toggle accessibility mode
data breach statistics

Top Data Breaches of 2020: Ransomware on The Rise

By John DiGiacomo

We periodically update this post with recent data breach statistics. Now that we’re into 2021, it’s time to look at the top security breaches, hacking statistics, and cybersecurity statistics of 2020, 2019, 2018, plus review 2017 and previous years.

At Revision Legal, we know that cyber-attacks are a constant threat. The number of data breaches is large and the amount of customers affected is staggering. Data breaches are bad for business and can be even worse for customers. According to Cybersecurity Ventures, data breaches and other cyber crimes are projected to reach $6 trillion in 2021.


2021 Data Breach Statistics: As the pandemic winds down (hopefully), will we see fewer cyberattacks and data breaches?

It’s still early in 2021, so data breach statistics are only for a couple of months so far. But it looks like we may be on pace to shatter hacking numbers. A new record for data breaches was set in February, see the Hacking Hall of Fame statistics below. What do we know now?

Cyber Crime continues to be the biggest motivation for committing data breaches. 90% in January and 85.2% in February. Healthcare organizations jump to the main target in February (12.1%), while attacks against multiple targets plummets to 11.3% in February, down from 23.1% in January.

Hacking Hall of Fame

January 2021: 160 Cyberattacks

Winner: The Hospital Group data security breach, ransomware attack threatens to publish “before” and “after” pictures of clients.

Hackers stole confidential records, including patient photos, from a UK cosmetic surgery chain ‘The Hospital Group’, and threatens to publish its patient’s ‘before and after’ photos. The UK cosmetic surgery firm, which has a long history of celebrity endorsements, confirmed it was the victim of a ransomware attack, and that it had informed the UK’s Information Commissioner’s Office about their loss of personal data. More here.

February 2021: 240 Cyberattacks

New Record – caused primarily by the constantly growing number of ransomware attacks.

Winner: Iranian chat app loses data from 267 million users in cyberattack.

Raychat, founded in 2017, has tried to make a name for itself as a business and social messaging app.  The Iranian company recently suffered a large data security breach in which millions of its user records were exposed to the internet and then destroyed by a cyberattack involving a bot.

The disruption appears to be part of an ongoing trend in which hackers surf the web looking for exposed or insecure databases, then pounce on them to steal or destroy the data. More here.


Contact Revision Legal

Cyber security breaches are a real threat, whether it is to your business, the institution that you work for, or to your own personal computer system and devices. If you are hacked, or information that is entrusted to you potentially accessed in a data security breach, you must act quickly to understand your rights and obligations concerning notification of potential victims. You should retain the assistance of an experienced cyber security attorney like the professionals at Revision Legal. Contact us today using the form on this page or by calling us at 855-473-8474.


2020 Data Breach Statistics: Will it be another record year? Hacking numbers on the rise. Will the global pandemic play a role?

Not only did we experience a global pandemic in 2020, we experienced a total of 2,299 cyberattacks (hackmageddon), and a few months with the total number of cyberattacks over 200. Data breach statistics seem to be getting worse for companies, and especially hospitals.

With 75% of the world’s population expected to be on the web by 2022  (51% of the global population was online in 2018), and 100 times more data on the web by 2022, the opportunities for cyber crimes continues to increase. The Congressional Research Service estimates that in 2020 the Dark or Deep Web is 5000 times larger than the surface web. See more here.

Motivations for data breaches:

  • Cyber Crime continues to be the largest motivation for data breaches at 85.17% (up from 2019).
  • Cyber Espionage comes in a distant second at 9.94% (down from 2019).
  • Hacktivism accounts for 2.34% of all cyberattacks (down from 2019).
  • Cyber Warfare accounts for 1.83% of all cyberattacks (up slightly form 2019).

Target Distribution of data breaches:

  • Multiple Industries: 19.5% (Up from 2019).
  • Individuals: 12.2% (down 9% from 2019).
  • Public Administration, Defense, Social Security: 11.8% (down from 2019).
  • Human Health, Social Work: 9.6% (up only 0.1% form 2019).
  • Education: 7.8% (up 0.7% from 2019).
  • Financial & Insurance: 6.2% (up 0.1% form 2019).
  • Professional, Scientific, Technical: 6.2% (up form 2019).
  • Manufacturing: 4.2% (not categorized in 2019).
  • Wholesale, Retail, Trade: 3.8% (up almost 1% form 2019).
  • Arts, Entertainment, Recreation: 3.3% (up 0.1% from 2019).
  • Other: 15.4% (up from 2019).

While the motivation of cyberattacks and hackers seems to be fairly unchanged, the hacking targets have had a noticeable shift. Industry was a bigger target in 2020, and individuals slipped 9% into second place. Was this a result of the pandemic? Perhaps individuals were perceived to be a poor target in a financial crisis. Data breach statistics from Hackmageddon. Perhaps what gives us pause is the dramatic increase in attacks on industry.


Hacking Hall of Fame

January 2020: 151 Cyberattacks

Winner: Wawa’s card breach of 31 million users becomes BIGBABABOOM-III on the dark web.

A US East Coast convenience store chain, Wawa, was the target of hackers. The information for 30 million Americans and over 1 million foreigners was up for sale on Joker’s Stash after the data security breach. Joker’s Stash referred to the data as the BIGBADABOOM-III.

It appears that hackers place malware onto the company’s point of sale systems, and was able to harvest customer data for months without being detected. This is one of the biggest card data breaches known to date. Read more here.

February 2020: 186 Cyberattacks

Winner: Estée Lauder exposes 440 million records on server without proper protection.

The New York based cosmetics company left a database of 440 million records subject to a data security breach. While the company maintains that the security breach did not contain customer data, it did contain audit logs. The audit logs contain a large number of email addresses. Other internal documents, including production data, CMS, error logs were all subject to the data breach. More here.

Honorable Mention: Software error accidentally exposes tax information of a fifth of Danish citizens.

A software error in Denmark’s government tax portal left 1.2 million Danish citizens personal identification (CPR) numbers exposed for 5 years.

Government officials said the portal contained a software bug that every time a user updated account details in the self-service portal where Danish citizens go to file and pay taxes online, their CPR number would be added to the URL.

