January 10, 2019

2018 Data Breach Recap: 8 Significant Incidents

by: Align

As companies grow and scale, they begin storing and collecting more data on their customers and employees. In a recent IBM Study, over 77% of respondents mentioned that their company didn’t have a formal cybersecurity plan in place. Furthermore, 57% of business leaders said it’s taken them longer to resolve cyber incidents after they’ve happened.

Although cyber hacks and data leaks are nothing new, many companies have still been impacted by these attacks. In today's post, we recap eight of the most significant cybersecurity incidents that happened in 2018:

data breaches


The Aadhar Database took the biggest hit around the beginning of the year. Over 1.1 billion registered Indian Citizens with a Unique Identity Number, or UIDAI, had their demographic and biometric information exposed from a leak in the government’s database.

This breach allowed hackers to steal biometric data (i.e., fingerprints) to access bank account information, private government records and other personal data.


During late September, the Marriott Starwood line of hotels suffered from a massive data breach that exposed private information from over 500 million guests. Hackers were able to access financial information, passport copies and mailing addresses.

The massive database held records of customers dated back from 2014 up until September 10, 2018. Marriott contacted all affected customers and offered them to set up fraud protection services on their behalf.


Under Armour’s fitness-tracking app, MyFitnessPal, suffered from a cyber-attack in February 2018. Hackers accessed over 150 million individual usernames, email addresses and encrypted passwords. The company sent individual texts to each of the affected accounts and released that none of the users’ financial details, social security numbers or driver’s license numbers were taken.


In November 2018, Quora discovered that a malicious hacker accessed one of their internal systems. The data breach affected over 100 million users, exposing their email addresses, passwords, IP addresses, personalization data and records of all questions asked on the platform. The company immediately invalidated all passwords and forced users to change them before logging back in.


The DNA-testing and genealogy company, MyHeritage was affected by a data breach in June 2018 that impacted over 92 million accounts. The information released included user email addresses and passwords that were found on outside servers. The breach did not expose any record of credit card information, family trees or DNA data. In response to this event, the company enforced two-factor authentication on all accounts to tighten up the security for each account.


In March 2018, Google released that they were going to be shutting down their Google+ platform after a software glitch that exposed the personal profile data of over 500,000 users. Later in November, the company was impacted by a second data breach that impacted more than 52 million users.

The information that was exposed included user email addresses, names, employer information, age and relationship status.


Around September 2018, Chegg had an unauthorized third-party gain access to a company database that hosted their user data. This breach exposed personal user information including email addresses, shipping addresses, account usernames and passwords. The breach dated back to April 29, 2018 and exposed over 40 million accounts.


The concert and events ticketing company, Ticketfly, was a target of a malicious cyber-attack in June 2018. Over 27 million Ticketfly accounts were accessed, containing information such as names, addresses, phone numbers and email accounts. The company immediately forced all customers to reset their passwords before they brought the system back online after the attack. 


By keeping cybersecurity risk management a top priority and outsourcing these services to experts, organizations are better equipped to thwart off cybersecurity threats and help prevent data breaches. Align CybersecurityTM, the company’s comprehensive cybersecurity risk management, provides legally sound, regulatory compliant and workable solutions that are continuously monitored, periodically tested and annually evaluated and enhanced. 

For more information about these services and how your hedge fund or alternative investment firm can integrate cybersecurity into its 2019 business plans, contact us here (https://www.align.com/speak-to-a-cybersecurity-expert), or by clicking on the button below.

Contact Us ➜


Continue Reading

Related Articles


“Align is our trusted provider for all our Managed Services and cybersecurity needs. They provide us best-in-class IT services that not only help drive productivity and growth, but ensure we meet both current and evolving compliance and security requirements with ease. As consultants to financial advisors, trust and reliability are indispensable to our operations, which is why we never hesitate to refer Align to our very own client base. Align isn’t just our partner, they are an extension of our team. We look forward to entrusting them with our IT infrastructure for years to come.”

Ed Fasano - Experienced Advisory Consultants LLC