{"id":32182,"date":"2019-12-06T16:35:52","date_gmt":"2019-12-06T16:35:52","guid":{"rendered":"http:\/\/766b8f39-f83c-4b42-96d9-1b10677177d5"},"modified":"2019-12-06T16:35:52","modified_gmt":"2019-12-06T16:35:52","slug":"these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019\/","title":{"rendered":"These are the worst hacks, cyberattacks, and data breaches of 2019"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/zdnet3.cbsistatic.com\/hub\/i\/r\/2019\/11\/20\/ab27c523-3fba-4b72-af67-1feaf8583e4b\/thumbnail\/770x578\/2c9f70027c5133299679c760fb5d6a58\/screenshot-2019-11-20-at-13-17-18.png\" class=\"ff-og-image-inserted\"><\/div>\n<p>The blight of cyberattacks, criminal hacking groups, and data breaches is not going away anytime soon.<\/p>\n<p>For the past few years, there has been a constant stream of data breaches that have hit the headlines, ranging from the theft of medical information, account credentials, corporate emails, and internal sensitive enterprise data.&nbsp;<\/p>\n<p>When a data breach occurs, companies will usually haul in third-party investigators, notify regulators, promise to do better and give any impacted consumers free credit monitoring &#8212; but we&#8217;ve reached a stage where you should consider signing up to such services anyway, given how much of our information is now available in data dumps strewn all over the internet. (Consider using <a href=\"https:\/\/haveibeenpwned.com\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">Have I Been Pwned<\/a> to check if you&#8217;ve been involved in a breach.)<\/p>\n<p>The reasons a cyberattack or data breach occur vary. In some cases, such as <a href=\"https:\/\/www.zdnet.com\/article\/equifax-regulators-sign-700m-deal-to-settle-data-breach-lawsuits\/\" target=\"_blank\" rel=\"noopener noreferrer\">Equifax<\/a>, the failure to patch a known vulnerability that has the potential to impact software or libraries in use &#8212; and in a reasonable timeframe &#8212; has serious repercussions.&nbsp;<\/p>\n<p>In others, unsecured databases left exposed to the internet may be the problem, zero-day vulnerabilities may be exploited in the wild before fixes are available, or in some of the worst cases, an organization or individual may be targeted by state-sponsored advanced persistent threat (APT) groups with substantial resources and tools at their disposal.&nbsp;<\/p>\n<p>According to IBM&#8217;s latest annual <a href=\"https:\/\/www.zdnet.com\/article\/your-business-hit-by-a-data-breach-expect-a-bill-of-3-92-million\/\" target=\"_blank\" rel=\"noopener noreferrer\">Cost of a Data Breach<\/a> study, the average data breach now costs up to $3.92 million when you take into account notification costs, expenses associated with investigation, damage control, and repairs, as well as regulatory fines and lawsuits. These costs have increased by 12% over the past five years.&nbsp;<\/p>\n<p>The long-term damage of a security incident may not be so apparent. Wall Street does not look upon them kindly and the public disclosure of a data breach can lead to the average share price of a company <a href=\"https:\/\/www.zdnet.com\/article\/this-is-how-a-data-breach-at-your-company-can-hit-share-prices\/\" target=\"_blank\" rel=\"noopener noreferrer\">falling by 7.27%<\/a> on disclosure, with low share value and growth underperformance a reality for years afterward.&nbsp;<\/p>\n<section class=\"sharethrough-top\" data-component=\"medusaContentRecommendation\" data-medusa-content-recommendation-options=\"{&quot;promo&quot;:&quot;promo_zd_recommendation_sharethrough_top_in_article_desktop&quot;,&quot;spot&quot;:&quot;dfp-in-article&quot;}\">\n<\/section>\n<p>FireEye estimates that <a href=\"https:\/\/www.zdnet.com\/article\/cybersecurity-under-half-of-organisations-believe-theyre-fully-prepared-to-deal-with-cyber-attacks\/\" target=\"_blank\" rel=\"noopener noreferrer\">under half of organizations are ready to face a cyberattack<\/a> or data breach.&nbsp;<\/p>\n<p>Below, we take a look at the most interesting and largest data breaches, hacks, and cyberattacks that have taken place over 2019.&nbsp;<\/p>\n<h3>TLDR;<\/h3>\n<h3>January:<\/h3>\n<ul>\n<li><a href=\"https:\/\/www.moh.gov.sg\/news-highlights\/details\/unauthorised-possession-and-disclosure-of-information-from-hiv-registry\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\"><strong>Ministry of Health HIV registry<\/strong><\/a>: In Singapore, the Ministry of Health admitted to a data breach exposing the confidential and highly sensitive records of over 14,000 individuals diagnosed with HIV. This information was then leaked online.&nbsp;<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/apple-facetime-exploit-found-by-14-year-old-playing-fortnite\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Apple FaceTime<\/strong><\/a>: A Fortnite player found a bug in Apple iOS that allowed users to eavesdrop on an iPhone&#8217;s environment by calling but without it being answered. It may have also been possible to view live video feeds.