Macy's, Inc. will provide consumer protection services at no cost to those customers. The breached records included the following sensitive information: Many of the exposed email addresses are linked to cloud storage services. Eugene has over 20 years of experience in the areas of Information Technology and software engineering. Furniture e-commerce in the United States, Furniture and Living in the United States, Get the best reports to understand your industry, Furniture and living in the United States (Statista Survey), Furniture and homeware e-commerce in the United States, eCommerceDB - Top online stores in the United States. Slickwraps, a manufacturer of vinyl skins for phones and tablets, suffered a breach impacting 370,000 of its customers.. In this instance, security questions and answers were also compromised, increasing the risk of identity theft. In the phishing email, the cybercriminals claimed that 106,852 accounts were compromised. Facebook saw 214 million records breached via an unsecured database. Data breaches in the health sector are amp lified during the worst pandemic of the last century. On May 29, the parent company of fast-food chains Checkers and Rally's informed customers it had found malware at more than 100 restaurants. The hackers published a sample containing 1 million records to confirm the legitimacy of the breach. Onced breached, the hacker had access to over 320 million records from notifications being pushed out to Mailfire clients. April 3, 2021: The personal data of 533 million Facebook users from 106 countries has been posted online for free in a low-level hacking forum. But the remaining passwords hashed with SHA-512 could not be cracked. Amazon began investigating the breach on the day it was disclosed to them with the third-party company involved shutting down the database on 8 February. The exposed database contains order information for over 7 million customers, including addresses, phone numbers and account information for 1.8 million registered customers, and 3.5 million partial credit card records. Learn more about the Medicare data breach >. CAM4 Data Breach Date: March 2020 Impact: 10.88 billion records. Revenues increased by 54 percent in 2020 and usage by 46 percent, higher than the two years preceding it. February 10, 2021: A malware attack allowed a hacker to access and copy files containing the personal and medical information of 219,000 patients of Nebraska Medicine. The breached database stored the scraped data of over 200 million Facebook, Instagram, and Linkedin users. These records made up a "data breach database" of previously reported . Many of them were caused by flaws in payment systems either online or in stores. In addition, the hackers were able to access Uber's GitHub account, where they found Uber's Amazon Web Services credentials. Customers affected would have visited a Cheddar's location in any one of these states:Alabama, Arizona, Arkansas, Delaware, Florida, Illinois, Indiana, Iowa, Kansas, Louisiana, Maryland, Michigan, Missouri, Nebraska, New Mexico, North Carolina, Ohio, Oklahoma, Pennsylvania, South Carolina, Texas, Virginia, and Wisconsin. The data may also include information about a vehicle that has been purchased, leased or inquired about, including vehicle identification numbers, makes, models, years, colors and trim packages. In March 2020, nation-state hackers believed to be from Russian, compromised a DLL file linked to software update for the Orion platform by SolarWinds. How UpGuard helps tech companies scale securely. Cybersecurity metrics and key performance indicators (KPIs) are an effective way to measure the success of your cybersecurity program. Three years of payout reports for creators (including high-profile creators. January 11, 2021: A Chinese social media management company, Socialarks, suffered a data leak through an unsecured database that exposed account details and Personally Identifiable Information (PII) of at least 214 million social media users from Facebook and Instagram and LinkedIn. For the 12th year in a row, healthcare had the highest average data . UpGuard named in Gartner 2022 Market Guide for IT VRM Solutions, Take a tour of UpGuard to learn more about our features and services. On March 31, the company announced that up to 5.2 million records were compromised. The leaked records include email addresses, usernames, hashed passwords, users country, whether they signed up for the newsletter and other sensitive information. Signet Jewelers also owns Jared The Galleria of Jewelry, which had the same vulnerability as Kay. However, data breach investigators BleepingComputer managed to successfully convert the hashed passwords of numerous accounts to plain-text using online MD5 cracking tools. When the exposure was reported, Pegasus Airlines didnt find evidence of data compromise. When exfiltration was complete, 200 GB of customer data was stolen from Medibank, impacting 9.7 million customers. January 26, 2021: VIPGames.com, a free gaming platform, exposed