March 2020: 179 Cyberattacks

Winner: Marriott’s loyalty app users exposed to a data security breach – 5.2 million users.

A hacker was able to use the login information of two employees to access the data of over 5.2 million users in a data security breach of the company’s loyalty app,  Marriott Bonvoy. Customer data such as contact details, loyalty account information, personal details, and other linked loyalty programs were all exposed in this security breach.

Marriott did not believe account passwords, PINs, payment card information, passport information, and driver’s license numbers were accessed in the security breach. More here.

April 2020: 189 Cyberattacks

Winner: NN (No Name) Hacking Group asks for “a little bounty” in data security breach of Email.it, an Italian email service provider.

The NN Hacking Group claims the intrusion took place two years previous and they subsequently extorted Email.it, with an explanation on their website, “We took any possible sensitive data from their server and after we choosen (sic) to give them a chance to patch their holes asking for a little bounty. They refused to talk with us and continued to trick their users/customers. They didn’t contacted their users/customers after breaches!”

Email.it declined to pay, but notified the Italian Postal Police. NN now has the databases containing information of more than 600,000 users for sale on the dark web. More here.

May 2020: 184 Cyberattacks

Winner: 44 million Pakistani mobile user data leaked online. 

According to an analysis by ZDNEt, the information form the hackers of a data security breach contains names, addresses, mobile numbers, national identification (CNIC) numbers and more. It also appears the the original data security breach took place back in 2013.

The hackers are also trying to sell another package they say contains 115 million records. More here.

Honorable Mention: Data security breach at Mitsubishi potentially leaks prototype missile data.

Japanese company Mitsubishi , along with Japanese authorities launched an investigation into possible exposure of confidential missile data. The country is in the midst of analyzing how this security breach could impact national security.

Chinese cyberespionage group known at Bronze Butler (or Tick) has been implicated in this cyberattack. Potentially included in the theft are records of approximately 8,000 employees. More here.

June 2020: 187 Cyberattacks

Winner: Ransomware attack on the University of California SF, costs the university $1.14 million to salvage COVID-19 research data.

A ransomware infection on UCSF School of Medicine’s servers caused administrators to quickly move to isolate the infection to a few servers, and keep it from infecting core systems. Netwalker is said to be responsible for the attack and the original ransom of $3 million. In return for payment the hackers agreed to give the university a decryption tool and delete stolen data.

While it is never recommended to negotiate with extortionists, the university made the decision to pay part of the ransom as some of the information stolen in the data security breach is “important to some of the academic work we pursue as a university serving the public good.” More here.

July 2020: 184 Cyberattacks

Winner: Microsoft finally issues patch for a 17-year-old vulnerability in its Microsoft Windows Server software.

Researchers have warned organizations for 17 years to patch their Microsoft Windows Server builds to protect their networks against a critical wormable vulnerability.

A cybersecurity team Dubbed “SigRed,” says the vulnerability is of particular importance to the enterprise as it is wormable — or self-propagating — and as such, is able to jump across vulnerable machines without any user interaction, potentially compromising an entire organization’s network of PCs in the process. More here.

August 2020: 197 Cyberattacks

Winner: Ransomware gang, Maze, strikes Canon, LG, and Xerox.

Within one month Maze was able to allegedly steal 10 TB of data, and private databases from Canon. If a victim does not pay the ransom, Maze will publicly distribute the victim’s stolen files on a data leak site that they have created. More on Canon’s data security breach here.

Maze also stole data from LG (50.2 GB of data) and Xerox (25.8 GB of data). Both LG and Xerox refused to pay the ransom and it now appears their internal information from this data security breach is now for sale, or publicly published on the Maze’s site. More here.

September 2020: 201 Cyberattacks (New Record)

Winner: First-ever reported human death due to ransomware attack.

Duesseldorf University Hospital was in the midst of a ransomware attack when it re-routed a patient needed critical care to a hospital 30 km away. She died in transit. German police are investigating to determine if the ransomware attack which caused the hospital downtime is directly responsible for the patient’s death. If it is, then murder charges will be filed, the ransomware gang withdrew its ransom demand.

Honorable Mention: Nevada school district refuses to bow to ransom demands, student data published online by hacker.

A hacker has published private data belonging to thousands of Nevada students following a failed attempt to extort a ransomware payment from a school district. It may not be a valid legal expense, but for some, paying a ransom is now considered a new cost of doing business. More here.

October 2020: 223 Cyberattacks (New Record, again)

Winner: The largest DDoS attack ever recored at 2.54 Tbps was mitigated by Google

The Google Threat Analysis Group (TAG) reported that the large attack came from China in a state-sponsored attack, back in September 2017. Damian Menscher, a Security Reliability Engineer for Google Cloud, said the 2.54 Tbps peak was “the culmination of a six-month campaign” that utilized multiple methods of attacks to hammer Google’s server infrastructure. “This demonstrates the volumes a well-resourced attacker can achieve: This was four times larger than the record-breaking 623 Gbps attack from the Mirai botnet a year earlier [in 2016].” More here.

November 2020: 196 Cyberattacks

Winner: Russian hacker jailed for scraping $100 million from bank accounts.

Aleksandr Brovko was jailed for 8 years for participating in a botnet scheme to uncover PII and account credentials from data dumps. His efforts according to the Department of justice netted him over $100 million. Brovko would access accounts (sometimes manually) to see if the account was “worthwhile.” If so, bank accounts would be drained of funds or pillaged by other hackers. More here.

December 2020: 222 Cyberattacks

Winner: Rogue employee at a South African bank, Absa, implicated in data security breach.

Absa has notified customers of a data security breach potentially compromising their personal information. The Johannesburg, South Africa-based financial services group, has pointed the finger at an employee for the security breach incident. The bank confirmed that the data security breach exposed contact details, physical addresses, account numbers, and identity numbers of customers.

“We regret to notify you that Absa has identified an isolated internal data leak whereby personal information of a limited number of Absa customers was shared with parties external to the bank,” Absa told clients. More here.