&nbsp;<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/oklahoma-gov-data-leak-exposes-millions-of-department-files-fbi-investigations\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Oklahoma Department of Securities<\/strong><\/a>: A server belonging to the Oklahoma Department of Securities containing terabytes of confidential government data, including FBI investigation records and sensitive government files, was exposed to the internet and was found through the Shodan search engine.<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/ransomware-attack-sends-city-of-del-rio-back-to-the-days-of-pen-and-paper\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Del Rio ransomware<\/strong><\/a>: The City of Del Rio, in Texas, was forced to go back to pen-and-paper systems after City Hall servers were rendered useless by a ransomware infection.<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/town-of-salem-game-suffers-data-breach-exposing-7-6-million-user-details\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Town of Salem<\/strong><\/a>: Town of Salem developer BlankMediaGames said the personal details of 7.6 million users were stolen. Multiple backdoors were removed from company systems.&nbsp;<\/li>\n<\/ul>\n<h3>February:<\/h3>\n<ul>\n<li><a href=\"https:\/\/www.databreaches.net\/au-malware-locks-up-15000-medical-files-at-cabrini-hospital-hackers-demand-ransom\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\"><strong>Cabrini Hospital<\/strong><\/a><strong>:<\/strong> A ransomware infection locked up 15,000 patient files, with operators demanding payment in return for a decryption key.<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hackers-wipe-vfemail-servers-may-shut-down-after-catastrophic-data-loss\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\"><strong>VFEmail<\/strong><\/a><strong>:<\/strong>&nbsp;Privacy email provider VFEmail suffered a catastrophic cyberattack in which a hacker destroyed data on its main and backup systems. At the time, rumors surfaced of the provider shutting down due to the damage, but VFEmail is currently in recovery.<\/li>\n<li><a href=\"https:\/\/www.hartfordbusiness.com\/article\/uconn-health-326000-could-be-impacted-by-recent-email-breach\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\"><strong>UConn<\/strong><\/a>: Unauthorized access to employee email accounts compromised roughly 326,000 patients. The data leak may have included Social Security numbers.<\/li>\n<li><a href=\"https:\/\/abc6onyourside.com\/news\/local\/personal-info-exposed-after-state-of-ohio-sends-wrong-tax-forms-to-9000-people\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\"><strong>The wrong tax forms<\/strong><\/a><strong>:<\/strong> In a blunder of ridiculous proportions, the State of Ohio sent 9,000 tax forms, inaccurate and containing the wrong PII, to the wrong people.<\/li>\n<li><a href=\"https:\/\/newsroom.uw.edu\/news\/data-error-exposes-patient-information\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\"><strong>UW Medicine<\/strong><\/a>: UW Medicine revealed the existence of an open database, available to anyone with a browser, that had been leaking patient data and PII since December 2018. Close to one million individuals were embroiled in the security lapse.<\/li>\n<li><a href=\"https:\/\/portswigger.net\/daily-swig\/healthcare-hotline-millions-of-medical-advice-calls-exposed-in-sweden\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\"><strong>Medical advice calls<\/strong><\/a>: In Sweden, recordings of roughly 2.7 million calls made to a Swedish national health service hotline were stored in an open server. Some phone numbers, connected to the recordings, were also available.<\/li>\n<li><a href=\"https:\/\/www.theregister.co.uk\/2019\/02\/11\/620_million_hacked_accounts_dark_web\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\"><strong>620 million accounts<\/strong><\/a>: 620 million accounts harvested from 16 websites owned by companies including Dubsmash, Armor Games, 500px, Whitepages, and ShareThis were put up for sale in the Dark Web.<\/li>\n<li><a href=\"https:\/\/www.databreaches.net\/42000-slcc-students-tax-documents-were-lost-when-unencrypted-drive-fell-out-of-mailed-envelope\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\"><strong>Tax documents lost<\/strong><\/a>: Approximately 42,000 students from Salt Lake Community College were told their tax information was lost after a USB drive containing this sensitive data fell out of an envelope.<\/li>\n<\/ul>\n<h3>March:<\/h3>\n<ul>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/hacked-tornado-sirens-taken-offline-in-two-texas-cities-ahead-of-major-storm\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Tornado sirens<\/strong><\/a>: Ahead of a major storm, two Texan cities were forced to pull tornado warning systems offline after a threat actor compromised them and set off over 30 false alarms.