Have you ever seriously considered the negative impacts of a data breach? Are you aware of the digital safety risks that lurk around the corners of the internet? And, did you know that cyberattacks may produce life-long consequences?

Nowadays, applications and websites have become so common that we consider them an integral part of our daily lives. And, because we have normalized it, individuals blindly share their private information with little thought given to the implications of doing so. 

We rarely ever stop to consider what happens to our personal data once we share it with large technology corporations. And that’s because we live with the illusion that our valuable or sensitive private information is safe. That cyber attacks cannot possibly reach us.

However, some serious privacy violations have occurred in the past several months. And they have exposed the severe effects of sharing personal information without proper caution to safety and privacy. 

Despite data breaches occurring on a daily basis, they aren’t discussed as often as they should be. Individuals who have not experienced such incidents may assume that they are immune to them. But anyone can fall victim at any time, and the consequences of a data breach can be irreversibly harmful.

In this article, ESelfKey aims to provide an in-depth analysis of data breaches, recent events, and the potential aftermath for individuals whose personal information is compromised. 

It is highly important to spread awareness about the possible consequences of data breaches. To attempt to prevent them from happening at all. With ESelfKey’s decentralized solutions, a safer digital future may await us.

Let us elaborate on these crucial aspects in the paragraphs below.

Highlights

• Defining data breaches: Meaning and Overview
• Factors contributing to data breaches: Why, Who, and for What?
• Caught Off Guard: When and Where Data Breaches Strike
• Victims of data breaches: Are you safe?
• Conclusions

Defining data breaches: Meaning and Overview

A brief, but fundamental introduction

Data breaches are serious security violations where confidential, protected or sensitive data is accessed, stolen or used by an unauthorized person or organization. These devastating incidents are also known as data spills, data leaks, or information disclosures, and they can occur in a variety of ways.

These digital attacks are typically well organized and initiated by malicious players, including organized crime, political activists, and national governments. However, even individuals who accidentally gain unauthorized access to systems with poor security configurations can cause data breaches.

The information that hackers may disclose can range from matters that may compromise national security to information that government officials want to keep hidden. When a person who has access to such information deliberately exposes it, for political reasons, it is usually referred to as a "leak".

The negative effects of a cyber attack: What happens after?

Data breaches can have far-reaching consequences, impacting a variety of information types including, but not limited to:

• financial data, such as credit card information and bank details.
• personally identifiable information (PII), such as full name, full address, IDs, birth certificate information, etc.
• personal health information (PHI), such as full name, home address, or dates related to the health or identity of individuals.
• trade secrets, and intellectual property. 
• sensitive or valuable information, like photos or videos.

Unstructured data, such as files, documents, and private information, can also become exposed and vulnerable if proper security measures are not in place to protect them.

These cyberattacks aren’t limited to organizations or powerful institutions, though. Anyone could be a victim. And, worst of all, the compromise or theft of the information listed above can lead to anything from:

• financial losses
• identity theft
• reputational damage
• legal repercussions

It's important for individuals and organizations to take steps to protect their sensitive information and implement strong security measures to prevent data breaches. 

ESelfKey understands the devastating consequences of data breaches and emphasizes the significance of implementing preventive measures. Responding promptly and adequately in case of such incidents is also highly important. 

Recent Data Breaches: The beginning of 2023

The frequency of data breaches has increased in recent years. Alarmingly, the past several months have seen a handful of significant incidents. 

• One such example is TikTok’s illegal processing of data belonging to 1.4 million children under 13, who were using its platform without parental consent. This breach highlights the importance of proper data management practices, particularly when dealing with children's information.
• Another example is the cyberattack on Yum! Brands, where attackers stole personal information belonging to some individuals, including names, driver's license numbers, and other ID card numbers. This kind of data is particularly sensitive and can be used to commit identity theft, among other crimes.
• Finally, the hacking of The Kodi Foundation resulted in the exposure of personal information and private conversations of over 400,000 users. Such incidents can have long-term consequences for the affected individuals, including reputational damage and financial losses. These breaches emphasize the need for better cybersecurity measures and data protection practices across industries.

Factors contributing to data breaches: Why, Who, and for What?

Cyberattacks have become a prevalent threat to our digital lives, and they occur on both personal and larger scales. While most people may assume that only organizations with weak security measures are at risk, individuals are also susceptible to data breaches. 

In fact, personal cyberattacks often happen due to a lack of caution when it comes to protecting oneself online.

Why do data breaches occur?

One of the most common ways individuals make themselves vulnerable to cyberattacks is by using weak or predictable passwords. This makes it easy for hackers to access their accounts and steal sensitive information. Additionally, using the same password on multiple accounts makes it even easier for hackers to gain access to a person's entire online presence.

Lack of proper security measures is another way individuals put themselves at risk. Failing to have anti-malware protection on their devices can allow malware to infiltrate and infect their system. Similarly, exposing personal information publicly online, such as on social media, can provide hackers with the necessary information to carry out attacks.

Clicking on or accessing suspicious links is another way individuals can become victims of cyberattacks. It is worth mentioning that bad players often use phishing emails to trick people into giving up sensitive information. These emails can appear legitimate, so it's important to be cautious and verify the source before clicking on any links or providing personal information.

Who is responsible for data breaches?

Anyone could carry out a cyberattack, if they have the necessary tools, and if that is their intention.

Data breaches are a serious concern for individuals, organizations, and governments alike. These breaches are often the result of bad players with malicious intent. Perpetrators can range from organized crime groups seeking financial gain to political activists looking to disrupt or expose sensitive information. 

In some instances, national governments have conducted data breaches for espionage or other motives. Regardless of the motive, it's important for individuals and organizations to take steps to protect themselves from potential breaches and to respond quickly and effectively if one occurs.

What are the intentions of those who initiate cyberattacks?

Malicious individuals typically have two main intentions: financial gain or causing damage to institutions for various reasons. 

In pursuit of these goals, they may carry out data breaches that can have serious consequences for their victims. These attacks can result in the exposure of personal information and sensitive data, which can lead to identity theft, financial fraud, and other types of harm. 

Sometimes, larger feuds between hackers and their targets can result in victims becoming collateral damage and suffering the consequences of attacks that were not specifically directed at them.

Caught Off Guard: When and Where Data Breaches Strike

Data breaches can happen every second and anywhere, from major technology companies to large financial institutions, and even in our own homes. 

Public places such as cafes or airports, which offer public Wi-Fi, can also provide opportunities for hackers to access personal data.

Recently, incidents involving Yum!Brands and TikTok have highlighted the vulnerability of powerful institutions to cyber attacks. However, individuals are also at risk in their personal lives. 

At any given moment, scam messages spread by viruses or hackers can target friends and family members. Weak personal security measures, such as predictable passwords and email addresses, can leave individuals vulnerable to attacks. As a result, the malware can spread to the victim’s circle of friends, family, or acquaintances via personal messages or emails.

One common method used by attackers is phishing emails. They appear to be legitimate messages from a trusted source but actually contain malicious links or attachments. Clicking on these links can result in the installation of malware on a device, allowing attackers to gain access to sensitive information. 

Victims of data breaches: Are you safe?

Who do bad players target?

The victims of data breaches can be anyone whose personal data was involved, regardless of age, gender, occupation, or level of power. 

This includes children, women, men, students, teachers, and employees who trust their employers with their personal information. It also includes clients, customers, and patients who share their data with businesses and healthcare providers. 

It's important to recognize that anyone who uses the internet is at risk of being affected by a data breach, regardless of how small or popular they are. Constantly searching for vulnerabilities and ways to exploit them, bad actors can breach even the most seemingly secure systems.

That's why it's essential to take the right security measures, such as using strong passwords, regularly updating software, and being cautious when sharing personal information online. By being proactive about data security, individuals and organizations can help protect themselves and minimize the potential impact of a breach.

How can Data Breaches affect you? 

Individuals can be affected by data breaches in two different ways:

1. At a large scale, when a centralized system is hacked, which can affect millions of people. 
2. On a personal level, when an individual's personal online accounts are hacked. In this case, the breach may only affect one person, but it can still have severe consequences, such as financial loss or identity theft. 

In both cases, it's crucial to take steps to protect yourself and your personal information. ESelfKey advises using strong passwords, enabling two-factor authentication, and regularly monitoring your financial accounts for suspicious activity.

Large Scale: Attacking Businesses

Large-scale data breaches can have far-reaching consequences that extend beyond the immediate victims. 

While companies, institutions, and organizations are often the primary targets of such attacks, individuals can also suffer the consequences on a personal level. Even if the attack was not personally directed at them, they could still become collateral damage if the company they have trusted their PII with falls victim to a data breach. 

The consequences of this kind of data breach can be severe and long-lasting, for instance:

• Companies can face financial losses, damage to their reputation, and even legal action.
• Institutions may lose the trust of their stakeholders and customers, leading to a decline in business. 
• Organizations may find it difficult to attract and retain talent if they cannot demonstrate that they take data security seriously.

Furthermore, large-scale data breaches can lead to a loss of trust in the digital economy. If people cannot trust that their personal information is secure, they may be less likely to use online services and conduct transactions digitally. This could lead to a decline in e-commerce and other digital industries, negatively impacting the overall economy.

All in all, the consequences of large-scale data breaches are not limited to the immediate victims. Companies, institutions, organizations, and individuals can all suffer the effects of these attacks.

Below, we will examine some of these negative impacts more thoroughly.

Temporary Shut Down

Data breaches can have a significant impact on companies, not only in terms of the immediate costs but also in terms of long-term consequences. When a company experiences a data breach, it may be forced to halt its activity temporarily, which can result in millions of dollars in damages.

According to industry surveys, Gartner concludes that the cost of operational downtime can be around $5,600 per minute, which translates to $300,000 per hour. This can add up quickly, especially if the breach is not resolved promptly. 

In addition to the financial costs, a data breach can also damage a company's reputation and erode the trust of its customers, leading to long-term consequences.

For example, Expeditors International is still dealing with the aftermath of a data breach that occurred in February 2022, which forced it to halt its activity temporarily. The company is likely to experience long-term consequences as a result, including a potential loss of business and damage to its reputation. 

It is therefore crucial for companies to take proactive steps to prevent data breaches from occurring and to have a solid plan in place for responding to them if they do occur.

Financial Loss

Financial losses can arise from two main sources following a cyberattack: 

• Ransomware
• Legal actions

Ransomware attacks can result in significant financial losses for organizations, as hackers can demand large sums of money in exchange for unlocking access to their encrypted data. 

The growth of ransomware attacks is a cause for concern, with experts predicting that the total cost of ransomware damages worldwide could reach $265 billion by 2031.

Legal actions can also result in substantial financial losses for organizations. The Equifax data breach in 2017 affected over 145 million people worldwide and has already cost the company more than $700 million in compensation to affected US customers. The breach also affected an estimated 15 million customers in the UK, who have launched their own separate legal action in the high court seeking £100 million in compensation. 

Legal actions can be costly and time-consuming, and the reputational damage caused by a data breach can have long-term consequences for an organization's financial performance.

Reputational Damage

Reputational damage is a major concern for companies that experience large-scale data breaches. Such damage can lead to revenue loss and have long-term impacts on the company. 

When a company's reputation is tarnished due to a history of data breaches, people are less likely to trust the company with their payment information, and they may choose to take their business elsewhere. 

This loss of trust can be difficult to overcome. Therefore, companies must take steps to protect themselves and their customers from data breaches. Additionally, they must try to maintain their reputation and ensure their long-term success.

Loss of Private Data

Sensitive data and intellectual property are two key areas that hackers target in a cyber attack. 

Sensitive data can include, but are not limited to:

• Personal information belonging to customers, patients, and employees.
• Private company emails that contain personal health history, home addresses, and payment information. 

