Stay informed about cyber awareness training topics and mitigate risk in your organisation.

The scariest security horror stories of 2019

Security horror stories 2019

about the author

Halloween is right around the corner, but witches, goblins and ghouls aren’t the only things causing a fright this month. Organisations continue to be haunted by the threat of poisoned ransomware, devilish security breaches, and phantom phishing. The fears are reasonable considering the total annual cost of cybercrime for a company has jumped from $11.7 million in 2017 to a record high of $13 million.

Although cyber awareness should remain a priority all year round, it is perhaps apt that October also marks National Cyber Security Awareness Month. The month-long public awareness campaign launched by the United States Department of Homeland Security (DHS) aims to raise awareness about Cyber Security.

As 2019 comes to an end, the proportion of UK firms reporting a breach has increased and 3.4 billion fake emails are sent every day. This year has already been a devastating time for thousands of organisations and individuals with cyber-attacks wreaking havoc around the world.

Here’s our pick of the scariest cyber incidents of 2019, so far:

Capital One

In March 2019, a data breach at Capital One resulted in the exposure of 106 million customer’s personal data. This data included names, addresses, dates of birth, credit scores, Social Security numbers and bank account numbers.

A server misconfiguration was blamed for the breach, which was classified as ‘one of the biggest data breaches ever.’


Canva, a high-profile Australian web-design service experienced a database breach that involved exposing the personal data of roughly 139 million users, including email addresses, geographic locations, names, passwords, usernames, and financial data.

Users were notified by (HIBP) and Firefox Monitor of the security breach that occurred on the 24th May 2019.

First American

Not all data security incidents are breaches. Real estate and title insurance firm, First American accidentally exposed more than 885 million sensitive documents online when data was improperly stored and made publicly accessible.

The information, which dated back to 2003, was available without any sort of protection and could be accessed without so much as a password if a person knew where to look.

The digital records which included bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and driver’s license images were made widely available on its website for anyone to access. Whilst there is currently no evidence to suggest the information was found or stolen, the scale of the data breach was a treasure trove for any scammer or identity thief and therefore very valuable.

Quest Diagnostics

In June, it was revealed that information belonging to up to 11.9 million Quest Diagnostics patients had been compromised.

AMCA, a billing collections partner, was at fault when a hacker was able to access the firm’s systems, which held sensitive bank account information and medical details. The incident was thought to have been caused by an internal supply chain security vulnerability.


In September, Ecuadorean officials launched an investigation into a data breach in which the personal data of up to 20 million people, more than the country’s population, was made available online.

The exposed data included personal information such as full names, dates of birth, national identity card numbers, tax identification numbers, employment information and the names of family members. Financial information was also leaked, including bank customers’ account status, balance, and credit type.

The unsecured database was owned by small data analytics firm named Novaestrat and discovered by security researchers Noam Rotem and Ran Locar of vpnMentor.

Cyber Security is a Scary Business

Scary side of Cyber Security

With such alarming statistics, there’s no doubt that Cyber Security can be a scary business. Like it or not, the deep dark web is full of sinister spies who love nothing more than tricking you out of your data, causing a costly data breach and disastrous reputational damage.

Your employees are your first line of defense against cybercrime so it’s vital they are equipped with all the knowledge and skills they need to protect your organisation. A comprehensive Cyber Security Awareness program is the best way to educate staff and create a security-first culture.

By making staff cyber aware and communicating the devastating consequences that a data breach could have on their organisation, employees gain a better understanding of how to recognise and avoid potential Cyber Security threats.

Automate Cyber Awareness Campaigns

MetaCompliance has created a cyber awareness campaign module to automate the life-cycle of your security awareness program. Speak to our Security Awareness Advisors about how we can help to reduce the time and resources required to plan an awareness campaign.

you might enjoy reading these