Breaking news
…and more

Data Breach Report: 2019 data breaches.

Data breaches are constantly rising. This is an updated list of 2019 breaches that affect more than one million people.

2019-10-31
Everyone is talking about how important cybersecurity is. Yet, data breaches continue to rise. The amount of data that has been breached since the beginning of the internet to date is enormous. To make people understand how valuable their data is, this summary of data breaches in the second half of 2019 focuses on breaches that affected more than one million people. Check back regularly as we keep this list up-to-date.

Stop data breaches

The most dangerous form of data breaches is when passwords have been stolen or leaked. This enables malicious attackers to take over your accounts, at worst your online identity.

Stealing your online identity gets easy once hackers gain access to your email account because lost of other accounts are linked to your email and offer a password reset via email.

Check here whether your email account has been breached and read our email security guide to keep your mailbox safe.

Data breaches 2019

2019-10-30 Network Solutions: Millions of individuals who have used the world’s first internet domain name provider, Network Solutions, had their PII accessed by a third party.

2019-10-26 Adobe: Adobe exposed 7.5 million user accounts of the Adobe Creative Cloud by leaving the data in an Elasticsearch database that was connected with the internet and not protected with a password. Exposed data included email addresses, usernames, location, Adobe products, account creation dates, dates of last login, subscriptions and payment status.

2019-09-26 DoorDash: The food delivery service confirmed a data breach that exposed information about 4.9 million customers, including names, delivery addresses, phone numbers, hashed passwords, order history, last four digits of customers’ credit cards as well as employee bank account numbers.

2019-09-12 Zynga: Data of 200 million Words with Friends players of Zynga was breached. An attacker gained access to users' names, email addresses, login IDs, Facebook IDs, phone numbers and Zynga account IDs.

2019-09-05 Facebook: Facebook reportedly stored information about users, including Facebook user’s unique ID and phone numbers, on an unprotected cloud server. In some cases, user’s names, genders, and locations were also included.

2019-08-25 Hostinger: An unauthorized third party gained access to one of Hostinger's servers. The database contained usernames, emails, hashed passwords, first names and IP addresses of 14 million customers.

2019-08-14 BioStar 2: A potential data leak was reported about BioStar 2 where security researches were able to access data from 27.8 million people, including fingerprint data, facial recognition information and images of users, unencrypted usernames, passwords, and user IDs.

2019-08-14 Hy-Vee: Credit and debit card information on 5.3 million customers of Hy-Vee were breached and sold by hackers.

2019-08-05 CafePress: Data of more than 23.2 million CafePress customers was breached, exposing names, email addresses, physical addresses, phone numbers and hashed passwords of its customers. The company did not disclose the issue, but instead asked users to change their passwords due to a security update.

2019-08-03 StockX: An attacker got access to personally identifiable information of 6.8 StockX customers. The breached data includes customer names, email addresses, shipping addresses, user names, hashed passwords, and purchase histories.

2019-06-24 Desjardens: An employee of Desjardens stole data on 2.7 million individuals and 173,000 businesses, including names, birth dates, social insurance numbers, addresses, telephone numbers and email addresses, as well as information on banking habits.

2019-06-18 EatStreet: An attacker gained access to data from 6 million users of EatStreet. The stolen data includes names, phone numbers, email addresses, bank accounts and routing numbers, full payment card information, and billing addresses.

2019-06-11 Evite: Information on more than 100 million users of Evite was put up for sale on the dark web. The data breached includes user names, email addresses, IP addresses, and cleartext passwords.

2019-06-10 Evernote: A vulnerability in Evernote's Chrome extensions allowed attackers to steal information on 4.6 million users, including authentication, financial information, private communications, and more.

2019-06-10 Emuparadise: IP addresses, usernames, and passwords of 1.1 million users were exposed in a data breach of Emuparadise.

2019-06-04 American Medical Collection Agency: A data breach at American Medical Collection Agency affected patients of Quest Diagnostics and LabCorp. In total almost 20 million patients of these two companies were affected. Sensitive data such as financial accounts, Social Security numbers, and health insurance account information was leaked.

Protect your login details

All these hacks show that personal data must be protected. While you can't protect your data from being breached or leaked when you give it to third parties - registrations, online shopping, etc. - you can do a lot to protect your login details.

One of your most important login is your email account. The reason is that lots of services use your email address to send password resets via email, which is inherently insecure.

Please read our guide on how to prevent email phishing to make sure no one can ever steal your Tutanota password.