When this type of data is breached, it can lead to significant financial losses and reputational damage for the company.

Intellectual property is another target of hackers, particularly designs, strategies, and blueprints. When intellectual property is stolen, the competition can take advantage of the leaked information. And this, in turn, may cause long-term damage to the company's competitive advantage.

Businesses within the manufacturing and construction industries are particularly vulnerable to these types of cyber threats. Therefore, many small businesses believe that they are unlikely to be targeted by hackers, but this is not the case. 

In fact, 60% of all hacks target small businesses because they are often easier to attack. It is therefore crucial for businesses of all sizes to take proactive measures to protect their sensitive data and intellectual property from cyber threats.

Personal Level: Targeting the Individual

Data breaches at a personal level often occur due to a lack of caution when operating in the digital world and inadequate security measures. 

People may accidentally share sensitive information, such as their social security number or credit card details, on unsecured websites. Alternatively, they could fall victim to phishing scams that trick them into revealing their login credentials. 

Additionally, using weak passwords and not updating software and operating systems can leave personal devices vulnerable to hacking. 

SelfKey’s decentralized solutions are centered around the individual’s privacy and security, with a strong emphasis on individuality. It is highly important for individuals to be vigilant when using digital platforms and take appropriate security measures to protect their personal data from cyber threats. 

Identify Theft

Identity theft is a serious crime that can have devastating consequences for its victims. 

When criminals gain access to a victim's personally identifiable information (PII), such as their full name, Social Security number, and birthday, they can wreak havoc on their financial and personal lives. 

Victims can have their bank accounts emptied, credit histories ruined, and valuable possessions taken away. In some cases, victims have even been wrongly arrested for crimes they did not commit. This is because the criminal may use the victim's identity to commit cybercrimes or other illegal activities, leaving the victim facing legal action and potentially a criminal record.

Notable examples of identity theft

1. The case of Nicole McCabe, an Australian woman suspected of murder after her passport was compromised and her identity stolen. 
2. Several victims of identity theft had to struggle with proving they were not responsible for the withdrawal of large amounts of cash from banks, or illegally attempting to obtain loans worth thousands. 
3. The terrifying story of Andorrie Sachs, whose medical identity was stolen by a pregnant woman who gave birth in Sachs' name and left the baby at the hospital, resulting in a $10,000 hospital bill. 

Local authorities mistakenly reported Sachs as an unfit mother and threatened to take her children away. This could also have lifelong implications for Sachs as the perpetrator had a different blood type, and uncorrected medical records could result in Sachs' death if she ever needed a blood transfusion. A healthcare provider could even prohibit Sachs from reviewing her own medical records as they might not be in her name.

This is one of the many reasons why ESelfKey strongly encourages individuals to take proactive steps to protect their personal information, such as:

• Using strong passwords.
• Regularly checking their credit report.
• Being cautious when sharing personal information online. 

By being vigilant and taking appropriate security measures, individuals can reduce their risk of falling victim to identity theft and the devastating consequences that can follow.

Personal Health Information

The theft of personal health information (PHI) is highly valuable on the Dark Web, as it can be worth more than 200 times stolen credit card information. 

This type of identity theft can have serious consequences, including, but not limited to:

• Obtaining illegal medical treatments or prescription drugs.
• Altering the victim’s medical history.
• Using up the victim’s medical benefits. 

Hackers can also sell stolen PHI to other criminals, who can use it for a range of illegal activities. 

Given these horrifying facts, ESelfKey strongly advises individuals to take steps to protect their medical identity, such as:

• Regularly checking medical records for errors.
• Checking for signs of fraudulent activity.
• Ensuring that their healthcare providers have proper security measures in place to protect their PHI.

Financial loss

Once malicious individuals obtain your PII, they could potentially use it to damage your credit score and commit financial fraud. 

A lowered credit score can make it challenging for the victim to:

• Obtain a personal loan.
• Secure a mortgage.
• Even impact job prospects. 

Additionally, individuals who commit identity fraud can open new bank accounts in your name, drain your existing accounts, and commit check fraud. They can also apply for credit using your information, and engage in a variety of other banking scams. All things considered, it’s important to be vigilant in safeguarding your PII. The long-term financial consequences of a data breach can be severe.

Impersonation on Social Media

Cybercriminals can use your digital identity to carry out various malicious activities that can cause significant harm. Here are only a few terrifying examples:

• They can use your digital identity to phish for credentials from your friends and family, leading to further attacks. 
• They can ruin your reputation by posting obscene or profane content online, damaging your personal and professional relationships. 
• They may look for sensitive photos and videos in your account and use them to extort you, leading to emotional distress and financial loss. 

As horrifying as this may sound, there are ways to prevent this kind of disaster from causing irreparable damage to your digital identity. For instance, ESelfKey’s AI-Powered Proof of Individuality methods may be the key to protect individuals against identity theft.

Emotional and Mental impact

A personal data breach can lead to significant mental and emotional distress. The harm caused can take a long time to recover from, depending on the extent of the damage done by the hacker. 

Along with reputational damage, victims may also have to spend a considerable amount of time and money to mitigate the fallout. And, the steps towards recovering from such a cyberattack could be draining in themselves. 

Victims may have to spend endless hours or days:

• Contacting their bank, lenders, and creditors.
• Securing all their online accounts.
• Replacing stolen identification documents.
• Canceling and replacing bank accounts and credit cards.
• Dealing with criminal charges made in their name. 

Victims will also need to remove malware and viruses from their devices, while constantly proving their identity and showing that it was stolen. A process which can be emotionally, mentally, and physically exhausting in itself. 

Worst of all, if affected individuals fail to repair compromised information or remove malware from their devices, they will risk falling victim to the same attacks over and over again.

The long-lasting consequences of a data breach can be devastating, particularly if your PII or PHI end up on the Dark Web. The information could be in circulation there indefinitely, making you vulnerable to further harm.

SelfKey’s visions for a safer digital future

Recent events have demonstrated the devastating impact that data breaches can have on individuals and organizations. That's why ESelfKey is emphasizing the importance of security when it comes to online interactions and digital identities. 

By developing decentralized solutions with Self Sovereign Identity in mind, ESelfKey is using the potential of modern technology in its aim to counteract these breaches. AI-powered proof of individuality is one solution that may fight against maliciously used AI, to prevent identity theft. 

It's important to raise awareness about data breaches and their potential consequences. To teach individuals and organizations about how to prevent them or how to respond in case one occurs. 

Conclusions

In this modern, digital world, we have normalized sharing our personal data online. However, this does not mean that our personal information is necessarily safe. 

In fact, data breaches are becoming more and more common, and the consequences can be severe and irreversible. That's why it's crucial for individuals and organizations to take caution when sharing and storing their personal data.

ESelfKey is focused on developing solutions which may prevent data breaches and enable individuals to operate safely in the digital world. At the heart of their approach is a commitment to the idea that privacy is a basic human right that should not be traded for convenience. 

By prioritizing privacy and security in their technology solutions, ESelfKey is aiming to help empower individuals to take control of their digital identities and protect their personal information.

Stay up to date with ESelfKey on Discord, Telegram, and Subscribe to the official ESelfKey Newsletter to receive new information!

Note:

We believe the information is correct as of the date stated, but we cannot guarantee its accuracy or completeness. We reserve the right not to update or modify it in the future. Please verify all information independently.

This communication is for informational purposes only. It is not legal or investment advice or service. We do not intend to offer, solicit, or recommend investment advisory services or buy, sell, or hold digital assets. We do not solicit or offer to buy or sell any financial instrument. 

This document may contain statements regarding future events based on current expectations. However, some risks and uncertainties could cause results to differ. The views expressed here were based on the information that may change if new information becomes available.

Throughout the years, technology has transformed the way we operate as humans in society. It brought great changes to the way we work, study, communicate, and interact with one another. Furthermore, it has made these things easier, faster, and more accessible than ever before. 

We’re headed towards a digitized future, where we learn more about state-of-the-art artificial intelligence. However, the more we learn about artificial intelligence, the more it learns about us.

In this article, we will firstly discuss artificial intelligence, what it is and how we can use it to navigate the digital world. Secondly, we’ll explore the benefits and drawbacks of artificial intelligence. Lastly and most importantly, we’ll elaborate on ways to use AI-powered proof of individuality methods to keep our community’s individuality, privacy, and digital identities safe.

Highlights

• Artificial Intelligence and Humanity
• AI-Powered Proof of Individuality
• How can AI-Powered Proof of Individuality benefit us?
• How does AI-Powered Proof of Individuality work?
• AI-Powered Proof of Individuality and Selfkey

Artificial Intelligence and Humanity

Humans versus technology

The advancement in technology for the past several decades has stirred a growing debate of humans versus artificial intelligence (AI). For instance, if AI begins to take over tasks which were traditionally associated with people, what are people left with? Their sense of humanity and individual identity. 

Digitalization has impacted every aspect of our lives, making it easier for us to perform our daily tasks. Because of this, we have more or less become dependent on technology in order to operate in the online world. 

Overall, the topic of AI is quite controversial. Throughout history, humans have been cautious about accepting new technologies since the dawn of the industrial age. While technology has undoubtedly brought significant improvements to our lives, an important question remains:

Will AI ultimately be beneficial or detrimental to our well-being in the long run?

We will examine the potential advantages and disadvantages of AI in the following sections.

The benefits of Artificial Intelligence

Despite the potential risks and challenges posed by AI, there is no denying that it brings many benefits and advantages for humanity. 

Technology has filled our lives with entertainment, efficiency, and enhanced accessibility by eliminating frustrating and time-consuming tasks. Not only that, but it has made performing our daily tasks considerably easier and it has opened doors to an incredible library of information.

Let’s briefly explore some of AI’s key benefits:

• Automation. Advanced technology can program AI to do tedious, repetitive mundane jobs, so that humans can focus on more complex and creative tasks.
• Efficiency. AI has the capability to analyze a large amount of data and find patterns and trends that might be hard for humans to see. This can help individuals make better decisions.

• Accesibility. Thanks to modern technology, individuals can benefit from applications that make working, studying, and communicating remotely much easier. 
• Accuracy. Under careful supervision, AI can perform tasks with high accuracy, reducing the risk of errors and improving performance tremendously.

The dark side of Artificial Intelligence

With AI progressing at incredible speeds, technology has raised concerns about privacy and security. One of the biggest concerns nowadays is the threat of AI stealing human identities. There has been an increase in data breaches and cyberattacks, which leads to a growing need for stronger security measures to protect our personal data.

Like any other innovation, AI undoubtedly has its drawbacks, which are often overshadowed by its benefits. Basically, AI systems are designed to learn and make decisions based on data. Therefore, if the data used to train these systems is biased or incomplete, it can lead to flawed decision-making. 

We can understand the dark side of AI once we examine some of its potential risks and negative impacts:

• In the wrong hands, AI systems can be used for malicious purposes, such as cyberattacks.
• Because of this, privacy and security are major concerns when it comes to AI.
• Data breaches could result in divulging sensitive data, leading to significant consequences, like loss of privacy.
• Hackers can make use of the leaked data to steal or forge individuals’ digital identities.
• AI can generate fake identities, which can be used to influence the decision-making or output of a system.

As AI systems continue to evolve, it becomes more and more difficult to predict their actions. Consequently, we cannot hold them accountable for their faulty behavior. 

What can we do, then?

Artificial intelligence is currently not a sentient being, it cannot make its own decisions. 

It can either be used for good purposes or for malicious purposes, depending on the intentions of the individuals behind it. And, while humans are not equipped with the accuracy and efficiency of state-of-the-art technology, we can use AI to fight against malicious AI.

