Newsletter Content

Feel free to use this content in your organization's newsletters, blogs, social media platforms, or anywhere account holders might go for information from your organization.

Countdown to the top 10 most outrageous hacks, cyber attacks, and breaches of 2019

2019 was the year that demonstrated new depths and cost of cybercrime and is being called the worst year on record for data breaches. From the Disney Plus hack to the Wawa data breach, no organization or individual was immune. More than any previous year these criminals targeted public companies, private firms, and government institutions with new and creative criminal tactics.

As a new year starts, we took a quick look back at the worst hacks, cyber-attacks, and other data breaches. You should be aware of of threats related to companies that might have access to your personal or financial information. It’s important to regularly update your passwords to make it harder for criminals to use your information.

10. Words with Friends – Social media games seem innocent enough, right? However, a hacker accessed more than 218 million Words with Friends player accounts including names, email addresses, login IDs and more. This information can help criminals hack into your email account where they may find other useful information to help them commit identity fraud.

9. Wawa – This Northeastern convenience store chain had 850 of their stores’ credit card machines compromised by malware, resulting in criminals being able to obtain credit and debit card numbers, expiration dates, and cardholder names. Data for 30 million consumers showed up for sale on the criminal Dark Web on January 27th, and is linked to this breach. If you used your debit or credit card at a Wawa location between March 4th and December 12th 2019 pay extra attention to your account statements for any suspicious transactions.

8. Disney Plus – Within days of the new streaming service launch, hackers quickly stole more than 20,000 user accounts, changing passwords and locking out owners, selling the credentials for as low as $3 an account on hacking forums. This was an inconvenience to new Disney Plus subscribers but it also means that fraudsters have access to 20,000 user names, email addresses and passwords. Fraudsters know that most consumers use the same email address/password combination to log into many accounts allowing them to extend the damage. Do you?

7. FEMA – The Federal Emergency Management Agency used a third-party contractor who did not properly handle claim information, exposing 2.3 million disaster survivors to possible identity theft and fraud. Lost information included names, addresses, bank account information, and birthdates. If you or someone you know has seen any suspicious activity following a FEMA claim or at any other time, we have professional identity theft specialists standing by to help.

6. Wyze – Specializing in smart home products and wireless cameras, criminals were able to gain access to an unprotected database of customer data, including names and email addresses, to the tune of 2.4 million records. While there have been news stories recently about criminals live security camera feeds, the more relevant use of a database of email addresses is hacking into your email account, which is a treasure trove of information. Remember to change your passwords on email account regularly.

5. Facebook/Instagram – Facebook had a brutal year when it comes to user security. Hundreds of millions of Instagram and Facebook customers had their passwords exposed in March. Then in April, over 540 million Facebook and Instagram users had their usernames and passwords exposed. The lessons learned here are the same as covered in the examples above... except Facebook and Instagram touch almost everyone.

4. Burger King – a French Burger King online shop for kids exposed nearly 38,000 records, including customers’ names, dates of birth, phone numbers, email addresses and passwords. While this does not affect anyone in the U.S., it is a great time to reflect. Kids are being bombarded with offers to buy online or join subscription programs. Before you or your child provide their name, birthdate, email address or any other personal information think carefully. Once your child's personal information is in the Dark Web it can live there for many years. Criminals can more easily use a child's identity, modify it slightly, and commit identity theft without being detected.

3. DoorDash - DoorDash, an app-based food-delivery service disclosed a data breach affecting 4.9 million people including delivery workers, merchants, and customers who created an account on or before April 15th, 2018. This data breach was discovered by the company on May 4th, 2019, and disclosed to the public on September 26th, 2019. Customer information exposed included names, street address, email address and in some cases the last 4 digits of a credit card, which is a great starter kit for identity theft. This breach is an also an example of how long a criminal may be operating behind the scenes, in this case more than a year. Always stay vigilant.

2. Marriott – The hotel group first announced at the end of 2018 that hackers accessed records, but in March of 2019 the extent of the breach became clear. It was found that 83 million guest records and 18.5 million encrypted passport numbers were breached. Details included 9.1 million encrypted payment card numbers and 385,000 valid card numbers in addition to 5.25 million unencrypted passport numbers. The sheer size of this data breach makes it one of the worst data hacks that consumers had to deal with in 2019.

1. First American Data Breach – First American takes our top spot for 2019 based on the size of the data exposed, the length of time of the exposure and the type of data compromised. However, there is no way to know if any of the data was accessed by criminals. In July, a data leak was discovered at First American Financial Corp., the largest real estate title insurance company in the U.S., dating back 16 years. The unprotected database exposed transaction records of 885 million individuals, including bank account numbers, mortgage and tax records, Social Security numbers, wire transaction receipts and drivers license images. Anyone who had ever received URL for a valid document at the First American website could view other documents just by modifying a single digit in the link. This vulnerability was discovered by a legitimate user of the service who then reported it to a cyber security company when attempts to notify the company failed. Searching the internet for unprotected data is part of the sophisticated science behind identity theft.

It’s important to stay up to date with what is happening in the world of criminal data breaches in case you are engaged with a company that experiences theft.

What can you do to ensure you are protected? While being cautious is important, having a plan after your identity has been compromised is critical. Through your account relationship with <FINANCIAL_INSTITUTION> you have access to our Fully Managed Identity Theft Recovery puts a Recovery Advocate in your corner that can help you through the painful process of recovering your identity in the event of theft.

For more information, please visit <FINANCIAL INSTITUTION WEBSITE> and learn how you’re protected in the event of identity theft.

Need More?

What's New?

Protecting a small business from outside intrusion or mishandling of data can be a difficult task. Wondering how you can enhance your small business and commercial account offerings? We have the solution for you! Our nxg|Protect Biz provides valuable data breach, fraud remediation and comprehensive legal services for small businesses, and identity theft protection and state-of- the-art telehealth services for the small business owner’s employees. You can even offer mobile phone insurance to protect the business owner’s lifeline - their smartphone. Ask your NXG client manager for more information.

What's Hot?

The Next Generation in Smart Shopping - nxg|SAVE is here! By adding this feature to your checking or savings accounts, your account holders can SAVE with big discounts on shopping, dining, and travel with an optimized experience on their PC, tablet, or smartphone. How does it work? Just download the slick GPS- assisted mobile app that lets you know where the best deals are right now in your area while you are on-the-go. No need to keep up with printed coupons; you can simply display the app on your phone at checkout to make savings EASY at thousands of retailers, restaurants, hotels, and more.

What's Next?

We are always adding new program benefits and features to keep up with changing technologies and criminal tactics. Not sure which program you have? Call your NXG Client Manager for an account review to make sure you are maximizing the value to your institution and your account holders. You can hear about new and exciting options that are available, including Dark Web Monitoring, IRS Tax Fraud Refund Advance (available now in our Premium packages) and Social Media Monitoring.