&nbsp;<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/supply-chain-attack-installs-backdoors-through-hijacked-asus-live-update-software\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Hacked ASUS software<\/strong><\/a>: A campaign called Operation ShadowHammer targeted the ASUS Live Update Utility to compromise thousands of PCs.<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/facebook-we-stored-hundreds-of-millions-of-passwords-in-plain-text\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Facebook, Facebook Lite and Instagram<\/strong><\/a>: Hundreds of millions of users may have been impacted by shoddy password storage management by Facebook, in which account credentials were stored in plaintext.&nbsp;<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/database-leaks-250k-legal-documents-some-marked-not-designated-for-publication\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Legal documents<\/strong><\/a>: 250,000 legal documents, some marked &#8220;not designated for publication,&#8221; were stored on an open database exposed online for at least two weeks.<\/li>\n<li><a href=\"https:\/\/www.chronicle.com\/article\/Hackers-Broke-Into-Admissions\/245840\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\"><strong>Student admissions files<\/strong><\/a>: A hacker allegedly compromised admissions databases belonging to three colleges, offering the chance for impacted students to buy their admissions file for one Bitcoin.<\/li>\n<li><a href=\"https:\/\/www.cbsnews.com\/news\/fema-data-breach-exposed-personal-information-of-2-3-million-disaster-victims\/\" target=\"_blank\" rel=\"noopener noreferrer\" data-component=\"externalLink\"><strong>FEMA<\/strong><\/a>: FEMA accidentally exposed the PII and financial information of 2.3 million disaster victims, including those who survived Hurricane Harvey and Irma.<\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/03\/22\/sacked-it-guy-annihilates-23-of-his-ex-employers-aws-servers\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\"><strong>Vengeance<\/strong><\/a>: A sacked IT admin torched 23 servers belonging to his ex-employer.<\/li>\n<\/ul>\n<h3>April:<\/h3>\n<ul>\n<li><a href=\"https:\/\/www.prnewswire.com\/news-releases\/inmediata-health-group-notifies-patients-of-data-security-incident-300838823.html\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\"><strong>Inmediata Health Group<\/strong><\/a>: Inmediata Health Group began notifying patients of a security incident in which the personal and medical data of clients may have been exposed. The issue was caused due to website misconfiguration that allowed internal webpages to be indexed by public search engines. It is believed up to <a href=\"https:\/\/healthitsecurity.com\/news\/mailing-error-for-inmediata-while-reporting-health-data-breach\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">1.5 million<\/a> individuals may have been affected.&nbsp;<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/over-540-million-facebook-records-found-on-exposed-aws-servers\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Facebook records<\/strong><\/a>: 540 million Facebook-related records, collected by two third-party companies, were found exposed and open to the world on AWS servers. Names, IDs, some passwords, likes, photos, groups joined, and more were leaked.<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/georgia-tech-reveals-data-breach-1-3-million-records-exposed\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Georgia Tech<\/strong><\/a>: A web application with wide-open access compromised the security of 1.3 million records belonging to current and former Georgia Institute of Technology employees and students.<\/li>\n<li><a href=\"https:\/\/www.cpomagazine.com\/cyber-security\/new-toyota-data-breach-exposes-personal-information-of-3-1-million-customers\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\"><strong>Toyota<\/strong><\/a>: Japanese automaker Toyota revealed a data breach in April that took place at sales subsidiaries and dealerships. &#8220;Unauthorized access&#8221; to systems may have exposed client data.<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/facebook-admits-to-storing-plaintext-passwords-for-millions-of-instagram-users\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Facebook, in plaintext<\/strong><\/a>: Facebook admitted to storing the passwords of millions of Instagram users in plaintext.<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/evite-e-invite-website-admits-security-breach\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Evite<\/strong><\/a><strong>:<\/strong> Evite admitted to a data breach in which user data was sold as part of a wider dump in the Dark Web.