Thankfully, there is a method which can verify an individual’s identity in a secure, efficient and highly accurate manner. 

AI-Powered Proof of Individuality

What is Proof of Individuality?

Proof of individuality (POI) is a protocol that supports the statement that every person is a distinct and unique individual. As a matter of fact, individuality is a core aspect of human existence. It refers to the one-of-a-kind set of characteristics, thoughts, emotions and perspectives that make each person different from one another. 

While digital identities can be stolen and sold, individuality is not something which, at the moment, can be duplicated. At this time, it represents our liveliness as real, tangible, mindful beings.

Identification in modern times

Identification is an important aspect of our lives. Above all, it is unique to each and every one of us, and it represents our liveliness. Therefore, as technology makes new, magnificent progress every day, AI-Powered proof of individuality has become an essential part of our daily existence. From accessing bank accounts to opening doors, AI-Powered proof of individuality has revolutionized the way we identify ourselves.

Some of the most common AI-Powered proof of individuality methods are:

• Fingerprints
• Facial recognition
• Iris scans

These biometric identification methods are highly accurate and reliable, making them the go-to method for identification in many industries.

How can AI-Powered Proof of Individuality benefit us?

Overall, AI-Powered proof of individuality has many advantages. Particularly:

• Speed
• Accuracy
• Remote identification

Speed

• The traditional methods of identification, such as presenting a physical paper for verification can cause delays.
• Ai-Powered proof of individuality methods are much quicker. For example, using a fingerprint scanner can take only a few seconds.
• As a result, Ai-Powered proof of individuality methods are efficient in situations where time is of the essence.

Accuracy

• Biometric methods such as facial recognition and iris scans are highly accurate.
• In such a case, the chance of false positives or false negatives is minimal.
• This level of accuracy is ideal for high-security situations, such as airport security or government buildings.

Remote identification

• AI-Powered proof of individuality made it possible to identify individuals remotely.
• With the use of online identification tools, individuals can verify the authenticity of each other’s identities.
• There is no need to meet in person anymore. Therefore, physical distance is no longer an obstacle.

How does AI-Powered Proof of Individuality work?

A brief description

AI-Powered proof of individuality uses artificial intelligence to verify an individual’s identity based on their biometric features and behavior. 

As mentioned previously, biometric features are fingerprints, facial recognition, or iris scans. 

Some of the behavior patterns this technology analyzes are:

• Typing speed and style. How a person types on a keyboard, how long they pause between keystrokes, and how hard they press the keys.
• Mouse movements. How a person moves the cursor on a screen, the direction and speed of their movements.
• Voice patterns. The way a person talks, their pitch, tone and accent.
• Smartphone usage. The way a person holds or uses their smartphone, the angle of how they hold their device, or how they swipe and tap on the screen.

All in the benefit of the individual

The idea that our devices check our behavior patterns might be anxiety-inducing. Without a doubt, it can be scary thinking how technology knows us better than we know ourselves. However, in this case, AI is programmed to keep our individuality safe from malicious, bad players.

This way, organizations can improve security and prevent identity fraud. Furthermore, AI-Powered proof of individuality is more convenient to access digital services without the need for passwords or tangible identification cards. Passwords can be forgotten, stolen, or compromised.

Consequently, AI-Powered proof of individuality has the potential to positively transform how we verify our identities in the digital age.

AI-Powered Proof of Individuality and Selfkey

ESelfKey aims to offer individuals a secure means of verifying their identity through AI-Powered proof of individuality methods. 

Guidelines for users:

1. The user will first have to perform a KYC check. KYC stands for Know Your Customer, and it is a mandatory process of identifying and verifying an individual’s identity. It is done to ensure that the user is genuinely who they claim to be.
2. The user will then obtain the ESelfKey iD SBT. SBT stands for Soulbound Tokens. They are non-transferrable, verifiable, digital tokens that can show an individual’s accreditations, work experience, work history, and past records.
3. After this, the user onboards to ESelfKey DAO. DAO stands for Decentralized Autonomous Organization. It is governed by a community of individuals on a decentralized blockchain network. The rules of a DAO are transparent to all members in order to create equality between users.

The part AI plays

After the user completes all of the steps above, ESelfKey will require an AI-Powered selfie check. This modern method of verifying an individual’s identity uses facial recognition technology.

For instance, here’s what happens during an AI-Powered selfie check:

• The user will take a selfie and submit it to an AI-Powered system.
• The AI-Powered system will check the photo against a vast collection of pre-verified images.
• The system will use algorithms to identify unique facial features, like: distance between the eyes, the shape of the jawline, the position of the nose.
• If the user passes the check, they will receive a POI (proof of identity) credential, which they can stake KEY on.
• If the user does not pass the check, they will not be allowed to continue.
• In the case of a false negative, the user will have the possibility to contact support.

These AI-Powered selfie checks will be made periodically, each time a user performs important actions within the ESelfKey DAO.

How does this benefit us?

This method is widely used by online platforms and organizations that require a high level of trust and security in their user authentication process. Firstly, it is a quick, convenient, and reliable method. Secondly, and most importantly, AI-powered checks will prevent identity fraud in the online world.

For instance, AI-Powered proof of individuality will efficiently and accurately check that:

• The user’s selfie is not forged by another individual.
• The user’s selfie is not AI-generated or fake.
• The user is a real person.
• The user’s selfie matches the original selfie they submitted during the KYC check.

Anti-Sybil technology

Did you know that there is a term for “identity fraud” in the digital world? In the context of online security and identity verification, “Sybil” refers to the act of creating multiple fake identities or accounts. 

A single, malicious individual or a group can do that, with the intention of manipulating or deceiving the system. Alarmingly, it can carry out spam attacks, manipulate voting in online polls for elections, even inflate the popularity of a website or social media.

Preventing Sybil attacks is a crucial challenge in the design of many online systems. Thankfully, SelfKey’s AI-Powered proof of individuality methods can fight against that.

Conclusions

Even though technology has posed challenges throughout the decades, it has an immense potential to make society better. AI-Powered Proof of Individuality has become a part of our daily lives, helping us identify ourselves in a quick and efficient manner. The advantages modern identification methods bring are undeniable. 

In spite of that, having concerns about privacy and security is normal, especially when it comes to our individuality. However, ESelfKey is aiming to developing methods to combat those who use cutting-edge technology for malicious purposes.

Finally, as technology continues to evolve, we can expect to see even more complex methods of identification in the future. But, it is vital to remember that we are supposed to use technology to enhance our lives, our work, rather than replace them. The solution is to find a balance between technology and humanity.

If you want to learn more about what the future brings, your online safety, and methods to combat bad players on the web, subscribe to the official ESelfKey blog! 

Stay up to date with ESelfKey on Discord, Telegram, and Subscribe to the official ESelfKey Newsletter to receive new information!

Note:

To the best of our knowledge, the information contained herein is accurate as of the date stated; however, the accuracy and completeness of the information are not guaranteed, and we disclaim any duty to update the information should circumstances change. You should not rely upon the information without conducting your own validation.

This communication is for informational purposes only and does not constitute an offer to sell, a solicitation to buy, or a recommendation for any digital asset, nor does it constitute an offer to provide investment advisory or other services. No reference to any specific digital asset constitutes a recommendation to buy, sell or hold such digital asset. Nothing here shall be considered a solicitation or offer to buy or sell any security, future, option or other financial instrument or to offer or provide any investment advice or service.

SELF and KEY tokens, SBTs, and NFTs associated with the ESelfKey ecosystem have no monetary value or utility outside of the ESelfKey ecosystem, are not ascribed any price or conversion ratio by ESelfKey and its affiliates, and do not represent ownership interests or confer any rights to profits or revenues. These tokens should not be purchased for speculative reasons or considered investments. By engaging with ESelfKey, you acknowledge and agree to the applicable terms and any associated risks. We recommend consulting with legal and financial professionals before participating in the ESelfKey ecosystem and related transactions.

This document may contain statements regarding future events based on current expectations. However, some risks and uncertainties could cause results to differ. The views expressed here were based on the information that may change if new information becomes available.

We use the "KYC" term here for general information purposes, without reference to particular legislation. Please check the laws relevant to you and contact us for the details.

Have you ever wondered what happens to your personal data once you share it with a website or an application? Have you thought about where your information is stored and who has access to it? Were you aware that data breaches happen daily and your information is at risk of being compromised at any time? 

This article touches upon a new technology which is currently being developed to help you manage your private information online. In the near future, you will no longer have to rely on other parties that might put your sensitive, valuable, or personal data in danger. 

We’ll be discussing the concept of self sovereign identity (SSID), how it works and how it impacts our daily lives as individuals operating in a digital world.

We will thoroughly cover the following topics:

• Online Safety
• How will Self Sovereign Identity improve our online activities?
• Self Sovereign Identity
• Issues with the current implementation of Self Sovereign Identity
• How can the current Self Sovereign Identity implementation be improved and scaled?
• The Trust Triangle
• Agents of The Trust Triangle
• Trust in the digital world
• The Three Pillars of Self Sovereign Identity
• Blockchains
• Decentralized Identifiers 
• Verifiable Credentials
• Zero Knowledge Proofs
• Conclusions

Online Safety

Digital revolution: both a blessing and a curse

In the past several decades, mankind has shown magnificent progress in computer science. So much so that society quickly became accustomed to using Information and Communication Technologies on a daily basis. Whether it is for recreational purposes, communication, work or education, mundane tasks are made significantly easier with the help of cutting-edge technology and wireless systems. 

Artificial Intelligence (AI) is capable of performing convenient assignments, such as reading, generating, integrating, and theorizing information. However, it is also heading dangerously fast towards mimicking a trait which, up until now, has been uniquely human: identity. 

When personal data is leaked, AI can potentially make use of that information to steal or forge human identities. Thankfully, the future will also bring ways to prevent that. A Self-Sovereign Identity solution is being developed to protect our data from being stolen and sold.

How safe is it really out there?

Using technology and having a digital presence has become so common nowadays that many people don’t think twice about the security of their personal information. 

Although they are within the safety of their homes, their data is still potentially visible to millions of users online. Among those millions, there are many individuals with bad intentions, who look for ways to use other people’s private data for their own personal benefit.

More often than not, however, it is entities that individuals are supposed to trust who end up selling or divulging their personal information to other parties. And those parties, whether willingly or not, will put that personal information at risk of being unlawfully used by bad players.

At the moment, unfortunately, people have come to depend on centralized systems in order to benefit from online services to perform their daily tasks. Without those online services, it would be impossible for individuals to function in the present day society. 

It is more of an obligation rather than a choice,and it has become so normal that we simply go with the flow. Otherwise, we will not be able to keep up with the fast-paced changes in the way we work, study, and communicate.

Our digital identities

Personally Identifiable Information (PII) belonging to individuals, firms or organizations is being stored online in the form of digital data. This collection of digital data is then used to build our digital identity.

A digital identity is used to facilitate access to services that make it easy for computers to efficiently mediate transactions between two or more individuals. The web provides us with a quick way of performing these transactions. However, it is not the safest place to store our private information. 

Data breaches happen on a daily basis without our knowledge. Through data breaches, important and valuable information can be stolen and sold, including our very own digital identities.

Ideally, individuals should be able to make use of the advanced, modern day technology without the risk of their private data ending up in the wrong hands. In order for that to happen, individuals need to have more control over how their information is stored and who has access to view or share it, at all times.

The illusion of choice

Nowadays, control seems less impactful on our lives, because the deception of freedom is given to us through choices. However, when access to necessary modern applications is being restricted unless personal data is consensually shared, choice becomes an illusion.

