The Latest Big Data Security Breaches Everyone is Talking About

When did it happen: May 2019

How many did it affect: 137 million users

What happened? In May 2019, the Australian graphic tool website Canva experienced an attack which exposed email addresses, usernames, names, residence, and passwords of 137 million users.

Canva themselves confirmed the incident and said that the hackers had managed to view, but not steal, files with partial credit card and payment data. They notified and prompted users to change their passwords.

However, a later post by Canva detailed that approximately 4 million Canva accounts containing stolen user passwords were later decrypted and shared online, leading the company to invalidate changed passwords and notify users with unencrypted passwords in the list.

When did it happen? March 2020

How many did it affect? 900,000 users

What happened? It is thought that almost one million Virgin Media customers were recently impacted by a huge security breach in March 2020 – which saw the personal data of 900,000 people accessed after a marketing database had been left open to the public for 10 months.

Virgin Media is the UK’s second-biggest broadband provider and roughly 15 percent of their fixed-line customer base was affected, and some of their Virgin Mobile customers too.

Neither passwords nor financial information was included in the leaked data, but names, email addresses, phone numbers and contact details were.

Through further investigation, it was found that the marketing database was left open from April 2019 and that the information in this database had been accessed by “at least” one person from outside the company.

Chief executive of Virgin Media, Lutz Schuler, confirmed that the breach had in fact happened, yet he insisted that customer details had not been used illegally.

When did it happen: March 2020

How many did it affect: 600,000 users

What happened? In March 2020, British supermarket Tesco was forced to replace 600,000 new Clubcards due to a security breach, and warn customers that fraudsters could have successfully spent their points and voucher.

The retailer later released a statement detailing that user-name password combinations had been taken from other leaks and were then tried on Tesco’s website.

Their internal systems had picked up on this issue quickly and they immediately took steps to protect their customers and restrict the amount of access the fraudsters had to their accounts. They also recommended that Clubcard users reset their passwords and further apologised for the incident.

When did it happen: January 2020

How many did it affect: 2000 users

What happened? In January 2020, EasyJet became aware of data breaches of 2,208 customers. Email addresses and travel details were stolen and credit card details were ‘accessed’. The stolen credit card details included customer CVV numbers.

They then went on to warn nine million customers whose email addresses had also been stolen.

When did it happen: May 2020

How many did it affect: 300 users

What happened? Outsourcing firm Serco has apologised after sharing the email addresses of 300 contact tracers.

The company made the mistake as they are training staff to trace new cases of COVID-19 for the UK government. The error happened when they emailed new trainees to tell them about training.

Contact tracing is used to slow the spread of coronavirus and 21,000 contact tracers have been hired to help with the investigation.

Serco had written an email to tell trainees not to contact its help desk for training details. This is where the mistake was made. All the email addresses were put in the CC section of the email, rather than BCC. Thus, revealing them to every recipient.

For advice and support around business insurance, including cyber insurance, make sure to get in touch with Business Line Insurance on 020 3058 4309 today.