<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/indian-govt-agency-left-details-of-millions-of-pregnant-women-exposed-online\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Pregnant women<\/strong><\/a>: A leaky server belonging to an Indian government healthcare agency exposed over 12.5 million records relating to pregnant women.<\/li>\n<li><a href=\"https:\/\/twitter.com\/david_obrien\/status\/1121959047677087744\" target=\"_blank\" rel=\"noopener noreferrer\" data-component=\"externalLink\"><strong>Docker<\/strong><\/a>: Docker warned that a threat actor obtained access to a database containing sensitive data belonging to 190,000 user accounts.<\/li>\n<\/ul>\n<h3>May:<\/h3>\n<ul>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/australian-tech-unicorn-canva-suffers-security-breach\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Canva<\/strong><\/a>: Australian tech unicorn Canva was targeted by the GnosticPlayers, which claimed to have stolen records belonging to 139 million users including names and email addresses in order to flog the data on the Dark Web.<\/li>\n<li><a href=\"https:\/\/krebsonsecurity.com\/2019\/05\/first-american-financial-corp-leaked-hundreds-of-millions-of-title-insurance-records\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\"><strong>First American Financial Corp.<\/strong><\/a>: Real estate giant FAFC leaked hundreds of millions of insurance documents dating back to 2003. Bank account numbers, statements, mortgage and tax records, and more were openly available on the internet.<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/unsecured-database-exposes-security-logs-of-major-hotel-chains\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Major hotel chains<\/strong><\/a>: 85GB in hotel security logs belonging to major hotel chains were exposed online due to a third-party management provider.<\/li>\n<li><a href=\"https:\/\/cyware.com\/news\/unprotected-database-belonging-to-burger-king-exposes-37900-records-of-kool-king-shop-customers-e05111a2\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\"><strong>Burger King<\/strong><\/a>: Close to 40,000 customer records for Kool King Shop, specifically designed for kids, were left open for the world to see through a leaky database.&nbsp;<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/a-hacker-is-wiping-git-repositories-and-asking-for-a-ransom\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Git repositories<\/strong><\/a>: A hacker wiped GitHub repositories and demanded a ransom. Source code was removed and a threat was made to release everything to the public.<\/li>\n<li><a href=\"https:\/\/www.sfchronicle.com\/bayarea\/article\/Hack-into-school-lunch-company-web-site-leads-to-13818239.php\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\"><strong>Lunchtime<\/strong><\/a>: Rivalry between two Bay Area school lunch companies eventually spilled out into cyberwarfare, with an executive from one firm being arrested for allegedly hacking the other&#8217;s website and illegally obtaining student data.&nbsp;<\/li>\n<\/ul>\n<h3>June:<\/h3>\n<ul>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/medical-debt-collector-amca-files-for-bankruptcy-protection-after-data-breach\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>American Medical Collection Agency<\/strong><\/a> (AMCA): Unauthorized access to a database led to the exposure of medical data belonging to roughly 20 million individuals. The information leak also impacted other companies including LabCorp and <a href=\"https:\/\/www.zdnet.com\/article\/massive-quest-diagnostics-data-breach-impacts-12-million-patients\" target=\"_blank\" rel=\"noopener noreferrer\">Quest Diagnostics<\/a>.<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/germany-backdoor-found-in-four-smartphone-models-20000-users-infected\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Smartphone backdoors<\/strong><\/a>: Four entry-level smartphone models were found to be pre-loaded with backdoor malware.<\/li>\n<li><a href=\"https:\/\/www.vpnmentor.com\/blog\/report-tech-data-leak\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\"><strong>Tech Data Corp.<\/strong><\/a>: The Fortune 500 company owned an open database containing 264GB of data relating to client servers, invoices, SAP integrations, and plain-text passwords.<\/li>\n<\/ul>\n<p><strong>TechRepublic:&nbsp;<\/strong><\/p>\n<h3>July:<\/h3>\n<ul>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/equifax-regulators-sign-700m-deal-to-settle-data-breach-lawsuits\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Equifax<\/strong><\/a><strong>:<\/strong> Equifax settled with regulators over the theft of records belonging to 146 million customers in 2017 for $700 million. A $300 million fund was set up for customers to claim up to $125 in compensation &#8212; together with an additional $150 million &#8212; or free credit monitoring was on offer. Less than a week later, the FTC <a href=\"https:\/\/www.eff.org\/deeplinks\/2019\/11\/equifax-data-breach-update-backsliding\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">practically begged<\/a> consumers to take up the credit monitoring offer instead, as too many would reduce monetary claims.