With the choice to opt in being enforced, people have grown used to accepting the privacy policies of applications without a second thought. These policies, that we barely even bother to read, do mention how data is shared with third parties. However, we cannot do anything but blindly trust that service providers will not abuse or mishandle our data.

At the moment there is only the illusion of consent, of trust, all in the detriment of the individual. Because of this deceitful way of forcing users to consent to their data being used, trust between individuals is becoming more and more difficult to establish.

SSID aims to dispel these illusions and bring authentic consent and trust to the mainstream.

Seeking safety in a digital world

Sadly, Big Tech often profits off of individuals at the expense of the latter’s safety, which may lead up to identity theft. 

Many users are unaware of the unlawful incidents happening underneath the brightly colored backgrounds of websites and applications as they perform their daily online tasks. Living under the impression that, as long as there is no malware alert on their devices, they have nothing to be concerned about. 

The alarming truth, however, is that security violations occur on a daily basis. These cumulative cyber attacks can potentially cause millions of dollars in damages to the individuals whose data was involved.

How will Self Sovereign Identity improve our online activities?

Fortunately, a solution to the above-mentioned risks is currently being developed by ESelfKey. It will be the sword and shield for individuals to function and perform transactions in the safest way possible. 

Self sovereign identity not only gives back the freedom of choice, but it also prevents this kind of disaster from happening. SSID users give access only to individuals that they wish to engage with. During this interaction, only a very limited amount of information is shared.

Therefore, sensitive, protected and important data is less likely to be sold to or shared with harmful individuals and organizations. Self sovereign identity was conceived to prevent data leakage in this sense. It gives users the power not only to manage and control, but also to protect what they deem valuable. 

Self Sovereign Identity

A brief introduction

Self sovereign identity (SSID) is a new way of managing digital identities, which aims to put individuals in control of how their accounts and private information are managed. With SSID, individuals have full ownership over their personal data. They no longer need to rely on centralized systems that might share their data with unknown parties for personal gain. 

Users can store their private information into their devices and present it for validation when it is specifically needed. This way, the risk of having their data compromised is considerably reduced. Individuals are in complete control over how their information is used and stored, at all times.

How self sovereign identity is currently being implemented

Once Self Sovereign Identity users store their private data on their devices, they can quickly take the opportunity to interact with trusted partners. In order to benefit from the services offered by these trusted partners, users need to accept the processing of their information by the partners. This is declared by the relying party once the user attempts to onboard into their services.

Issues with the current implementation of Self Sovereign Identity

Adoption and Convenience

At the moment, SSID users must store their data on their private device instead of the traditional central database. This method allows the users to have full control of their personal data. On the down side, the flow by which users interact with the system is less convenient than centralized alternatives. 

Storing data on one private device makes it difficult for it to be accessed by the user’s other devices. Individuals have to manually introduce their information into devices they want to use, which can become time consuming and frustrating.

Scalability

Currently, users can only exercise their self sovereign rights with partners within the SSID environment. More so, individuals need to trust that the parties they choose to interact  with will handle their personal data with respect to their privacy and store it securely.

How can the current Self Sovereign Identity implementation be improved and scaled?

Should we use Centralized Systems for convenience?

Centrally controlled systems are databases in which an individual’s digital identity is stored in one or more servers belonging to a centralized entity. Once personal data is stored in this type of server, an individual has no way of knowing who has access to it, who it is shared with, or where it ends up. 

When personal data is being shared with unknown, third parties, there is a high risk of unintentional information disclosure. This can lead to dire consequences like identity theft or secret information being disclosed to the public, stolen or sold. 

While centralized systems are not necessarily malicious, their security is weak, which leads to data leakage. With AI progressing alarmingly fast, this is a particularly serious concern. As a conclusion, centralized systems can not be used to improve the adoption and scalability of SSID solutions.

Are Decentralized Systems a better option?

On the polar opposite of centralized systems are decentralized systems. This type of system stores and verifies information in multiple computers that work together as nodes in a network, popularly known as a blockchain. 

By transferring the control from a centralized entity to a dispersed group, decentralized systems aim to reach a level of fairness among its users, without one individual having authority over the other. 

The way data is stored in a decentralized system makes it very difficult for malicious parties to manipulate it, because it is secured by the blockchain. A decentralized system is perfect for storing public and openly-accessible data, such as a record of transactions.

However, storing personally identifiable information (PII) in a decentralized system is highly unadvised, even if it is encrypted. PII can be anything from full name, phone number, full date of birth, full address, or credit card information.

Once data is made public, it can not be erased or changed, and it is openly accessible to anyone. Therefore, decentralized systems alone are not ideal for storing private information, due to inevitable and permanent loss of privacy. 

They are part of the solution, though, and we will discuss in the following sections.

Is there a solution to this dilemma, then?

At the moment, SelfKey is actively working on and is committed to delivering an ideal solution to increase the adoption of SSID, using cutting-edge technology. 

In the next segments we will thoroughly discuss ESelfKey’s proposed solution, which pertains to:

• The Trust Triangle
• The Three Pillars of self sovereign identity
• Zero Knowledge Proofs

The Trust Triangle

Presently, we are accustomed to the traditional “peer-to-peer” interactions between identity owners and verifiers. To better facilitate the goals of SSI, a three-party system is proposed. In this triangle, two individuals that want to interact securely can rely on a third party to issue and to confirm the authenticity of their credentials. 

For example:

• We have individual A and individual B, two entities who are about to make an exchange. B has obtained their verifiable credentials (personal data that can be checked for validity) from C, a third, neutral party. C is legally permitted to vouch for B’s authenticity. 
• B wants to make a purchase with A, but the services provided by A are age-restricted. Therefore, A must check with C if B legally qualifies to access that kind of service. 
• In this case, there is only one specific inquiry that must be clarified: whether B is a legal adult. That is the only information that C will validate with A.
• A does not have access to extra information that would otherwise be physically printed on an ID or a passport. This information can be name, full address, full date of birth, social security number, photos, etc. Basically, any identifier that B does not want to share with A or to divulge to the public.
• This also eliminates the risk of A, if potentially ill-intended, retaining private information from B. There is no visible data for A to read and memorize. There is only C’s confirmation that B qualifies (or not) to purchase a service from A, without giving out specific details.

This applies to any kind of identifier which is needed to validate interactions between persons or companies. The risk of personal data being visible to individuals outside of the trust triangle is eliminated this way. And even within the trust triangle, only the minimum, relevant information will be shown or confirmed.

Agents of The Trust Triangle

The issuer is the entity that releases verifiable credentials after verifying the claims given by the holder. 

• It is typically an institution, an organization or an individual who possesses the legal authority to verify and to vouch for the holder’s authenticity. 
• Examples of issuers are governmental institutions; universities, departments, companies, agencies, authorities, training institutions, etc. 
• The issuer is a neutral party whose role is only to validate a claim in a holder-verifier transaction.

The holder (data owner) is the individual, a person, a company or an organization who owns unique, personal data.

• The holder earns verifiable credentials after providing proof of authenticity to the issuer. 
• The data owner will use those verifiable credentials to prove authenticity before benefiting from various services, making purchases or transactions.

The verifier (relying party) is the entity which verifies a holder’s verifiable credentials.

• The relying party will need to verify only a specific piece of information. Only the bare minimum which is relevant to provide a service to the holder.
• The verifier checks if the holder’s data is issued by a competent and legally authorized issuer.
• The verifier makes sure that the holder’s data has not been tampered with, forged, expired or revoked. 

Trust in the digital world

What makes this triangle work is that the three parties are willing to trust one another. The element of trust is important, especially in a time where information forgery and theft happen quite frequently. But within a trust triangle, the user (or holder), has complete control over the management and visibility of their data.

As stated above, digital identities are the counterparts of physical identities that are verified through paper documents. The way trust works digitally is similar to the real, tangible world. However, the consequences of having personal information exposed to the public digitally are much greater. 

Having to trust a centralized database is more or less forced upon individuals. Otherwise they couldn’t benefit from services required to perform daily transactions, either for personal or professional gain. Within a trust triangle, SSID can facilitate these daily transactions without holders having to concede to “blind trust” and risking the safety of their personal data. 

The Three Pillars of Self Sovereign Identity

Within the trust-triangle framework, there are three main components, or “pillars”, that enable the realization of the ideal solution SSID is aiming to achieve:

• Blockchains
• Decentralized Identifiers
• Verifiable Credentials

Blockchains 

A blockchain is a ledger which is shared across thousands of computers around the world. These computers act like nodes within a network, storing and verifying information in a way that makes it nearly impossible to modify or cheat the system.

Within a blockchain, data is saved like a compilation of records, linked to one another. Each user has a copy of this collection, which makes it particularly difficult for hackers to unlawfully modify the information stored within. 

To enhance security, data is protected using complex cryptography which, at the moment, cannot be deciphered by malignant parties. The blockchain will provide the security layer necessary for users and relying parties to interact within the SSID framework. 

Decentralized Identifiers 

DIDs, for short, are the digital counterparts of physical documents, IDs, passports or licenses used to verify one’s identity.

What qualifies as an identifier is any kind of information that proves an individual’s identity and individuality. Traditionally, identifiers are issued and stored by centralized systems, such as governmental institutions and organizations.

Decentralized identifiers no longer depend on a central system to manage, issue, and store valuable, private information. They ensure that individuals are able to generate their own identifiers with the help of systems that they trust. Individuals can then use cryptographic proof, such as digital signatures, to authenticate their new identifiers as their own.

Decentralized identifiers are unique. They cannot be forged or stolen, because identity itself is unique and pertaining to only one individual. For example, a digital wallet address can be used as a decentralized identifier.

Verifiable Credentials 

Verifiable credentials are digital versions of physical, paper documents used by persons, businesses, and organizations to identify themselves. Individuals can also use them to prove that they are qualified to access a service or perform a transaction. 

Verifiable credentials are, but not limited to: digital birth certificates, digital education certificates, digital licenses, digital employee identification cards.

Verifiable credentials are issued in a tamper-evident manner that is respectful of the individual’s privacy. Bad players cannot make any unauthorized attempt to modify or forge digital documents without leaving evidence behind. This is something that a relying party will verify at each check.

In the physical world, a tamper-proof document would be sealed within multiple layers that are locked in a specific manner. If anyone attempts to open them, they cannot rearrange the layers in the original way. There is visible evidence that someone has unsealed and tampered with the document.

Using such a tamper-proof document, holders can present them to issuers and be verified immediately. This makes onboarding even more convenient than what centralized services offer nowadays.

But how do individuals make use of these credentials? We believe that the answer to that question lies within Zero Knowledge flows detailed below.

Zero Knowledge

In the current context, the concept of zero knowledge simply means that a relying party (verifier) does not need any additional information, other than the necessary minimum, to confirm whether a data owner (holder) qualifies for the service they provide or not. 

Using the zero-knowledge proof method within a trust triangle, participants will benefit from secure interactions. This is because their full personal information does not need to be revealed in the majority of interactions. 

Let’s revisit our previous example but with ZK in mind:

• Holder A wishes to access Verifier B’s services, which are age-restricted.
• B needs to verify with Issuer C whether A qualifies for said services. 
• C will confirm whether A is of age or not, without revealing the full date of birth, or specific age. Confirmation is expressed in the form of a ZK proof.
• B will not have access to any kind of additional information, like location, actual date of birth, full name, full address, gender, etc. Likewise, B will not be retaining any data, because there will be no information for B to memorize or share outside of the interaction with A.

Conclusions

The quick progress of technology is both thrilling and anxiety-inducing. It can be challenging to adapt to these fast-paced changes. However, there will always be ways to combat the threat of being controlled by an ill-intended higher power. 

Self Sovereign Identity is keeping pace with this constant technological uprising, making sure to protect its users. It aims to maintain the ideal that there’s a choice that doesn’t trap individuals in exhausting, exploitative loops. 