over 23 million records for more than 66,000 desktop and mobile users due to a cloud misconfiguration. The database was not password protected and allowed access to information including names, emails, phone numbers and dates contacted. Mens clothing store Bonobos suffered a data breach in 2021 after a cybercriminal compromised its backup server containing customer data. Encrypted credit-card information was also exposed, and, potentially, the key to decrypt it. Impact:Personal information of 57 million Uber users and 600,000 drivers exposed. It did not, and still does not, manufacture its own products. In 2021, it has struggled to maintain the same volume. MyHeritage earned praise for promptly investigating and disclosing details of the breach to the public. MyHeritage, a genealogical service website was compromised, affecting more than 92 million user accounts. Court Ventures, a subsidiary of credit card monitoring firm Experian, was breached exposing 200 million personal records. The report for 2020 inspects the development of the effective mitigating approaches that companies have taken to manage insider breach risk. One state has not posted a data breach notice since September 2020. has been cause for concern in the recent past, Read more about this Facebook data breach here, biggest data breaches in the financial services sector, personally identifiable information (PII), biggest data breaches of all time in the education industry, Los Angeles Unified School District (LAUSD), was told of potential vulnerabilities in their systems, Joe Biden's Cybersecurity Executive Order, biggest breach in the nations security history. Clicking on the following button will update the content below. Free Shipping on most items. Experian suffered another breach in 2020, when a threat actor claiming to be Experian's client convinced staff to relinquish customer information for marketing purposes. Here are the consumer and retail companies that have suffered a data breach since January 2018: Macy's confirmed Tuesday that some of its online shoppers' payment details were compromised after hackers cracked into its "Checkout" and "My Wallet" pages. September 30, 2021: An unauthorized third-party actor accessed and obtained personal information associated with 4.6 million Neiman Marcus customers online accounts. Exclusive UK Jeweller, Gaff, suffered a data breach that compromised many of its famous clients. According to one source, the hacker gained access to the Slack account of an HR employee, as well as data such as email addresses, phone numbers, and salaries of Activision employees. From 2002 to 2011, Ninaj Shah and Steve Conine launched over 200 niche online stores, such as cookware.com, luggage.com and strollers.com, under the CSN Stores business. September 14, 2021: An unsecured database belonging to GetHealth, a health and wellness data app, exposed over 61 million records of Apple and Fitbit users data related to fitness trackers and wearables. You can deduct this cost when you provide the benefit to your employees. The security team at MyHeritage confirmed that the content of the file affected the 92 million users, but found no evidence that the data was ever used by the attackers. In 2020, its revenues increased by 54%, the highest percentage increase since 2015. The best of the best: the portal for top lists & rankings: Strategy and business building for the data-driven economy: Wayfair operating expenditure 2012-2021, by type, U.S. furniture e-retail revenue 2017-2025, Net revenue of Wayfair worldwide from 2012 to 2021 (in million U.S. dollars), Net revenue of Wayfair from 2013 to 2021, by region (in million U.S. dollars), Wayfair direct retail net revenue 2013-2020, Direct retail net revenue of Wayfair worldwide from 2013 to 2020 (in million U.S. dollars), Operating expenses of Wayfair from 2012 to 2021, by type (in million U.S. dollars), Annual net income/loss of Wayfair from 2012 to 2021 (in million U.S. dollars), Number of Wayfair employees from 2014 to 2021, Number of active Wayfair customers from 2013 to 2021 (in millions), Annual number of orders delivered by Wayfair from 2013 to 2021 (in millions), Online purchases by brand in the U.S. 2022, Online purchases by brand in the U.S. in 2022, Leading U.S. retailers 2021, by e-commerce sales, Leading U.S. companies ranked by retail e-commerce sales in 2021 (in billion U.S. dollars), Biggest online retailers in the U.S. 2022, by market share, Market share of leading retail e-commerce companies in the United States as of June 2022, United States: Top 10 Furniture & Appliances online stores, Top online stores in the Furniture & Appliances segment in the U.S. in 2021, by e-commerce net sales (in million U.S. dollar), United States: top furniture and home goods retailers 2021, by sales, Sales of selected furniture and home goods retailers in the United States in 2021 (in billion U.S. dollars), Share of U.S. shoppers planning to shop at other retailers during Prime Day 2021. The attack exposed drivers personal information