Countdown to the top 10 most outrageous hacks, cyber attacks, and breaches of 2019

From the FaceTime-Fortnite hack to the Wawa breach, 2019 saw diverse data intrusions across public and private companies, government institutions, and some of the largest and smallest companies in the nation. No one was immune.

To begin the new year, we are took a quick look back at the worst cyber attacks, hacks, and other data breaches and ranked them based on awareness impact as well as potential financial impact on consumers across the nation. Our annual list of the top 10 most pervasive data thefts involving household names can reinforce for your employees and your account holders the importance of data protection, how it can affect all of us in our everyday lives, AND the value of having professionals standing by if identity theft strikes.

Included on the following pages in this issue of NXG Now is thought provoking editorial content for you to share with your account holders. By providing current and relevant information along with state-of-the art fraud solutions, including professional identity theft recovery services, you truly are THE protection partner for your account holders. This partnership will yield more satisfied account holders, deeper and more long lasting account relationships, and a stronger defense against fraud losses for your organization.


Newsletter Content

Feel free to use this content in your organization's newsletters, blogs, social media platforms, or anywhere account holders might go for information from your organization.

Countdown to the top 10 most outrageous hacks, cyber attacks, and breaches of 2019

2019 was the year that demonstrated new depths and cost of cybercrime and is being called the worst year on record for data breaches. From the Disney Plus hack to the Wawa data breach, no organization or individual was immune. More than any previous year these criminals targeted public companies, private firms, and government institutions with new and creative criminal tactics.

As a new year starts, we took a quick look back at the worst hacks, cyber-attacks, and other data breaches. You should be aware of of threats related to companies that might have access to your personal or financial information. It’s important to regularly update your passwords to make it harder for criminals to use your information.

10. Words with Friends – Social media games seem innocent enough, right? However, a hacker accessed more than 218 million Words with Friends player accounts including names, email addresses, login IDs and more. This information can help criminals hack into your email account where they may find other useful information to help them commit identity fraud.

9. Wawa – This Northeastern convenience store chain had 850 of their stores’ credit card machines compromised by malware, resulting in criminals being able to obtain credit and debit card numbers, expiration dates, and cardholder names. Data for 30 million consumers showed up for sale on the criminal Dark Web on January 27th, and is linked to this breach. If you used your debit or credit card at a Wawa location between March 4th and December 12th 2019 pay extra attention to your account statements for any suspicious transactions.

8. Disney Plus – Within days of the new streaming service launch, hackers quickly stole more than 20,000 user accounts, changing passwords and locking out owners, selling the credentials for as low as $3 an account on hacking forums. This was an inconvenience to new Disney Plus subscribers but it also means that fraudsters have access to 20,000 user names, email addresses and passwords. Fraudsters know that most consumers use the same email address/password combination to log into many accounts allowing them to extend the damage. Do you?

7. FEMA – The Federal Emergency Management Agency used a third-party contractor who did not properly handle claim information, exposing 2.3 million disaster survivors to possible identity theft and fraud. Lost information included names, addresses, bank account information, and birthdates. If you or someone you know has seen any suspicious activity following a FEMA claim or at any other time, we have professional identity theft specialists standing by to help.

6. Wyze – Specializing in smart home products and wireless cameras, criminals were able to gain access to an unprotected database of customer data, including names and email addresses, to the tune of 2.4 million records. While there have been news stories recently about criminals live security camera feeds, the more relevant use of a database of email addresses is hacking into your email account, which is a treasure trove of information. Remember to change your passwords on email account regularly.

5. Facebook/Instagram – Facebook had a brutal year when it comes to user security. Hundreds of millions of Instagram and Facebook customers had their passwords exposed in March. Then in April, over 540 million Facebook and Instagram users had their usernames and passwords exposed. The lessons learned here are the same as covered in the examples above... except Facebook and Instagram touch almost everyone.

4. Burger King – a French Burger King online shop for kids exposed nearly 38,000 records, including customers’ names, dates of birth, phone numbers, email addresses and passwords. While this does not affect anyone in the U.S., it is a great time to reflect. Kids are being bombarded with offers to buy online or join subscription programs. Before you or your child provide their name, birthdate, email address or any other personal information think carefully. Once your child's personal information is in the Dark Web it can live there for many years. Criminals can more easily use a child's identity, modify it slightly, and commit identity theft without being detected.

3. DoorDash - DoorDash, an app-based food-delivery service disclosed a data breach affecting 4.9 million people including delivery workers, merchants, and customers who created an account on or before April 15th, 2018. This data breach was discovered by the company on May 4th, 2019, and disclosed to the public on September 26th, 2019. Customer information exposed included names, street address, email address and in some cases the last 4 digits of a credit card, which is a great starter kit for identity theft. This breach is an also an example of how long a criminal may be operating behind the scenes, in this case more than a year. Always stay vigilant.

2. Marriott – The hotel group first announced at the end of 2018 that hackers accessed records, but in March of 2019 the extent of the breach became clear. It was found that 83 million guest records and 18.5 million encrypted passport numbers were breached. Details included 9.1 million encrypted payment card numbers and 385,000 valid card numbers in addition to 5.25 million unencrypted passport numbers. The sheer size of this data breach makes it one of the worst data hacks that consumers had to deal with in 2019.

