Data Security Breaches in 2019

Data Security Breaches in 2019

August 21, 2019 Business Insurance and Risk Management, The Beacon Blog 0 Comments

It’s not Labor Day yet, but has a list of ten security breaches, plus collections of data on the dark web. As posted at, these are the biggest breaches to date:

  • Earl Enterprises (restaurant chain owner) – 10 month long attack allowed hackers to steal two million card payment numbers, which were sold on the dark web.
  • Toyota – hackers stole sales information of 3.1 million Toyota and Lexus owners.
  • Facebook – several breaches the largest a 146 gigabyte file.
  • Capital One – Over 100 million people in U.S. affected; investigation is ongoing.
  • Ascension (data analytics) – about 24 million financial and banking documents exposed due to misconfiguered server. The data was not password protected(!).
  • First American Financial – 800 million records exposed due to database design flaw. Almost 16 years’ worth of data (why was it saved that long?) required no username or password to view.
  • American Medical Collection Agency – data breach affected three major clients with a total of 21.8 million patients. An unauthorized user had access to AMCA’s payment system; the breach was not detected for eight months. The company is now in Chapter 11.
  • ZOLL Medical Corporation – more than 277,000 people affected during server migration.
  • FEMA – sensitive information about 2.3 million disaster victims shared with private contractor.
  • Verifications IO – over two billion unencrypted records in unprotected database. In this case, the company promptly took down its website and removed the exposed records.

There are five collections of stolen data on the dark web.Collection #1, “the mother of all data breaches” according to, has nearly three quarters of a billion email accounts, 87GBs of data containing two billion records. Collections 2-5 total about 25 billion records containing 2.2 billion unique usernames and passwords. Access to these collections costs $45.

In February, about 617 million stolen account details from 16 websites were put on sale; an additional 127 million accounts from eight websites was added later. According to McAfee, in the first quarter of 2019 over 2.2 billion stolen account credentials were mad available on the criminal underground.

Users can protect their data by being wary of phishing scams, checking online accounts, using strong security software and different passwords.

About the Author

Harry Cylinder

Harry Cylinder, CPCU, ARM has spent nearly fifty years in the insurance industry, the majority of the time as a consultant. He has been employed by The Beacon Group of Companies since 2008, specializing in the review and analysis of property and casualty coverage forms. Mr. Cylinder has been reviewing policy forms as they have evolved over the past decades. In 2008 he published an article in the CPCU Journal which was the first description of cyber insurance coverage for a general insurance audience. Since that time he has regularly written on cyber and other topics for The Beacon Companies’ blog.