2019 Data Breach Statistics: A record year for cyberattacks, hacking numbers hit an all time high

The data breach statistics get worse for 2019. The total number of breaches in 2019 was 1,784 (hackmageddon stats) which is up from 1,257 in 2018. With hacking kits costing about $1.00, and more cities becoming “smart cities,” the expansion of the dark web to 19 billion sites and counting, cyber threats and data breaches have never been higher. In cybersecurity statistics, CISCO reported they blocked 7 trillion threats in 2019, that comes out to about 2 billion threats blocked per day. See more here.

Motivations for data breaches:

  • Cyber Crime continues to be the largest motivation for data breaches at 83.96% of all events in 2019.
  • Cyber Espionage comes in a distant second at 11.21% of all cyberattacks in 2019.
  • Hacktivism accounts for 3.05% of all cyberattacks.
  • Cyber Warfare accounts for 1.55% of all cyberattacks.

Target Distribution of data breaches:

  • Individuals: 21%
  • Multiple Industries: 16%
  • Public Administration, Defense, Social Security: 12.7%
  • Human Health, Social Work: 9.5%
  • Education: 7.1%
  • Financial & Insurance: 6.1%
  • Professional, Scientific, Technical: 4.7%
  • Information & Communication: 3.4%
  • Arts, Entertainment, Recreation: 3.1%
  • Wholesale, Retail, Trade: 2.6%
  • Other: 13.8%

Interestingly according to the 2019 data breach statistics from Hackmageddon, individuals are the largest target for hackers, with the motivation being cyber crime.


Hacking Hall of Fame

January 2019: 126 Cyberattacks

Winner: Town of Salem-BlankMediaGames (BMG) – data breach of 7.6 million users

In a blog post by BlankMediaGames, it admitted that a hacker had breached the game and was able to steal information, such as passwords, username, IP addresses, and purchases, as well as other information from 7.6 million users.

The “multiple back doors” were secured after BMG was warned by an individual identified by the name DeHashed.

While many users had their personal data stolen from the site, credit card information and processing is done by a third party, so was not in danger of being accessed from the BMG site. See full report here.

Honorable Mention: Ministry of Health, Singapore

The Ministry of Health (MOH), reported that records of 14,200 individuals that were diagnosed with HIV up to 2013, and 2,400 of those patient’s contacts were stolen from the MOH.

After the data was stolen, it was leaked online seemingly by a U.S. citizen living in Singapore. The hacker’s partner was a Singaporean doctor.

Hospital data is a frequent target as it is highly valued. See more on this story here.


February 2019: 165 Cyberattacks

Winner: 617 Million accounts stolen from a data breach of 16 websites

16 Websites including, Dubsmash, MyFitnessPal, ShareThis, Armor Games, Whitepages, and more were hacked. User’s personal data, location, social media authentication has showed up for sale in the Dream Market on the dark web, for $20,000 in Bitcoin.

Sample account records from the stolen databases appears to be legitimate. More here.

Honorable Mention: UConn Health – 326,000 patients

Access to employee email accounts was compromised in which the hackers then gained access to roughly 326,000 patient records. The leak may have also included Social Security numbers of 1500 individuals.

“A malicious actor used a phishing attack to exploit the users of our email system,” spokesman Delker Vardilos said. “We do not know the identity of the individual or individuals who gained unauthorized access to our email system.”

More on this attack here.


March 2019: 141 Cyberattacks

Winner: Federal Emergency Management Agency (FEMA) – 2.3 million disaster victims PII lost in data breach

Surviving Hurricanes Harvey, Irma and Maria, and the California wildfires in 2017 was not enough for 2.3 million individuals that had their personal data, including addresses and bank account information stolen from the Federal Agency.

The breach supposedly happened through a third party contractor that FEMA officials allowed to access information that it should have not been able to access.

More on this story here.

Honorable Mention: Tornado sirens in Texas

A hacker gained access to the tornado sirens for DeSoto and Lancaster, two cities in Dallas County. Once the intrusion was detected, city officials had to take the sirens offline, but not before the hacker set the sirens off in the middle of the night in the two towns. A total of 40 sirens between the two towns went on and off for hours between 2:30 and 4:00 AM.

The sirens were offline for a day while officials worked through the fix. However, the sirens were offline a day before a potential major storm was to hit the area.

More on this story here.


April 2019: 155 Cyberattacks

Winner: Facebook – Data breach affects 540 million users

Two Amazon cloud servers that stored Facebook data are to blame for 540 million users account names, comments, likes, Facebook IDs, and more were hacked.

One server belonged to Cultura Colectiva, a Mexico-based online media platform. The data stolen for this server amounted to 146GB of data. The second server recorded data from a Facebook game called “At the Pool.”

More on this story here.

Honorable Mention: Indian government healthcare agency data breach of records – 12.5 million pregnant women

A leaky server is said to blame for allowing access to 12.5 million records of pregnant women. The records were finally removed after being exposed for three weeks. Patient records are said to date back to 2014, and include detailed information on women that underwent ultrasound scans, amniocentesis, and other genetic testing. The database belonged to Department of Medical, Health and Family Welfare of a state in northern India.

More here.


May 2019: 134 Cyberattacks

Winner: GitHub users experiencing ransomware attacks

At least 392 GitHub repositories had their source code and recent comments removed. The victims find a ransom note demanding payment of 0.1 Bitcoin. If payment is not made, the hacker claims they will release all the source code to the public.

While this is not an incredible amount of individual being affected, it is important to point out the rise in ransomeware attacks like this one. Some users that fell prey to this hacker admit to using weak passwords, as well.

More here.


June 2019: 147 Cyberattacks

Winner: Smartphones pre-loaded with malware backdoor in Germany.

Four low-end Android smartphones, were found to be preloaded with a malware backdoor software embedded in the phone’s firmware. Impacted models include the Doogee BL7000, the M-Horse Pure 1, the Keecoo P11, and the VKworld Mix Plus (malware present in the firmware, but inactive).

The German Federal Office for Information Security (or the Bundesamt für Sicherheit in der Informationstechnik — BSI) had issued security alerts to consumers warning them against buying any of the four phones. The BSI said the phones’ firmware contained a backdoor trojan named Andr/Xgen2-CY.

