Lessons Learned from 2019’s Biggest Data Breaches

With more than 5,000 data breaches and over 7 billion records exposed, 2019 was the worst year on record for breach activity. According to research from Risk Based Security, the number of data breaches within just the first nine months of 2019 increased 33% over the previous year. Retailers, medical providers and public entities experienced the most data breaches due to misconfigured databases, unsecured endpoints and the accidental exposure of sensitive data on the internet.

Let’s take a look at some of the biggest data breaches of 2019.

Facebook Failed to Secure Accounts

In March, an internal investigation at Facebook found that hundreds of millions of account passwords were being stored in plain text. Unfortunately, this wasn’t the only security lapse for the social network. Just one month later, Facebook data containing more than 540 million records was exposed online in a public database. The data, which included personal details such as names and Facebook IDs, was an easy target for cybercriminals as it resided on Amazon cloud servers without any protection.

Capital One Data Stolen by Hacker

In July, Capital One fell victim to a data breach that exposed data from more than 100 million U.S. citizens and 6 million Canadian residents. About 140,000 U.S. Social Security numbers, 1 million Canadian social insurance numbers and 80,000 bank account numbers were stolen by a hacker. This will reportedly cost Capital One $100 million to $150 million as it continues to investigate the data breach.

First American Financial Corporation Under Fire

First American Financial Corp. was under fire for exposing 885 million customer records that included bank account information, Social Security numbers, images of drivers’ licenses and mortgage records. The real estate title insurance company was storing sensitive documents from 2003 to 2019 on a website that could be easily accessed by anyone who had the correct URL. While the impact of the exposure is still being investigated, recent scams regarding escrow fraud could be related to this breach.

American Medical Collection Association Forced to File Bankruptcy

Approximately 20 million patients had their data exposed when medical bill collector American Medical Collection Association (AMCA) was hacked. Multiple class action lawsuits were filed against AMCA and its contracting clients over the breach of patients’ payment data, Social Security numbers, medical information, birth dates, phone numbers and addresses. Ironically, the debt collector was forced to file for bankruptcy protection in the aftermath of the disastrous data breach.

Protect Networks with Data Encryption, 2FA and Credential Management

According to Juniper Research, the cost of data breaches will rise to more than $5 trillion in 2024 from $3 trillion each year, an average annual growth of 11%. This will be driven primarily by increasing fines and penalties as regulations tighten.

As cybercriminals show no signs of slowing down in 2020, organizations must do their part to protect confidential information and customer privacy by implementing proper security measures. Encryption technology, commonly used by enterprise virtual private networking (VPN) software, is the only reliable way to protect sensitive data such as credit card details, home addresses and Social Security numbers. Since encrypted data is encoded, it can be accessed only with the correct key, usually using symmetric or public key encryption. Data treated this way is impossible to decipher, effectively rendering it unintelligible to cybercriminals.

Two-factor authentication (2FA) is another reliable way to reduce the risk of data breaches. Two‐factor authentication makes use of at least two types of authenticating data from three different attributes: something you know, such as a password, PIN or certificate; something you have, such as a token, phone or smart card; or something you are, such as a fingerprint, face recognition or iris scan.

Credential management also offers an added layer of security as it allows organizations to issue, track, update and revoke user credentials as business processes and policies evolve. With a centrally managed VPN, organizations can securely and efficiently manage their remote access VPN network from a single point of administration as the number of users and/or endpoint devices changes.

Overall, we can learn valuable lessons from the security lapses that left networks and servers vulnerable in 2019. Communications and sensitive data must be encrypted while in transit and at rest; two-factor authentication should be enforced to protect company networks; and credential management is crucial to prevent unauthorized access. With a VPN in place, customers’ personal information can be stored securely within internal databases and cloud applications.

Avatar photo

Julian Weinberger

Julian Weinberger, CISSP, is Director of Systems Engineering for NCP engineering. He has over 10 years of experience in the networking and security industry, as well as expertise in SSL ‐ VPN, IPsec, PKI, and firewalls. Based in Mountain View, CA, Julian is responsible for developing IT network security solutions and business strategies for NCP.

julian-weinberger has 1 posts and counting.See all posts by julian-weinberger