&nbsp;<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/100-million-americans-and-6-million-canadians-caught-up-in-capital-one-breach\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Capital One<\/strong><\/a>: Capital One disclosed a data breach impacting 100 million US citizens and 6 million individuals in Canada. A configuration vulnerability in a database was responsible for the exposure of PII from 2005 to 2019.<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/thousands-of-los-angeles-police-caught-up-in-data-breach-personal-records-stolen\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Los Angeles police department<\/strong><\/a>: The Los Angeles&#8217; Personnel Department was subject to a data breach after a hacker claimed to have stolen the PII of 2,500 serving LAPD officers, trainees, and recruits, and data belonging to roughly 17,500 Candidate Applicant program enrollees.&nbsp;<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/ftc-hits-facebook-with-record-5-billion-fine-for-user-privacy-violations\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Facebook<\/strong><\/a>: Facebook settled with the FTC for a record $5 billion to settle lawsuits launched following the Cambridge Analytica privacy scandal.<\/li>\n<li><strong><a href=\"https:\/\/www.zdnet.com\/article\/silence-hackers-hit-banks-in-bangladesh-india-sri-lanka-and-kyrgyzstan\/\" target=\"_blank\" rel=\"noopener noreferrer\">Banks<\/a><\/strong>: Bangladesh, India, Sri Lanka, and Kyrgyzstan banks were hit in quick succession by &#8216;Silence&#8217; hackers, allegedly stealing millions of dollars in the process.<\/li>\n<li><strong><a href=\"https:\/\/www.hipaajournal.com\/dominion-national-discovers-9-year-phi-breach\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">Dominion National<\/a><\/strong>: Virginia-based health insurer and services company Dominion National revealed a 10-year-long data breach caused by an unsecured server. The records of 2.9 million members may have been compromised.<\/li>\n<\/ul>\n<h3>August:<\/h3>\n<ul>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/700000-choice-hotels-records-leaked-in-data-breach\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Choice Hotels<\/strong><\/a>: An unsecured database containing roughly 700,000 customer records was accessed by an unknown threat actor and a ransom note placed on the server, demanding Bitcoin in return for the stolen data.<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/major-biometrics-data-leak-impacts-police-banks-enterprise-companies\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Biometric database leak<\/strong><\/a>: A biometrics database used by the UK Metropolitan Police, banks, and enterprise companies leaked millions of records.<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/british-hacker-for-hire-jailed-for-role-in-sim-swapping-attacks-data-theft\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>SIM-swapper jailed<\/strong><\/a>: A British teenager was sentenced to 20 months behind bars for offering data theft and SIM-swapping services as a hacker-for-hire.<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/threesome-app-exposes-user-data-pics-from-london-to-the-white-house\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>3Fun<\/strong><\/a>: A mobile application used to find willing participants for threesomes was found to be a &#8220;privacy trainwreck&#8221; by researchers that could be manipulated to hone in on the specific locations of individuals. The app claims to cater to 1.5 million active users.<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/four-major-dating-apps-expose-precise-locations-of-10-million-users\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Major dating apps<\/strong><\/a>: Three dating applications, Grindr, Romeo, and Recon, were also found to contain security flaws that led to the exposure of a user&#8217;s location.<\/li>\n<li><a href=\"https:\/\/eu.tennessean.com\/story\/news\/2019\/08\/13\/asurion-nashville-paid-ransom-after-private-data-identity-theft-fbi-says\/1986310001\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\"><strong>Asurion<\/strong><\/a>: Asurion Insurance bowed to hacker demands and forked out $300,000 to an attacker who claimed he had stolen roughly 1TB of private information belonging to thousands of employees and over a million customers.