More here.

Honorable Mention: Medical Debt Collector forced to file for bankruptcy protection after data breach.

The American Medical Collection Agency (AMCA) was hacked last year starting in August 2018 through March 2019. The resulting hack resulted in the theft of information from corporate clients such as Quest Diagnostics, LabCorp, BioReference and others. This theft exposed the records of some 20 million US citizens.

The data lost included SSNs, addresses, dates of birth and payment information. The data was later discovered for sale in the underground web.

More here.


July 2019: 168 Cyberattacks

Winner: “Silence” Hackers attack banks in Asia, stealing millions.

“Silence” is a group of hackers that has previously successfully targeted banks in Europe. This time they’ve breached four targets in Asia, respectively in Bangladesh, India, Sri Lanka, and Kyrgyzstan. One bank, Dutch Bangla Bank Limited, a bank in Bangladesh, lost more than $3 million during several rounds of ATM cash out attack.

“Silence” has been active since 2016 and has historically targeted banks in Russia, former Soviet states, and Eastern Europe. More can be read about this attack, here.

Honorable Mention: Dominion National – Virginia-based insurer is hacked in a data breach that affects 2.9 million users

Dominion National, a Virginia-based insurer, health plan administrator, and administrator of dental and vision benefits, experienced a data security incident involving the personal information of customers. Hackers first gained access to its servers back in 2010, so this leak has been going on for 9 years.

In this attack, over 2.9 million users had their personal health information (PHI) exposed. Information like SSNs, email addresses, bank accounts and routing numbers, dates of birth, among other sensitive information. More here.

Special Mention: Facebook settles for $5 billion over Cambridge Analytica

FB and the FTC agreed to a record $5 billion settlement in relation to FB’s user privacy violations. The violations surround, the now defunct, Cambridge Analytica (CA). The FTC upon investigating the CA scandal, alleged that FB, repeatedly used “deceptive disclosures and settings to undermine users’ privacy preferences” in violation of its 2012 agreement with the FTC. The FTC also alleged that Facebook was inadequate in dealing with apps, like CA, that it knew were violating its own platform policies.

“These tactics allowed the company to share users’ personal information with third-party apps that were downloaded by the user’s Facebook ‘friends,'” the agency said. “The FTC alleges that many users were unaware that Facebook was sharing such information, and therefore did not take the steps needed to opt-out of sharing.”

More here.


August 2019: 160 Cyberattacks

Winner: Asurion – Nashville-based company victim of ransomware.

Asurion Insurance and Tech support company bowed to hacker demands and forked out $300,000 to an attacker who claimed he had stolen roughly 1TB of private information belonging to thousands of employees and over a million customers.

The hacker turned out to be a disgruntled, former employee. While the Asurion paid the ransom, the company did not believe he took all the information that he claimed to have taken.

Read more here.

Honorable Mention: British teenager pleads guilty to offering hacker-for-hire.

A British teenager has been sentenced to 20 months in prison after offering hacker-for-hire services to cash in on hacking trends including SIM-swapping attacks.

The UK’s Norfolk police force said that 19-year-old Elliot Gunton, of Norwich, was sentenced Friday after pleading guilty to hacking offenses. money laundering, the hacking of an Australian Instagram account, and the breach of a Sexual Harm Prevention Order.

While we see increasing theft and sale of PII today, SIM-swapping attacks are a relatively new phenomenon. In order to conduct a SIM-swap, a hacker will obtain some PII from a target and then call up their telephone provider while pretending to be the true owner of the account. The hacker then needs to convince the operator to switch the telephone number that belongs to the victim to the attacker’s control.

It might only be a short window in which the victim fails realize their number has been transferred, but this may be enough time for a hacker to bypass two-factor authentication (2FA), intercept calls and text messages, request password resets, and infiltrate online accounts ranging from email addresses to cryptocurrency wallets.


September 2019: 140 Cyberattacks

Winner: Ecuadorian database leaks info on most of its citizens.

A misconfigured database is to blame for the leak of 20.8 million user records, most of Ecuador’s citizens, including 6.7 million children. The leaked data is feared to include their family trees, and children, but also some users’ financial records and car registration information.

It may be the biggest data leak in Ecuador’s history. Most of the hacked data appears to have been gathered from the Ecuadorian government’s civil registry. Read more here.

Honorable Mention: DoorDash loses information on close to 5 million customers.

DoorDash, a food delivery service, said it became aware of a five-month data leak when it noticed suspicious activity from a third-party provider. DoorDash reports that 4.9 million users may be affected. Data exposed includes the last four digits of payment information, names, email addresses, delivery addresses, order history, phone numbers, and encrypted passwords.

Around 100,000 drivers for the company also had their driver’s license numbers accessed. Read more here.


October 2019: 156 Cyberattacks

Winner: 20 Million Records of Russians hacked in a data breach of an unprotected database.

Over 20 million tax records spanning form 2009 to 2016, belonging to Russian citizens were left unprotected and exposed through an online database accessible to the public, researchers say.

The Amazon Web Services (AWS) Elasticsearch cluster, was not protected by any form of password or credential requirements, nor overall encryption, and contained Personally Identifiable Information (PII) belonging to Russian citizens. It appears the majority of citizens left exposed are from Moscow and surrounding cities. Their names, addresses, passport numbers, phone numbers, tax IDs, employer names and telephone numbers, and other information were all exposed. More here.

Honorable Mention: Nikkei employee scammed to transfer $29 million (U.S.) to a bank account.

Nekkei was founded in 1876 as a four-page newspaper. The company now acts as an operating holding company with newspaper businesses as a core. Group operations range from books, magazines to digital media, database service, broadcasting and other activities such as economic/cultural events.

An employee of Nikkei America, Inc. (New York City, United States) (“Nikkei America”), a subsidiary of Nikkei Inc. (“Nikkei”), had transferred approximately 29 million United States dollars of Nikkei America funds based on fraudulent instructions by a malicious third party who posed as a management executive of Nikkei. Shortly after, Nikkei America recognized that it was likely that it had been subject to a fraud, and Nikkei America immediately retained lawyers to confirm the underlying facts while filing a damage report with the investigation authorities in the U.S. and Hong Kong.  Press release from the company is here.

While scams like this, phishing or spear-phishing are more rare, they can still be effective.


November 2019: 135 Cyberattacks

Winner: UK Labour Party hit with a Distributed Denial of Service (DDoS) attack.

The Labour Party reported that they were subject to what they termed a “large-scale cyberattack,” by a DDoS attack. Their servers were hit twice with millions of requests that affected the performance of their website and their campaign tools. During the attack the IT and digital teams worked to minimize the attack, and were confident that no data had been stolen from the site.

Over the next few days visitors to the site still experience some lag with the webpages as increased security was verifying traffic through DDoS protection services. More can be read here.

Honorable Mention: Disney+ hacked within hours of going live. User accounts for sale on dark web.

Within hours of the launch of Disney+, Disney’s new streaming service, hacker were at work. They hijacked thousands of accounts and were available for sale from $3 to $11 on dark web marketplaces.

The launch of the new streaming service was marred by technical issues, and the stolen accounts of thousands of users added to customer frustrations. Some pre-paid for 3 years of streaming service, only to be locked out of their account and on hold with Disney+ representatives for hours. More about this story here.


December 2019: 157 Cyberattacks

Winner: LifeLabs, a Canadian diagnostic lab, pays hackers to recover data.

LifeLabs paid cyber criminals an undisclosed amount of money after a security breach lead to the theft of information on 15 million customers, including 85,000 test results.

“We did this [paying the hackers] in collaboration with experts familiar with cyber-attacks and negotiations with cyber criminals,” said the company in a press release. All the data was from 2016 and earlier.

Honorable Mention: Dutch politician could be sentenced to 3 years for his role in “TheFappening.”

Dutch prosecutors asked a judge for a three-year prison sentence for a Dutch politician who doubled as a hacker, by night. He is said to have breached the personal iCloud accounts of more than 100 women, stealing and then leaking sexually explicit photos and videos online.

Victims included not only acquaintances, but also Dutch celebrities, such as YouTube star Laura Ponticorvo and field hockey star Fatima Moreira de Melo. The politician turned hacker is believed to be a part of the Celebgate (TheFappening) movement which started back in 2014 when a group of hackers began leaking nude photographs and sex tapes from Hollywood celebrities.

Rare Victory Files: A member of the hacking group, “The Dark Overlord,” was extradited to the U.S.

Nathan F. Wyatt, a British citizen said to be a part of the infamous hacking group know at The Dark Overlord (TDO), was extradited to the US, after months of legal battles, to stand trial on charges of hacking and extorting US companies.

Wyatt is said to be involved in hacking and extorting US companies since 2016. He allegedly steals their data, then asks for huge ransoms. He has pled “not guilty.” Court documents claim that Wyatt has been involved in hacking healthcare providers (a favorite target for hackers) and accounting firms in the state of Missouri.


2018 Data Breach Statistics & Hacking Hall of Fame

January 2018: 115 Cyberattacks

Winner: Health South-East RHF, a large healthcare management organization in southeast Norway — 2.9 million patients

On January 8, 2018, hackers or a group of hackers broke into the computer systems of Health South-East RHF, a healthcare organization that manages hospitals in Norway’s southeast region.

The hackers potentially stole — the extent of the theft is still undetermined — patient information on 2.9 million people, which is about half the population of Norway.

The information accessed included all electronically stored patient information including names, addresses, insurance providers and more. See report here.

Honorable Mention: Cryptojacking

The turn of the new year saw a new approach to evaluating cybercrime and the rise of a new method of making money from cybercrime – crypto-jacking. With respect to the first, it is being argued that a new approach to evaluating cybercrime is needed.

Rather than viewing cyberattacks through the lens of who has been attacked and what the losses are to the targets, a new focus is on the fact that, for the hackers, cybercrime is “… an extremely lucrative business” and “… a flourishing economy generating a staggering $1.5 trillion in revenues every year.” See recent report and estimate here.

The idea here mirrors the concept of profiling — to combat cybercrime, one must understand the motivations and incentive structures of those committing the attacks.

This focus suggests that cyberattacks will continue unabated because the cybercriminals can make large amounts of money with minimal effort and little risk of being caught/punished. In market-speak, cybercrime is lucrative because there are minimal barriers and low cost to entry, there are few downside risks and there is a high rate of return on investment.

In terms of ways to make money, the report identifies five main methods with a new sixth method on the rise:

  • Illicit/illegal online markets — selling what has been stolen (documents, videos, photos, etc.) on various darkweb sites
  • Data trading (a distinct subset of the first category) — specifically selling stolen data in various dark-web markets
  • Trade secret and intellectual property theft — use of the stolen information
  • Cybercrime as a service — being paid to conduct cybercrime for another
  • Ransomeware — extortion and ransom moneys paid to restore access where cyberattack locks/encrypts owner’s access to data, files and/or systems
  • Cryptojacking

As many know, new bitcoin is released through a process called bitcoin mining. See here.

To successfully mine for bitcoin, one needs substantial computing capacity. Cyrptoxjacking is hacking another’s computer systems to use their systems to mine for bitcoin.

As this article suggests, crypto-jacking is going to be bigger than ransomware. Because of how cyberjacking is set up, it can run almost undetected on a users’ systems for years.

Because the only thing “stolen” is computing capacity and because only “victim” is the user, this crime is very low risk. The user need not report the hack, no customers are affected, etc. Unquestionably, cryptojacking will be on the rise.


February 2018: 133 Cyberattacks

Winner: GitHub’s successful defense of a massive DDoS attack

Sometimes cyberattacks are not intended to make the attackers rich; sometimes the attacks are just destructive or meant punish.

In general, this seems to be the purpose of distributed denial of service (“DDoS”) attacks. The method is to send vast amounts of data and/or data requests to a website/server with the purpose of crashing the system (or at least make the system unusable for some period of time).

On February 28, 2018, a DDoS attack hit the developer platform called GitHub. The amount of data hitting GitHub was 1.35 terabits per second of traffic. That is/was a massive attack, indeed this report states that the attack was the largest DDoS recorded to date.