Its goal is to continuously certify its users to reach their full professional and personal potential. To restore each individual’s ability to be the sole controller of their PII in their digital lives. 

ESelfKey is restlessly working towards achieving ways for users to be able to safely engage with partners in an environment that is secure and neutral. At the moment, SSID is an ideal, a work in progress. ESelfKey has the potential to become the bridge that will take its users towards a much safer and empowering future. 

Stay up to date with ESelfKey on Discord, Telegram, and Subscribe to the blog to receive new information!

State of the industry - February 2020: As it stands, 2019 saw a record number of twelve crypto exchanges being hacked. That being said, across the board the amounts of crypto stolen were worth less. In total, $292,665,886 worth of cryptocurrency and 510,000 user logins were stolen from crypto exchanges in 2019.

One would hope that as time goes on cryptocurrency exchanges would become more secure. The unfortunate reality is that more exchanges are hacked every year. As cryptocurrency and exchanges remain largely unregulated, it is unclear as to who has jurisdiction over cryptocurrency markets. 

We’ve compiled a comprehensive list of cryptocurrency exchange hacks - you’ll be amazed at how much has been stolen over the years.

2020

February - Altsbit - 6,929 BTC, 23,210 ETH, 3,924,082 ARRR, 414,154 VRSC & 1,066 KMD

Italian cryptocurrency Altsbit had only been around for a few months before it was hacked. Initially, the exchange announced the hack stating that almost all funds had been stolen. After some more thorough research, it appears Altsbit only lost under half of the crypto it was storing. 

Altsbit has announced that it only has enough funds to issue partial refunds, and that they will be closing their doors in May 2020. Hacking group Lulzsec has claimed that they are responsible for the hack, though it is still unclear how they managed to pull it off. Approximately $70,000 worth of cryptocurrency was stolen.

2019

November - Upbit - 342,000 ETH

South Korean exchange suffered a massive breach when hackers made off with 342,000 ETH (valued at $51 million at the time of the hack). Rumors swirled that this was an inside job, as the stolen crypto had allegedly been taken from Upbit’s cold wallet. This turned out to be a false alarm. Thankfully, Upbit promised to cover the losses.

However, the story doesn’t end here. The stolen crypto has been on the move. Whoever took it has been moving it between wallets, although it is unclear what purpose this will serve. As of January 2020, Upbit has completed a major security update after a brief suspension of services.

November - VinDAX - $500,000 Worth of Cryptocurrency

Based in Vietnam, VinDAX is a relatively small crypto exchange that mainly conducts token sales for relatively unknown blockchain projects. Hackers don’t care about the size of the exchange, they just care about the money and they managed to steal half a million dollars worth of crypto from VinDAX.

In response, VinDAX emailed the projects that had been impacted by the theft asking for funds. It’s unclear if any of the projects accepted the offer or not. 

July - Bitpoint - 1,225 BTC, 11,169 ETH, 1,985 BCH, 5,108 LTC & over 28 million XRP

After noticing an error in its outgoing funds transfer system, Japanese exchange Bitpoint immediately suspended its services. However, it was too late. Thanks to a security breach, hackers made off with over $30 million worth of cryptocurrency.

Luckily, Bitpoint was able to recover $2.3 million of the stolen crypto from overseas exchanges. Bitpoint has said that they will compensate their users, but have not released a time frame as to when that will happen.

June - Bitrue - 9.3 Million XRP & 2.5 Million ADA

Bitrue is a Singapore-based cryptocurrency exchange that experienced a major hack to it’s hot wallet. Only 90 Bitrue users were affected, but the cryptocurrency that was stolen was worth almost $5 million. Luckily for users who lost their funds, Bitrue has reassured them that they will be fully repaid. 

June - GateHub - 23,200,000 XRP

This UK and Slovenia-based cryptocurrency exchange suffered from a large hack this summer where hackers made off with $10 million worth of Ripple. While it is still unclear as to how exactly the hacker(s) gained access to user funds, the culprit(s) managed to access encrypted secret keys. So far, GateHub has managed to make some progress in recovering the stolen funds.

May - Binance - 7,000 BTC

Despite the fact that we are now in 2019, hackers still managed to use a phishing scam and malware to hack into Binance. The malicious actors ran off with $40 million worth of Bitcoin. As a result, Binance promised to increase its security, but users are understandably wary.

It appears that customer data may have been stolen as well. In August 2019, someone started sharing customer verification information from Binance on a Telegram channel. It has been alleged that this data was also taken during the hack, and that up to 60,000 users may be affected. 

March - DragonEx - $7 Million Worth of Cryptocurrency

The Singapore-based crypto exchange DragonEx suffered an attack in which hackers made off with $7 million worth of cryptocurrency. The North Korean hacking group Lazarus was responsible. The hackers created a legitimate looking fake company and convinced DragonEx employees to download malware onto their computers through Telegram and LinkedIn messages.

DragonEx has taken full responsibility for the hack and will be issuing refunds to those who lost funds. The exchange is also working with the police to see if they can recover the stolen crypto.

March - Bithumb - 3 Million EOS & 20 Million XRP

This South Korean cryptocurrency exchange was the victim of a suspected insider job. It all started with a suspicious withdrawal, and the exchange immediately suspended all withdrawals on their platform, but it was too late. Who conducted the hack is still unknown, but since there is no evidence of outsider interference, many suspect that it was a Bithumb employee who stole the funds.

March - CoinBene - Unknown

Problems started to surface for CoinBene when funds began to mysteriously move out of the exchange’s hot wallet. Analysts were worried, especially since the exchange was down for maintenance, a typical post-hack response. Despite assurances from CoinBene that nothing had happened, the exchange was down for a whole month.

One of the more bizarre aspects of this hack is Coinbene’s unwillingness to admit that anything was wrong. The hack also came on the heels of a report by Bitwise Asset Manager which accused Coinbene of wash trading to manipulate the crypto market. The details are still extremely murky, but it is believed that over $100 million worth of cryptocurrency was stolen in the hack.

February - Coinbin - Unknown

In a bizarre turn of events, Youbit (formerly known as Yapizon) rebranded months later as Coinbin. Having already faced two massive hacks, you would think that Coinbin would be extra careful. However, this hack was an inside job.

It appears that the former CEO of Youbit was still working at Coinbin, and was embezzling company funds. This employee allegedly had access to private keys and was able to siphon off funds from multiple accounts. As a result, Coinbin filed for bankruptcy and shut down while still owing users $30 million.

February - Coinmama - 450,000 User Emails & Passwords

This is a slightly less conventional hack, because instead of stealing money the hackers just stole information. Coinmama is one of the largest cryptocurrency brokers with over a million active users. There appears to have been little fallout from this hack, as Coinmama informed users rapidly once they learned that user data was being leaked on the dark web. To date, no cryptocurrency has been stolen.

January - Cryptopia - 1,675 ETH

Unfortunately for Cryptopia, they suffered from another hack 15 days after the first one. That was the end of the New Zealand-based exchange - they are now going through the liquidation process.

2020 Update: Cryptopia is still undergoing liquidation, but it has now been revealed that the exchange was failing to meet anti-money laundering (AML) requirements when creating new user accounts. For over 900,000 active user accounts, there is no customer data beyond usernames and email addresses. 

Less than 1% of users had completed customer identification, a vital part of AML procedures which ensures that customers are who they say they are. Thousands of accounts which held over $3 million worth of cryptocurrency were traced back to uninhabited islands or physical addresses that didn’t exist. As it stands, many of those who lost funds in the hack aren’t eligible to be refunded by liquidators because there is not enough information on who owned what accounts. 

While it’s unfortunate that Cryptopia experienced two back-to-back hacks within a month, it’s clear that the exchange was not doing it’s due diligence. Given that most of the active users on Cryptopia were from outside New Zealand, more should have been done to enforce AML compliance measures.

January - Cryptopia - Min. 19,390 ETH

It all started with Cryptopia users having difficulty accessing their accounts, and it only went downhill from there. The company originally thought it was a technical issue, but later clarified on Twitter that it was a security breach. The exact amount stolen in the hack is still unknown.

2018

December - QuadrigaCX - 26,350 BTC

While this doesn’t quite qualify as a hack, it is too unbelievable to not include on this list. 

QuadrigaCX was Canada’s largest cryptocurrency exchange owned by Gerald Cotten. Cotten was the only person who knew how to access the cold wallets belonging to the exchange.

In December, while on his honeymoon in India, Cotten died and took any information on how to access the cold wallets to his grave. QuadrigaCX had already been struggling and rumors of bankruptcy had been floating around, and with Cotten’s passing the exchange collapsed. Conspiracy theories started popping up that Cotten wasn’t actually dead, he had just pulled a very elaborate exit scam.

As investigations started into QuadrigaCX’s finances began, things took a bizarre turn. Six cold wallets were identified to belong to QuadrigaCX. However, when investigators looked at the wallets, five of them had been emptied around April 2018. No one is really sure what has happened, and investigations are still ongoing. Cotten’s widow has voluntarily returned $9 million in assets from Cotten’s estate to repay users.

2020 Update: Over a year later, what exactly happened to QuadrigaCX is still very unclear. It continues to be alleged that Cotten isn’t actually dead and there have been multiple attempts to get his body exhumed. An initial request was denied, however a new one has been made by the lawyers representing those who lost their funds.

There are also alleged ties to a shadow bank in Panama called Crypto Capital. Lawyers of the exchange suspect some of the funds that are missing may be stored in Crypto Capital and have asked any former QuadrigaCX users for their assistance on the matter.

As of January 2020, the FBI is now involved. A victim specialist from the FBI has been reaching out to former users and directing them to a portal where they can obtain more information. It remains unclear if we’ll ever have the answers about what actually happened at the exchange.

October - MapleChange - 913 BTC

This hack is still up for debate as many believe it was part of an exit scam. MapleChange was a small, Canadian cryptocurrency exchange that began to see an uncommon spike in exchange activity starting in October. Later that month, the exchange announced that it had been hacked and that all funds (valued at $5.7 million) had been withdrawn. As a result, MapleChange announced it was closing its doors for good.

What made people suspicious was the immediate removal of the MapleChange website, social media accounts, and Discord and Telegram channels. The lack of communication has led many to believe that there was no hack despite MapleChange insisting they were just taking a break to decide how to proceed.

Instead of deciding to pay anyone back, the crypto exchange gave what little they had left to the developers who had created the remaining coins. The internet is still divided as to whether or not the whole thing was a hack or just another scam. 

September - Zaif - 5,966 BTC

This is yet another case where it’s unclear how hackers stole the funds. However, Zaif did file a criminal case with their local authorities, which makes it sound like they have an idea as to who did it. Either way, this Japanese exchange lost $60 million worth of cryptocurrency.

June - Coinrail - 1,927 ETH, 2.6 Billion NPXS, 93 Million ATX, 831 Million DENT Coins & large amounts of 6 other tokens

Despite the fact that Coinrail was a relatively small cryptocurrency exchange, it did a lot of business which drew the attention of hackers. Exact details of the attack are still unclear, and the exchange lost an estimated $40 million.

June- Bithumb - $31 Million Worth of XRP

Unfortunately Bithumb’s hacking problems didn’t start in 2019. The exchange was hacked in 2018 as well (and you will see them again on our list), with hackers making off with substantial amounts of Ripple. This hack appears to be orchestrated by a group of North Korean hackers known as the Lazarus Group, who have been responsible for a number of cryptocurrency hacks over the years. Luckily for Bithumb users, the exchange promised to pay back any stolen funds.

