As the famous idiom goes: “Nothing is certain but death and taxes.” Now, in our digital age, we can add one more certainty: data breaches.

This year we’ve already seen quite a long list of data breaches from all around the world. While most of the focus usually falls on financial data breaches, many hackers are now going after softer targets, such as healthcare and social services. In fact, 2019 has already seen multiple data breaches related to the healthcare field.

In fact, 2019 has already seen multiple data breaches related to the healthcare field.

The number one danger of data breaches is identity theft. With just a few details, like your date of birth, social security number, etc., scammers can use your information to take out loans, get credit cards, or use it for more sophisticated phishing attempts.

Beyond that, they can also access the account that was hacked, collecting private messages, videos and images. In general, what hackers can do with your data is often limited to how creative they are. In order to keep yourself safe, you not only have to practice your own safety, but you need to be aware if your data is out there right now, in some hacker’s hands or being traded on hacker forums.

Australian government gets phished

January 1 – Australian government gets phished

  • Affected users: 30,000
  • Industry or type: government
  • Cause of breach: phishing

Less than one day after the New Year began, it was reported that approximately 30,000 Australian government officials had their information stolen. A government employee in the Australian state of Victoria was the victim of a phishing attack, leading to a directory being downloaded by a hacker.

The data that was stolen includes work emails, phone numbers, and job titles. Luckily, the directory didn’t have any financial information. Therefore, the severity level is low.

Blur

January 2 – Blur

  • Affected users: 2.4 million
  • Industry or type: cybersecurity
  • Cause of breach: unsecured file or server

Blur, the password manager that’s supposed to help keep your data safe and secure, had 2.4 million users’ information leaked. Users affected were those who registered with Blur before January 6, 2018. The exposed information includes email addresses, names, password hints, IP addresses, and encrypted passwords.

Users have been urged to change their passwords and enable two-factor authentication.

Town of Salem

January 3 – Town of Salem

  • Affected users: 7.6 million
  • Industry or type: browser-based gaming
  • Cause of breach: unsecured server/weak admin password

The browser-based game Town of Salem by BlankMediaGames (BMG) revealed that 7.6 million users’ personal details had been stolen. According to a Reddit post, one of the hackers stated that it was pretty easy to get into the server by exploiting a weakness in a server, as well as one of the admins reusing an already exposed username and password.

The stolen information includes usernames, email addresses, passwords, IP addresses, game activity, and premium features (without payment information).

German government breach

January 3 – German government breach

  • Affected users: 865
  • Industry or type: government officials
  • Cause of breach: weak passwords

One of the highest-reaching data breaches affected Germany in the first few days of 2019. Victims of the hack include German Chancellor Angela Merkel herself, whose fax number and email addresses had been leaked. The leak also impacted more than 860 politicians, most of whom are from Merkel’s party.

The hacker, who was later arrested, said that the passwords made his job much easier. Passwords included “ILoveYou,” 1,2,3,” etc.

 Manged Health Services of Indiana

January 11 – Manged Health Services of Indiana

  • Affected users: 865
  • Industry or type: healthcare
  • Cause of breach: phishing

More than 30,000 Indiana patients had their protected health data compromised after a third-party contractor fell victim to a phishing attack. The employee worked at LCP transportation, which is a partner for Managed Health Services (MHS) of Indiana.

Having gained access to LCP email accounts, the hackers were able to see MHS patient data, which included email addresses, names, insurance ID numbers, addresses, medical condition information, and dates of birth.

Collection #1

January 17 – Collection #1

  • Affected users: 773 million
  • Industry or type: multiple sources
  • Cause of breach: unknown

Considered one of the largest data breaches of all time, the Collection #1 data breach affected nearly 773 million users. Have I Been Pwned’s Troy Hunt first informed the world about the mega data breach. What’s worst about it is that some of the more than 22 million unique passwords had been “dehashed,” meaning they had been decrypted and converted back to regular, plain text.

Read our in-depth coverage of the Collection #1 data breach.

Alaska DHSS

January 23 – Alaska DHSS

  • Affected users: 100,000
  • Industry or type: healthcare
  • Cause of breach: malware

Alaska’s Department of Health and Social Services (DHSS) revealed in January that more than 100,000 Alaskans had their personal data stolen from an April 2018 cyberattack. This is one of the many instances in which users’ data was stolen due to weak medical/healthcare security.

The stolen information includes health information, benefit information, income, dates of birth, social security numbers, names and much more.

Coffee Meets Bagel

February 14 – Coffee Meets Bagel

  • Affected users: 6 million
  • Industry or type: dating app
  • Cause of breach: unknown/hack

The popular dating app Coffee Meets Bagel had 6 million of its users impacted by a data breach. Apparently, the breach was part of a larger one that affected 841 million users of 30 websites or apps (many of whom are on this list).