from the last 20 months of California vehicle registration records, including names, addresses, license plate numbers and vehicle identification numbers (VINs). Macy's customers are also at risk for an even older hack. 7. The breaches occurred over several occasions ranging from July 2005 to January 2007. Wayfair is responsible for about 1.5% of e-commerce sales in the United States, making it the tenth largest e-commerce retailer in the country. We continue to see a surge in the same, moretraditional and regulated, group of industries as we move through 2021. Sociallarks, a rapidly growing Chinese social media agency suffered a monumental data leak in 2021 through its unsecured ElasticSearch database. Apparently, hackers can change your email on your account which allows them to change the password to your account and give them full access. After learning of the incident, Neiman Marcus Group contacted impacted customers that had not changed their password since May 2020, urging them to immediately do so. Streaming platform Plex suffered a data breach impacting most of its users, approximately 20 million. Before the medium post was deleted, a second hacker read it and decided to also try to convince Slickwraps but with a slightly more impactful approach. In June of 2018, Florida-based marketing and data aggregation firm Exactis exposed a database containing nearly 340 million records on a publicly accessible server. The full dataset included personally identifiable information (PII) like names, email addresses, place of employment, roles held and location. By 2014, the move to a single platform had paid off, with Wayfair becoming the largest online-only home furniture retailer in the United States. The Magellan attack was one of the largest breaches to the healthcare sector in 2020. The breach occurred through Mailfires unsecured Elasticsearch server. These data breaches are a real danger for both companies and customers, as they can damage the trust shoppers have in brands. Learn about the latest issues in cyber security and how they affect you. Marketplace | News & Insights | Data | Events, Pinterest Revenue and Usage Statistics (2023), E-commerce App Revenue and Usage Statistics (2023), Depop Revenue and Usage Statistics (2023), Shein Revenue and Usage Statistics (2023), Niraj Shah (CEO, co-founder), Steve Conine (co-founder), Wayfair Revenue and Usage Statistics (2023), Wayfair generated $13.7 billion revenue in 2021, a 2.8% contraction on 2020, It posted a net loss in 2021 of $131 million, Wayfair has over 30 million active buyers. Get in touch with us. April 12, 2021: A third-party software vulnerability is responsible for exposing 21 million customer records belonging to ParkMobile, a contactless payment parking app. If you intend to buy from other retailers besides Amazon during Prime Day, where are you planning to shop? This is the highest percentage of any sector examined in the report. While the exact list of records breached is yet to be conformed, its believed that the following guest records were compromised: Marriott stated in its press release that the breach is not believed to have exposed pin numbers, payment card information, national IDs, drivers license numbers or loyalty card passwords. "We have investigated the matter thoroughly, addressed the cause and have implemented additional security measures as a precaution.". The hackers shared two million of these LinkedIn records for only $2 total to prove the legitimacy of the information in the stolen data. ", Arne Sorenson, Marriott's president and CEO, said: "We deeply regret this incident happened.". Note: Values are taken in Q2 of each respective year. The UK's Information Commissioner's Office (ICO) issued more than 42 million ($59m) worth of fines in 2020 to companies that breached data protection and privacy regulations. names, the order's billing address, shipping address, phone number, and email address, plus the number of items and total dollar amount for the order, the delivery date, and a tracking link. The exposed data includes their name, mailing address, email address and phone numbers. The 204 GB leaked database was not password protected and included visitor and session IDs, device information, configuration data, as well as multiple records for medications, including COVID-19 vaccines and CVS products. You may also be interested in our list of biggest data breaches in the finance and healthcare industries. The stolen information included encrypted passwords and other personal information, including names, e-mail addresses, physical addresses, phone numbers and dates of birth. The department store chain alerted customers about the issue in a letter sent out on Thursday. Cybercriminals are also focusing their time on other lucrative cyberattacks, such as ransomware, credential stuffing, malware and Virtual Private . The former social media network giant has since invalidated all passwords belonging to accounts that were set up prior to 2013. But, as we entered the 2010s, things