These are the worst hacks, cyberattacks, and data breaches of 2019


Digital Technology Unlocked

Cyber AttacksData BreachTech News

These are the worst hacks, cyberattacks, and data breaches of 2019


HIV sufferers

In January, Singapore’s Ministry of Health (MOH) revealed a data breach involving 14,200 individuals. While the number may not seem all that serious, the nature of the incident certainly was — given that these people were all diagnosed with HIV.

An unknown hacker managed to steal the information — alongside 2,400 of their contacts — and the records were published online.

Abused children at risk

A data blunder involving only two people, but no less serious, occurred in April due to a UK council. The council disclosed the personal information of a couple who adopted abused children to a birth mother, with a history of violence, forcing them to relocate to protect their adopted children’s’ safety.

540 million Facebook user records

Facebook is a constant source of data leaks and security failures these days — and an incident in April was no exception.

Two AWS servers were found by researchers to store over 540 million records including account names, Facebook IDs, and user interaction data. The servers in question were owned by third parties and were not properly secured.

Georgia Tech

Another data breach in April involved the Georgia Institute of Technology. Georgia Tech said a vulnerable web application provided access to a database which stored the personal data of current and former staff and students. In total, 1.3 million individuals are believed to have been affected.


Yet another data breach in April involved automaker Toyota. The company has recently faced with a barrage of intrusions across Australia, Thailand, Vietnam, and Japan, and in the last case, as many as 3.1 million customers & employees were impacted.

Reports suggest that eight Toyota subsidiaries and dealerships were attacked and hackers were able to access internal computer systems. Names, dates of birth, and employment information — at the least — were involved.

Treatment for addiction

The leak of information belonging to HIV sufferers is bad enough, and over in the US, a data leak involving individuals seeking out rehabilitation for addictions in April also proved to be a serious breach of trust.

An unsecured database stored 4.91 million records including patient names and the treatments they sought. Duplicate and multiple records were in play, however, and so the breach is believed to truly impact roughly 145,000 individuals.

10 million people impacted, but how?

A massive, but mysterious, data breach was revealed in a May report from the Office of the Australian Information Commissioner (OAIC) which documented the exposure of information belonging to 10 million individuals in a single incident.

OAIC did not say which organization disclosed the breach to the authority, beyond that the incident was reported between January 1, 2019, and March 31, 2019.


Another security incident on Australian shores was disclosed in May. Sydney startup Canva said that a hacker took off with information belonging to approximately 139 million users and this data — including names, email addresses, and some physical location information — was later put up for sale on the Dark Web as part of a larger stolen data dump.

First American

First American, a real estate and insurance giant, said in April that a data breach of critical severity had revealed 885 million customer records. Dating back to 2003, these records included Social Security numbers, driver’s license images, financial data, and transaction records.

What made matters worse is that the information was available on the firm’s website for anyone to steal.

Hotel security audit logs

By the end of May, hotels and leisure resorts became the victims of data exposure caused by an unsecured server. Researchers found the database through Shodan and were able to access roughly 85.4GB in security audit logs belonging to up to 96 hotels. The source of the leak was Pyramid Hotel Group, a property management firm, which did not admit its ownership of the server — although access was revoked at the same time as private disclosure.

Quest Diagnostics, AMCA

In June, it was disclosed that information belonging to up to 11.9 million Quest Diagnostics patients had been compromised.

AMCA, a billing collections partner, was at fault. A hacker managed to access the firm’s systems, and it is possible that financial information, Social Security numbers, and medical information has been either exposed or stolen outright.

Australian National University

Another data breach to hit the wires in June involved the Australian National University. The university said that a “significant” number of staff and students — potentially up to 200,000 people — were impacted by a “sophisticated operator” able to steal data including names, addresses, dates of birth, phone numbers, email addresses, passport details, and academic records.

The data taken extends back to 19 years.