Why are voter registration data publicly available?

The seven biggest data breaches of 2018

The seven biggest data breaches of 2018

Cybercrime is increasing every year, and 2018 was no exception. Cyber ​​criminals use different attack methods and always have the same goal: to steal as much data as possible.

Unfortunately, many companies learned this lesson the hard way: Adidas, Ticketmaster, T-Mobile and British Airways are just a few of them. Serious as these cases were, they weren't high on the list. Below are the seven largest data breaches of 2018.


1 - Aadhaar: 1.1 billion records

India has a serious cybersecurity problem. More precisely, the Aadhaar national ID database, which contains information on nearly 1.1 billion citizens. The database was leaked and sold to anyone willing to invest money.

In January, Indian journalists discovered that there were several WhatsApp groups across the country where anyone could buy individual citizens' data. For only 500 rupees, which is about 6 €, you not only received your first and last name, but also personal data and bank details. The government denied the incident, but other vulnerabilities were found: Researchers discovered that citizens who visited their own profile online could access other citizens' profiles for a while by changing their ID in the URL on the Aadhaar website.


2 - Marriott: 500 million customers

Marriott is one of the largest hotel groups in the world, with an equally large data leak. The company announced in November that the booking system had been hacked. The data leak has existed since 2014 and affects over 500 million customers, whose bank details and personal data are now available to anyone who wants to buy them.


3 - Facebook and its pact with Netflix, Microsoft….

One of the biggest scandals of the year and another negative headline on Facebook. The New York Times revealed that Facebook has been sharing its users' data with over 100 tech giants for years without their knowledge. Well-known names such as Amazon, Bing, Yahoo! and Netflix, which had access to users' publications as well as their private messages.


4 - Exactis: 340 million records

The Data brokers Exactis had around 340 million records stored on a publicly accessible server. The data records did not contain any bank details, but a lot of sensitive information: the number and age of the children in the house, a list of the credit cards used, an estimate of the property value, whether they own shares in companies, which bank they have a mortgage with, their hobbies, theirs ethnic group and much more information.


5 - Under Armor: 150 million records

MyFitnessPal, one of the most widely used nutrition apps in the world, was the victim of a data theft. The app developer Under Armor had to admit in March that a cyber criminal had stolen the registration data of around 150 million users. The data included, among other things, the email addresses and passwords of the users of the app.


6 - Panera-Bread 37 million records

The restaurant chain Panera Bread announced that the registration details of over 37 million customers were freely available on their website. In addition, Panera Bread ignored evidence of this data leak for eight months. The names, e-mail addresses, physical addresses and the last four digits of the customers' credit cards were visible.


7-35 million US voters

The elections in the states were overshadowed by many negative headlines: suspicion of vote manipulation, fake news and public opinion on social media. In October, researchers found a website that sold electoral rolls for around 35 million voters. This incident, which affected 19 states in the country, would have made it possible to change the voter lists in the polling stations and thereby exclude citizens from voting.


Many companies have been forced to make data protection a top priority to ensure their cybersecurity. To solve this problem there are tools like Panda Data Control, Adaptive Defense's data protection module. It stops uncontrolled access to the company's personal and sensitive data by monitoring all system processes and issuing real-time alerts about data leaks, usage and suspicious or unauthorized data movements. In addition, it proactively and immediately detects any type of cyber threat and helps companies not only to comply with their cybersecurity, but also to comply with the GDPR and to avoid billions in fines.

Data has become the oil of the modern age, and it's not just tech companies that are affected. Any company, regardless of industry or size, is a potential target for cyber criminals. It is therefore important that companies know how to protect their greatest asset, their data.