The Biggest Data Breaches of 2020 | Are you compromised?

Last month, EasyJet was subject to a massive cyberattack which exposed the personal details of over 9,000,000 customers.

 

The news was a bitter blow for the company, which had already suffered at the hands of the COVID-19 outbreak. 

 

The attack made national news, however a number of other substantial data breaches have already been reported this year, impacting some of the biggest businesses in the world as well as millions of their customers. 

 

But why does this keep happening? Data protection is becoming ever more paramount as the digital universe expands, so it would be fair to assume that businesses would take more precautions than ever to protect their customers, who are increasingly aware of the value of data and digital autonomy.

 

The introduction of GDPR (General Data Data Regulation) in 2018 has improved the safety and security of people’s information online, as huge fines are now regularly dished out for rule-breakers, however, that has not prevented hundreds of millions of records being exposed online. 

 

Before you delve into the biggest data breaches of 2020, you can immediately find out if your personal information has been exposed in a breach or hack. 

 

Simply CLICK HERE and enter your email address. You’ll be notified of where and when your information was exposed.

 

If your data has been exposed, it would be a good idea to change your password and enable two-factor authentication where ever possible. 

 

If you’re a business owner, enabling this function across your website would also be advised. If you would like support in doing this, our team can be contacted on the form at the bottom of the page.

 

 

Estee Lauder 

 

 

Cosmetics brand Estee Lauder inadvertently exposed nearly 440 million records online including; email addresses, internal marketing reports, confidential documents and private messages between the company’s staff.

 

A specific database was completely unprotected and accessible to anybody with an internet connection. 

 

The Institute for Cyber Security has pointed out that Estee Lauder may be investigated under a GDPR ruling, which could be disastrous for the company as a fine of 4% of annual profits is possible. 

 

With an annual profit of £14.86 billion in 2019, the company may have to cough up almost £600 million….

 

The company has said that no malicious bodies were recorded to have accessed the data, however, due to the fact that researcher Jeremiah Fowler was the one who discovered the breach and reported the opening without detection, it’s unlikely Estee Lauder can be trusted on that point.

 

 

Microsoft 

 

 

If one of the biggest tech businesses on the planet suffers from a massive data breach, is anyone really safe?

 

That’s the overriding sense when analysing the scale of the data exposure at Microsoft, which had almost 250,000,000 records openly available online.

 

Due to an internal change which was made to the network security protecting a database, records were actually exposed. 

 

Specifically, messages between support staff from Microsoft and its customers were on display, messages which contained confidential information.

 

Microsoft said: “Misconfigurations are unfortunately a common error across the industry. We have solutions to help prevent this kind of mistake, but unfortunately, they were not enabled for this database. As we’ve learned, it is good to periodically review your own configurations and ensure you are taking advantage of all protections available.”

 

It’s certainly an embarrassing episode for Microsoft, who are clearly trying to downplay the error in their statement.

 

 

Whisper 

 

 

As far as the internet goes, it would be fair to say that people appreciate their privacy when they’re sharing and indulging in their most private and secretive interests…

 

So when Whisper, an app which allows its users to anonymously share their secrets, hidden desires and fantasies, was found to have a freely accessible database containing almost 900 billion records online, it spelt bad news for all involved.

 

The database directly linked specific uses with the content they shared. Not ideal.

 

A major concern for users has been that blackmailing could take place, as places of employment were also openly available on the exposed network. Furthermore, the platform allowed any user over the age of 13 to sign up, further complicating the matter.

 

 

EasyJet

 

 

Unlike the cases above, the EasyJet breach which happened in early May 2020 was caused by a ‘highly sophisticated’ cyber-attack on the business. 

 

Through no fault of its own, the private information of 9 million EasyJet customers was stolen, with 2,208 people having their credit card information taken.

 

The data breach is one of the largest to have ever taken place in the UK and opens up the possibility of EasyJet having to pay a significant fine. 

 

Once more, the authorities are worried that the personal data could be used my cyber-criminals in phishing schemes or other digital scams. 

 

How do I protect the data my business holds?

 

Having a robust data protection system in place is no longer a ‘nice to have’. If haven’t already appointed a member of your staff as the ‘Data Protection Officer’, now is the time. 

 

The danger of having your data exposed is clear and present, so it is vital that you understand how to protect yourself and your business online. 

 

---

George Brown