Data Disasters: The Biggest Security Breaches of 2018

Every year, companies discover just how easy it can be to fall victim to security breaches. Here, we break down the biggest breaches of 2018...

Andrew Bentley


Every year, companies discover just how easy it can be to fall victim to security breaches.

As organisations continue to handle bigger amounts of data and we all spend more time online than ever before, it’s becoming increasingly difficult for companies to keep their information safe. In 2018, everyone from social media giants to government agencies proved that no matter how big or small you are, you still need the right data protection services to defend you.

Even though GDPR arrived in 2018 to change the way companies manage the private data they collect about their consumers, the year was still full of scandals and security issues that left consumers questioning who they could trust. Here are some of the biggest breaches of 2018.

1.     The Facebook Scandal

Probably the biggest and most shocking of all the security scandals we saw last year was the Facebook Cambridge Analytica breach. In March 2018, the New York Times and the Guardian revealed that political consulting firm Cambridge Analytica had unlocked information in 87 million Facebook accounts without user knowledge. This information was then sold to the Donald Trump election campaign in 2016.

Although the data shared by Facebook was said to come from the answers given by customers using a quiz app, we quickly discovered that it wasn’t just the quizzers that lost their privacy. Through a loophole in the Facebook API, everyone connected with someone who took the quiz also got burned.

2.     PumpUp

While few security breaches can match the size of the Facebook scandal, fitness application PumpUp shocked a consumer base of over 6 million customers when they left their backend server with no password protection whatsoever. Anyone who came across the server would be able to access sensitive customer data, including private messages, photos, and even health information. There was even some unencrypted credit card data available.

Information about the security issue was revealed to ZDNet. The owners of ZDNet reached out to PumpUp, who didn’t respond to the message but did quietly secure their server at the backend.

3.     Exactis Exposure

Another insight into the importance of data protection services, Exactis exposed nearly 230 million American accounts and 110 million businesses exposed to breaches in June 2018. Researchers discovered that the marketing firm had stored millions of crucial and private files on a public server that was open for anyone to access.

Two terabytes of information into businesses and people, including very personal details about individuals was available on the internet for an extended period before Exactis noticed the problem and addressed it. If you think that companies would see a data breach quickly, this report suggests that it takes 191 days on average for a business to realise that their data is exposed.

4.     Marriott’s Hacked Hotels

Security breaches of any size can be detrimental to your business – harming your reputation and making it harder for your customers to trust you. However, when your security scandals are as extreme as Marriott’s, you clearly have a serious problem. The well-known hotel company lost control of data for over half a billion people in November of 2018.

Hackers potentially connected to Beijing walked off with almost every data point for 327 million accounts at the end of the year, including their passport number, communication preferences, payment card numbers and more. Another 173 million guests only had some basic information shared, like their name, mailing address, or email address.

5.     Under Armour

Under Armour, one of the world’s best-known fitness apparel companies discovered that they needed better protection last year after 150 million of their records were breached. Someone managed to gain access to the MyFitnessPal server, and find information about usernames, email addresses, and passwords. The good news is that unlike with most security breaches, payment information was not revealed in this scandal, as payments were processed outside of the app.

While private payment details and social security numbers remained safe, there were still many customers left questioning their relationship with Under Armour after their information was compromised.

6.     Google’s Data Dive

Finally, one of the world’s most popular companies in the world proved that even the biggest giants could suffer from security scandals last year. The business revealed that it’s rather unpopular social network “Google+” had been accessed by a potential hacker in October. Google only fessed up to the security breaches after the Wall Street Journal revealed that the search engine company had discovered a bug that might have exposed data back in 2015.

Perhaps the biggest problem for Google wasn’t the fact that they had experienced a data breach – but that they failed to own up to their issues. In December, the company uncovered another security breach in a Google+ API that left 52.5 million users exposed for nearly a full week. Google this time only waited a month to alert users about the issue.

Make sure you don’t end up like these security scandals. Reach out to Nice Network today to invest in the data protection services that are best for you.