5 of This Year’s Biggest Data Breaches

Signing in to computer

Data breaches are down compared to 2019, but you’d never guess that from the seemingly endless headlines about companies failing to safeguard their users’ information. According to the Identity Theft Resource Center, there were 540 breaches between January and June of this year — an average of 90 per month. These leaks exposed hundreds of millions of private records, so if you haven’t changed your passwords lately, now would be a great time to do so.

Here are five of the biggest data breaches of the year so far, and what you can do if you’ve been affected by one of them.

1. Estee Lauder

Earlier this year, researchers found a massive amount of information stored in an unsecured cloud database owned by Estee Lauder. The cosmetics company shut down the database after learning of its vulnerability.

  • When breach was announced: February 2020
  • Number of records exposed: 440 million
  • Types of information: Email addresses, IP addresses, pathways, and ports

2. MGM Resorts

In February, Morgan & Morgan filed a lawsuit against MGM Resorts International over a data breach that exposed the personal information of what was originally thought to be 10 million guests.

In July, researchers learned that an MGM breach had exposed at least 142 million guests’ data. It’s still unclear whether this breach includes the original 10 million exposed records, or if it was separate from the initially announced one.

  • When breach was announced: February 2020/July 2020
  • Number of records exposed: 142-152 million
  • Types of information: Names, birthdates, phone numbers, home addresses, and email addresses

3. Wishbone

Wishbone is a mobile application that lets users (many of them teens) vote on their favorite of two items, in categories such as movies, TV, and food. This spring, a hacker posted Wishbone’s entire user database online, available to download at no cost.

  • When breach was announced: May 2020
  • Number of records exposed: 40 million
  • Types of information: Usernames, passwords, email addresses, phone numbers, and locations

4. LiveJournal

Rumors of a LiveJournal breach have persisted for years, and sure enough, 33 million user records appeared on hacking forums this spring. The data could be as much as six years old, and LiveJournal denies a breach even occurred, but you can check HaveIBeenPwned to see if your information has been exposed in this alleged hack (or others).

  • When breach was announced: May 2020
  • Number of records exposed: 33 million
  • Types of information: Usernames, passwords, email addresses, and profile URLs

5. Marriott

In April, Morgan & Morgan filed a proposed class action lawsuit against Marriott International (again) after a data breach allegedly exposed the information of over 5 million customers. Marriott said that it discovered the breach at the end of February, but that the data had been exposed since mid-January. If this is true, more than two months passed between the time the breach happened and the time Marriott announced it.

  • When breach was announced: March 2020
  • Number of records exposed: 5.2 million
  • Types of information: Names, birthdates, phone numbers, and loyalty account numbers

Contact a Data Breach Attorney

If a company failed to protect your personal information, and you suffered financial losses or fell victim to identity theft as a result of that breach, you could be owed money for damages. Morgan & Morgan is America’s largest personal injury law firm, and Law360 named us its Consumer Protection Group of the Year in part for our work as a “driving legal force” on data breach cases such as Yahoo and Equifax.

Our attorneys are experienced, diligent, and not afraid to go to trial to recover full compensation for our clients. To see if we can help you, contact us for a free, no-obligation case review.

By Staff

Writer