started to change. July 12, 2021:The fashion retailer,Guess, notified an undisclosed number of customers of a data breach following a ransomware attack that resulted in a data breach. The leaked database from the audio chat social network includesuser ID, name, photo URL, username, Twitter handle,Instagram handle, number of followers, number of people followed by the user, and account creation date all of which the company claims is public information. Exposed information included names, mailing addresses, phone numbers, email addresses, passport numbers, dates of birth, gender, and other Starwood account information. January 24, 2021: The dating platform, MeetMindful.com, was hacked by a well-known hacker and had its users account details and personal information posted for free in a hacker forum. "We are aware of a data security incident involving a small number of our customers on Macys.com," a representative from Macy's said in a statement to Business Insider on Tuesday. TORONTO, ON / ACCESSWIRE / June 8 2020 / GlobeX Data Ltd. (OTCQB:SWISF) (CSE:SWIS) ("GlobeX" or the "Company"), the leader in Swiss hosted cyber security and Internet privacy solutions for secure data management and secure communications, is pleased to announce that it is in the final stages of its PrivaTalk Messenger launch, the Company's Swiss hosted encrypted and private instant messaging . Facebook: quarterly number of MAU (monthly active users) worldwide 2008-2022, Quarterly smartphone market share worldwide by vendor 2009-2022, Number of apps available in leading app stores Q3 2022. In April 2019, Evite, a social planning and invitation site identified a data breach from 2013. To prevent further breaches, Nintendo posted a tweet asking members to enable 2-step authentication. The following categories of data were accessed, amounting to the 12.3 million total: This database was not connected to Bonobos private data, which was siloed for protection. The security vulnerability that made the breach possible was a server configuration change permitting unauthorized access by third parties. Date: October 2021 (disclosed December 2021). Russian social media site VK was hacked and exposed 93 million names, phone numbers, email addresses and plain text passwords. Late last year, that same number of mostly U.S. records was . In October 2016, Dailymotion a video sharing platform exposed more than 85 million user accounts including emails, usernames and bcrypt hashes of passwords. The hacker was running a business selling Personal Identifiable Information and was selling the credit card numbers and social security numbers he had accessed in the breach. March 23, 2021: A database containing records of over 300,000 customers of the arts and crafts chain store, Hobby Lobby, was exposed after the company suffered a cloud-bucket misconfiguration. The data was garnished over several waves of breaches. Key Points. Then, by posing as a Magellan client in a phishing attack, the hackers gained access to a single corporate server and implemented their ransomware. How UpGuard helps financial services companies secure customer data. In 2019, this sensitive data appeared listed for sale on a dark web marketplace and began circulating more broadly, so it was identified and provided to data security website Have I Been Pwned. Hackers initially canvassed dark web databases of previously compromised login credentials dating back to 2013. In one of the biggest data breaches of all time in the education industry, the Los Angeles Unified School District (LAUSD) was attacked by Vice Society, a Russian criminal hacking group. "Marriott reported this incident to law enforcement and continues to support their investigation," the company said at the time. Breached MeetMindful data dumped on dark web hacker forum - Source: ZDNet. In June 2013 around 360 million MySpace accounts were compromised by a Russian hacker, but the incident was not publicly disclosed until 2016. Twitter did not disclose how many users were impacted but indicated that the number of users was significant and that they were exposed for several months. Payment information was not released, but Under Armour says user names, emails, and encrypted passwords were affected. 2020, meanwhile, brought unexpected challenges, as Covid-19 spurred sudden shifts in standard operating . In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. In December 2018, Dubmash suffered a data breach that exposed 162 million unique email addresses, usernames and DBKDF2 password hashes. Cambridge Analytica was a data analytics company that was commissioned by political stakeholders including officials in the Trump election and pro-Brexit campaigns. The breach allowed access to private information of Aadhaar holders, exposing their names, their unique 12-digit identity numbers, and their bank details. The hackers demanded that parent company Avid Life Media shut down Ashley Madison and sister website Established Men within 30 days to avoid the publication of compromised records.