Dixons Carphone became the most recent high-profile company to suffer a data breach but countless more organisations have been affected by cyber threats in recent months, from social media giants to national security departments
Dixons Carphone has announced ten million customers were affected by its 2017 data breach rather than the original estimate of 1.2 million.
It admitted that personal information, addresses and email addresses may have been accessed last year but said no bank details were hacked and that it found no signs of fraud.
The breach did result in the hackers accessing 5.9 million payments cards, but almost all were protected by their chip and pin feature.
The owner of Carphone Warehouse and Currys PC World has been looking into the hack since it was uncovered in June.
But how many other data breaches have proven costly in an eventful 2018 for cyber hackers and cyber security alike?
Data breach: Adidas
On June 26, the German sportswear giant became aware that the data of potentially millions of its customers was hacked.
Usernames, encrypted passwords and contact information were all leaked in the breach, but Adidas assured its customers that no payment details or fitness data was stolen.
The company alerted the public to the hack two days after it realised what had happened, but it remains unclear just how many were affected.
“On June 26, Adidas became aware that an unauthorised party claims to have acquired limited data associated with certain Adidas consumers.
“Adidas is committed to the privacy and security of its consumers’ personal data. Adidas immediately began taking steps to determine the scope of the issue and to alert relevant consumers.
“Adidas is working with leading data security firms and law enforcement authorities to investigate the issue.”
Data breach: Costa
An online recruitment system belonging to Costa’s parent company Whitbread was hacked in May, leaking the details of up to two million existing employees, as well as prospective job applicants.
Australian software firm PageUp runs the hacked system and announced its breach last month, which left names, phone numbers, employment information, addresses and email addresses exposed.
PageUp is currently investigating the issue to determine the identity of the hackers and find more information about what was leaked and who was affected.
“At Whitbread, we take protecting your data very seriously and we are very sorry that this has happened.
“We choose our partner organisations very carefully and take every possible step to ensure your data is always kept secure.
“We value all our job applicants and we want to repeat that we are very sorry that this has happened.”
Data breach: Ticketmaster
Last month, it became public knowledge that about 5% of US ticket sales and distribution company Ticketmaster’s customers suffered a breach.
Roughly 40,000 users of its UK site were affected, with some people claiming they’d been scammed out of money as a direct result.
The customers’ login information, payment data, addresses and phone numbers were put at risk, with the company advising users to change their details on the website at their earliest convenience.
“Based on our investigation, we understand that only certain UK customers who purchased or attempted to purchase tickets between February and 23 June 2018 may have been affected by the incident.
“Information which may have been compromised includes: name, address, email address, telephone number, payment details and Ticketmaster login details.
“We recommend that you monitor your account statements for evidence of fraud or identity theft.
“If you are concerned or notice any suspicious activity on your account, you should contact your bank(s) and any credit card companies.”
Data breach: Fortnum & Mason
Thousands of Fortnum & Mason customers had their personal data stolen between May and June this year, according to the retailer.
It announced in early July that the names, social media details, addresses and email addresses of about 23,000 people had been exposed by the breach.
Typeform is the survey company Fortnum & Mason uses for its various awards sections on its website and those affected included any who voted in the TV Personality of the Year category.
“At 5.26pm on Friday 29 June, Typeform, a company that provides services that we have used in the past to collect survey responses and voting preferences, notified us that they had suffered a data breach and unfortunately some of our data had been compromised.
“The data of approximately 23,000 competition and survey participants who inputted into a Typeform form has been involved in this breach.
“For the majority of people, only the email address has been exposed. For a smaller proportion of customers, other data such as address, contact number and social handle has been included.
“These forms did not request bank or payment details, or require passwords.”
Data breach: Facebook
In 2014, information harvested by data profiling firm Cambridge Analytica saw the details of more than 50 million people – and eventually about 100 million – accessed without authorisation.
A quiz app collected people’s personal information surreptitiously to then be shared with third parties separate from the original researchers.
Facebook learned about the breach in 2015 but the incident did not become public knowledge until this year.
The company has since been fined £500,000, the maximum penalty allowed, by the Information Commissioner’s Office in the UK.
Data breach: SingHealth
It was announced on 20 July that SingHealth, Singapore’s largest healthcare group, was the victim of a cyber attack which resulted in the exposure of about 1.5 million patient records.
The breach occurred between late June and early July this year and affected those who visited the company’s clinics between 1 May 2015 and 4 July 2018.
Hacked information included patient names, addresses, genders, races, dates of birth and National Registration Identity Card (NRIC) numbers.
Meanwhile, the medical prescription records of 160,000 were also stolen.
Data breach: US Homeland Security
Between 2002 and 2014, about 240,000 employees at the US’ Department of Homeland Security were affected by a “privacy incident” involving one of its databases.
A further undisclosed number of people could have been affected though this has not yet been confirmed
Lost information includes names, social security numbers and staff job roles and DHS officials first discovered the breach in May last year but did not reveal it until 2018.
Data breach: Quora
In late November 100 million users of public question and answer service Quora were affected by a data breach, engineered by a “malicious third party.”
Account information such as names, email addresses, encrypted passwords may have been put at risk, the company said, but no financial details were leaked.
Regional director for Northern Europe of cyber security firm Check Point Andy Wright said: “Hackers are deliberately targeting companies and websites which hold massive amounts of customer data – as we’ve seen with the recent major attacks against airlines and hotel chains.
“While it’s not known how Quora’s systems were breached, the attackers could have exploited any one of several vectors to get access.
“Organisations need to protect themselves against sophisticated fifth-generation threats which spread across networks, endpoints, mobiles and cloud services, and prevent them from being able to impact on their business.
“Luckily, there was no financial information associated with the exposed user data, and the stolen passwords were encrypted, but users should consider changing their passwords on other accounts if they have used the same password as for their Quora account.
“They should also be suspicious of emails claiming to be related to the Quora breach, as these could be phishing attempts to try and extract more sensitive information.”
Data breach: Under Armour
In March this year, fitness and clothing brand Under Armour discovered an unauthorized user had gained access to MyFitnessPal, the platform used by the company to track its users’ activity.
The breach hacked the usernames, email addresses and passwords of 150 millions users, but did not affect any financial data, which Under Armour processes separately.
Condemning the attack, US Representative Bobby L. Rush said: “This industry’s lack of regulation has made everyone vulnerable to their data being placed in the wrong hands.
“We cannot let this industry continue to police themselves. They are not prepared to handle this ongoing threat and protect our most personal information. “