The year 2020, when the pandemic affected all processes globally, led to many personal data breaches. Indicating that the data of millions of people have been violated for 12 months, experts list the most talked about personal data breaches of the past year.
It is a year that shows that cyber attacks will not stop even in a pandemic or any other disaster. Hackers did not stand idly by in 2020, as a large portion of the global population shifted towards the home-working business model and companies rapidly moved to remotely manage their operations. Remote workers cybersecurity Cyber security expert Serap Günal summarizes the most pronounced personal data violations month by month for 12 months in 2020.
The first days of 2020 were spent with one of the biggest card information breaches known to date. Due to the vulnerability in the online channels of the American hypermarket chain called Wawa, the online sales information of approximately 30 million Americans and more than 1 million foreign customers were leaked, and the card information was sold on the DarkWeb for $ 17.
February proved once again the fact that hackers were attacking personal data, regardless of the private sector or the public. While 1.26 million Danish citizens’ taxpayer identification numbers were disclosed, cosmetics giant Estée Lauder stated that due to middleware security errors, 440 million internal records, including internal e-mails, were disclosed.
The hotel group Marriot, a favorite of hackers in cyber attacks, entered March with an attack in which their e-mail accounts were leaked. It was stated that 5.2 million guests were affected and a lot of personal information was leaked. In addition to this attack, the first major personal data disclosure of the year was experienced in the media sector. Virgin Media announced that the data of 900 thousand users have been disclosed.
In April, which caused the disclosure of personal data in both the game industry and e-mail services, the accounts of 160 thousand users of gaming giant Nintendeo were under attack, while the Italian e-mail service provider Email.IT could not protect the personal data of 600 thousand users and was offered for sale on DarkWeb. reported.
he disclosure of personal data also took place in the transportation sector in May, when international flights were restricted due to the pandemic. Economy airline EasyJet battled a data breach that exposed data of its 9 million customers, including some financial records. It is also a popular application that attacks the Wishbone application.hacker group disclosed personal data including 40 million user records.
Consumers heading to online stores were chasing the right moment to hunt down hackers at a time when physical stores were still not open. They wanted to realize the biggest example of this on the online platform of Claire’s chain of stores. The company, which determined that a malicious software was on the e-commerce platform for about 2 months, did not provide information about how many customers were affected.
142 million guest records and personal data of MGM Resorts, one of the most important companies in the international hospitality and entertainment industry, were offered for sale on DarkWeb for an average of $ 2,500. V Shred, which is also a fitness brand, announced that the identifiable personal data of its 99 thousand customers and trainers have been revealed.
The free photo platform Freepik struggled with a data breach that affected 8.3 million users. The platform, which warns its users late against the danger of revealing their usernames and passwords, faced many reactions.
September caused a combination of cyberattacks and anti-government protests. Police violence against citizens participating in protests against the government in Belarus resulted in the leak of private information of 1000 high-ranking police officers in response to a group of hackers.
For a full year, the hacking of a POS device at a point of sale resulted in the disclosure of the card information of 3 million customers of US barbecue restaurant chain Dickey’s.
In November, the month when the cyber attacks were most intense, the personal information of 27.7 million Texas drivers was leaked, while a cyber attack was carried out against the football giant Manchester United in the sports world. The consequences of the attack on the personal data of fans and club members have not yet been determined. In addition, it was claimed that the accounts of 300 thousand users were seized on Spotify, the online music streaming service, which is on the way to becoming a giant in the music industry.
December was one of the months that proved that the public sector was insufficient in cybersecurity. The UK Tax Office reported 11 serious data breaches affecting nearly 24,000 people.