/>
X

Join or Sign In

Register for your free ZDNet membership or if you are already a member, sign in using your preferred method below.

Use your email Use Linkedin Use Facebook

These are 2018's biggest hacks, leaks, and data breaches

Dozens of breaches, over a billion affected.

|
zack-whittaker-hs2016-rtsquare-1.jpg
|
Topic: Security
a-1-dhs.jpg
1 of 18 (Image: file photo)

​247,000 Homeland Security staff and witnesses affected by data breach

January: A database used by the Department of Homeland Security's Office of the Inspector General was confirmed breached in January, affecting over 247,167 and former employees and individuals associated with the department's previous investigations. The breach marked the first one of the first intrusions this year.

a-2-fedex.jpg
2 of 18 (Image: file photo)

Unsecured server exposed thousands of FedEx customer records

February: A company acquired by FedEx leaked thousands of customer records, thanks to a leaking Amazon S3 bucket. The data included names, addresses, and phone numbers.

a-3-orbitz.jpg
3 of 18 (Image: file photo)

Orbitz says hacker stole two years' worth of customer data

March: The travel booking site said about 880,000 payment cards, or about two years' worth of data, was stolen by a hacker, thanks to a security vulnerability in the travel site's legacy booking system.

a-4-aadhaar.jpg
4 of 18 (Image: file photo)

A new data leak hits Aadhaar, India's national ID database

March: India's national ID database, claimed by the government to be secure, leaked data on potentially every Indian citizen -- some 1.1 billion people -- who signed up to the database, including their names and information about services they are connected to, such as their bank details.

a-5-lexpress.jpg
5 of 18 (Image: file photo)

French news site L'Express exposed reader data online

March: French weekly news magazine L'Express left a server containing a database of its readers exposed online for weeks without a password. Even after the Paris-based magazine was warned of the exposure, the database wasn't secured for another month

a-6-cambridge.jpg
6 of 18 (Image: file photo)

Trump-linked data firm Cambridge Analytica harvested data

March: The controversial Trump campaign-linked data was suspended from Facebook for using the data to determine who voters might choose at the ballot box. In the end, more than 80 million people were affected by the data exposure.

a-7-twitter.jpg
7 of 18 (Image: file photo)

Twitter says bug exposed user plaintext passwords

May: Twitter admitted that user passwords were briefly stored in plaintext, and might have been exposed to the company's internal tools and staff. The company said it fixed the bug and that an investigation "shows no indication of breach or misuse" by anyone.

a-8-tmobile.jpg
8 of 18 (Image: file photo)

T-Mobile bug let anyone see any customer's account details

May: An exposed and unauthenticated API on T-Mobile's website let anyone access the personal account details of any customer with just their cell phone number. The returned data included a customer's full name, postal address, billing account number, and in some cases information about tax identification numbers.

b-1-jira.jpg
9 of 18 (Image: file photo)

Jira bug exposed private server keys at major companies

May: A major TV network, a UK cell giant, and one US government agency are among the companies affected by this new class of attacks that allows hackers to pivot quickly and easily inside a company's cloud infrastructure.

b-2-raileurope.jpg
10 of 18 (Image: file photo)

Rail Europe had a three-month long credit card breach

May: Rail Europe, a site used by Americans to buy train tickets in Europe, has revealed a three-month data breach of credit cards and debit cards, which resulted in credit card numbers, expiration dates, and card verification codes swiped from its servers -- everything needed by a fraudster to carry out unauthorized purchases.

b-3-nypd.jpg
11 of 18 (Image: file photo)

A massive cache of law enforcement personnel data has leaked

June: A data breach at a federally funded active shooter training center has exposed the personal data of thousands of US law enforcement officials. Not only that, the leaked data revealed that many police departments are unable to respond in an active shooter situation.

b-4-exactis.jpg
12 of 18 (Image: file photo)

Marketing firm leaked database with 340 million records

June: Some 340 million records were stolen from a server run by Exactis, a company you've likely never heard of, after the data was found on a publicly accessible system. Each record contains a huge amount of data, including contact information and public records, to "more than 400 variables on a vast range of specific characteristics."

b-5-adidas.jpg
13 of 18 (Image: file photo)

Adidas data-security breach could involve "a few million customers"

June: Sports clothing maker Adidas said that its website was hacked, and data -- including contact information, usernames, and hashed passwords -- were stolen in the breach.

c-1-ticketmaster.jpg
14 of 18 (Image: file photo)

Ticketmaster breach was part of a larger credit card skimming effort, analysis shows

July: A recent breach at Ticketmaster was just "the tip of the iceberg" of a wider, massive credit card skimming operation, research has found. By targeting suppliers of third-party code installed on e-commerce websites -- like Ticketmaster -- the hackers were able to in some cases get "nearly 10,000 victims instantly."

c-2-polar.jpg
15 of 18 (Image: file photo)

Fitness app Polar exposed locations of spies and military personnel

July: The fitness tracking app, Polar Flow, allowed anyone to access a user's fitness activities over several years -- simply by modifying the browser's web address. That location data revealed the home addresses of intelligence officers -- even when their profiles were set to private.

c-3-mega.jpg
16 of 18 (Image: file photo)

Thousands of Mega logins dumped online, exposing user files

July: Thousands of credentials for accounts associated with New Zealand-based file storage service Mega have been published online. Their accounts had been improperly accessed and file names scraped. One of the accounts in the file contained file listings for what described child abuse content.

c-4-timehop.jpg
17 of 18 (Image: file photo)

Timehop breach hits 21 million users

July: Usernames, email addresses,and social media tokens -- used to log into accounts -- for 21 million users were stolen from the social media app -- with over 4.7 million phone numbers also taken. Timehop later said that genders and dates of birth were also taken in the breach. None of the data was protected with two-factor, the company said.

c-5-singapore.jpg
18 of 18 (Image: file photo)

Singapore suffers "serious" medical data breach

July: The government of Singapore described the attack as "deliberate, targeted, well-planned." Even the country's prime minister had his data stolen in the breach, which affected 1.5 million patients who visited SingHealth's outpatient clinics over a three year period.

Related Galleries

First look at the YubiKey Bio
YubiKey Bio

Related Galleries

First look at the YubiKey Bio

iVerify (version 17)
iVerify for iOS and iPadOS

Related Galleries

iVerify (version 17)

OnlyKey hardware security key
OnlyKey

Related Galleries

OnlyKey hardware security key

SoloKeys Solo V2
Solo V2

Related Galleries

SoloKeys Solo V2

iVerify: Added security for iPhone and iPad users
iVerify

Related Galleries

iVerify: Added security for iPhone and iPad users

iStorage datAshur BT hardware encrypted flash drive
iStorage datAshur BT

Related Galleries

iStorage datAshur BT hardware encrypted flash drive

Netgear BR200 small-business router
Netgear BR200

Related Galleries

Netgear BR200 small-business router