Go Back

12 Most Famous Data Breaches of 2018 & 2017: Why Is GDPR Happening?

By admin 01 June 2018
12 Most Famous Data Breaches of 2018 & 2017: Why Is GDPR Happening?

Data Protection has been a thing for many years now and in the last decade or so has not seen much change. Until now. GDPR is in full effect and is demanding extremely high levels of security when personal data is being handled! Why is this happening? Well, it follows the rise of the hacker, data breaches and encryption as well as the increase of spam emails.

We've had a look at 12 of the most famous data breaches from the last two years. And given you the answer to all your data problems (we're just awesome like that)!

To demonstrate how important it is to protect personal data we've had a look back at what happens when you don't. Here's a selection of some the most famous (and worst) data breaches of the last two years. Previous to 2017 hackers and breaches of security have been rife but we thought two years was enough… We're doing our best to not add too much stress to your GDPR compliance plan, or should we say headache!?


2018 Data Breaches


No.1 - Under Armour / MyFitnessPal

This data breach saw the personal data of roughly 150 million users on MyFitnessPal app falling into the wrong hands. This data included usernames, email addresses and passwords. It turned out that Under Armour (owners of MyFitnessPal) only became aware of the breach a month after it happened. This may seem like a long time but in reality, it's actually a pretty quick response. Compared to say Yahoos monumental data breach which took years to discover (read all about this below). Scary stuff!

Although health and running data wasn't amongst the stolen data it shows that, in theory, it could be and that highly personal profiles were under threat.

No.2 - FedEx

FedEx made the mistake of storing extremely sensitive customer data on an Amazon S3 bucket. This essentially made all the information public. To keep it somewhere so blatantly unsafe you'd presume it was data that was not too sensitive, right? Wrong. It included thousands of scanned documents with passports, driving licenses, security IDs, home addresses, postal codes and phone numbers…

Before you start hating on FedEx, read on. The culprit is thought to be Bongo International LLC who was bought by FedEx in 2014 and the data appears to be from pre-2012 before the company was bought out. Anyone who used Bongo international from 2009-2012 is thought to be at risk of having their data available online for years.


2017 Data Breaches

No.3 - Clarkson

The British shipbroker Clarkson is an interesting case where a data breach is concerned. They were able to warn their shareholders of a potential breach before it happened following their refusal to pay ransomware demands.

They announced the breach in a statement saying "Today, the person or persons behind the incident may release some data. The data at issue is confidential and lawyers are on standby wherever needed to take all necessary steps to preserve the confidentiality of the information."

Following this shares dropped 2.71%.  

No.4 - Uber

Uber had a very different approach to their data breach. A move which has gone on to affect their reputation. They hid a massive data breach that affected 57 million users, 2.7 million of which were in the UK.


Hackers took this data in 2016 and demanded a ransom of £75,000 for them to delete the stolen data, Uber paid this and concealed this breach from the public. The data included email addresses, mobile phone numbers, and 600,000 drivers had their names and license numbers compromised too.


Uber offered free credit monitoring protection to their drivers but are yet to offer anything to the customers affected. Apparently, the former Chief Exec was well aware of the breach and endeavored to hide it and the chief security officer left the company.


Uber later confirmed that over half of their UK customers have been compromised. Finally some transparency for their customers.


No.5 - Pizza Hut

In October of 2017 Pizza Hut revealed that their website and app had been hacked. This hack compromised data of customers who had performed any transactions on these platforms over a 28 hour period. The data which was jeopardised was billing information which included delivery address, email address and card info including CVV numbers and expiration dates… serious stuff.


The worst part of this massive breach was that Pizza Hut is thought to have been aware of it for two weeks before informing customers. It isn't quite clear as to how many customers were affected but it is thought to be as many as 60,000.


No.6 - Yahoo

Yahoo really pushed the boat out with this one, breaking their own record as the largest ever potential data breach… 3 BILLION email users were likely compromised in a 2013 breach that was not disclosed until 2017. We know that most of you are battling against the tide of GDPR but instances like this really make it crystal clear about why it is happening.


It is thought that hackers gained access to information by releasing forged cookies which allowed access to accounts without a password. Initially, the number of people affected was estimated at 500 million in 2013 but soared to 3 billion this year…


What more can be said about this one apart from WOAH!


No.7 - Deloitte

Deloitte is one of the world's largest accountancy firms so you'd think they'd have some pretty strong security going on but, you guessed it, they got hacked. We'd say 'well done' but it was probably slightly obvious when there name appeared in an article with the title Most Famous Data Breaches…


The attack is thought to have gone unnoticed for months and saw a tonne of information form blue-chip customers get stolen which included usernames, passwords, personal details and even confidential plans.


The impact of this hack are yet to be revealed… no news is good news, right? Probably not, when valuable data is concerned.


No.8 - Equifax

Global information solutions company (yes, we see the irony of this) Equifax, reported a major cybersecurity incident which has compromised information of up to 143 million customers in the US. This means the breach is thought to have revealed over half of the US populations names, Social Security numbers, birth dates, and addresses…


It wasn't just the US who was affected, it is estimated that 694,000 UK customers had their data compromised. The credit firm has gone on to admit that 15,000 UK customers had their financial information and password stolen.


The company assigned a dedicated website and helpline to help those affected and free identity theft insurance for all US customers. Perhaps a bit of a trivial act given that the company's market share price visibility plummeted 13% and is expected to fall further…


No.9 - CEX

CEX is one of Britain's largest retail franchises, but this didn't stop it being hit by a data breach that may well have compromised up the information of as many as 2 million customers. This information will have included names and addresses.


One of the chief people at McAfee even weighed in on the subject saying: "Given the increasing amount of reported data breaches, it would be simple to shrug off the news as just another in a long line of companies impacted by digital crime." A statement which very much highlights how much of a problem inappropriate data handling is.


No.10 - Bupa

Bupa was impacted by a data breach in July 2017 which saw 500,000 people affected on its international health insurance plan.


This is an interesting one as it can actually be pinpointed to an individual employee rather than a vigilante group of hackers. Bupa revealed that an employee had inappropriately copied and removed information including names, dates of birth and contact information. Bupa revealed: "The employee responsible has been dismissed and we are taking appropriate legal action".


No.11 - 'Eddie' reveals over 560 million passwords

Now this one is the one that everyone heard about as it likely affected a vast majority of those reading this. WannaCry ransomware infected 47 NHS England Trusts and hundreds of companies across the world.


Security researchers discovered a massive database of 560 million login credentials which came from a variety of popular online services such as LinkedIn and Dropbox. The person or people behind this black market database remain unknown but researchers have named them 'Eddie' after discovering a user profile in the data.


What have we learnt from this?

First and foremost it is really quite apparent that privacy and protection of data has not been the top priority amongst companies, even international giants. What does this mean? Well, as we've all realised it means GDPR.


These demonstrate massive instances of data being handled in the wrong way, making it vulnerable to be taken advantage of. It has highlighted the importance of handling data with the respect that each and every individual deserves. One of the primary ways to recognise a threat to data is unusual behaviour when handling and knowing exactly who had what for how long. How do you log this though?? (Clue: We have the answer below).


That is why GDPR is here. If you want to know a bit more about is then take a look at our article GDPR Checklist: Everything You Need To Know & Everything You Need To Do


We've also created a platform which enables you to handle data in the safest way possible as outlined by the new GDPR compliance regulations, article 4 (2) & article 5 (6). It's called Doodle Transfer! It's our complaint solution for a GDPR data transfer tool. Check it out for yourself. We're offering a free, guided tour. No software is required and it TICKS ALL THE BOXES.


Don't be on next years list :)