Canva confirmed the incident, notified users, and prompted them to change passwords and reset OAuth tokens. The breach allowed access to private information of Aadhaar holders, exposing their names, their unique 12-digit identity numbers, and their bank details. Guests staying at any of the Starwood brand's hotels, including W Hotels, St. Regis, Sheraton, Westin, Element, and Aloft, on or before September 10, likely had their data exposed. In September 2017, Equifax, one of the three largest consumer credit reporting agencies in the United States, announced that its systems had been breached and the sensitive personal data of 148 million Americans had been compromised. Date: early 2018 (this is when a Cambridge Analytica whistleblower disclosed the story). According to the company, approximately 10 percent of its customers used the compromised connection, but have since been asked to reinstall a newly issued certificate. One of the most controversial elements of this breach was that users did not appreciate or consent to the political usage of data from a seemingly-innocuous lifestyle app. The attack wasnt discovered until December 2020. Survey Key Findings from the Insider Data Breach Survey April 10, 2021:A database containing 1.3 million scraped Clubhouse userrecords were leaked for free on a popular hacker forum. These events have earned Experian the reputation of suffering one the biggest data breaches in the financial services sector. Adult video streaming website CAM4 has had its Elasticsearch server breached exposing over 10 billion records. 56.7% of Wayfair orders are completed through the app, Wayfair adds about 100 new items on its website each month, In February 2021, Wayfair.com received 91.8 million views. returns) 0/30. Feb. 19, 2020. To prove they weren't bluffing, Conti published 11,000 records on the dark web, which according to the Russian cybercriminals, represents just 1%of the total records that were stolen. Wayfair, like most online retailers, saw a huge boom in revenues during the pandemic. The full dataset included personally identifiable information (PII) like names, email addresses, place of employment, roles held and location. The data was scraped in a vulnerability that the company patched in 2019, and includes users phone numbers, full names, location, email address and biographical information. British Airways, Marriot, and Ticketmaster all penalized for failing to manage customer data. The data was dumped in two waves, initially exposing 500 million users, and then a second dump where the hacker "God User" boasted that they were selling a database of 700 million LinkedIn. Learn why cybersecurity is important. April 6, 2021: Over 500 million LinkedIn user profiles were discovered on the Dark Web. The cybercriminals then sent a very convincing phishing email to this entire customer list claiming that a critical security incident occurred, requiring an urgent download of a patched version of the Trezor app. Because passwords are usually recycled, this gave them instant access to a swathe of active Zoom accounts. More than 150 million people's information was likely compromised. The disclosed data includes COVID-19 vaccination statuses, social security numbers and email addresses. The breach included email addresses and salted SHA1 password hashes. January 26, 2021: VIPGames.com, a free gaming platform, exposed over 23 million records for more than 66,000 desktop and mobile users due to a cloud misconfiguration. This is the largest compilation of data from multiple breaches, which is where the name Compilation of Many Breaches or COMB comes from. Macy's, Inc. will provide consumer protection services at no cost to those customers. The information that was leaked included account information such as the owners listed name, username, and birthdate. The breach was disclosed in May 2014, after a month-long investigation by eBay. However, data breach investigators BleepingComputer managed to successfully convert the hashed passwords of numerous accounts to plain-text using online MD5 cracking tools. The breach contained 112 million unique email addresses and PII such as names, birthdates and passwords stored as MD5 hashes. The stolen information included encrypted passwords and other personal information, including names, e-mail addresses, physical addresses, phone numbers and dates of birth. In 2022, it was responsible for about 1.5% of all e-commerce sales in the country. Three years of payout reports for creators (including high-profile creators. WAYFAIR INC. CONSOLIDATED STATEMENTS OF OPERATIONS (Unaudited) Three Months Ended December 31, Year Ended December 31, 2020 2019 2020 2019 (in thousands, except per share data) Net revenue $ 3,670,851 Follow Trezors blog to track the progress of investigation efforts. Due to varying update cycles, statistics can display more up-to-date The UK's Information Commissioner's Office (ICO) issued more than 42 million ($59m) worth of fines in 2020 to companies that breached data protection and privacy regulations. Mailchimp fell victim to a data breach after cybercriminals gained access to a tool used by internal customer support and account administration teams following a successful social engineering attack. Protect your sensitive data from breaches. The data included the following: The hacker scraped the data by exploiting LinkedIn's API. The exposed database contains order information for over 7 million customers, including addresses, phone numbers and account information for 1.8 million registered customers, and 3.5 million partial credit card records. The program was installed in the point-of-sale machines and was designed to take credit-card information, but not personal information, the company said. Data accessed in the breach included travel details email addresses as well as the complete credit card details of 2,208 customers. Amazon had shifted from selling books and buying single product websites to the Everything store, like an online Walmart. Wayfairs active users have been in steady decline since Q1 2021, but the 27.3 million in Q4 2021 is still higher than it was the start of the pandemic. Most of the damages included payments to affected individuals, credit card companies, banks, and lawsuits. Though this breach did not directly expose financial information, if compromised users recycled their Paypal passwords when