes 99.9% of posts, messages, and video data containing EXIF data metadata of date, time and location. Get in touch with us. 300,000 Nintendo accounts were compromised and used to make unsolicited digital purchases. May 14, 2021: A cyberattack targeting the law offices of Bailey & Galyen exposed the personal information of an undisclosed number of clients and employees. In July 2018, Apollo left a database containing billions of data points publicly exposed. The database was not password protected and allowed access to information including names, emails, phone numbers and dates contacted. Yahoo believed that a "state-sponsored actor" was behind this initial cyberattack in 2014. The database contained names, job titles, email addresses, work email addresses, home device IP address, home address, work address, personal phone number, work phone number and employer. On August 14, grocery chain Hy-Vee announced that it has launched an investigation to look into unauthorized transactions made at some of its fuel pumps, drive-thru coffee shops, and restaurants. According to the 2021 Year End Report: Data Breach QuickView, by Risk Based Security and Flashpoint, additional incidents continue to surface.It is typical for the number of breaches disclosed for a given year to subsequently increase by 5% to 10% as the data matures. As we hinted at above, exposed and open databases cause sleepless nights in IT offices the world over. Wayfairs average order value is one of the few metrics to increase from 2020 to 2021, rising 20% to $269. Revenues increased by 54 percent in 2020 and usage by 46 percent, higher than the two years preceding it. If true, this would be the largest known breach of personal data conducted by a nation-state. A really bad year. The 1,644 data breaches reported in 2020 marked 434 more reported breaches than 2019, the largest year-to-year increase on record. At least 19 consumer companies reported data breaches since January 2018. Wayfair.co.uk received 15.6 million and Wayfair.ca 11.5 million. Besides finger print data points, 81.5 million records were accessed, consisting of email addresses, employee telephone numbers and administrator login information. Macy's did not confirm exactly how many people were impacted. The leaked details of more than 2.28 million users registered included names, email addresses, location details, dating preferences, marital status, birth dates, IP addresses, Bcrypt-hashed account passwords, Facebook user IDs and Facebook authentication tokens. This database was leaked on the dark web for free in April 2021, adding a new wave of criminal exposure to the data originally exfiltrated in 2019. Even if hashed, they could still be unencrypted with sophisticated brute force methods. When clicked, this link directed users to a malicious website almost indistinguishable from Trezors website.