As reported, GitHub was able to defend itself by calling in the services of its DDoS mitigation service, Akamai Prolexic. As described, “Prolexic took over as an intermediary, routing all the traffic coming into and out of GitHub, and sent the data through its scrubbing centers to weed out and block malicious packets. After eight minutes, attackers relented and the assault dropped off.”

The whole event took about 18 minutes of real time.

Honorable Mention: English actress and model Jorgie Porter

Ms. Porter gets the honorable mention for February 2018 not because her case is unique, but because she became yet another victim of hackers who have been active for several years now and have been targeting celebrities around the world (mostly female actresses and models). The hackers were able to steal Ms. Porter’s intimate pictures and videos and post them online. he hackers do not typically seek money; so the motivations are unclear. But these types of hacks highlight the potentially personal and intimate nature of cybercrime.


March 2018: 98 Cyberattacks

Winner: MyFitnessPal, Under Armour’s food and nutrition app and website — 150 million users affected

On March 25, 2018, MyFitnessPal discovered a massive data breach involving 150 million user accounts.

MyFitnessPal is owned by Under Armour, one of the nation’s largest sports apparel and fitness companies. MyFitnessPal is the company’s food and nutrition application and website.

The breach occurred in late February 2018. Accessed information included usernames, email addresses, and hashed passwords. However, no government-issued identifiers (such as Social Security numbers and/or driver’s license numbers) were accessed since the company does not collect that information from users.

Payment card data was also not affected. See here.

Honorable Mention: United Kingdom National Lottery — 10.5 million users

On March 16, 2018, the National Lottery for the United Kingdom notified 10.5 million users/players of the lottery that a data breach had occurred and that they should change their passcodes.

As of the report, the National Lottery was only able to verify that 150 accounts were actually accessed, but the National Lottery advised all users to change their passwords since the breach accessed names, accounts, and passcodes.

The National Lottery reported that no one suffered a financial loss due to the hack.


April 2018: 99 Cyberattacks

Winner: Saks Fifth Avenue and Lord & Taylor stores — 5 million+ credit card users

In mid-April, Hudson’s Bay Company — the parent company for Saks and Lord & Taylor retail stores — announced that it was the victim of a security breach that compromised data on payment cards used at Saks and Lord & Taylor stores in North America.

The entire system for Lord & Taylor was compromised. For the Saks Fifth Avenue stores, only 83 stores were compromised mostly in the New York and New Jersey regions.

The hacking began as far back as the spring of 2017.

Details on five million credit cards/users were offered for sale on the darkweb in late March 2018. Card and user data may have been stolen for millions of more customers. See here.

Honorable Mention: Careem — 14 million users in the middle east

In late April 2018, it was announced by Careem, a ride-sharing app used in parts of the middle east, that a cyber attack compromised the data of 14 million users.

The hack was discovered in January 2018 and involved the loss of names, email addresses, phone numbers, and trip data.

The company reported that no passwords or credit card information was compromised. That information is/was held on external third-party servers not accessed during the attack. See here.


May 2018: 117 Cyberattacks

Winner: 50 small Japanese websites — 200+ million Japanese internet users

In the largest data breach/release so far in 2018, it was reported in early May 2018 that the user data for more than 200 million Japanese internet users were put up for sale on an underground cybercrime forum.

User data was hacked and assembled from attacks on more than 50 Japanese websites in the retail, food and beverage, financial, entertainment, and transportation sectors.

The stolen data varies somewhat but, in general, the data includes real names, email addresses, dates of birth, phone numbers, and home addresses. The data was hacked from 2016 mostly, but some of the data/information dates as far back as 2013. See report here.

Honorable Mention: Ticketfly website ransomware attack/data leak — potentially 27 million accounts

In mid-May 2018, the Ticketfly website was attacked and an image of V from the film V for Vendetta was placed over the home page.

Ticketfly is a website for buying concert tickets and the like. According to reports, the hacker discovered a vulnerability in the website security and contacted Ticketfly.

The hackers demanded a one bitcoin ransom, but Ticketfly refused to pay.

As a result, the hacker then used the vulnerability to post the image of V, lock the system and then downloaded various spreadsheets and gained access to user information for Ticketfly customers.

Ticketfly has 27 million accounts. The downloaded spreadsheet files contained personal information about thousands of Ticketfly customers and employees of venues that use the service.

Ticketfly has not made public what other information was accessed, but it is assumed that information includes names, home addresses, email addresses, and phone numbers. See report here.


June 2018: 96 Cyberattacks

Winner: MyHeritage — 92 million users compromised

On June 6, 2018, MyHeritage, the genealogy website and DNA testing service, warned that the email addresses and hashed passwords of its customer database has been accessed and had been found on a private server. Approximately 92 million user accounts were affected. See report here.

Honorable Mention: Bithumb Crytocurrency Exchange — $31.5 million of crypto-coins stolen

In mid June 2018, a cyberhack of the South Korean cryptocurrency exchange Bithumb resulted in the theft of $31.5 million worth of virtual coins.

Bithumb gets the honorable mention because theft of virtual coins has seen a huge uptick in 2018.

Every month in 2018, there have been successful cyberattacks against cryptocurrency exchanges resulting in the theft of cybercurrency. Indeed, the largest theft took place back in January with $524 million in virtual coins being stolen from Coincheck, a Japanese exchange. See here.


2017 Data Breach Statistics: High-Profile Breaches

Cyber-attacks are happening in 2017 at double the rate of 2016. According to Hackmageddon.com, there are dozens of cyber-attacks each month, affecting the personal and user information of literally billions of internet users worldwide.

Below is a list of the biggest 2017 security breaches and hacks month-by-month from records tabulated and compiled by Hackmageddon.com.


January 2017 – 89 Cyberattacks

Winner: The Big Asian Leak

185 billion customers were affected by these hacks. Technically, these hacks took place from October 2015 to the end of 2016.

However, the data was first offered for sale on the dark web in January 2017 by the vendor “DoubleFlag.” DoubleFlag offered to sell account information hacked from the most popular Chinese websites including NetEase, Inc, 126.com, 163.com, Yeah.net, QQ.com, Tom.com, Sina.com/Sina.com.cn, Sohu.com and eYou.com.

