April 7, 2017

March was biggest month for compromised data yet with 1.4B exposed email addresses

With over 1.45 billion compromised accounts, emails, social security numbers, dates of birth, and other data types, March was the biggest month for exposed data this year.  

Seventeen companies reported data breaches in March, totaling 1,449,373,000 breached accounts. Major companies, including Saks Fifth Avenue, Coupa, and McDonald’s (Canada), experienced data loss. However, according to email marketing organization River City Media’s public reports, the organization took the biggest hit with 1.4 billion exposed email addresses. That’s over 96% of the total breached accounts for the month.

River City Media’s case highlights a very important point all individuals should know about data loss in today’s world: while any exposed data could spell trouble for the individual to whom it belonged, not all data loss or exposure is due to a malicious attack.

Sometimes companies make mistakes

There are a number of ways in which data is exposed that do not involve a nefarious actor breaking into a company’s systems and leaving with sensitive information.

Sometimes companies themselves have security vulnerabilities, misconfigured servers, or other problems that leave data open and unprotected. In the case of River City Media, the company reported that the email addresses were stored in a database that was improperly secured, thereby exposing the data for anyone to access.

Because these issues can go unnoticed for an unknown amount of time, the company may not know if anyone accessed that data during that period of time. Either way, a company will likely send an alert out to its customers.

Sometimes employees make mistakes

Another way companies might experience a non-malicious data breach is if an employee accidentally exposes  the data. For example, last month a Boeing employee accidentally emailed a spreadsheet to his spouse that contained sensitive personal information of 36,000 Boeing employees. Boeing reported this as a data breach because, while non-malicious, it still exposed confidential data.

It doesn’t matter how it’s exposed, breached data is still a problem

Whether an attacker steals the information or it’s leaked through other means, stolen data could still spell trouble for the impacted individual who used that service. In March, the top types of compromised data were (in order):

  1. Individuals’ names
  2. Dates of birth
  3. Email addresses
  4. Social security numbers

When used together, these pieces of information could lead to identity theft problems if the data landed in the wrong hands.

Stay up to date on the latest data breaches with Breach Report. Upgrade to Lookout Premium today to receive timely notifications about breaches that impact industries, companies, or even services you use.

Don’t already have Lookout? Download it today.

One comment
  1. Sandra Latta says:

    Everyone make it hard to sign in when they have had the same address and password and phone number for years

Leave a comment