May - Bitcoin Gold - $18 Million Worth of BTG

This is probably one of the stranger hacks on our list, as a cryptocurrency exchange wasn’t hacked but a cryptocurrency was. Bitcoin Gold was an offshoot of the original Bitcoin, which took a hard fork from Bitcoin as an attempt to decentralize (ironic given that Bitcoin is already decentralized). 

Bitcoin Gold became the victim of a 51% attack, a rare occurrence where hackers managed to gain control of more than 50% of the networks computing power. From there, attackers can prevent confirmations, allowing them to effectively stop payments between users and make changes to the network’s blockchain ledger. This type of attack was thought to be rare, if not impossible, until the Bitcoin Gold incident.

Using some complicated maneuvers, hackers put their Bitcoin Gold onto exchanges, traded them for other cryptocurrencies, then withdrew the amount. And because they had control of Bitcoin Gold’s blockchain ledger, they could simply return the original Bitcoin Gold back into their own wallet, essentially stealing money from exchanges.

May - Taylor - 2,578 ETH

Taylor is a cryptocurrency trading app, that raised a successful initial coin offering (ICO) in order to get funding. Unfortunately, not long after, hackers managed to gain access to a company device and took control of a password file. The malicious actors stole all of the Ethereum raised in the ICO, valued at $1.5 million. There were concerns that this was just another exit scam, but it appears that Taylor has slowly managed to rebuild. 

April - CoinSecure - 438 BTC

CoinSecure, an Indian cryptocurrency exchange, lost Bitcoin valuing $3.5 million at the time of the hack. However, it seems like this one was an inside job. The owners of CoinSecure believe their former Chief Security Officer stole the funds. It seems they may have been onto something, as he was later arrested. 

February - Bitgrail - 17,000,000 NANO

Over $170 million was stolen from the Italian exchange Bitgrail, and the details are a little fuzzy. While the owner, Francesco Firani, announced the hack, other Bitgrail employees denied it and said there was nothing wrong. People are skeptical as to whether this was an actual hack, or an attempt at an exit scam.

January - Coincheck - 523,000,000 NEM

Coincheck was the leading exchange in Japan, but the hack showed how remarkably unsecure the platform was. The hackers managed to spread a virus through email that allowed them to steal private keys. After that it was remarkably easy, as Coincheck did not use smart contracts or multi-signatures, and all coins were stored in the same wallet. The total value of cryptocurrency stolen is one of the highest ever, valued at $533 million at the time of the hack. 

Remarkably, the cryptocurrency exchange is still in business. It began offering full services again in November 2018. Although the hack was believed to have been carried out by North Korean hackers, the malware originated from Russian hacking groups.

2017

December - NiceHash - 4,736 BTC

NiceHash is a cryptocurrency mining marketplace that allows miners to rent out their hash rate to others. Their payment system was compromised, causing the contents of users Bitcoin wallets to be stolen. The exact amount stolen was never confirmed by NiceHash, but it is strongly believed to be 4,736 worth of Bitcoin, worth about $62 million at the time. This story ends on a happy note though, as NiceHash managed to return 60% of the stolen funds to users.

December - Youbit - Unknown

Youbit (formerly known as Yapizon) was a relatively small South Korean cryptocurrency exchange that had experienced a hack earlier in 2017. This time, hackers made off with 17% of the exchange’s holdings. This marked the end for Youbit, they filed for bankruptcy the same day.

July - Bithumb - $7 Million Worth of BTC & ETH

Bithumb makes yet another appearance on this list. At the time of this hack, Bithumb was the fourth largest cryptocurrency exchange by volume worldwide. An unknown hacker managed to gain access to an employee’s personal computer and stole the details of over 30,000 Bithumb users. Not long after, users started to notice their accounts being drained. 

April - Yapizon - 3,800 BTC

Before Yapizon changed their name to Youbit, they experienced their first hack. Malicious actors managed to run off with $5 million worth of Bitcoin and Yapizon did it’s best to mitigate the damages.

2016

August - Bitfinex - 120,000 BTC

This Hong Kong-based cryptocurrency exchange had claimed to be the most secure exchange in the world. Unfortunately, that proved to be very untrue. Hackers made off with a large amount of Bitcoin through Bitfinex’s processing service - BitGo. The price of Bitcoin plunged as a result of the hack.

May - GateCoin - 250 BTC & 185,000 ETH

GateCoin was one of the first regulated cryptocurrency exchanges at the time, and its popularity made it a prime target for malicious actors. Hackers managed to gain access to user wallets and stole cryptocurrencies valued at $2 million. That was the nail in the coffin for GateCoin - the exchange never recovered. 

April - ShapeShift - $230,000 Worth of Cryptocurrency

Over the course of a month, the cryptocurrency exchange ShapeShift was hacked three separate times. According to a detailed report by ShapeShift CEO Erik Voorhees, a former employee was responsible for all three hacks. The cryptocurrency pledged to rebuild, and they are one of the few who has managed to do so successfully. 

2015

February - BTER - 7,170 BTC

This China-based exchange had it’s cold wallet hacked, leading to a loss of over $1.5 million worth of Bitcoin. Users on Reddit were very suspicious, as it is extremely difficult to hack a cold wallet, and hypothesized that the hack was an inside job.

February - KipCoin - 3,000 BTC

You’ll see Linode further down on our list, but it was a hosting server for a few cryptocurrency exchanges.  It was hacked again in 2014, which this time caused a security breach on the KipCoin server. The hackers managed to gain control of the entire platform by changing passwords internally. A month-long struggle ensued, in which the administrators managed to regain control of the exchange, but the hackers still lurked. At the time of the hack, KipCoin did not tell users what was happening in light of the Bitstamp hack and only later revealed the information.

January - Bitstamp - 19,000 BTC

Bitstamp was the first licensed cryptocurrency exchange in Europe. It was compromised when hackers sent a malicious email to Bitstamp employees, and it only took one employee to follow the link and expose the whole exchange. The attackers made off with Bitcoin valued at $5.1 million at the time.

January - LocalBitcoins - 17 BTC

While this was a relatively small hack, it proved a point when it came to spending money on cybersecurity. Attackers used the LocalBitcoins live chat to distribute malware then made off with a relatively small profit. 

January - 796 - 1,000 BTC

It was not a good start to the year for cryptocurrency exchanges in 2015. Chinese exchange 796 had its server compromised, and hackers tampered with withdrawal addresses to trick users. It worked, and major shareholders footed the bill so users didn’t have to lose funds themselves.

2014

October - MintPal - 3,700 BTC

MintPal experienced their second hack in October (scroll down to read about the first one in July), but this one had a lot more twists and turns. Not long after the hack in July, MintPal was purchased by a company called Moolah (also known as Moopay Ltd), owned by Ryan Kennedy alias Alex Green.

After a failed relaunch of MintPal, Moolah announced it was closing its doors but users would be able to still use MintPal. However, user accounts were locked and users were able to track funds being removed from wallets and then watch them be sold on another platform. Kennedy was the only one with access to customer funds, and he was currently on the run. 

Kennedy was arrested in 2016 for rape changes and is now in jail. He is now also facing charges of fraud from the UK police for his involvement in the MintPal hack. 

July - Cryptsy - 13,000 BTC & 300,000 LTC

A trojan virus was inserted into the code of Cryptsy by a hacker going by the name of Lucky7Coin. As a result, Lucky7Coin (and potentially others) walked away with a staggering amount of cryptocurrency. The owner of Cryptsy, Paul Vernon, was accused of destroying evidence and stealing Bitcoin himself and the exchange declared insolvency. Vernon was successfully sued for $8.2 million in a class-action lawsuit.

July - MintPal - 8 Million VRC

Before MintPal’s unfortunate takeover by Alex Kennedy, they experienced another hack. The hacker found a weak point in the withdrawal system on the exchange, and managed to authorize a withdrawal from the Vericoin wallet. The sites Bitcoin and Litecoin wallets were also targeted, but nothing was stolen. The hack resulted in the loss of 30% of all Vericoin, which caused the Vericoin development team to decide on a hard fork in order to mitigate the damages.

March - Mt.Gox - 850,000 BTC

You might be surprised to see this name again, and attached to what is one of the biggest hacks of all time. The investigation is still ongoing and the situation is far from clear, but it appears that when Mt.Gox was originally hacked in 2011, some private keys were also stolen by malicious actors. The hackers gained access to a large number of Bitcoin and started emptying wallets.

Purportedly due to an error in the Mt.Gox systems, the exchange was interpreting these withdrawals as deposits for nearly two years. It was a huge error, costing users a total of $45 million and marking the end of the cryptocurrency exchange. Mt.Gox filed for bankruptcy within the month, and as a result the price of Bitcoin dropped 36%. The former CEO of Mt.Gox was arrested in 2015 after it was discovered he had $2 million worth of Bitcoin that had allegedly been stolen in the hack.

In November 2017, a Russian national by the name of Alexander Vinnik was arrested by US authorities for playing a key role in laundering the Bitcoin that had been stolen in the hack. The story still isn’t over, but there also doesn’t seem to be a clear resolution in sight. 

March - Poloniex - 97 BTC

In the same month, hackers managed to take advantage of an incorrect withdrawal code of this US-based cryptocurrency exchange. While the company did not report exactly how much was stolen, the figure has been explained on the Bitcointalk forum. There is still some speculation as to whether the hack was an inside job or not.

2013

November - BitCash - 484 BTC

The Czech-based exchange Bitcash lost Bitcoin after a hack on their servers. The attackers gained access to emails and sent out a phishing scam, pretending to be Bitcash to obtain customer information, which they then used to steal funds.

May - Vicurex - 1,454 BTC

While the hack of Vicurex has never exactly been confirmed (leading some to believe it was an inside job), the cryptocurrency exchange announced it had lost most of its reserve funds to attackers. Vicurex, claiming near bankruptcy, froze all withdrawals, leading several former customers to sue the company for withholding their money.

2012 

September - BitFloor - 24,000 BTC

At the time of the hack, BitFloor was the fourth largest exchange on the US market. Attackers managed to gain access to the servers and found unencrypted backup wallet keys. From there, they simply siphoned out the funds, worth a cumulative $250,000. 

May - Bitcoinica - 18,457 BTC

Unfortunately for Bitcoinica, they suffered another hack just two months after their initial hack. This led many to suspect that the original security issues from the Linode attack in March had never actually been effectively dealt with. The site was immediately shut down and the exchange was ultimately closed for good.

March - Linode - 43,000 BTC from Bitcoinica & 3,000 BTC from Slush

This one is a little complicated. Linode is a web hosting provider, and they hosted the cryptocurrency exchanges Bitcoinica and Slush. Linode itself was hacked, and the attackers managed to steal significant amounts of Bitcoin from both exchanges.

2011 

June - Mt.Gox - 2,643 BTC

While at the time this was a relatively modest hack, it was just the beginning of problems for Mt.Gox. In this hack, attackers were able to gain access to a computer belonging to an auditor at the cryptocurrency exchange. The malicious actor changed the price of Bitcoin to $0.01, purchased them at the artificially low price and made off with a small fortune.

October - Bitcoin7 - 11,000 BTC

In this case, hackers from Russia and Eastern Europe managed to gain access to Bitcoin7’s servers. This also gave them access to the exchange’s main BTC depository and two backup wallets. Bitcoin7 continues to exist with an obviously spammy website (steer clear!).

Conclusion

Cryptocurrencies are relatively safe, but take a look at this list to make sure the cryptocurrency exchange you use isn’t on it! Exchanges are always at risk of attack, especially when they are doing a lot of business. It’s important that cryptocurrency exchanges take security seriously, and put a number of measures in place to prevent security breaches. 

Any decent cryptocurrency exchange should outline what security measures they have in place. If they don’t, and fail to adequately justify their reasons for withholding that information,  then that’s a red flag you would do well to pay attention to.

