Recent Data Breaches

• Data Breach

Consumers who have been targeted by scammers over the phone or the internet could have had their identity breached. It is highly recommended that everyone whose personal information has been compromised obtains identity theft protection when possible. There are several organizations that provide identity theft protection services to US residents. We have selected the 3 best US-based protection plans allowing you to get protected immediately. These offers may expire soon.

June 3-4, 2019
Quest and LabCorp
Quest: 12 million; Labcorp 7.7 million
 

Hackers took control of a payment page at a billing collection vendor used by Quest. Between August 2018 and March 2019, the hackers removed financial account data, Social Security numbers, and health information from the company, AMCA. LabCorp announced they were also affected by the breach but that the information held by AMCA for their customers was less sensitive. The hackers did get access to names, addresses, dates of births and balances.

Checkers
May 29, 2019
Unknown

Checkers and Rally’s restaurants had point-of-sale systems hacked which exposed customer’s full payment information. Although the restaurant chain found the attack in April 2019, they learned that 15 percent of their restaurant systems had been compromised for many years. The malware installed on the system could detect and extract data from the magnetic stripe of payment cards.

Flipboard
May 29, 2019
150 million

Flipboard, a social news app that personalizes news content based on interests was hacked when a third-party database was compromised. The database held names, usernames, email addresses, and encrypted passwords. The company reported that most passwords were hashed with bcrypt, a strong password protection system but some were hashed with the SHA-1 algorithm which is less secure.

Canva
May 24, 2019
139 million

Canva, a popular online design tool, exposed 139 million users when hackers stole usernames, real names and email addresses. The Australian-based company detected a problem on May 24 and took action immediately but the hacker, identified as Gnosticplayers, claimed to have obtained information up to May 17. They have also attempted to sell stolen data of more than 1 billion online accounts on dark web marketplaces. Canva confirmed that designs and payment information were not impacted.

First American Financial Group
May 24, 2019
885 million

Personal and financial records were found unprotected and accessible to anyone with the URL for more than two years, according to First American Financial Group, a title insurer for real estate companies. It is possible that Social Security numbers, bank account numbers, mortgage and tax records along with wire transaction receipts and driver’s license numbers as far back as 2003 could have been accessed.

Immediata Health Group
May 23, 2019
1.5 million

Immediata Health Group’s website had a setting that allowed search engines to access pages with patient data. It is believed that names, addresses, dates of birth, gender, medical information, and Social Security numbers may have been accessed. The company provides clearinghouse services, software and business process outsourcing tools to healthcare providers and insurance companies. The incorrect setting was discovered in January 2019 and the website deactivated. It is not known if the information was accessed although an independent forensic firm found no evidence that it had been copied or saved.

Instagram
May 20, 2019
49 million

An India-based social media marketing company left data unprotected on an Amazon Web Services database, exposing biographical information, profile photos, location, verification statuses, email addresses and phone numbers of Instagram high-profile influencers, celebrities and brands. Although this is listed as an Instagram breach, the photo-sharing app is owned by Facebook. The database, Chtrbox, was used to reach out to high-profile users and provide them with offers.

Pacers Sports & Entertainment
May 13, 2019
Unknown

Pacers Sports & Entertainment, the legal entity behind the Indiana Pacers, was the victim of a phishing email campaign that may have led to the breach of sensitive information. Names, addresses, dates of birth, Social Security numbers, passport numbers, medical insurance information, driver’s license numbers, payment card numbers, and more extremely personal information may have been compromised. An investigation found that hackers accessed accounts between October 15 and December 4, 2018. The investigation was initiated after suspicious activity was detected on November 16, 2018.

Wyzant
May 7, 2019
2+ million

A hacker was able to breach the company database of Wyzant, an online tutoring marketplace. The breach compromised names, email addresses, zip codes and Facebook profile photos of anyone who used single-sign on to access their Wyzant account. The breach affected both customers and as many as 80,000 instructors. An anomaly in a single database led to an investigation that discovered a cyber attack who was able to gain access to personally identifiable information.

AMC Networks
May 3, 2019
1.6 million

A company database used by AMC Networks for their Sundance Now and Shudder online streaming video platforms were left accessible to the public. The database contained names, email addresses, details about subscription plans as well as the last four digits of credit card numbers. The breach also affected Youbora, a video analytics company, exposing over 400,000 more IP addresses, country city, state, ZIP code, and location coordinates.

Docker Hub
April 29, 2019
190,000

A data breach at Docker Hub, which offers cloud-based services to application developers, led to stolen usernames, hashed passwords, Github and Bitbucket tokens. Although the breach only affected about 5 percent of Docker Hub’s customer base, all users were notified of the issue. The company stated that the information breached was nonfinancial but they did not explain how the breach occurred or how long the hackers had access

Bodybuilding.com
April 22, 2019
9 million

The largest online retailer of supplements, Bodybuilding.com, announced a breach that led to a forced password reset for all customers. The breach may have exposed names, email addresses, billing or shipping addresses, phone numbers, order history, birthdates and information customers may have stored in their BodySpace profiles. An external security firm determined that one of the company’s 450 employees may have fallen for the phishing attempt in July 2018.

EmCare
April 20, 2019
60,000

The email accounts of EmCare employees were compromised by a third party,, exposing the names, dates of birth, age, clinical information, Social Security numbers and driver’s license numbers of some patients and employees. The breach occurred when an unauthorized individual was able to gain access to employee email accounts on February 19 but the breach was not announced for 60 days under HIPAA regulations.

Facebook
April 2, 2019
540 million

Facebook datasets were left exposed to the public by two third-party apps, Cultura Colectiva and At the Pool. The breach allowed access to account names, Facebook ID, user activity, photos, events, groups, check-ins and more. In the Cultura Colectiva breach, the company stored 146 gigabytes of information that was accessible and downloadable to anyone. The At the Pool app exposed the information through an Amazon S3 bucket.

Search for scams using ScamGuard's nationwide scam database:  

If you are looking for a specific scam that was not covered by this article, please use the search field below:

Legit or Scam? Ask ScamExperts.com   

If you are dealing with a suspicious person or organization, let Scam Experts investigate for free. Click here to submit an inquiry to ScamExperts.com.