<\/li>\n<li><a href=\"https:\/\/www.nytimes.com\/2019\/08\/23\/us\/nasa-astronaut-anne-mcclain.html\" target=\"_blank\" rel=\"noopener noreferrer\" data-component=\"externalLink\"><strong>Cybercrime in space<\/strong><\/a>: A NASA astronaut was accused of monitoring her estranged spouse from space including accessing a bank account allegedly without permission.<\/li>\n<\/ul>\n<p><strong>CNET:&nbsp;<\/strong><\/p>\n<h3>September:<\/h3>\n<ul>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/dklok-data-breach-leaked-global-enterprise-client-internal-emails\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>DK-LOK<\/strong><\/a>: An unsecured AWS database belonging to South Korean industrial manufacturer DK-LOK exposed confidential emails and communication between the company and its clients. Efforts by researchers and ZDNet to have the leak closed via email were sent to the trash bin, an activity viewable due to the open bucket.<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/database-leaks-data-on-most-of-ecuadors-citizens-including-6-7-million-children\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Ecuador<\/strong><\/a>: Another open, misconfigured database leaked the personal data of Ecuador&#8217;s citizens. It is believed most of the country&#8217;s citizens &#8212; in total, roughly 20 million &#8212; were impacted.<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/personal-info-on-nearly-5m-doordash-users-merchants-drivers-exposed\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>DoorDash<\/strong><\/a>: Close to five million customers of DoorDash were embroiled in a data leak. An unauthorized third-party accessed the PII of customers, drivers, and merchants. Approximately 100,000 driver licenses were also stolen and the last four digits of payment cards were exposed.<\/li>\n<\/ul>\n<h3>October:<\/h3>\n<ul>\n<li><a href=\"https:\/\/www.cnet.com\/how-to\/yahoo-data-breach-how-to-file-for-358-or-more-as-part-of-claim-settlement\/?ftag=CMG-01-10aaa1b\" target=\"_blank\" rel=\"noopener noreferrer\" data-component=\"externalLink\"><strong>Yahoo<\/strong><\/a><strong>:<\/strong>&nbsp;Yahoo launched a compensation fund for those who owned a Yahoo account between 2012 and 2016. Between these dates, hackers were able to access every Yahoo account in existence and steal names, email addresses, telephone numbers, dates of birth, passwords, and security question answers.<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/unicredit-reveals-data-breach-exposing-3-million-customer-records\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>UniCredit<\/strong><\/a>: Italian bank UniCredit said a single, compromised file dating back to 2015 exposed three million customer records, including their names, telephone numbers, email addresses, and cities of residence.<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/tu-ora-data-breach-exposes-medical-data-of-one-million-new-zealand-residents\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>T\u016b Ora Compass Health<\/strong><\/a>: T\u016b Ora Compass Health, a primary healthcare organization in New Zealand, revealed the leak of personal data belonging to one million people, potentially including names, dates of birth, ethnicity, and addresses. The PHO isn&#8217;t sure if data was stolen but said it was &#8220;assuming the worst.&#8221;<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/adobe-left-7-5-million-creative-cloud-user-records-exposed-online\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Adobe<\/strong><\/a>: Adobe left the details of 7.5 million Adobe Creative Cloud customers on an unsecured database exposed online without authentication credentials being required for access.&nbsp;<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/plaintext-tax-records-of-20-million-russians-leaked-online\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>20 million Russians<\/strong><\/a>: Over 20 million tax records belonging to Russian citizens were contained in an open database, available online. Information leaked spanned 2009 to 2016.<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/avast-says-hackers-breached-internal-network-through-compromised-vpn-profile\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Avast<\/strong><\/a>: Avast said an internal security breach, caused by compromised employee credentials, aimed to insert malware into CCleaner.<\/li>\n<li><a href=\"https:\/\/www.nikkei.co.jp\/nikkeiinfo\/en\/news\/press\/597.html\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\"><strong>Nikkei<\/strong><\/a><strong>:<\/strong> A Nikkei employee was scammed by threat actors into transferring $29 million to a bank account. The hackers pretended to be a management executive.