Analyzing the top 2019 data breach disclosures: Hindsight in 2020
Make 2020 the year your company keep its resolution to avoid a data breach. Experts offer lessons learned from the top 2019 data breaches to help stay secure in the year ahead.
It's not a question of if you will get breached, but when you will get breached.
We've all heard this mantra repeated in some form or another, yet data breach after data breach continues to make headlines -- with countless more that don't make the public eye.
Unfortunately, for Zynga, Canva, Capital One, Evite, Poshmark and CafePress, 2019 was their year for a data breach. And, with IBM Security and Ponemon Institute research putting the average number of records breached in a security incident at 25,575, all six of these companies came in above average -- a place no company wants to land.
While crucial to business processes, data is a hazardous material -- especially when it ends up in the wrong hands. The companies that suffered from the top data breaches of 2019 learned this the hard way, yet there are lessons to be learned from others' mishaps.
In the infographic above, six security experts offer input on what went wrong. From poor password management to misconfigured web application firewalls, make sure your enterprise doesn't fall victim to these vulnerabilities and end up on the list next year.
2019 data breach disclosure details
Zynga
Breach date: September 2019
Disclosure date: September 2019
Accounts compromised: 172,869,660
Data compromised: Email addresses, phone numbers, usernames and passwords
Bottom line: Review credential requirements and policies; review breach response etiquette.
Canva
Breach date: May 2019
Disclosure date: May 2019
Accounts compromised: Names, email addresses, usernames and passwords, geographic locations
Data compromised: 137,272,116
Bottom line: Force password resets if a breach is suspected.
Capital One
Breach date: March 2019
Disclosure date: July 2019
Accounts compromised: 106,000,000
Data compromised: Names, dates of birth, phone numbers, email addresses, customer account data, linked bank account numbers, Social Security and Social Insurance numbers
Bottom line: Check for cloud misconfigurations regularly.
Evite
Breach date: February 2019
Disclosure date: June 2019
Accounts compromised: 100,985,047
Data compromised: Names, addresses, dates of birth, phone numbers, email addresses, passwords, genders
Bottom line: Keep track of what data is retained and where it is stored; purge unneeded data.
Poshmark
Breach date: May 2018
Disclosure date: August 2019
Accounts compromised: 36,395,491
Data compromised: Names, email addresses, usernames and passwords, geographic locations, genders
Bottom line: Review credential requirements and policies.
CafePress
Breach date: February 2019
Disclosure date: August 2019
Accounts compromised: 23,205,290
Data compromised: Names, addresses, phone numbers, email addresses, passwords
Bottom line: Use current hashing functions.