10 massive Data Breach scandals of 2019 and how not to be the next victim

In 2019 the security of data remains a major issue. Even senior officials and large corporations are seeing the privacy and security of their confidential information violated. Let’s look at some of the most high-profile data breach scandals of 2019.

1. German politicians get exposed

One of the most high-profile data breaches took place in Germany on the 4th Jan 2019, where several politicians, including Angela Merkel, fell victim to a hacker. A 20-year-old man gained access to their contacts, emails and financial details and published the private information on his Twitter account, later admitting to having carried out the attack due to his annoyance at some of the statements the politicians had made.

The attack could have been avoided by using a multi-factor security system and regularly updating credentials.

2. Australian government suffers a cyber attack

The Australian government is investigating an attempt to hack into the parliament's computer network.

No data seems to have been stolen but all corporate passwords were reset.

3. Another security lapse in the Indian state government system

Aadhaar numbers of millions of Indian citizens are suspected to be an object of trade on the dark web market. This numbers themselves are not secret but serve as a means of identification and can be used to open a bank account, rent a car, buy a SIM card and more.

The leak is believed to be the fault of a loophole in the protection system responsible for its security rather than a direct breach.

4. A former NSA contractor stole terabytes of data

An ex-employee of the National Security Agency has pleaded guilty to stealing the largest amount of classified information in history. His guilty plea comes as part of a sentencing deal made with prosecutors and some of the charges have been dropped.

He is now awaiting sentencing.

5. Facebook’s data abuse

Facebook is infamous for violating its users’ privacy by sharing private information with third-party applications for native advertisement.

Despite Mark Zuckerberg admitting in 2019 that their data protection policy was erroneous and promising to increase security, a new scandal emerged.

The media discovered that the company’s founder was storing account passwords on the server without encryption, with thousands of employees theoretically having access to the data. Following the discovery, the company claims to have deleted everything.

Another case that was made public was that of the members of a restricted-access Facebook group for women with the Brca gene mutation. They found out that their details could be downloaded and used by third parties without their permission.

Facebook did not notify the users their data had been downloaded within the required 60 days and claimed that the users were responsible for the information they put on the website.

6. 14,000 people diagnosed with HIV had their data stolen

Another controversial event connected with data theft occurred in Singapore. Confidential information such as names and HIV-status were made public by an American who is believed to collaborate with his partner – the former head of Singapore's National Public Health Unit.

Taking into consideration how HIV-positive people are stigmatised in Singapore, the incident seems especially worrying.

7. 200 million Chinese CVs accessed through a third-party API

Millions of Chinese CVs have been stored on an Amazon cloud server without any proper protection and leaked through a third-party API. Now the hackers have access to the very detailed private information and educational and employment background of 200 million Chinese people, not to mention their passwords and contact information.

Cloud solutions are becoming more and more popular for data storage.

8. Mumsnet reports itself after an upgrade let some people see details of other accounts

A problem with an online forum for mothers occurred because of a poorly-designed update rather than a hacker attack. Nonetheless, it put the privacy of its users under threat.

Those who logged in at the exact same time could see other account holder’s real names, street addresses, email addresses and phone numbers.

An online resource for mothers facing such security problems might seem like no big deal. However, the privacy of users on this website is quite important since, aside from sharing advice about childcare and education, many women seek help from abuse, stalking and difficult life situations.

9. WordPress vulnerability issues

Recently WordPress released a new PHP update that is highly recommended for installation if your website runs on the WordPress CMS. Bugs in crafting the comment section have left the website vulnerable to cross-site scripting.

This vulnerability enables an attacker to place a third-party code on the page and gain access to private data through a same-origin policy concept .

10. Dating website’s privacy scandalised

The Coffee meets Bagel dating website was confirmed to have suffered a breach when the perpetrators gained access to names and email addresses. Such security negligence could easily undermine the website’s reputation.  

How you can keep your privacy secure and protect yourself from data leakage

• Personal recommendations:

1. Regularly update passwords to your e-wallets, online bank account and other valuable internet sources.
2. Do not use public networks and free WiFi connections while completing bank transactions via your mobile device.
3. Use your nickname and spare email address for social network registration. Considering how many data leaks have been announced lately, no one can be sure of their own privacy without protecting themselves accordingly.

Advice on the protection of confidential business data

1. Do not store credentials in easy-to-access files like Google spreadsheet and do not exchange them with colleagues via messengers and social platforms in writing.
In a pinch, use pictures (screenshots) and delete them asap from your chats.

2. Establish regular security checks as a necessity for your IT team. Some SaaS solutions, which detect potential vulnerabilities, can be a good bargain.

The faster you detect the threat, the better.

3. By using open-source software like WP, your business runs the risk of being among thousands of hacker’s victims. Choose secure software solutions or have one created to order by a professional team.

4. Stop using the BYOD (bring your own device) approach when it comes to corporate data. Migrate to the cloud with appropriate API protection or work with bespoke systems with additional security control.

Learn here how you can secure your app or software.

News From

Magora Systems
Category: Software Developers Profile: Here at Magora we design and develop digital products including mobile apps, websites and web applications. The two cornerstones upon which we build successful software are user-centered interaction design and scalable software architecture.