&nbsp;<\/li>\n<\/ul>\n<p><strong>See also:&nbsp;<\/strong><\/p>\n<h3>November:<\/h3>\n<ul>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/smartphone-maker-oneplus-discloses-data-breach\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>OnePlus<\/strong><\/a>: A vulnerability in the smartphone vendor&#8217;s website paved the way for attackers to obtain access to records of past customer orders, including names, telephone numbers, email addresses, and shipping details.&nbsp;<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/facebook-reveals-another-data-breach-this-time-involving-developers\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Facebook<\/strong><\/a>: The social networking giant revealed a privacy breach in which roughly 100 developers were given access to profile data they shouldn&#8217;t have.&nbsp;<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/trend-micro-reveals-insider-threat-exposing-customer-data\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Trend Micro<\/strong><\/a>: A rogue employee of the cybersecurity firm stole personal information belonging to support customers, including names, email addresses, support ticket numbers, and some telephone numbers, later selling this information on to scammers.&nbsp;<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/paymytab-data-leak-exposes-personal-information-belonging-to-mobile-diners\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>PayMyTab<\/strong><\/a>: An open AWS database belonging to the mobile payment service was found by researchers, exposing customer names, email addresses, telephone numbers, order details, restaurant visit records, and the last four digits of payment cards.<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/t-mobile-discloses-security-breach-impacting-prepaid-customers\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>T-Mobile<\/strong><\/a>: T-Mobile revealed a data breach impacting prepaid service customers. Unauthorized access exposed names, billing addresses, phone numbers, account numbers, and plans.<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/large-scale-cyberattack-hits-labour-party-systems\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>UK Labour Party<\/strong><\/a>: The UK Labour Party was subject to multiple distributed denial-of-service (DDoS) attacks flooding both the party&#8217;s website and campaign tools.&nbsp;<\/li>\n<li><strong><a href=\"https:\/\/www.zdnet.com\/article\/macys-suffers-online-magecart-card-skimming-attack\/\" target=\"_blank\" rel=\"noopener noreferrer\">Macy&#8217;s<\/a><\/strong>: US retailer Macy&#8217;s revealed a week-long Magecart attack impacting e-commerce customers. It is not known how many customers were impacted, but the card-skimming code found in the firm&#8217;s payment portal and wallet service stole payment card details.&nbsp;<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/thousands-of-hacked-disney-accounts-are-already-for-sale-on-hacking-forums\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Disney+<\/strong><\/a>: Only hours after the service launched, the Disney+ content streaming service was compromised and underground traders began offering accounts on hacking forums.&nbsp;<\/li>\n<li><a href=\"https:\/\/www.cnet.com\/news\/1-2-billion-records-exposed-in-unsecured-database\/\" target=\"_blank\" rel=\"noopener noreferrer\" data-component=\"externalLink\"><strong>1.2 million records leaked<\/strong><\/a>: An unsecured database was found by researchers that contained 1.2 million records of individuals including their email addresses, employers, locations, job titles, names, phone numbers, and social media profiles.<\/li>\n<\/ul>\n<h3>December:<\/h3>\n<ul>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/dutch-politician-faces-three-years-in-prison-for-hacking-icloud-accounts-and-leaking-nudes\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Politician by day, hacker by night<\/strong><\/a>: On Christmas eve, a Dutch politician will be sentenced for being part of the &#8220;fappening&#8221; movement in 2014. The politician is accused of compromising the iCloud accounts of roughly 100 women and leaking explicit photos and videos online.<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/data-of-21-million-mixcloud-users-put-up-for-sale-on-the-dark-web\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Mixcloud<\/strong><\/a>: Data belonging to approximately 21 million Mixcloud users went up for sale on the Dark Web.<\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/new-zealands-gun-buyback-scheme-suffers-data-breach-sap-to-blame\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>New Zealand&#8217;s gun buyback<\/strong><\/a>: New Zealand&#8217;s gun buyback scheme, launched following mass shootings in Christchurch, was subject to a data breach caused by human error at SAP. SAP developed a custom platform for licensees to register their weapons before turning them in.