In January, Microsoft disclosed a data breach occurring through one of the tech giant's internal customer support databases.
Microsoft said anonymized user analytics, contained in roughly 250 million entries, were exposed. This included email and IP addresses.
In the same month, researchers found a leaky AWS bucket exposed online that contained the personally identifiable information (PII) of 30,000 individuals linked to the medical and recreational marijuana, including patients.
It is thought that the database belonged to a PoS provider for legal dispensaries across the US.
Moving on to February, Estée Lauder was embroiled in a data breach in which 440 million records were compromised, including the exposure of internal company emails and non-consumer email addresses.
Via: Essential Retail
In March, T-Mobile revealed a security incident in which cyberattackers were able to successfully infiltrate the firm's email services, leading to the compromise of T-Mobile customer and employee information, as well as staff email accounts.
Names, addresses, phone numbers, account numbers, plan information, and billing information may have been stolen.
A total of 5.2 million hotel guests were impacted by a data breach in March. Hackers were able to access two accounts belonging to Marriott employees who had access to customer information relating to the hotel chain's loyalty scheme.
A range of PII including names, genders, phone numbers, travel information, and loyalty program data was accessed.
In March, Whisper, an anonymous secret-sharing app, was alerted to a security failure that exposed user content and profile information in connection to messages -- including nicknames, stated ages, location data, and group memberships -- caused by a database left open and exposed online.
The US Small Business Administration (SBA) said in April that approximately 8,000 individuals who had applied for emergency business loans due to COVID-19 disruption were affected by a data breach.
The portal used to apply for the loans may have leaked applicant names, Social Security numbers, physical and email addresses, dates of birth, citizen status, and insurance information.
At the end of April, Nintendo revealed an account hijacking scheme that compromised roughly 160,000 users. Customers claimed that cyberattackers were using their accounts to fraudulently purchase games and Fortnite virtual currency.
A legacy login system, now disabled, was to blame.
On May 19, budget airline easyJet said that information belonging to nine million customers may have been exposed, including over 2,200 credit card records, following a cyberattack.
easyJet is now facing an £18 billion class-action lawsuit due to the incident.