Skip to content

The Most Prominent Data Breaches of 2018 – Part I

As the year draws to an end, we like to take stock of all the positives and negatives on our personal and professional fronts. We reminisce the victories, mull over the difficult times and make resolutions that we intend to carry through in the upcoming year.

Many security lessons this year came through the sheer volume and nature of information security vulnerabilities. These incidents defied the conventional belief that larger organizations have better security measures. Despite investing in sophisticated cybersecurity tools, several reputed brands faced the brunt of breaches and data thefts.

In this two-part series, we encapsulate some of the largest data breaches that either took place or were revealed in 2018. In some cases, the companies discovered the hack months or years after the original leak started. If your business has remained completely secure so far, it may be a reflection of your approach to enterprise security. However, do keep in mind that the slightest complacency in your IT security measures could make your organization the victim of a cyber-attack.

2018 in Review: Cyber Attacks, Hacking and other Information Security Breaches

  1. Facebook - Over 87 million records breached: In March 2018, Facebook revealed that a political data firm, Cambridge Analytica, collected the personal information of several million users. The hackers used an app that scraped details about the users’ personal preferences and engagement on social media platforms. While this was not the largest data breach, it surely was one of the most talked about ones. Every arm of the media went into overdrive to cover the data scandal that rocked Facebook, not just in the U.S, but across several countries where it has a user base. The company took a hit of more than $100 billion in market capitalization within 3 days of making the breach public.
  1. Marriott Hotels - Over 500 million records hacked: In November 2018, Marriot International announced that Starwood, their online reservation system, was compromised. They suggested that the personal data of over 500 million users was possibly exposed over a period of four years. This includes not just the names and personal contact details, but also birth dates, credit card information, and in some cases, passport numbers and travel histories. This is 2018’s largest breach, in terms of number of records affected. Moreover, it impacts customers across several Marriott-owned chain hotels, including The Sheraton, Four Points, St. Regis, Westin and many more.
  1. MyFitnessPal – 150 million records compromised: In May 2018, US sportswear brand Under Armour found a breach in their app, MyFitnessPal. The data theft affected the personal information of 150 million users, including their user names, hashed passwords, email IDs, and workout and diet related information. However, since the company processed its payment information through a separate server, the users’ financial details remained safe.

In addition to this list, there are hundreds of other data breach incidents that have occurred across the world. Nearly every week, a different company sent out notifications to their customers, informing them that some personal information was hacked or compromised. In our next blog post, we will highlight some more disturbing information security incidents that involve reputed brands such as Amazon, Cathay Pacific, and Exactis.

It was possible to proactively avert some of these incidents and minimize the impact of some others. As CIOs or IT security experts, consider this approach:

  • Maintain a constant and strict vigil on your enterprise networks by implementing formal information security policies and investing in skilled IT compliance resources.
  • Strengthen your endpoint protection and SIEM tools.
  • Implement comprehensive privileged account management policies, with emphasis on least privilege.

Contact us to learn more about cybersecurity measures, or leave a comment below if you need more details on any of the reported data breach incidents.

For Canada and worldwide, contact our main Canadian offices:

  • +1 (416) 229-2950
  • +1 (416) 229-9096

By email:

For all US-based enquiries, please contact our main US offices at:

  • +1 (630) 724-8500
  • +1 (630) 724-8509

By email: