Data Breaches Happened in 2018


Records Breached: 500 million

The travel and hospitality industry proved to be very vulnerable in 2018. In November, Starwood Hotels confirmed that up to 500 million hotel guests’ information had been stolen in a data breach. This was detected on September 10th. The breach was one of the largest in history after what happened on Yahoo. The problem of this data breach is that the cyber thieves didn’t just steal the general information like names, address or bank accounts information, they also got passport numbers, travel locations and arrival-departure dates. This information leads authorities to believe that these hackers are seeking to track the movements of diplomats, spies, military officials and business executives. It is believed that China could be behind the data breach.

British Airways

Records Breached: 380,000

Approximately 380,000 travelers who purchased plane tickets on the British Airways website and mobile app were robbed of their personal data in August, including their full credit card

information. Even though, British Airways did something good for its customers whereas many companies fail to notify their customers of breaches in a timely manner, British Airways quickly admitted to their cybersecurity follies, notifying affected customers as soon as possible and providing instructions for reaching out to their personal banks.


Records Breached: 150,000,000

The health-tracking App called MyFitnessPal has achieved incredible success since it was purchased by Under Armour in 2015 for over $475 million. That same success made it a desirable target for data hackers.

Cybercriminals hit the jackpot when they gained access to over 150 million usernames, emails and passwords in February of 2018. They only stopped for usernames or passwords, they aimed to get more sensitive information like credit card information and driver’s license numbers. In the first attempt, they couldn’t however hackers may take that information and use it to attempt to breach more valuable account since many people re-use the same passwords on different accounts.


Records Breached: 26,151,608

Hackers hit ticket merchant and EventBrite subsidiary TicketFly hard this year when they breached the names, addresses, phone numbers and email addresses of over 26 million customers. The breach was good news for some music lovers — several venues offered free shows after TicketFly was forced to temporarily shut down their website. However, TicketFly took major losses as they footed the bill.

Medicare and Medicaid

Records Breached: 75,000

Hackers gained access to in 2016, and 2018 by the infamous email hack of the Democratic National Committee. This site is known as the government’s Affordable Care Act enrolment website.

The Centers for Medicare and Medicaid Services moved swiftly to shut down the breached portal and provide credit protection to the 75,000 affected users — a relatively small portion of total users, but a major breach just the same.


Records Breached: 92,000,000+

Let’s check out one of the largest and most frightening breaches of the year, hackers stole over 92 million sensitive records from the DNA ancestry company MyHeritage.

MyHeritage maintains that no genetic data was stolen during the cyber-heist — cybercriminals were more interested in email addresses and passwords. However, the thought that cyber thieves could get their hands-on DNA gives us a glimpse into the kind of data hackers could gain access to in the future. With the rising popularity of DNA analysis websites and biometric recognition technology, the amount of digital biometric data in existence is higher than ever — and so are the chances of a major breach.


Records Breached: 30,000,000+

Today’s last shocked breach record coming from Facebook. Hackers gained access to over 30 million users’ records in September 2018. Rather than going for payment information or passwords, cybercriminals stole personal data such as names, relationship status, religion, birthdate, employers, search activity and check-in locations. Just what cybercriminals want with such data remains unclear, though it is reminiscent of Cambridge Analytica and other politically motivated data grabs.

What can we learn from the biggest hacks of 2018?

Cybersecurity experts declared that most data breaches are avoidable with a right protection. A combination of point-to-point encryption (P2PE) services, tokenization technology and careful employee cybersecurity training can provide a way to protect your company from becoming the next MyHeritage or Facebook.

Want to find out how you can protect your customers’ data from hackers? Bluefin offers P2PE and solutions that ensure sensitive payment data is protected the moment it enters your system.