Luckily, while the breach is large in scope of how many were affected, only the names and email addresses were leaked. Coffee Meets Bagel reports that they don’t store financial information or passwords.

 500px

February 15 – 500px

  • Affected users: 14.8 million
  • Industry or type: photo-sharing website
  • Cause of breach: hack

500px, a popular photo-sharing site, reported in February that someone had hacked their servers in July 2018. Nearly every account on the 500px service was affected, totaling 14.8 million accounts. The breach included the users’ first and last names, usernames, email addresses, and the following optional information: birth date, location, and gender.

Fortunately, no payment information or photos were included in the hack, since they aren’t stored on 500px servers. This hack is part of the larger hack affection users from 30 companies.

 Advent Health Medical Group

February 20 – Advent Health Medical Group

  • Affected users: 42,000
  • Industry or type: healthcare
  • Cause of breach: unknown (hack)

Yet another data breach affecting a medical group. This time, the Advent Health Medical Group had 42,000 users’ sensitive personal medical data exposed in a 16-month breach that started in August 2017. Personal data that was leaked includes social security numbers, medical data, names, phone numbers and email addresses.

To help alleviate the possibility of identity theft, AdventHealth gave a year of free identity monitoring services.

Coinmama

February 20 – Coinmama

  • Affected users: 450,000
  • Industry or type: cryptocurrency
  • Cause of breach: unknown (generic hack)

The Israeli-based crypto exchange platform Coinmama informed their users in February of a larger hack that began in August 2017. (Yes, this is also part of the larger, 30-company hack.) 450,000 users’ names, emails and hashed (protected) passwords were stolen as part of the breach.

The hack, however, impacts only those users that signed up before August 5, 2017. No credit card details were included in the hack, since Coinmama doesn’t store those financial details.

UW Medicine

February 20 – UW Medicine

  • Affected users: 1 million
  • Industry or type: healthcare
  • Cause of breach: unknown (generic hack)

More health patients had their data stolen in 2019 – this time in a breach at University of Washington Medicine. In total, nearly 1 million (974,000) patients had their medical record numbers and other information leaked. Luckily, this healthcare-related breach wasn’t as severe as the others on this list: no medical records, financial information or social security numbers were included in the leak.

UConn Health

February 22 – UConn Health

  • Affected users: 326,000
  • Industry or type: healthcare
  • Cause of breach: phishing

The University of Connecticut’s UConn Health fell victim to a data breach, when it was discovered that 326,000 users’ information was leaked. The breach was discovered on Christmas Eve. The leaked data includes names, birthdates, addresses, and some medical information as well as billing and appointment information.

1,500 users’ social security numbers were also leaked. UConn Health is also offering free identity theft protection for affected patients.

Dow Jones Watchlist

March 1 – Dow Jones Watchlist possible leak

  • Affected users: 2.4 million
  • Industry or type: financial
  • Cause of breach: unsecured server

The Dow Jones Watchlist that lists PEPs – “politically exposed persons,” or prominent individuals that have a higher financial risk for embezzlement, bribery or money laundering – was recently discovered to be hosted on an unsecured server. Security researcher Bob Diachenko found the sensitive information on a database that was available anyone able to use an IoT search engine.

2.4 million records were contained in the database. Data included their connections, linked companies, national and government sanctions lists, related or connected crimes, and citations from federal institutions or law enforcement agencies.

 Verifications.io's email marketing leak

March 7 – Verifications.io’s email marketing leak

  • Affected users: 809 million
  • Industry or type: financial
  • Cause of breach: unsecured server

Security researchers Bob Diachenko and Vinny Troia found an unprotected database that contained 809 million users’ personal information. The 150 gigabytes’ worth of data comes from an email marketing company called Verifications.io, which helps companies verify the email addresses they need for their email marketing campaigns. The data is a mix of individual customer and business intelligence information.

Leaked data includes standard user information (like usernames, email addresses, names, genders, etc.) to company names, revenue figures, and so on.

March 14 - Gearbest (Chinese shopping giant)

March 14 – Gearbest (Chinese shopping giant)

  • Affected users: 1.5 million+
  • Industry or type: online shopping
  • Cause of breach: unsecured server

The Chinese online shopping giant, Gearbest, has apparently been storing user data on an unsecured server. Cybersecurity researcher Noam Rotem found an Elasticsearch server (the same as ones from above) that was leaking millions of users’ data each week.

Some of the leaked information includes:

  • purchased products
  • shipping address
  • customer information (name, email, phone number)
  • payment information
  • order numbers
  • account passwords
  • national IDs and passport information

Since being contacted about the unsecured server, however, Gearbest hasn’t responded or secured their server yet. This means that the true number of affected users is likely much more than 1.5 million.