Recent Data Breaches (Updated 2019)
Consumers who have been targeted by scammers over the phone or the internet could have had their identity breached. It is highly recommended that everyone whose personal information has been compromised obtains identity theft protection when possible. There are several organizations that provide identity theft protection service to US residents. We have selected 3 protection plans allowing you to get protected immediately and for free for the first 30 days. These offers may expire soon.
June 3-4, 2019
Quest and LabCorp
Quest: 12 million; Labcorp 7.7 million
Hackers took control of a payment page at a billing collection vendor used by Quest. Between August 2018 and March 2019, the hackers removed financial account data, Social Security numbers and health information from the company, AMCA. LabCorp announced they were also affected by the breach but that the information held by AMCA for their customers was less sensitive. The hackers did get access to names, addresses, dates of births and balances.
May 29, 2019
Checkers and Rally’s restaurants had point-of-sale systems hacked which exposed customer’s full payment information. Although the restaurant chain found the attack in April 2019, they learned that 15 percent of their restaurant systems had been compromised for many years. The malware installed on the system could detect and extract data from the magnetic stripe of payment cards.
May 29, 2019
Flipboard, a social news app which personalizes news content based on interests was hacked when a third-party database was compromised. The database held names, usernames, email addresses, and encrypted passwords. The company reported that most passwords were hashed with bcrypt, a strong password protection system but some were hashed with the SHA-1 algorithm which is less secure.
May 24, 2019
Canva, a popular online design tool, exposed 139 million users when hackers stole usernames, real names and email addresses. The Australian-based company detected a problem on May 24 and took action immediately but the hacker, identified as Gnosticplayers, claimed to have obtained information up to May 17. They have also attempted to sell stolen data of more than 1 billion online accounts on dark web marketplaces. Canva confirmed that designs and payment information were not impacted.
First American Financial Group
May 24, 2019
Personal and financial records were found unprotected and accessible to anyone with the URL for more than two years, according to First American Financial Group, a title insurer for real estate companies. It is possible that Social Security numbers, bank account numbers, mortgage and tax records along with wire transaction receipts and driver’s license numbers as far back as 2003 could have been accessed.
Immediata Health Group
May 23, 2019
Immediata Health Group’s website had a setting that allowed search engines to access pages with patient data. It is believed that names, addresses, dates of birth, gender, medical information, and Social Security numbers may have been accessed. The company provides clearinghouse services, software and business process outsourcing tools to healthcare providers and insurance companies. The incorrect setting was discovered in January 2019 and the website deactivated. It is not known if the information was accessed although an independent forensic firm found no evidence that it had been copied or saved.
May 20, 2019
An India-based social media marketing company left data unprotected on an Amazon Web Services database, exposing biographical information, profile photos, location, verification statuses, email addresses and phone numbers of Instagram high-profile influencers, celebrities and brands. Although this is listed as an Instagram breach, the photo-sharing app is owned by Facebook. The database, Chtrbox, was used to reach out to high-profile users and provide them with offers.
Pacers Sports & Entertainment
May 13, 2019
Pacers Sports & Entertainment, the legal entity behind the Indiana Pacers, was the victim of a phishing email campaign that may have led to the breach of sensitive information. Names, addresses, dates of birth, Social Security numbers, passport numbers, medical insurance information, driver’s license numbers, payment card numbers, and more extremely personal information may have been compromised. An investigation found that hackers accessed accounts between October 15 and December 4, 2018. The investigation was initiated after suspicious activity was detected on November 16, 2018.
May 7, 2019
A hacker was able to breach the company database of Wyzant, an online tutoring marketplace. The breach compromised names, email addresses, zip codes and Facebook profile photos of anyone who used single-sign on to access their Wyzant account. The breach affected both customers and as many as 80,000 instructors. An anomaly in a single database led to an investigation that discovered a cyber attack who was able to gain access to personally identifiable information.
May 3, 2019
A company database used by AMC Networks for their Sundance Now and Shudder online streaming video platforms were left accessible to the public. The database contained names, email addresses, details about subscription plans as well as the last four digits of credit card numbers. The breach also affected Youbora, a video analytics company, exposing over 400,000 more IP addresses, country city, state, ZIP code, and location coordinates.
April 29, 2019
A data breach at Docker Hub, which offers cloud-based services to application developers, led to stolen usernames, hashed passwords, Github and Bitbucket tokens. Although the breach only affected about 5 percent of Docker Hub’s customer base, all users were notified of the issue. The company stated that the information breached was nonfinancial but they did not explain how the breach occurred or how long the hackers had access
April 22, 2019
The largest online retailer of supplements, Bodybuilding.com, announced a breach that led to a forced password reset for all customers. The breach may have exposed names, email addresses, billing or shipping addresses, phone numbers, order history, birthdates and information customers may have stored in their BodySpace profiles. An external security firm determined that one of the company’s 450 employees may have fallen for the phishing attempt in July 2018.
April 20, 2019
The email accounts of EmCare employees were compromised by a third party,, exposing the names, dates of birth, age, clinical information, Social Security numbers and driver’s license numbers of some patients and employees. The breach occurred when an unauthorized individual was able to gain access to employee email accounts on February 19 but the breach was not announced for 60 days under HIPAA regulations.
April 2, 2019
Facebook datasets were left exposed to the public by two third-party apps, Cultura Colectiva and At the Pool. The breach allowed access to account names, Facebook ID, user activity, photos, events, groups, check-ins and more. In the Cultura Colectiva breach, the company stored 146 gigabytes of information that was accessible and downloadable to anyone. The At the Pool app exposed the information through an Amazon S3 bucket.
Search for scams using ScamGuard's nationwide scam database:
If you are looking for a specific scam that was not covered by this article, please use the search field below:
Legit or Scam? Ask ScamExperts.com
If you are dealing with a suspicious person or organization, let Scam Experts investigate for free. Click here to submit an inquiry to ScamExperts.com.