Hackers are never going to stop targeting crypto exchanges as long as it remains profitable. While a good cryptocurrency exchange will have multiple security measures in place, users need to do their homework too. Do your due diligence when signing up for an exchange to make sure that you don’t become a victim. 

Unfortunately, most people do not understand the gravity of the problem until it personally affects them through identity theft or other malicious activity. Unsurprisingly however, the rate of identity related crime is exploding, and a recent study claims that there is a new victim of identity theft every 2 seconds in the United States alone.

On top of that, Experian has published statistics showing that 31% of data breach victims later have their identity stolen. Keeping in mind that the number of records exposed through data breaches is so high, this is alarming news.

One important reason for the malaise is that data breaches have seemingly become an inevitable part of modern life. We have to register for online accounts in order to participate in a modern society, and have to swallow the fact that the centralized databases containing our information will sooner or later suffer a breach.

That is why ESelfKey is working on an end-to-end self-sovereign identity management system which will do a much better job of protecting you from data breaches.

You can learn more about our solution here, but for now, let's take a closer look at the damage.

State of the breach June 2020: AT LEAST 16 billion records, including credit card numbers, home addresses, phone numbers and other highly sensitive information, have been exposed through data breaches since 2019. The first quarter of 2020 has been one of the worst in data breach history, with over 8 billion records exposed.

Check out Have I Been Pwned to see if your accounts have been compromised by a data breach.

Undisclosed Number of Users – Samsung, July 2022

Samsung, in August 2022, admitted that a security incident in their U.S systems led to unauthorized third-party access and a data breach that affected an undisclosed number of users has happened. Samsung officially confirmed that personal information, including contact, DOB, and product registration information, was stolen. This was the second data breach for Samsung in 2022, as in March, the company reported that a hacker group had gained access to some of their confidential source code, including a biometric lock algorithm. 

5.4 Million Users – Twitter, January 2022

Twitter suffered a data breach in January 2022. This time the hackers exploited a security vulnerability to build a database of personal information, including email addresses and phone numbers of 5.4 million users. Twitter acknowledged the incident in early August.

533 Million Users – Facebook, April 03, 2021

Facebook was associated with large data breaches more than a few times in the past. Being one of the largest social media platforms, the data breaches happening for Facebook have always proved critical. The most recent data breach of Facebook has exposed the personal data of 533 Million users. The data exposed included phone numbers, DOB, locations, past locations, full name, and in some cases, email addresses.

Over 1 Million - OneClass, June 29, 2020

Online learning platforms have become increasingly popular targets for data breaches over the past few months as the education world has gone digital. Unfortunately, OneClass is no exception and left the data of over a million North American students (many of them minors) exposed on an unsecured Elasticsearch server. The data exposed included students’ full names, email addresses, schools/universities, phone numbers, account details and school enrollment details.

Over 2 Billion - BlueKai, June 19, 2020

US tech giant Oracle owns BlueKai, a company very few have heard of outside of marketing circles but it possesses one of the largest banks of web tracking data outside of the federal government. The company uses website cookies, and other tracking technology, to follow your activities on the web then sells that data to companies and marketing firms. 

For an unknown period of time, all of that web tracking data was left exposed on a server without a password. Billions of records were unsecured for anyone to find. The data exposed included names, home addresses, email addresses and other identifiable data including web browsing activity. The details are still fuzzy. Oracle says that they have taken care of the problem but haven’t offered up any information as to how this happened and who was affected. 

At Least 8 Million - Postbank, June 14, 2020

The Postbank in South Africa has had to replace over 12 million bank cards after an unencrypted master key was stolen by employees. The master key granted anyone complete access to the bank’s systems and the ability to change information on any of the bank’s 12 million cards. The breach specifically affected between 8 and 10 million beneficiaries who receive social grants every month. It’s still unclear if any funds were stolen, and exactly what data was exposed.

5 Billion - Keepnet Labs, June 9, 2020

Keepnet Labs is a UK security company that initially experienced a breach back in March 2020 when a database was exposed containing data that had been previously been exposed in other data breaches. After being notified, Keepnet Labs quickly took the data down but refused to acknowledge the breach. They even went as far as to pursue legal action against at least one tech reporter who had written about the breach.

The breach was finally acknowledged this month when Keepnet Labs issued a statement saying that they were not directly responsible, but rather a third party provider was. Although no new data was exposed, it’s ironic that a security company would experience a data breach.

329,000 - Chartered Professional Accountants of Canada, June 4, 2020

Chartered Professional Accountants of Canada (CPA) experienced a cyberattack early in the month that allowed unauthorized third parties to gain access to the personal information of over 329,000 members and stakeholders. The stolen information was mostly related to the distribution of the CPA Canada magazine and included personal data such as names, addresses, email addresses, and employer information. 

Passwords and credit card numbers were also exposed, but CPA Canada says they were all protected by encryption. Anyone affected by the breach has been notified by the company, and CPA Canada notified the relevant authorities.

47.5 Million - Truecaller, May 27, 2020

The personal data of 47.5 million Indians was found for sale on the dark web for $1,000, and is claimed to have originated from the popular caller ID and spam blocking app Truecaller. Personal information such as phone numbers, service providers, names, genders, and more was made available. 

However, Truecaller denies there was a breach at all. Truecaller suffered a previous data breach in May 2019, and the company suggests that it is the same data set that is for sale. If Truecaller has suffered a breach this month, then it’s a case of gross negligence, or it could just be criminals trying to make a quick buck.

26.3 Million - LiveJournal, May 27, 2020

For years rumors have circled that blogging platform LiveJournal suffered from a data breach, and many users have reportedly received extortion letters tied to their LiveJournal accounts. The breach was finally confirmed this month by multiple hackers who are selling the user data on the dark web. It’s unclear what year the breach actually took place, but the details weren’t revealed until this month when Have I Been Pwnd? received a copy of the leaked user database.

The data that was breached included usernames, emails, and plaintext passwords of over 26 million users. LiveJournal and it’s parent company, DreamWidth, have yet to acknowledge the breach despite users complaining of having their data stolen for years.

8.3 Billion - AIS, May 25, 2020

Thailand’s largest cellphone network pulled a database containing billions of Thai internet users offline after discovering records were being leaked for over two weeks. The passwordless database was discovered by security researcher Justin Paine who quickly notified AIS about the massive breach. 

AIS has come out saying that no personal information was made available, but unfortunately, that’s just not true. The leaked data included DNS queries, which have the potential to let authorities and hackers know who was visiting which websites and from where. This is particularly problematic as Thailand has incredibly strict censorship laws, and if the authorities get ahold of the leaked data, it could lead to arrests.

25 Million - Mathway, May 25, 2020

A popular website for helping students and children learn mathematics suffered from a data breach, resulting in more than 25 million records being exposed. The breach was only discovered when the records were being sold on the dark web earlier in May. So far, it is believed that only emails and hashed passwords were exposed.

Over 1 Million - EHTERAZ, May 22, 2020

While many governments have talked about using an app to track the spread of COVID-19, only a handful of countries have actually created one. In Qatar, the app used by the government to track COVID-19, EHTERAZ, is compulsory. Unfortunately, due to inadequate security measures, the app suffered a data breach exposing the sensitive personal information of over one million residents.

Information such as names, birth dates, national ID numbers, location, and health status were all made available. It is unknown how long this data was exposed for, but luckily the Qatari government was quick to act.

2.3 Million - Indonesia, May 22, 2020

The private data of over two million voters in Indonesia was found for sale on the dark web, along with a threat to release a further 200 million records. It’s unclear exactly where the data came from, and how it got stolen, but some of the records date back as far as 2013. Information such as home addresses, names, and national ID numbers were breached. The investigation is still ongoing.

9 Million - EasyJet - May 19, 2020

European budget airline EasyJet suffered a major breach that began in January 2020 but didn’t notify customers until April and May 2020. Emails and travel information were amongst the information that was breached, and over 2,000 customers had their credit and debit card details accessed.

EasyJet has declined to say how the attack happened, and who committed it. Thanks to the GDPR, EasyJet could face a major fine if they are discovered to have inadequate security measures in place.

9 Million - CDEC Express, May 14, 2020

Russian delivery company, CDEC Express, suffered a major breach when it was discovered that the records of 9 million customers were for sale on the dark web. CDEC Express has denied that they were the ones who were breached, stating that personal data is collected many companies and that they were not the source. Information such as the delivery of goods, buyer information, and tax ID numbers were all breached.

3.7 Million - MobiFriends, May 11, 2020

Millions of users of a popular online dating app, MobiFriends, were hacked early in May. The breached data includes dates of birth, gender, website activity, mobile numbers, usernames, email addresses and MD5 hashed passwords. The breach is believed to have originally taken place in January 2019, but the information has recently been available for sale (and now for free) on the dark web.

21,909,707 - Unacademy, May 3, 2020

One of India’s largest online learning platforms, Unacademy, suffered from a massive breach after a hacker gained access to a database and began selling account information of more than 20 million users. Names, emails, passwords, and account activity were among the data that was stolen. Hackers have claimed to have stolen more data than just user information, but what that may be (and if it’s true) remain to be seen.

91 Million - Tokopedia, May 3, 2020

Indonesia’s largest e-commerce platform, Tokopedia, began investigations after security researchers discovered a treasure trove of customer data for sale on the dark web. However, the initial breach turned out to be far worse than anticipated. The initial number of 15 million records ballooned up to 91 million after the investigation was launched.

While Tokopedia has stated several times that passwords were not included in the data that was leaked, plenty of other personal information was. Names, emails and birthdays were all available for sale, and there were at least two buyers of the information.

Unknown - ExecuPharm, April 27, 2020

Major US pharmaceutical firm ExecuPharm suffered a major data breach in March but didn’t notify the public until a month later. Malicious actors gained access to ExecuPharm’s servers and held them for ransom. Additionally, the hackers also sent out phishing emails to ExecuPharm’s employees.

It’s unclear exactly how many people were affected, but a large amount of sensitive data was leaked including social security numbers, taxpayer IDs, driver’s license numbers, passport numbers, bank account details, credit card numbers, and more. The hackers later went on to publish the stolen data on the dark web.

160,000 - Nintendo, April 24, 2020

Video game giant Nintendo experienced a breach that affected 160,000 users. The issues began in early April when hackers gained access to login IDs and passwords to Nintendo accounts. Malicious actors gained access to nicknames, emails, birth dates, and country of residence. Even worse, some accounts experienced fraudulent purchases.  

28,000 - GoDaddy, April 23, 2020

GoDaddy is one of the world’s largest domain registrars and a web hosting company that provides services to roughly 19 million customers around the world. While only 28,000 customers were affected, any breach for a company of this size is a big deal. The data breach itself took place in October 2019 but wasn’t discovered until April 2020. 

An unauthorized individual gained access to login credentials for SSH on hosting accounts, and as a result, the breach only affected hosting accounts. So far, it doesn’t appear like any personal information was leaked. That being said, the investigation is still ongoing.

5.2 Million - Marriott, March 31, 2020

This isn’t the first time hotel giant Marriott has suffered a data breach. Back in 2018, 383 million records were leaked. This time, hackers obtained login details of two employees and broke into the system in January 2020. Marriott has said that they have no reason to believe that any payment information was breached, just personal data of their customers (such as names, addresses, and contact information).

29,969 - Norwegian Cruise Line, March 20, 2020

March was already a bad months for cruise lines, and things got a lot worse for Norwegian Cruise Line when one of it’s databases was breached. The leaked information was only regarding travel agents, no guests were affected. Despite being notified of the breach earlier in the month, the company was slow to react and has since attempted to downplay the extent of the breach.

