Data breaches are scary. Scariest of all is that they can come at any time, to any of the financial institutions you trust. Hackers take advantage of loopholes in institutions’ servers and security protections to steal your most personal and sensitive information — credit and debit card numbers, Social Security data, your birth date and maybe even where you live.
The breach, discovered in early September after an investigation, determined that information like names, email addresses, delivery addresses, order history, phone numbers and passwords was accessed. The company said that the last four digits of some consumers’ credit cards and bank account numbers were also accessed. The investigation also found that unauthorized activity by a third-party provider had taken place in early May as well.
When: Aug. 20
Number of peopleaffected: Tens of thousands of users and more than 160 million records
What happened: A report from cybersecurity company SpiderSilk, obtained by TechCrunch, found that 160 million MoviePass records were left unencrypted. Because the company’s database wasn’t password-protected, it left customers’ credit card numbers and credit card details exposed. The database remained online until Tuesday. MoviePass didn’t immediately respond to a request for comment.
This isn’t the first time MoviePass has landed in hot water. Earlier, the service faced criticism for changing passwords to keep users from ordering tickets. The company has also been accused of spiking prices at peak times. Last year, the company was said to be reactivating accounts and asking former customers to opt out of being subscribed again.
When: July 30, 2019
Number of people affected: 100 million people
What happened: Financial corporation Capital One suffered a data breach that affected 100 million credit card applications, 140,000 Social Security numbers and 80,000 bank account numbers. If you applied for a card in the US between 2005 and 2019, you’re likely part of the breach, according to the bank.
Capital One said that no credit card account numbers or login credentials were exposed. The breach still affected names, addresses, ZIP codes, phone numbers, email addresses and birth dates. The FBI arrested Paige A. Thompson, a tech worker who goes by the nickname “erratic.” Thompson was charged with computer fraud and abuse for the hack.
Number of people affected: About 143 million people
What happened: Hackers stole customer names, Social Security numbers, birthdates and addresses in a hack that stretched for three months. In addition, hackers nabbed 209,000 credit card numbers and 182,000 documents containing personal information. It’s unclear what the hackers did with the data during that time. The company estimates that half of the US population was affected, but that doesn’t include victims outside the country. It was the biggest known leak of 2017.
What happened: Malware infected the security systems of Starwood Hotels — which includes Sheraton, W Hotels, Westin, Le Meridien, Four Points by Sheraton, Aloft and St. Regis — in 2014, and the Marriott hotel group then acquired Starwood in 2016. In November 2018, Marriott discovered and revealed a four-year hacking campaign that attacked Starwood’s reservation database. Lawmakers demanded data privacy and security protections going forward.
What happened: Yahoo users were urged to change their passwords after hackers stole personal information associated with about half a billion email accounts. At the time, the numbers made it the biggest data breach in history. Initially, the casualties were reported at 500 million, still making the hack the biggest in history. Yahoo slowly raised the number but reported in 2017 that none of its 3 billion accounts had gone unscathed in the original breach. That’s 3 billion names, email addresses, telephone numbers, dates of birth, encrypted passwords and unencrypted security questions.