Listed for sale were names, addresses, usernames, passcodes, other personal information and some financial information for 1.85 billion customers — yes, billion. See report here.

The companies owning or running the websites have either denied they were hacked or have refused to comment.

Honorable Mention: DC Police Department

In late January, the District of Columbia Police reported that ransomware was in 70% of the storage devices that record data from D.C. police surveillance cameras eight days before inauguration day.

As reported here, city officials announced that the ransomware incapacitated police cameras between January 12 and January 15 and affected 123 of 187 network video recorders for public spaces across the city.

Law enforcement had to frantically reinstall software for all the cameras in the lead-up to the inauguration.


February 2017 – 76 Cyberattacks

Winner: FunPlus

FunPlus, the company that makes a popular free-to-play mobile game called “Family Farm Seaside,” was hacked, compromising information on 3.3 million users.

The hacker also stole product source code from the company. The hacker reportedly talked to reporters for Vice.com and said: “I decided I’m just gonna publish everything and let their investors see what a joke their security and s**t is.”

Runner-Up: Hitachi Payment Services

Hitachi Payment Services confirmed that, in mid-2016, malware hacked its servers and stole personal and financial data for 3.2 million customers in India including credit card information. This data breach was first reported in February 2017.

The hack was particularly problematic because the malware securely deleted various tracing/tracking information making it impossible to know exactly what data was exfiltrated by the malware.

The breach led to a massive downturn in credit card use and significant damage to revenues and profits.


March 2017 – 64 Cyberattacks

Winner: Dun & Bradstreet.

According to report, a 52GB database was stolen containing information on 33.7 million people. The data was arranged in searchable fields and contained specific details about each of the people involved from job title to email address, etc.

According to the report, the employees in the database were from thousands of companies and government agencies, representing a large swath of the US corporate and government population.

For example, the Department of Defense had over 100,000 employee records on the database, followed by the US Postal Service with over 88,000. AT&T, Boeing, Dell, FedEx, IBM, and Xerox were among the most named companies in the database, with tens of thousands of employee records each.

The database was used by marketers for targeted email promotions. So the data was not necessarily particularly personal in nature. But it was a sizable and large financial loss to Dun & Bradstreet to have the database stolen.


April 2017 – 85 Cyberattacks

Winner: R2Games

More than a million accounts were hacked and compromised from the servers of the online gaming company. Leaked data included usernames, passwords, email addresses, IP addresses, and other optional record fields, such as instant messenger IDs, birthdays, and Facebook related details. See report here.

May 2017 – 67 Cyber-attacks

Winner: WannaCry Ransomware

While not a data breach, no 2017 cyber-attack list would be complete without listing WannaCry. The ransomware infected computers and servers in 74 countries, millions of users across the world, and, affected hospitals, businesses like Fedex, rail stations, universities, at least one national telco, etc. See report here.


June 2017 – 64 Cyberattacks

Winner: 8Track

According to reports, 8Track, the most popular internet radio service provider, suffered a data breach which compromised 18 million user accounts.

The data hacked included usernames, email addresses, and partially encrypted passwords. According to the owner of 8Tracks, the only accounts compromised were accounts authenticated through Github without two-factor authentication activated.

Reports indicate that 8Track accounts authenticated via Google or Facebook authentication were not affected by the hack.


July 2017 – 69 Cyber-attacks

Winner: Reliance Jio

The largest breach of personal data ever in India happened when 120 million customers of Reliance Jio, one of India’s largest mobile phone carriers, had their personal data hacked.

Among the data stolen were customer names, mobile numbers, email addresses, and the unique ID number of the phone. This information was then listed for sale. See report here.

Honorable Mention: HBO

Hackers obtained 1.5 terabytes of data from the computers of HBO.

The hackers claimed to have released then-upcoming episodes of Ballers and Room 104. The hackers also claimed to have released a script from a then-upcoming episode of Game of Thrones.

No ransom was demanded.


August 2017 – 90 Cyber-attacks

Winner: Misconfigured Spambot

User data was leaked with respect to 700 million web users worldwide on many and various worldwide internet platforms. See report here.

Essentially, a misconfigured spambot left an open door to anyone who knew or noticed that the door was there.

It is unknown how many times the data was accessed. Data leaked was email addresses, passwords and lesser amounts of personal contact information associated with the email addresses.

September 2017 – 76 Cyber-attacks

Winner: Equifax

143 million customers of the credit reporting service had their personal and financial information stolen. The hack occurred over several weeks in May and June 2017 and was disclosed in late July.

Since the first reports, Equifax has reported an additional 2 million customers were affected by the hack. See here. The Equifax data breach has subjected Equifax to government investigation.


October 2017: 90 Cyber-attacks

Winner: Malaysian telcos and mobile virtual network operators — 46.2 million cellphone users

According to reports, computer systems for the largest Malaysian telephone companies and mobile network operators were hacked, revealing information for 46.2 million phone users.

The information included phone numbers, names, addresses and included both paid and prepaid numbers, as well as sim card information and the IMEI and IMSI numbers. See report here.

Honorable Mention: Disqus — 17.5 million users

In October 2017, Disqus, the internet’s largest provider of hosted posting comments for blogs and websites, announced they were the victim of a data breach in the summer of 2012. See report here.

During the hack, an unknown attacker stole user account details including email addresses, usernames, sign-up dates, and last login dates in plain text and SHA-1 hashed passwords for about one-third of the service’s 17.5 million users.

According to reports, Disqus took less than 24 hours to assess, confirm, and respond to the security breach – one of the best response times ever recorded. So “kudos” to Disqus and their cyber-attack response team.


November 2017: 84 Cyber-attacks

Winner: Uber Technologies — 57 million accounts

In October, 2016, 57 million Uber drivers and customers had their personal details accessed by a hacker group.

The hackers first gained access to a private software repository then used those credentials to gain escalated access privileges to more sensitive information. As the stolen information included drivers license numbers Uber was legally required to report the data breach. See here for a discussion of the Montana notification law.

