AI and data privacy – The biggest and worst data breaches of 2019


Artificial Intelligence is booming! From smartphones to smart homes, its influence is everywhere. As AI applications become present almost in every segment of our lives, the threat of security breaches is also on the rise. No matter how the data is stored in a secure environment, cyber criminals continue to find innovative ways to penetrate the system.

In 2008, one in five executives admitted that their company experienced a cybersecurity breach that led to unauthorized access (to their networks, devices, applications, or data). As a result, they paid a heavy price: 20% report losses of more than $50 million due to cybersecurity breaches.

In 2019, hackers only just hacked but collected billion-account databases from breaches only to sell them for profit. However, eight breaches were shocking and affected millions of people worldwide. In this post, let’s now discuss some of the most significant and worst data breaches of 2019.

American Medical Collection Agency (11.9 million + 7.7 million)

Not one but two laboratory testing companies were affected by this breach. First, Quest Diagnostics was notified that somebody had eight months of unauthorized access to AMCA’s databases. Fast 12 million of their customers were affected by the hack. Hackers have access to very personal information such as credit card numbers, information about bank accounts, medical information, and numbers of social security. There was then LabCorp, another firm whose customers were affected by this breach. It compromised the personal and financial data of nearly 8 million customers.

Suprema (27.8 million)

This security loophole had exposed the biometric data of 27.8 million people. Suprema is a security firm responsible for the biometrics locking system Biostar 2 based on the web. The system is used by nearly 6,000 organizations, including governments and banks, in 83 countries. Biostar uses facial recognition and fingerprints to allow restrained buildings and areas for employees to enter. VPNmentor’s security researchers found that the Biostar database remained unprotected and mostly unencrypted. They have got access to tons of sensitive information, worst of all.

Houzz (48.9 million)

Houzz, a home design website, began the year announcing a breach in which hackers have unauthorized access to publicly available information about their customers, as well as usernames and encrypted passwords. The company noticed the breach in late 2018 and, in their public statements, was pretty vague about it. However, ITRC reported almost 49 million Houzz customers had been affected by the hack.

Capital One (106 million)

Capital One announced in July that they were suffering a massive data breach that affected 100 million Americans and 6 million Canadians. The hacker has accessed requests for credit cards made between 2005 and 2019. They included personal data, including names, home addresses, email addresses, birth dates, etc. What makes this one of 2019’s worst breaches is that certain bank numbers and social security numbers also ended up in the hacker’s hands.

Zynga (218 million)

If you have ever played online games like “Words with Friends” or “Draw Something,” you should be worried because in 2019, their creator, Zynga, was violated. The hack hit a whopping 218 million users. Hackers accessed log-in credentials, email addresses, usernames, some Facebook IDs, some phone numbers, and Zynga account IDs.

Facebook (419 million)

An unprotected server with a database containing about 419 million phone numbers belonging to Facebook users was found by a security researcher at the GDI Foundation. The database was available to anyone, as well as Facebook IDs, making it even easier to find the names of users and personal details. The server’s owner was not found, but soon after it was discovered, the database was taken down.

Collection by Gnosticplayers (1 billion+)

This is not as much an infringement per se as it is a collection of infringements affecting over 1 billion internet users. A hacker who calls himself Gnosticplayers has gathered databases from 45 companies and put them on the dark web for sale. These batches contained data such as full names of users, email addresses, passwords, location data, and information about social media accounts. The companies whose data were released include Dubsmash (162 million), MyHeritage (92 million), MyFitnessPal (151 million), ShareThis (41 million), 500px (15 million), Animoto (25 million), and CoffeeMeetsBagel (6 million).

Collections #1-5 (3 billion)

The most significant leaks of 2019 were probably Collections #1-5. They contained usernames and passwords gathered from breaches over many years. The batches appeared on hacking forums and were noticed by security researcher Troy Hunt who identified and informed the public about the link between them all. In January, the first batch was released and contained data from 770 million people. Then, a couple of weeks later, collections #2-5 appeared online. They contained 25 billion unique records and approximately 2.2 billion unique usernames and passwords, making it one of the most massive leaks to date.