2018 in Breaches

2018 proved to be an expensive year for a number of firms, both major and minor, around the globe. An IBM report suggested that the average cost of a breach last year reached almost $3.7m, and the nature of averages means that half were above that. Here we will present a brief run-down of some of the bigger-name data breaches from the past year, and the lessons business should learn from them in 2019.

Various social media giants had a decidedly antisocial time of last year. Google announced that the details of up to 500,000 users of their Google+ service had been compromised due to a software vulnerability, and that as a result the unpopular service would be closing up shop permanently. Google received a lot of criticism for their perceived covering-up of the breach, whilst Twitter fared better, public relations-wise, when ‘[o]ut of an abundance of caution’ it asked its 330m users to update their passwords after discovering some may have been exposed in plaintext form, though there was no indication that any such passwords had been discovered by attackers.

Facebook, fresh out of a particularly rough 2017, reported the exposure of over 90m users’—including, allegedly, ‘those of the top executives Mark Zuckerberg and Sheryl Sandberg’—data towards the end of the year. On top of the already substantial mitigation costs, Facebook look set to be one of the first major punishments under the EU’s newly-introduced GDPR, with 4% of their annual turnover at risk ($1.63bn).

FIFA was also the victim of unsporting behaviour when a breach exposed a trove of sensitive internal documents, which were subsequently leaked to the press in ‘the biggest leak ever reported on by investigative journalists’. Much like a similar breach in 2016, the attackers are suspected to have successfully spear phished a FIFA employee in order to gain access.

British Airways exposed up to 500,000 of its customers’ details (but were also praised for their response to the breach), Q&A site Quora reported the exposure of 100m users’ details and the Marriott Hotel chain dropped the ball on as many as 500m of its customers (and ‘for approximately 327 million of these guests, the information included some combination of name, mailing address, phone number, email address, passport number…date of birth, gender, arrival and departure information, reservation date, communication preferences, and encrypted payment card numbers’).

MyFitnessPal: 150m users’ details leaked. T-Mobile: 2m US users. The list goes on, and that’s just the big name breaches. Small businesses are just as at risk, with the ICO issuing a record number of fines over the 2017/18 period, and this set to increase under the new GDPR/the Data Protection Act 2018. This also doesn’t even cover the breaches of 2017 that were only resolved last year, such as with Uber’s $148m settlement.

You don’t have to become a statistic in 2019. Mitigate ensures that your employees are informed and know how to keep both themselves and your company safe from cyber attacks and accidents—for more information, get in touch at 0333 323 3981 or enquirymitigatheub.com today.

Scroll to Top