Cyberattacks on IoT devices have surged 300% in 2019, due in large part to rapid adoption of IoT in combination with aging firmware and IT architectures. Many of these are unprecedented attacks and include seemingly impenetrable systems, including Apple’s iOS.
Vulnerable businesses and organizations are at greater risk than individual consumers due simply to the sheer volume and value of the data they store in their systems. The list of the most targeted industries for 2019 cyberattacks include healthcare, retail, financial services, insurance companies and the government.
The Leading Cause of Cyberattacks in 2019
Despite efforts to inform and educate users about the dangers of clicking on suspicious email links, allowing hackers to gain access to information systems, phishing scams continue to be the largest type of cyberattack.
With more than three-quarters of the year already in the history books, it appears that 2019 will continue the upward trend. Take a look at these five notable 2019 cyberattacks to see how they happened and who’s affected, and learn ways to protect yourself and your company in the future through improved cyber security efforts.
5. American Medical Collection Agency (AMCA)
When: May 2019
Number Affected: 25 million
Although revealed in May, the billing service vendor for the healthcare industry disclosed that its records were exposed to hackers between August 1, 2018 and March 30, 2019. About a dozen of its B2B customers have reported that their patient data was compromised as a result, and it’s still uncertain how many people were affected.
The type of information that was exposed included personal and financial data, as well as Social Security numbers and medical information. The large lab testing company, Quest Diagnostics, was among those affected with up to 12 million records being compromised. Others impacted include LabCorp, BioReference, Clinical Pathology Laboratories, Austin Pathology, Natera, CBLPath, South Texas Dermatopathology. Penobscot Community Health Center in Maine, and more.
The parent company of AMCA filed bankruptcy, and others involved are facing several lawsuits and investigations.
4. Citrix Systems, Inc.
When: March 2019
Number of Records: Unknown
The number of victims associated with the data breach at Citrix, an American-based multinational software company, is unknown. However, the company provides services to approximately 400,000 companies and other global organizations. Citrix discovered that hackers had intermittent access for roughly six months since October 13, 2018.
FBI and forensic examiners are conducting an investigation to determine the extent of the breach which may have included stolen names, Social Security numbers and financial information related to employees, beneficiaries and dependents.The company believes the hack resulted from a technique known as "password spraying" which gains access by scanning systems and infiltrating them using commonly used, weak passwords. This simple tactic emphasizes the importance of using strong passwords.
3. Capital One
When: July 2019
Number Affected: 106 million
In its marketing campaigns, the banking and credit card giant, Capital One, asks its customers, “What’s in your wallet?” Now tens of millions of those customers have questions of their own surrounding just how much of their personal information was made available to and distributed by a hacker who used to work for Amazon.
Considered one of the largest financial institution hacks in history, Capital One admits that Social Security numbers, banking transactions and balances, credit scores and addresses were stolen. Credit card numbers, however were apparently not compromised, according to the company.
The Seattle-based hacker faces up to five years in prison and a $250,000 fine if convicted.
When: April and September 2019
Number Affected: 419 million - 540 million
While still reeling from the fallout of the Cambridge Analytica scandal that was discovered in 2018, Facebook confirmed in April that more than 540 million records showed up in plain sight after accidentally being posted publicly as plain text on Amazon’s cloud computing servers.
Then in September, despite Facebook’s announcement that it was making security improvements by restricting access to data, 419 million records including unique Facebook IDs and phone numbers were found to be unprotected by any password at all. This latest incident increases the risk of spam calls and SIM-swapping attacks on users’ smartphones — a tactic that relies on tricking cell carriers to transfer phone numbers to a hacker.
1. First American
When: May 2019
Number of Records: 885 million
Potentially the second-biggest data breach in history took place at the largest real estate title insurance company in the United States, First American. At nearly 900 million compromised records, it falls in line only behind Yahoo!’s hack in 2013 that impacted 3 billion accounts.
The ongoing data leak at First American reportedly involved mortgage documents dating back to 2003 and included personal identifying information, bank account numbers, driver’s licenses, Social Security numbers, tax records and other stolen information.
What makes the massive leak unique is that it wasn’t discovered by tech-savvy security experts, but by a real estate developer, Ben Shoval. By merely changing a single digit in the URL, he noticed he could access sensitive documents belonging to others. Making the incident even more egregious is that he first tried bringing it to the attention of First American which ignored his warnings. Knowing the gravity of the issue, he then reported it to Brian Krebs, an investigative journalist specializing in cybercrime.
With each cyberattack, the importance of timely upgrades and security patches becomes more evident. Continued vigilance by employees and training to help them recognize potential phishing scams, ransomware attacks, cybercriminal tactics and security best practices can help mitigate the risks significantly.
We’ve developed a helpful cybersecurity tip sheet that should be required reading for everyone within arm’s reach of a computer in your organization. Be sure to click the link below (we promise it’s a safe one!) for your free copy.
If you’d like help securing your data, reach out to the Gordon Flesch Company. We’ve got the expertise, tools and technology to help provide the most robust security possible through Managed IT, Enterprise Content Management systems and a dedicated team that monitors activity 24/7.