1. First American Data Breach – First American takes our top spot for 2019 based on the size of the data exposed, the length of time of the exposure and the type of data compromised. However, there is no way to know if any of the data was accessed by criminals. In July, a data leak was discovered at First American Financial Corp., the largest real estate title insurance company in the U.S., dating back 16 years. The unprotected database exposed transaction records of 885 million individuals, including bank account numbers, mortgage and tax records, Social Security numbers, wire transaction receipts and drivers license images. Anyone who had ever received URL for a valid document at the First American website could view other documents just by modifying a single digit in the link. This vulnerability was discovered by a legitimate user of the service who then reported it to a cyber security company when attempts to notify the company failed. Searching the internet for unprotected data is part of the sophisticated science behind identity theft.

It’s important to stay up to date with what is happening in the world of criminal data breaches in case you are engaged with a company that experiences theft.

What can you do to ensure you are protected? While being cautious is important, having a plan after your identity has been compromised is critical. Through your account relationship with <FINANCIAL_INSTITUTION> you have access to our Fully Managed Identity Theft Recovery puts a Recovery Advocate in your corner that can help you through the painful process of recovering your identity in the event of theft.

For more information, please visit <FINANCIAL INSTITUTION WEBSITE> and learn how you’re protected in the event of identity theft.

Social Media Content

A top-10 list is a great way to build engagement with your social media audience. Make sure to tell them where they can find the article for further information.

Post #1 - Countdown to the most outrageous breaches, hacks, & cyber attacks of 2019. #10 Words With Friends' friends hacked to the tune of 218 million users! Check out our list! #2019CyberAttacks #YourProtectionPartner

Post #2 - Countdown to the most outrageous breaches, hacks, & cyber attacks of 2019. #9 Wawa malware affected millions. Check out our list! #2019CyberAttacks #YourProtectionPartner

Post #3 - Countdown to the most outrageous breaches, hacks, & cyber attacks of 2019. #8 Disney Plus hacked days after launching. Check out our list! #2019CyberAttacks #YourProtectionPartner

Post #4 - Countdown to the most outrageous breaches, hacks, & cyber attacks of 2019. #7 FEMA contractor mishandles survivors' personal info. Check out our list! #2019CyberAttacks #YourProtectionPartner

Post #5 - Countdown to the most outrageous breaches, hacks, & cyber attacks of 2019. #6 Wyze technology left over 2.4 million records exposed. Check out our list! #2019CyberAttacks #YourProtectionPartner

Post #6 - Countdown to the most outrageous breaches, hacks, & cyber attacks of 2019. #5 Facebook isn't necessarily your friend when it comes to protecting your personal info. Check out our list! #2019CyberAttacks #YourProtectionPartner

Post #7 - Countdown to the most outrageous breaches, hacks, & cyber attacks of 2019. #4 Burger King exposed personal data from their online purchase shop for kids. Check out our list! #2019CyberAttacks #YourProtectionPartner

Post #8 - Countdown to the most outrageous breaches, hacks, & cyber attacks of 2019. #3 Door Dash exposed personal data of 4.9 million users. Check out our list! #2019CyberAttacks #YourProtectionPartner

Post #9 - Countdown to the most outrageous breaches, hacks, & cyber attacks of 2019. #2 . Marriott's record setting breach exposed 383 million guests' passport numbers & credit card information to hackers. Check out our list! #2019CyberAttacks #YourProtectionPartner

Post #10 - Countdown to the most outrageous breaches, hacks, & cyber attacks of 2019. First American Financial exposes mortgage and payment data on 885 million individuals. #1 #2019CyberAttacks #YourProtectionPartner


Need More?

What's New?

Protecting a small business from outside intrusion or mishandling of data can be a difficult task. Wondering how you can enhance your small business and commercial account offerings? We have the solution for you! Our nxg|Protect Biz provides valuable data breach, fraud remediation and comprehensive legal services for small businesses, and identity theft protection and state-of- the-art telehealth services for the small business owner’s employees. You can even offer mobile phone insurance to protect the business owner’s lifeline - their smartphone. Ask your NXG client manager for more information.


What's Hot?

The Next Generation in Smart Shopping - nxg|SAVE is here! By adding this feature to your checking or savings accounts, your account holders can SAVE with big discounts on shopping, dining, and travel with an optimized experience on their PC, tablet, or smartphone. How does it work? Just download the slick GPS- assisted mobile app that lets you know where the best deals are right now in your area while you are on-the-go. No need to keep up with printed coupons; you can simply display the app on your phone at checkout to make savings EASY at thousands of retailers, restaurants, hotels, and more.


What's Next?

We are always adding new program benefits and features to keep up with changing technologies and criminal tactics. Not sure which program you have? Call your NXG Client Manager for an account review to make sure you are maximizing the value to your institution and your account holders. You can hear about new and exciting options that are available, including Dark Web Monitoring, IRS Tax Fraud Refund Advance (available now in our Premium packages) and Social Media Monitoring.