No business is safe from data breaches anymore. In the first quarter of 2019 alone, businesses reported over 281 data breaches to the federal government. Those data breaches collectively exposed over 4.5 billion personal records. The breaches affected companies of all sizes across a wide variety of industries.
In years past, small to medium-sized businesses used their status as little fishes to justify skimping on cyber security. They believed that they were too small to get targeted by hackers. However, as Verizon’s recently published 2019 Data Breach Investigations Report (DBIR) makes clear, size no longer matters.
Among the sobering statistics contained in this year’s DBIR:
- 43 percent of data breaches targeted small businesses
- 56 percent of data breaches took more than one month to discover
- 32 percent of data breaches involved phishing attacks
Additionally, social engineering scams like phishing and business email compromise (BEC) increasingly target high-level executives. Meanwhile, punitive data protection laws like the California Consumer Privacy Act zero in on companies that mishandle personally identifiable information (PII). In other words, the stakes remain too high to let your guard down.
It seems like you can’t open a paper or click on a news site without reading about the latest data breach. At Capital Network Solutions, we want your business to stay ahead of the next cyber threat. Therefore, we started compiling these true stories about data breaches on American companies. Although many of these stories seem unsettling, we hope that this knowledge gives you some measure of power.
Of course, the power of knowledge can only take your business so far. If you want to bolster your small business cyber security, CNS can help.
U.S. DATA BREACH NEWS (May 1-18, 2019)
The personal information of over 4,000 immigrant recruits got compromised following a data breach between July 2017 and January 2018. Over 1,000 Chinese immigrant soldiers had their information exposed, leaving them open to retaliation by the Chinese government.
According to a report by McAfee, 61 percent of security professionals dealt with a significant data breach at their current employer. The report also found that database leaks (38%), network traffic (37%), file shares (36%) and corporate email (36%) were the most prevalent attack vectors.
Patients affected by a January data breach at Inmediata received notices in the mail from the Puerto Rico-based health group. However, many patients received multiple letters, including some that got addressed to other patients.
Three years after a data breach that compromised customer data at 350 Eddie Bauer locations, the company filed a $9.8 million settlement. The court found that the company failed to implement necessary cybersecurity measures, including maintaining an adequate firewall.
An outside vendor-related data breach affected almost 70 percent of travel buyers in the past year. Meanwhile, 68 percent of people believe that travel programs face a higher risk of fraud today than just a few years ago.
Hackers gained access through an employee email account of OS, Inc., a billing services company. This breach follows Lakeland’s March announcement of a data breach affecting 60,000 patients. The previous data breach also occurred through a third-party vendor.
The city of Baltimore got infected by a ransomware attack, forcing the city to provide municipal services manually. Ransomware attacks against U.S. cities continue to rise. Just last month, the state capital city of Albany, New York admitted to getting hit with a ransomware attack.
Since the Office of Civil Rights started an online database of healthcare breaches in 2010, last month reached a new record high. In April 2019, 44 healthcare data breaches got reported to the federal government.
Pacers Sports & Entertainment says that hackers used a phishing campaign to breach employee email accounts, stealing personal data. The breach occurred late last year, but the company only recently started notifying customers.