Enough Is Enough: 2018 Has Seen 600 Too Many Data Breaches

9 min readJul 24, 2018

Well folks, we all breathed a sigh of relief after the tumultuous year of 2017 drew to a close, but 2018 might prove to be just as tiringly eventful.

So much has already happened this year, although it’s been a mix of good and bad: a government shutdown, a royal wedding, another World Cup, the GDPR…

…Oh yeah — and over 600 data breaches.

The rate of occurring data breaches is on the rise — last year saw a landmark total of almost 1,300, and this disturbing trend is only expected to reach new heights in 2018.

In fact, according to The Identity Theft Resource Center, we’ve already seen over 22 million records exposed so far this year, and it’s only July.

Although some breaches made a bigger splash in the news than others (hello, Facebook), you might be surprised how many large-scale breaches there were that didn’t actually make major headlines.

What’s more, you might be surprised how many of those breaches could have affected YOU, because almost 50% of this year’s breaches were of businesses related to retail, tourism, transportation, utilities, and other professional services that most of us use on a regular basis.

Are you taking precautions online to protect your data? Will you be ready the next time you turn on the news and hear about a breach?

Did You Get Your Britches in a Wad Over These 5 Major Data Breaches?

Although there have been a lot more than five so far this year, let’s look at five major data breaches that might have hit close to home. If you shop online, use your card at restaurants, or get on social media, you may want to pay attention.

1. Under Armour

In March, Under Armour’s nutrition logging app, called MyFitnessPal, was targeted in what is now considered one of the largest cyberattacks of all time.

The breach affected roughly 150 million app users, and exposed sensitive data such as usernames, email addresses, and hashed passwords.

The company announced the massive breach in a statement on March 29th, 2018, only four days after discovering the incident. They then notified its users through an email that explained the extent of the breach as well as specific steps the company was taking in order to resolve the issue.

“We are working with leading data security firms to assist in our investigation. We have also notified and are coordinating with law enforcement authorities.”

The investigation into this breach is still ongoing but, in the meantime, users are asking, “Was I targeted by this breach?”

The answer is yes: all users are being asked to update their MyFitnessPal password. If you’ve used the same username/password on any other accounts, make sure to update those as well.

2. Saks Fifth Avenue, Lord & Taylor

April started out with the news that the notorious, billion-dollar hacking syndicate, known as Fin7, obtained credit and debit card numbers from over five million customers who shop at Saks Fifth Avenue and Lord & Taylor.

According to Gemini Advisory — the cybersecurity research firm who discovered the breach — the entire network of Lord & Taylor and 83 Saks Fifth Avenue locations had been compromised throughout a window of May 2017 to March 2018.

What’s more, roughly 125,000 of those records have been released for sale on the Dark Web, with thousands more likely to be available for sale in the future.

Such a large-scale breach as this one is going down in the books as one of the most vicious to have hit the retail industry.

3. Facebook

You probably saw this scandal pop up in several different newsfeeds in April, because it was possibly the most talked-about breach in 2018 after Facebook CEO Mark Zuckerberg was put on the hot seat for his company’s huge mistake.

Although Facebook was initially made aware of a major data breach back in 2015, it wasn’t until a Facebook employee blew the whistle on the company that things really started to happen. News came out that Cambridge Analytica had been collecting private information from almost 87 million Facebook users for political research, and a long and messy investigation was opened that exposed Facebook for the many flaws in its data privacy.

For a company with over two billion users worldwide, it was a detrimental oversight to have a flawed search function (which exposed profile information of many users) and then to have failed to notify the Federal Trade Commission upon first discovering the breach in 2015.

Even after Zuckerberg testified in court and Facebook eventually tightened their privacy policy, many users are still wondering if Facebook really takes data privacy seriously.

If you missed this story when it happened, be sure to read more about it here and also update your privacy settings on Facebook (if you haven’t already).

4. Panera

Also in April, it was made public that panerabread.com — the website of the well-known bakery chain by the same name — had been leaking millions of customer records for at least eight months before being resolved. Exposed information included customer names, email addresses, mailing addresses, birthdays, and even the last four digits of credit card numbers.

A security researcher named Dylan Houlihan discovered the extensive leak back in August 2017, but when he notified Panera of the breach, his warnings were dismissed and no action was taken by the company. For eight months the data breach remained unresolved, so finally the researcher went public with his discovery and Panera Bread was forced to take action.

You may have noticed in April that Panera’s website was down for maintenance and enhancements — that was the leakage finally being addressed.

Houlihan, who was personally affected by the breach, noted that Panera’s extensive breach — although serious — is just another example of “a much larger issue with security reporting and compliance.”

And it’s true — Panera’s breach is just one from the staggering list of 2018’s data breaches so far.

5. My Heritage

2018’s data breach trend continued into June when MyHeritage, a geneology and DNA testing company, released a statement that a major data breach had occurred.