However, Uber’s security team took the unusual step to offer the hackers $100,000 to keep the story quiet.

In November, 2017 the story of the cyber-attack and payoff became known and was another public relations quagmire for the company. Bloomberg has the story here.

Honorable Mention: Google Play Store and Android App Users

Four separate reports surfaced in November of 2017 related to cyber-security for users of Android mobile apps that are normally downloaded from Google Play Store.

First, infecting just 1,300 devices, Google revealed the details of spyware dubbed “Tizi.” This infected at least one app available on Google’s Play Store. It was a spyware for Android with extensive data-stealing capabilities. Google removed the relevant app from its Play Store immediately.

Second, the malware dubbed ToastAmigo was reportedly downloaded by more than 500,000 Android users. Once loaded, ToastAmigo is able to download other malware and engage in self-protection and self-hiding actions. See report here.

Third, it was announced the Google Play Store had eight apps that contained malicious multi-stage malware called Android/TrojanDropper.Agent.BKY. In the final stage of the malware, fake screens are loaded in place of legitimate website screens wherein users input personal and payment information which is then sent to the hackers. See here.

Finally, it was reported that at least 17.4 million Android users have downloaded a Trojan dubbed Grabos found in 144 separate mobile applications.

Grabos increases the rate of “recommended apps” that are offered to the user. Many users enjoy that feature and end up downloading the recommended apps. The apps are real, so Grabos is not particularly malicious.

The Grabos creator apparently makes money when the recommended apps are downloaded.


December 2017: 90 Cyberattacks

Winner: PayPal and its newly acquired subsidiary TIO Networks — 1.6 million users

In July of 2017, PayPal acquired a company called TIO Networks, a publicly traded payment processor. In early December, PayPal suspended the operations of TIO after a review of TIO’s network identified a potential security breach of personally identifiable information for approximately 1.6 million customers.

The TIO computer network is kept segregated from PayPal’s, so no PayPal systems were compromised. This is a public relations downside for PayPal since the company never wants to see the word “PayPal” in the same headline as “data breach” and it appears there may have been a lapse in diligence before the acquisition.

Finally, this is a good lesson on how to prevent a data breach from spreading throughout a system: quarantine new systems until the fully vetted.

Honorable Mention: Nissan Canada Financing — 1.1 million customers

At the end of 2017, on December 22nd Nissan Canada announced that its computer systems were compromised on the 11th, with “unauthorized person(s) gaining access to the personal information of some customers that have financed their vehicles through Nissan Canada Finance or Infiniti Financial Services Canada.” See report here.

Nissan admitted that 1.13 million customers were affected. The exposed data includes at least customer names, addresses, vehicle makes and models, vehicle identification numbers (VINs), credit scores, loan amounts and monthly payment figures but, reportedly, did NOT include personal banking information, such as card numbers.

In response, Nissan Canada offered offering 12 months of free credit monitoring to its customers.


Data Breach Statistics From 2016

In 2016, hackers not only logged an uptick of 38% in their use of phishing type security attacks according to “Key findings from the Global State of Information Security® Survey 2017” by Pricewaterhouse Coopers, but it also became well-known that hackers were finding devices to target beyond computer systems and networks.

Unsecure wireless medical devices, mobile devices, and even cloud architecture all came under attack in 2016.

With security breaches arising on multiple fronts, companies, healthcare systems, governmental and educational entities, and individuals need to address the potential threats of cyber security attacks. In order to combat attacks, people began to increase their use of data security protection measures in 2016:

  • 52% of individuals, businesses and entities use intrusion detection tools.
  • 51% actively monitor and analyze security information for their vulnerable systems.
  • 48% conduct vulnerability assessments.
  • 47% utilize security information and event management tools.
  • 47% regularly conduct cyber security threat assessments of their systems.
  • 45% subscribe to a threat intelligence service.
  • 44% engage in data system penetration testing.

Data Breach Statistics From 2015

Data from the two previous years clearly indicates a pattern in which cyber security breaches are occurring ever more frequently. In 2015, for instance, there were more than 177,866,236 personal records exposed via 780 data security breaches, according to the ITRC Data Breach Reports.

In 2015, hacks occurred in every single state in the US, and the breakdown of the breached targets by type of entity is as follows:

  • Businesses were the target of 40% of the security breaches (312 breaches).
  • Medical and Healthcare entities made up 35.4% of data breach targets (276 breaches).
  • Government or military targets made up 8.1% of cybersecurity breaches (63 breaches).
  • Educational institutions accounted for 7.4% of data breaches (58 breaches).

Take Steps to Protect Your Business From Cyber Security Breaches

We shouldn’t be surprised at the number of security breaches that occur in a year. Nor should we be surprised at how rapidly cybersecurity attack techniques evolve to affect more computers and devices than ever before.

Hackers’ reaches will only keep expanding as time goes on.

Most data security breaches are the result of an oversight somewhere in the system.

Companies large and small are being hacked due to vulnerabilities in their computer systems that are identified and exploited by hackers. Companies need to follow cyber security best practices to protect themselves and their customers’ personal information.

They need to give cyber security the time and resources necessary to rebuff cyber attacks and to neutralized cyber threats or face growing liability and higher fines.

Since the area of cyber-security is constantly changing and evolving, cyber-security needs to be regularly evaluated to determine whether particular defensive measures are effectively addressing threats and risks. Only through diligent and consistent efforts can business rise to the challenge posed by hackers invading their computer systems.

Contact Revision Legal

Cyber security breaches are a real threat, whether it is to your business, the institution that you work for, or to your own personal computer system and devices. If you are hacked, or information that is entrusted to you potentially accessed in a data security breach, you must act quickly to understand your rights and obligations concerning notification of potential victims. You should retain the assistance of an experienced cyber security attorney like the professionals at Revision Legal. Contact us today using the form on this page or by calling us at 855-473-8474.

Editors note: this was originally published in December, 2016, and updated in October, 2017. It is frequently adding in new data breach statistics as they become available. Updates in March, 2018, and August 2018 for clarity and comprehensiveness.

Put Revision Legal on your side

LET’S DISCUSS YOUR CASE

Privacy Preference Center