The news cycle has been dominated by the COVID-19 pandemic, the presidential election, nationwide protests and a whole lot more. With all that transpired over the last few months, and even with the SolarWinds cyberattack making headlines, it might be easy to forget that data breaches and hacks continue to expose the personal information of millions. This leaves victims of the data breaches vulnerable to identity theft.
Here are five recent data breaches you may have missed.
1. Small Business Administration
At the beginning of the pandemic shutdowns last March, businesses were beginning to apply for emergency assistance through federal programs to stay afloat and keep employees on the payroll. Thousands of applicants to the Economic Injury Disaster Loan program (EIDL) had their applications, and the personal details contained within, exposed.
The data breach was caused by a glitch that allowed loan applicants to view the data of other applicants, which included names, Social Security numbers, incomes, addresses, birth dates, phone numbers and other information. Close to 8,000 business owners may have been affected.
Back in 2018, a massive data breach exposed the personal information of up to 500 million Marriott guests. Unfortunately, last March Marriott disclosed its second major data breach in less than two years.
Marriott reported that the names, loyalty account information, phone numbers, birth dates and other personal details of around 5.2 million guests were exposed. The information was exposed when the login credentials of two franchise employees were used to access an unusually high amount of information.
In January it was reported that Microsoft left nearly 250 million customer service and support records exposed on the web. These records contained logs of conversations between Microsoft support and customers going back to 2005. The data was available to anyone on the web, unsecured with passwords or any other authentication requirements.
Exposed data may have included email addresses, IP addresses, locations and details of support cases and other information. While most of the personally identifiable information was redacted, the data might be valuable to tech support scammers and other cybercriminals.
While this breach was discovered and shored up in December 2019, the details were not made publicly known until tech researcher Comparitech, which originally notified Microsoft of the breach, published a report in January 2020.
In July, alcohol delivery company Drizly suffered a massive data breach that exposed data of more than 2.5 million customer accounts. The customer data included emails, birth dates, passwords, physical addresses, phone numbers and IP addresses. The breach was discovered when TechCrunch found a dark web marketplace that purported to have Drizly customer credit card information for sale. Drizly has stated that no payment information was compromised but confirmed the exposure of other customer data.
5. Dickey’s BBQ
Dickey’s Barbecue Pit, a national barbecue restaurant chain, suffered a massive point-of-sale (POS) breach that exposed customer credit card information from as early as May 2019 through as late as September 2020. It exposed the card details of more than three million customers, which were posted on online black-market marketplace Joker’s Stash. The information was obtained after hackers compromised the restaurant chain’s POS system.