You are here

Q1 2018 Major Leaks

In January-March 2018, InfoWatch Analytical Center registered 20% more leaks year over year. Here is an overview of the Q1 high-profile incidents.

In early 2018, the Indian journalists reported data breach hitting over one billion people. Unknown hackers broke into AADHAAR, the largest national identity system keeping biometric data as well. The incident exposed only traditional personal data, and anyone could pay as little as $8 to hackers and access the data. It is not the first massive data leakage from AADHAAR, although UIDAI representatives and other officials repeatedly tried to convince people in the complete security of the system.

In late February, cyber criminals pilfered email addresses, logins and encrypted passwords of 150 million users of MyFitnessPal app, which is more than the entire population of Russia or Japan, with the incident being reported only a month after.

The media sent shockwaves across the Internet, saying that private information from Facebook profiles of 50 million users was compromised. Several years ago, researchers at Cambridge University used a special app to collect user data for academic purposes but then handed it over to Cambridge Analytica that could have leveraged the data in political campaigns, in particular, that of Donald Trump in 2016. Eventually, Mark Zuckerberg is now called to appear before both the U.K. Parliament and the U.S. Senate, with the U.S. Federal Trade Commission (FTC) having also started investigating the leak. As a result, Facebook lost tens of billions of dollars and several major advertisers, while Internet users initiated #DeleteFacebook movement.

A Ukrainian security analyst detected two databases available on the web and containing data of more than 18.5M clients of a logistics company, i.e. over 40% of the country's population. Such information can fuel not just spam, but also phishing activities, experts warn.

Hackers breached the systems of Norway's Health South East RHF, with nearly three million patients' data potentially compromised as a result. Everything indicates that hackers were 'advanced' and 'professional'. It's possible that someone working for a foreign state intended to collect information that may harm fundamental national interests, officials believe. Such data can be widely employed for cyber espionage, or perhaps used by someone who provides services based on healthcare information.