&nbsp;<\/li>\n<li><a href=\"https:\/\/siouxlandnews.com\/news\/local\/nebraska-medical-center-is-warning-patients-about-data-breach\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\"><strong>Nebraska Medical Center<\/strong><\/a>: An insider managed to access a database without permission that contained patient data including names, addresses, dates of birth, social security numbers, and test results. The employee was immediately fired.<\/li>\n<\/ul>\n<h3>Previous and related coverage<\/h3>\n<hr>\n<p><strong>Have a tip?<\/strong> Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0<\/p>\n<hr>\n<p>READ MORE <a href=\"https:\/\/www.zdnet.com\/article\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019\/#ftag=RSSbaffb68\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A slew of hacks, data breaches, and attacks tainted the cybersecurity landscape in 2019.<br \/>\nREAD MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":32183,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[62],"tags":[],"class_list":["post-32182","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-zdnet-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>These are the worst hacks, cyberattacks, and data breaches of 2019 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"These are the worst hacks, cyberattacks, and data breaches of 2019 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2019-12-06T16:35:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/12\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019.png\" \/>\n\t<meta property=\"og:image:width\" content=\"770\" \/>\n\t<meta property=\"og:image:height\" content=\"578\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"13 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"These are the worst hacks, cyberattacks, and data breaches of 2019\",\"datePublished\":\"2019-12-06T16:35:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019\\\/\"},\"wordCount\":2623,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/12\\\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019.png\",\"articleSection\":[\"ZDNet | Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019\\\/\",\"name\":\"These are the worst hacks, cyberattacks, and data breaches of 2019 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/12\\\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019.png\",\"datePublished\":\"2019-12-06T16:35:52+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/12\\\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/12\\\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019.png\",\"width\":770,\"height\":578},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"These are the worst hacks, cyberattacks, and data breaches of 2019\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"These are the worst hacks, cyberattacks, and data breaches of 2019 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019\/","og_locale":"en_US","og_type":"article","og_title":"These are the worst hacks, cyberattacks, and data breaches of 2019 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2019-12-06T16:35:52+00:00","og_image":[{"width":770,"height":578,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/12\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"13 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"These are the worst hacks, cyberattacks, and data breaches of 2019","datePublished":"2019-12-06T16:35:52+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019\/"},"wordCount":2623,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/12\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019.png","articleSection":["ZDNet | Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019\/","url":"https:\/\/www.threatshub.org\/blog\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019\/","name":"These are the worst hacks, cyberattacks, and data breaches of 2019 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/12\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019.png","datePublished":"2019-12-06T16:35:52+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/12\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/12\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019.png","width":770,"height":578},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/these-are-the-worst-hacks-cyberattacks-and-data-breaches-of-2019\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"These are the worst hacks, cyberattacks, and data breaches of 2019"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/32182","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=32182"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/32182\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/32183"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=32182"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=32182"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=32182"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}