The Biggest Data Breaches of 2019
Published on: 17 Dec 2019
Last modified on: 23 Jul 2025
As 2019 draws to a close, the year is ending with further news of data breaches hitting the headlines. Earlier in the year, the 2019 Midyear Quickview Data Breach Report stated that 2019 was on track to be the “worst year on record” for breach activity. With an increase of 54% in breaches over the last year and more than 4 billion records compromised, 2019 has had its share of some of the largest data breaches of all time.
Biggest Data Breaches of 2019
Fortnite
The
year started with the announcement that over 200 million gamers worldwide were
the victims of a data breach caused by multiple vulnerabilities in the online
platform, Fortnite.
On
January 16, 2019, Epic Games, creators of the Fortnite video game, declared that
a flaw in Fortnite’s login system allowed hackers to impersonate players and
purchase in-game currency using credit or debit cards on file with the account.
Epic
Games acknowledged and fixed the issue but has since been hit with a lawsuit
which alleges that the company has failed to notify affected users.
Evite
Back in February 2019, Evite, a social planning and
e-invitations service disclosed an unauthorised party acquired an inactive data
storage file holding information about the company’s users, including names,
usernames, email addresses, passwords, dates of birth, phone numbers and
mailing addresses. The breach is suspected to have impacted 100 million users.
Capital One
In March 2019, a data breach at Capital
One resulted in the exposure of 106 million customer’s
personal data. This data included names, addresses, dates of birth, credit
scores, social security numbers and bank account numbers.
A server misconfiguration was blamed for the breach, which
was classified as ‘one of the biggest data breaches ever’ and impacted around
100 million US customers and 6 million in Canada.
Verifications.io
Verifications.io, an email validation service suffered a
data breach exposing some 763 million records. The exposed data included email
address, name, gender, IP address, phone number and other personal information.
The breach was discovered by security researchers Bob Diachenko and Vinny Troia
who came across an unprotected, publicly accessible MongoDB database containing
150 gigabytes of detailed marketing data.
Canva
Canva,
a high-profile Australian web-design service experienced a database breach that
exposed the personal data of roughly 139 million users, including email
addresses, geographic locations, names, passwords, usernames, and financial
data.
Users were notified by haveibeenpwned.com (HIBP) and Firefox Monitor of the security breach that occurred on the 24th May 2019.
First American
Real estate and title insurance firm, First American accidentally exposed more than 885 million sensitive documents online when data was improperly stored and made publicly accessible.
The information, which dated back to 2003, was available
without any sort of protection and could be accessed without so much as a
password if a person knew where to look.
The digital records which included bank account numbers and
statements, mortgage and tax records, social security numbers, wire transaction
receipts, and driver’s license images were made widely available on its website
for anyone to access. Whilst there is currently no evidence to suggest the
information was found or stolen, the scale of the data breach was a treasure
trove for any scammer or identity thief and therefore very valuable.
First American said the vulnerability was a “design defect.”
Quest Diagnostics
In June, it was revealed that information belonging to up to
11.9 million Quest Diagnostics patients
had been compromised.
AMCA, a billing collections partner, was at fault when a
hacker was able to access the firm’s systems, which held sensitive bank account
information and the medical details of 11.9 million patients. The incident was
thought to have been caused by an internal supply chain security vulnerability.
Ecuador
In September, Ecuadorean officials launched an investigation
into a data breach in
which the personal data of up to 20 million people, more than the country’s
population, was made available online.
The exposed data included personal information such as full
names, dates of birth, national identity card numbers, tax identification
numbers, employment information and the names of family members. Financial
information was also leaked, including bank customers’ account status, balance,
and credit type.
The security breaches that have made the headlines this year hold valuable lessons for future data protection within organisations. The damaging after effect of a data breach can be crippling for an organisation and the threat of exposed data can strike any business at any time. For that reason, it is vital that organisations take note from previous incidents and become better at protecting their large pools of data by focusing on basic security hygiene, practices, and training.
Mitigate Human Risk
MetaCompliance specialises in
creating the best Cyber
Security awareness training available on the market. Our products directly
address the specific challenges that arise from cyber threats and corporate
governance by making it easier for users to engage in Cyber Security and
compliance. Get in touch for further
information on how we can help transform Cyber Security training within your
organisation.