Stay informed about cyber awareness training topics and mitigate risk in your organisation.

The Biggest Data Breaches of 2019


about the author

As 2019 draws to a close, the year is ending with further news of data breaches hitting the headlines. Earlier in the year, the 2019 Midyear Quickview Data Breach Report stated that 2019 was on track to be the “worst year on record” for breach activity. With an increase of 54% in breaches over the last year and more than 4 billion records compromised, 2019 has had its share of some of the largest data breaches of all time.

Biggest Data Breaches of 2019


The year started with the announcement that over 200 million gamers worldwide were the victims of a data breach caused by multiple vulnerabilities in the online platform, Fortnite.

On January 16, 2019, Epic Games, creators of the Fortnite video game, declared that a flaw in Fortnite’s login system allowed hackers to impersonate players and purchase in-game currency using credit or debit cards on file with the account.

Epic Games acknowledged and fixed the issue but has since been hit with a lawsuit which alleges that the company has failed to notify affected users.


Back in February 2019, Evite, a social planning and e-invitations service disclosed an unauthorised party acquired an inactive data storage file holding information about the company’s users, including names, usernames, email addresses, passwords, dates of birth, phone numbers and mailing addresses. The breach is suspected to have impacted 100 million users.

Capital One

In March 2019, a data breach at Capital One resulted in the exposure of 106 million customer’s personal data. This data included names, addresses, dates of birth, credit scores, social security numbers and bank account numbers.

A server misconfiguration was blamed for the breach, which was classified as ‘one of the biggest data breaches ever’ and impacted around 100 million US customers and 6 million in Canada., an email validation service suffered a data breach exposing some 763 million records. The exposed data included email address, name, gender, IP address, phone number and other personal information. The breach was discovered by security researchers Bob Diachenko and Vinny Troia who came across an unprotected, publicly accessible MongoDB database containing 150 gigabytes of detailed marketing data.


Canva, a high-profile Australian web-design service experienced a database breach that exposed the personal data of roughly 139 million users, including email addresses, geographic locations, names, passwords, usernames, and financial data.

Users were notified by (HIBP) and Firefox Monitor of the security breach that occurred on the 24th May 2019.

First American

Real estate and title insurance firm, First American accidentally exposed more than 885 million sensitive documents online when data was improperly stored and made publicly accessible.

The information, which dated back to 2003, was available without any sort of protection and could be accessed without so much as a password if a person knew where to look.

The digital records which included bank account numbers and statements, mortgage and tax records, social security numbers, wire transaction receipts, and driver’s license images were made widely available on its website for anyone to access. Whilst there is currently no evidence to suggest the information was found or stolen, the scale of the data breach was a treasure trove for any scammer or identity thief and therefore very valuable.

First American said the vulnerability was a “design defect.”

Quest Diagnostics

In June, it was revealed that information belonging to up to 11.9 million Quest Diagnostics patients had been compromised.

AMCA, a billing collections partner, was at fault when a hacker was able to access the firm’s systems, which held sensitive bank account information and the medical details of 11.9 million patients. The incident was thought to have been caused by an internal supply chain security vulnerability.


In September, Ecuadorean officials launched an investigation into a data breach in which the personal data of up to 20 million people, more than the country’s population, was made available online.

The exposed data included personal information such as full names, dates of birth, national identity card numbers, tax identification numbers, employment information and the names of family members. Financial information was also leaked, including bank customers’ account status, balance, and credit type.

The security breaches that have made the headlines this year hold valuable lessons for future data protection within organisations. The damaging after effect of a data breach can be crippling for an organisation and the threat of exposed data can strike any business at any time. For that reason, it is vital that organisations take note from previous incidents and become better at protecting their large pools of data by focusing on basic security hygiene, practices, and training.

Mitigate Human Risk

MetaCompliance specialises in creating the best Cyber Security awareness training available on the market. Our products directly address the specific challenges that arise from cyber threats and corporate governance by making it easier for users to engage in Cyber Security and compliance. Get in touch for further information on how we can help transform Cyber Security training within your organisation.

you might enjoy reading these