The five most significant personal data leaks of 2017

The five most significant personal data leaks of 2017 snapshot

Data leaks became a commonplace in 2017

Personal data leaks have become a major problem ion 2017. However, the majority of them do not reach newspapers’ headlines, because in many cases they remain concealed.  Therefore, it can be said that data breaches publicized in 2017 make up only a small part of all data leaks discovered this year.

According to Identity Theft Resource Center, 163 million private users’ records have been exposed only in the United States in 2017 so far. The score is four times larger than all of the last year.

We have decided to list the major five data leaks of 2017. If you suspect that you were affected by one of these, take actions to protect your privacy and online accounts immediately.

The list of major data leaks

  • Equifax break-in leads to 145.5 million stolen accounts

Equifax is one of the largest credit-reporting agencies. The company collects data about 800 million individual consumers and approximately 88 million companies all around the globe.

According to the company’s representatives, hackers gained access to databases containing client’s names, dates of birth, social security numbers, and addresses.

Cybercriminals used a vulnerability in the Apache Struts 2 framework. Developers of open-source web application eliminated the security flaw later in March. However, the giant credit-reporting agency failed to install the updates, therefore frauds successfully leveraged the vulnerability to access sensitive data on company’s internal servers.

During the attack, over 209 000 credit card numbers and 182 000 identity-revealing user documents were stolen.

  • Attackers expose private data of 5.5 million accounts from America’s Job Link Alliance

Large online job search engine was under attack, leading to compromised names, dates of birth as well as social security numbers. The data leak affected thousands of people from ten states. The suspected attacker created an account in the system and accessed personally-identifiable data of more than 5.5 million users.

During the press release, America’s Job Link Alliance stated that the compromised Web app linked to an October 2016 update was misconfigured which allowed the hacker to get access to the databases containing user data.

  • 2.2 to 4 million user accounts in Dow Jones & Company server got exposed to public

Dow Jones & Company is a company that is known to be publishing and financial information company. It appears that a misconfigured database of the company was stored on Amazon S3 server and has exposed to semi-public viewing for a short period. The criminals could have accessed personal and financial information of subscribers to the famous Wall Street Journal and other major newspapers.

Even though the incident did not expose private data to the entire world, it sure did a lot of damage as well. The affected data includes addresses, full names and last four digits of credit card numbers.

  • Attack on Election Systems & Software affected about 1.8 million accounts

Cybercriminals took advantage of Election Systems & Software that produces and sells voting machine equipment and services.

The access to Amazon Web Services (AWS) is possible only after authentication. Sadly, that did not stop the fraudsters from damaging the settings and making content available to the public.

There is no reliable information whether anyone accessed the container before experts noticed that it was damaged and fixed the issue. Thus, personal information of almost 2 million people was put at risk.

  • Criminals took advantage of Avanti Markets and compromised 1.6 million accounts

Avanti supplies snack sale solutions for corporate lunchrooms. In some of its payment terminals, experts found a sophisticated malware designed to intercept credit card data, expiration dates, and CVVs. The attackers reportedly accessed over 1.6 million accounts.

Because some payment terminals were equipped with fingerprint sensors, biometric data of an unknown number of customers was also compromised. Luckily, some of the vending machines were configured differently than the others, which prevented the hackers from compromising the entire network.

Possibilities to protect your privacy are limited: what you can do

“Massive security breaches can hardly be prevented by computer users, as keeping user data secure is mainly the goal of large companies and organizations,” say 2-Spyware experts. However, to keep personal data secure, PC users should follow safe browsing rules and try to avoid installing questionable programs that might try to infringe user’s privacy in various ways.

We advise users to be aware of adware and browser hijacking programs that can cause redirects to suspicious websites that may ask to submit credit card details or other personal information “required” to register. Besides, keep a distance from illegal downloads as these can quickly clutter the computer with data-stealing Trojans and similar user-spying malware.