The company disclosed that a security researcher had discovered an Internet file on a private server outside of MyHeritage, which contained the email addresses and hashed passwords of all users who had signed up until October 26, 2017.

This data breach is estimated to have affected 92 million MyHeritage users.

MyHeritage stated that it had no reason to believe any other data had been compromised, and it immediately notified all users and encouraged them to update passwords.

In addition, the company is working hard to enforce a two-factor authentication option that will be available to all users.

Since Companies Aren’t, We Have to Protect Ourselves

The danger of someone hacking into a company database and stealing sensitive information is nothing new — we’ve seen it happen enough times and it’s common knowledge to most that it’s a very real danger that needs to be taken into consideration for companies who collect consumer data.

But if it’s common knowledge, then why aren’t companies taking data privacy seriously?

Already this year, billions of people around the world have had their sensitive information stolen or exposed.

And these aren’t consumers who are blatantly posting their social security numbers on Instagram or sharing boomerangs of their credit cards — they’re just everyday, normal people who one day decided to stop at a Panera for lunch, or who wanted to track their calories through an app in order to meet a weight goal, or who enjoy connecting with their far-away friends through Facebook chats.

What else needs to happen before companies start putting data privacy at the top of their list of priorities?

And how many more years of breaches until consumers can feel confident that their data is being kept safe?

Major U.S. companies are finding themselves under attack because the data protection tactics that they put into place either have major faults that allow easy access to hackers or the process they go through after notice of a breach is slow and incompetent.

That might sound harsh, but it’s true:

Facebook’s data breach didn’t even begin moving towards an actual resolution until 2018 — three whole years after the company became aware of the breach. And Panera Bread was knowingly leaking millions of customer records for at least eight months before resolving the issue.

After 2017’s huge spike in data breaches, we still seem to be following the same trend into 2018.

And you know what? This means it’s probably about time we everyday consumers took matters into our own hands and readied ourselves for future breaches.

Was Your Data Exposed?

As more and more aspects of our lives become ingrained into technology, the risk and dangers of our data becoming exposed steadily increases.

What’s more, the future of data privacy and big companies isn’t looking very promising. (Not at this rate, anyway.)

Apparently, in 2018 you can’t even update your status or order a turkey sandwich without putting your personal data at risk.

So if you’ve already found yourself a victim of a data breach or if you’d like to be prepared for any future incidents, there are steps you can take to both avoid this happening in the first place and, if it still ends up happening, ease any detrimental consequences.

Take steps to protect yourself against data exposure:

  1. Before you sign up to anything and put in your sensitive information, take a look at the company’s privacy policy and find out what they’re doing with the different data you are giving them.
  2. For any apps or online sites that you’re already a part of, be sure to revisit their privacy policy and double check to see if you need to update your privacy settings.
  3. Remember that data is money — and companies will do a lot to get their hands on it. So don’t take it lightly when a social media platform that you’re interested in starts asking too many questions about yourself.
  4. If you suspect that a company is not respecting the privacy of your data, then raise awareness of the issue… as we’ve seen from this year’s data breaches, making things public and getting support is a good tactic to force a company into seeking out a resolution.

These are just some basic steps you can take in order to protect your personal data from becoming exposed or stolen. However, sometimes data breaches are truly out of our hands.

If you receive notice from a company that your information was potentially exposed or misused, the Federal Trade Commission has laid out some basic steps to take in order to prevent any major damage.

What to do when you’re notified of a breach:

  1. If your online login or password was exposed, then immediately update your password on the site that was breached as well as any other sites where you may have used the same login.
  2. If your credit or debit card information was exposed, then contact your bank to put a freeze on the account and immediately dispute any unknown charges.
  3. If your social security number was exposed, consider placing a credit freeze or, at the very least, a fraud alert. Additionally, you should check for any unfamiliar accounts or inquiries from your credit report.

Unfortunately for the U.S., we don’t currently have one single principal data protection legislation to make this adventure-filled journey through a data-run world simple or easy. Instead, we have various patchwork regulations that leave a lot of loopholes and questions for business entities and individual consumers.

This is why it’s more important than ever to stay educated on data privacy, and to always be aware of what kind of information you are putting out as well as where you are putting information out.

Hopefully, as time goes on, businesses will pick up the pace with knowing how to protect the data of their consumers. Until then, we might just tread very carefully and be prepared with defenses as we continue on through 2018.

Liked what you just read?

Do you share our vision of making life easier for people WITHOUT compromising their privacy?

➞ Click the 👏 below to CLAP for this piece.

SHARE our story with people you think will benefit from it.

➞ Get the latest updates — FOLLOW our blog, Reddit, Facebook, or Twitter.

We’re working hard to bring you great content. If you have something you want us to write about, let us know in the comments below!

Written by: Rebecca Nanako Juchems




We're AXEL, asking the hard questions on who's doing what with YOUR data. www.axel.org