signing up to 123RF, theyre at a high risk of suffering financial theft. A highly sophisticated cyber attack breached exposed the data of 9 million easyJet customers. The chain department store alerted customers that the information affected includes names and contact information; payment card numbers and expiration dates (without CVV numbers);Neiman Marcusvirtual gift card numbers (without PINs); and usernames, passwords and security questions and answers associated withNeiman Marcusonline accounts. The information gathered by the third party includes patient names, addresses, dates of birth, medical record numbers, patient identification numbers, health insurance information and some clinical information related to the healthcare services provided by UNM Health. Objective measure of your security posture, Integrate UpGuard with your existing tools. In July 2013, Capital One identified a security breach of its customer records that exposed the personal information of its customers, including credit card data, social security numbers, and bank account numbers. Yahoo forced all affected users to change passwords and to reenter any unencrypted security questions and answers to re-encrypt them. Start A Return. The attack allowed access to personal information includingnames, insurance policy numbers, Social Security numbers, dates of birth and bank account numbers. To access the fraudulent app, users needed to submit their recovery seed - a list of ordered words used to recover access to a crypto wallet. 5,000 brands of furniture, lighting, cookware, and more. The hacker was running a business selling Personal Identifiable Information and was selling the credit card numbers and social security numbers he had accessed in the breach. Connected social media account login names, Seven years worth of credit card payment history, Descriptions of what members were seeking. After being ignored, the hacker echoed his concerts in a medium post. 2020, meanwhile, brought unexpected challenges, as Covid-19 spurred sudden shifts in standard operating . This cyber incident highlights the frightening sophistication some phishing attackers are capable of. March 3, 2021: Cybercriminals have targeted four security flaws in Microsoft Exchange Server email software. The data leaks impacted American Airlines, Microsoft, J.B. Hunt and governments of Indiana, Maryland and New York City. Mailfire, an email marketing software used by adult dating sites and ecommerce websites, had its database breached exposing personal user records from over 70 websites. Amazon began investigating the breach on the day it was disclosed to them with the third-party company involved shutting down the database on 8 February. The best of the best: the portal for top lists & rankings: Strategy and business building for the data-driven economy: Wayfair operating expenditure 2012-2021, by type, U.S. furniture e-retail revenue 2017-2025, Net revenue of Wayfair worldwide from 2012 to 2021 (in million U.S. dollars), Net revenue of Wayfair from 2013 to 2021, by region (in million U.S. dollars), Wayfair direct retail net revenue 2013-2020, Direct retail net revenue of Wayfair worldwide from 2013 to 2020 (in million U.S. dollars), Operating expenses of Wayfair from 2012 to 2021, by type (in million U.S. dollars), Annual net income/loss of Wayfair from 2012 to 2021 (in million U.S. dollars), Number of Wayfair employees from 2014 to 2021, Number of active Wayfair customers from 2013 to 2021 (in millions), Annual number of orders delivered by Wayfair from 2013 to 2021 (in millions), Online purchases by brand in the U.S. 2022, Online purchases by brand in the U.S. in 2022, Leading U.S. retailers 2021, by e-commerce sales, Leading U.S. companies ranked by retail e-commerce sales in 2021 (in billion U.S. dollars), Biggest online retailers in the U.S. 2022, by market share, Market share of leading retail e-commerce companies in the United States as of June 2022, United States: Top 10 Furniture & Appliances online stores, Top online stores in the Furniture & Appliances segment in the U.S. in 2021, by e-commerce net sales (in million U.S. dollar), United States: top furniture and home goods retailers 2021, by sales, Sales of selected furniture and home goods retailers in the United States in 2021 (in billion U.S. dollars), Share of U.S. shoppers planning to shop at other retailers during Prime Day 2021. April 24, 2021: A database containing the personal details of over 5.6 million users of thepopular music instruments online marketplace Reverb was discovered after it was leaked into the Dark Web. The compromised data included usernames and PINS for vote-counting machines (VCM). Wayfair had its first decline in annual revenue in 2021, after eight years of increases. In mid 2012, Dropbox suffered a data breach which exposed 68 million records that contained email addresses and salted hashes of passwords (half SHA1, half bcrypt). How UpGuard helps tech companies scale securely. Experian suffered another breach in 2020, when a threat actor claiming to be Experian's client convinced staff to relinquish customer information for marketing purposes. Learn more about the latest issues in cybersecurity. When the exposure was reported, Pegasus Airlines didnt find evidence of data compromise. Cost of a data breach 2022. The 204 GB leaked database was not password protected and included visitor and session IDs, device information, configuration data, as well as multiple records for medications, including COVID-19 vaccines and CVS products. IdentityForce has been protecting government agencies since 1995. LinkedIn claims that, because personal information was not compromised, this event was not a 'data breach but, rather, just a violation of their terms of service through prohibited data scraping. The hackers published a sample containing 1 million records to confirm the legitimacy of the breach. In February 2015, a single user at an Anthem subsidiary clicked on aphishing emailwhich gave attackers access to names, addresses, dates of birth, and employment histories of current and former customers. Note: This post will be continuously updated with new information as additional 2021 data breaches are reported. Wayfair annual orders declined by 16% in 2021 to 51 million. A security researcher discovered a file on a private server containing email addresses and encrypted passwords.