March Breach Report by Lookout: 1.4B email addresses and personal info in 1 data breach

March was biggest month for compromised data yet with 1.4B exposed email addresses http://blog.lookout.com/blog/2017/04/07/breach-report-march-2017/ 
April 7, 2017
By Lookout

With over 1.45 billion compromised accounts, emails, social security numbers, dates of birth, and other data types, March was the biggest month for exposed data this year. Seventeen companies reported data breaches in March, totaling 1,449,373,000 breached accounts.

Major companies, including Saks Fifth Avenue, Coupa, and McDonald’s (Canada), experienced data loss.

However, according to email marketing organization River City Media’s public reports, the organization took the biggest hit with 1.4 billion exposed email addresses. That’s over 96% of the total breached accounts for the month. River City Media’s case highlights a very important point all individuals should know about data loss in today’s world: while any exposed data could spell trouble for the individual to whom it belonged, not all data loss or exposure is due to a malicious attack. 

Sometimes companies make mistakes 

There are a number of ways in which data is exposed that do not involve a nefarious actor breaking into a company’s systems and leaving with sensitive information. Sometimes companies themselves have security vulnerabilities, misconfigured servers, or other problems that leave data open and unprotected. In the case of River City Media, the company reported that the email addresses were stored in a database that was improperly secured, thereby exposing the data for anyone to access. Because these issues can go unnoticed for an unknown amount of time, the company may not know if anyone accessed that data during that period of time. Either way, a company will likely send an alert out to its customers.

 Sometimes employees make mistakes

 Another way companies might experience a non-malicious data breach is if an employee accidentally exposes the data. For example, last month a Boeing employee accidentally emailed a spreadsheet to his spouse that contained sensitive personal information of 36,000 Boeing employees. Boeing reported this as a data breach because, while non-malicious, it still exposed confidential data. It doesn’t matter how it’s exposed, breached data is still a problem Whether an attacker steals the information or it’s leaked through other means, stolen data could still spell trouble for the impacted individual who used that service.

Summary

In March, the top types of compromised data were (in order):

1.  Individuals’ names 
2. Dates of birth 
3. Email addresses 
4. Social security numbers 

When used together, these pieces of information could lead to identity theft problems if the data landed in the wrong hands.