Unknown - Rogers, March 18, 2020

Canadian telecommunications giant Rogers experienced a data breach when one of their external providers inadvertently made information available online that provided access to a customer database. It’s unclear how many customers were affected, but the company has over 10 million wireless subscribers. Rogers stated that although personal information like names, addresses, and contact information was leaked, no payment information or passwords were compromised.

Unknown - Princess Cruises, March 13, 2020

It’s been a rather unfortunate month for Princess Cruises. First they had to suspend operations thanks to COVID-19, then they announced that they had experienced a data breach. The breach actually took place from April to July 2019 and discovered the breach in May 2019. It’s unclear why the cruise line waited so long to notify customers. 

An authorized party managed to gain access to employee email accounts and accessed personal information of employees, crew members, and guests. It’s unclear exactly how many people were affected, and Princess Cruises has been pretty quiet about the whole thing.

6.9 Million - The Dutch Government, March 11, 2020

In a rather bizarre turn of events, the Dutch government admitted to losing two external hard drives that contained the personal data of more than 6.9 million organ donors. The hard drives contained records from 1998 to 2010 and had been placed in a vault in 2016. When officials went to access them this year, they were mysteriously gone. So far, there is no evidence that anyone has attempted to use the data.

At Least 81.6 Million - Antheus Tecnologia, March 11, 2020

Brazilian biometric solutions company Antheus Tecnologia suffered from a significant data leak and other security flaws, which lead to an Elasticsearch server containing biometric data to be exposed. An estimated 76,000 fingerprints were on the server. Other records included employee company emails and telephone numbers.

201,162,598 Million - Unknown, March 5, 2020

The Comparitech security research team alongside security expert Bob Diachenko discovered an unprotected Google cloud server containing the personal data of 200 million US residents. The server was originally found in January, and the team worked to identify the owner of the server but couldn’t uncover who they were.

The server was finally taken offline in March, although the data was exposed for at least one month. Most of the data exposed contained personal, demographic, and property information. The majority of the information was incredibly detailed, including things like net worth, property value, mortgage details, and tax assessment info.

900,000 - Virgin Media, March 5, 2020

A Virgin Media database containing the personal information of 900,000 people was left unsecured online for ten months. The data breach is not the result of criminal activity, just negligence on the part of Virgin Media. The database was for marketing purposes and contained information such as names, phone numbers, emails, and home addresses.

The database was accessed by an unknown person while it was available on at least once. Virgin Media reported to incident to the ICO and has launched a full investigation. 

330,000 - Slickwraps, February 21, 2020

On the 25th of February The Verge reported that Slickwraps, a company that makes vinyl skins for phones, tablets and laptops, suffered a significant data breach affecting the personal information of over 330,000 customers. Worryingly, the hackers sent out an email blast to all affected users, mentioning their name, home address and an indictment of Slickwraps security measures.

Well that's a big old yikes from @SlickWraps pic.twitter.com/28SOEMIBZ9

— Toneman (@Toneman) February 21, 2020

Unknown - Defence Information Systems Agency, February 11, 2020

The US defence agency that handles secure communications for the White House suffered a data breach between May and July of 2019, but the breach wasn't discovered until February 2020. The Defence Information Systems Agency (DISA) is responsible for direct telecommunications and IT support for President Donald Trump, Vice President Mike Pence, their staff, the U.S. Secret Service, the chairman of the Joint Chiefs of Staff and other senior members.

The extent of the breach, including how many were affected and what data was compromised, is unclear as DISA has been extremely tight-lipped. The agency employs over 8,000 military and civilian employees according to their website.

Unknown - The United Nations, January 29, 2020

Hackers compromised dozens of UN servers in the summer of 2019, yet the world body kept it a secret, even from it's own employees. While the size of the breach is unclear, staff records, health insurance, and commercial contract data were compromised. As the UN is under diplomatic immunity, they are not required to divulge what data was taken or notify those affected. The UN was allegedly notified about several security issues years ago.

At least 10,000 - LabCorp, January 28, 2020

Clinical laboratory LabCorp suffered an earlier breach in July 2019 when 7.7 million records were stolen. Unfortunately, the security upgrades they must have made were not enough to prevent another breach at the end of January 2020. At least 10,000 patient records were exposed including names, addresses, and in some cases, social security numbers.

250 Million - Microsoft, January 22, 2020

Microsoft didn't have a great start to 2020. 250 million customer service and support records, going all the way back to 2005, were breached. Microsoft has said that only email addresses and IP addresses were exposed, but security researchers believe that it goes beyond that.

According to Microsoft, the records were not publicly available as they were stored on an internal data base and were only exposed for just under a month. The tech giant conducted an internal investigation and claims that there was no sign of malicious use.

2.4 Million - Wyze, December 30, 2019

The smart camera provider Wyze suffered two breaches at the end of December when databases were left exposed for over two weeks. So far, it appears that only email addresses were leaked. Smart cameras are starting to become a popular target for hacks.

Unknown - Wawa, December 19, 2019

Wawa is a convenience store chain on the east coast of the US, and suffered a massive data breach involving payment information starting in March 2019. The breach wasn’t discovered until December, and it is believed that thousands have been affected. Card numbers and customers names are amongst some of the data that was stolen.

267 Million - Facebook, December 19, 2019

Security expert Bob Diachenko discovered that a database containing personal information of more than 267 million Facebook users had been left exposed. The exposed data included names, phone numbers, and Facebook IDs. Hackers in Vietnam are believed to be responsible.

15 million - LifeLabs, December 17, 2019

In what is believed to be the largest breach in Canadian history, medical testing company LifeLabs suffered a hack in October that left 15 million records of patient data exposed. The breach wasn’t announced until December, and the company is now facing a billion dollar class action lawsuit.

Unknown - OnePlus, November 23, 2019

Indiatoday.in has reported that the popular Chinese smartphone manufacturer, OnePlus, has suffered a significant data breach.  According to the OnePlus security team, an unauthorized party managed to access customer information by exploiting a vulnerability in the OnePlus website. This information includes phone numbers, email addresses, first and last names, as well as shipping addresses. As of now payment information does not seem to have been compromised and it is not yet clear how many people have been affected.

1 Million - T-Mobile, November 22, 2019

T-Mobile, the multi-national wireless network operator, suffered a major data breach, reportedly affecting over 1 million customers. The exposed data includes phone numbers, billing addresses, T-Mobile account numbers, names, and details about rates and plans.

The news comes at a particularly bad time, as customers suffer a heightened risk of identity fraud during the holidays, while T-Mobile's attempted merger with Sprint may now face more intense scrutiny.

1.2 Billion - Unknown, 22 November 22, 2019

An unprotected server containing 1.2 billion records of personal data was found by security researchers. Renowned security experts Vinny Troia and Bob Diachenko found the Elasticsearch server and soon concluded that the data had been sourced by a data enrichment company. This would explain the breath-taking size of the breach, which exposed 622 million unique email address, as well as social media profiles, phone numbers, employers and even job titles.

3 Million - UniCredit, October 28, 2019

3 Million customers of the Italian Bank UniCredit have had their sensitive information exposed by a major data breach. The compromised information includes the names, telephone numbers, email addresses and even cities where clients were registered. ZDNet reports that, although UniCredit operates internationally, all exposed records related to Italian customers.

Yet unknown - 7-Eleven, October 25, 2019

The 7-Eleven fuel app was taken offline on Thursday after customers reported that they could access the personal information of other app users. The information reportedly included the amount of money in their account, names, email addresses, phone numbers and their date of birth. According to the Guardian, the app has been downloaded over 2 million times.

Yet unknown - Web.com, October 16, 2019

On the 16th of October the domain name registration service Web.com announced a serious data breach. According to the disclosure notice an unauthorized third-party gained access to a limited number of their computer systems in late August. According to the statement no credit card data was compromised as a result of the incident.

XX Million - Malindo Air, September 18, 2019

Malindo Air, the low-cost Indonesian Airline, has confirmed a significant data breach affecting millions of passengers. The information, including names, home addresses, phone numbers and even passport numbers, has already been leaked on public forums meaning that those affected, likely already face a much higher risk of identity theft and fraud.

20 Million - Novaestrat, September 16, 2019

A massive data breach has reportedly affected almost the entire population of Ecuador. Security company vpnMentor was the first to identify the breach, when their research team found a Miami-based Elasticsearch server run by the Ecuadorian company Noaestrat.

The breach is particularly damaging, due to the extensive quantity of information stored about each individual. This includes birth dates, names, contact information, national identification numbers, tax payer identification numbers, driving records and bank account balances. The information was seemingly compiled by several Ecuadorian government registries, automotive associations and the Ecuadorian national bank. Among the affected are reportedly six million children.

50,000 - Get, September 9, 2019

According to the Guardian, the personal details of around 50,000 university students have been exposed. An app designed to facilitate payments for university clubs and societies, called Get, apparently allowed unauthorized users to get access to other users' data, including names, email addresses, date of birth and phone numbers.

14 Million - Hostinger, August 25, 2019

Techcrunch reported that the popular web hosting service Hostinger suffered a major data breach affecting millions of users. According to the report, a hacker gained access to the company's systems  including an API database. That database contained customer usernames, email addresses and passwords.

Hostinger has said that the API database stored roughly 14 million customers' records.

1 Million - Suprema, August 14, 2019

One of the leading biometrics companies, Suprema, left the fingerprints, facial recognition information, unencrypted usernames and passwords of over 1 million people on an unencrypted database.  The Guardian broke the story, reporting that Suprema's data is used by the UK Metropolitan police and 5,700 other organizations.

23 Million - CafePress, August 5, 2019

The personal information of over 23 million CafePress customers has been exposed according to multiple reports. The custom T-shirt and merchandise company has yet to issue a statement but the exposed data has been circulating in hacker forums for weeks. The data breach involved the names, usernames, email addresses, passwords, and physical addresses.

50 Million - Poshmark, August 1, 2019

The US-based fashion platform Poshmark suffered a significant data breach according to a blog post on their site.  An unauthorized third party managed to access the email addresses, names, user names, and even clothing size preferences of Poshmark users.

It is still unclear how many people are affected but Poshmark is said to have around 50 million users.

100 Million - Capital One, July 29, 2019

The New York Times is reporting that a former Software Engineer hacked the database of Capital One and obtained the personal information of more than 100 million people. Federal prosecutors have named it one of the largest data breaches in history with potentially devastating consequences.

In addition to millions of stolen credit card applications - Capital One is the third largest issuer of credit cards in the US - the breach also compromised one million Canadian social insurance numbers.

300,000 - QuickBit, July 22, 2019

On the 22nd of July, Coindesk reported that the Swedish cryptocurrency exchange QuickBit suffered an extensive data breach. According to the report, the digital asset platform unknowingly leaked the data of 300,000 customers via an unprotected MongoDB database.

The exposed data included full names, addresses, email addresses, user gender, and dates of birth.

5 Million - Bulgaria's National Revenue Agency, July 17, 2019

Bulgaria suffered a devastating data breach and the largest in its history according to The Next Web. Hackers managed to breach the National Revenue Agency and access highly sensitive information of 5 Million citizens. Bulgaria's population stands at 7 Million, meaning that almost everyone is affected.

The compromised data includes personal identifiable numbers, addresses, and even income data. The hackers sent a download link to local media and stated: "The state of your cyber-security is a parody." An investigation into the extent and ramifications of the data breach are under way.

14,600 - Los Angeles County Department of Health Services, July 10, 2019

CBS Los Angeles reported that malicious actors managed to use a phishing attack to access highly sensitive personal information of 14,600 patients. 2019 has been a horrific year for customer privacy in the medical industry, with breaches occurring on an almost weekly basis.

According to reports, the Los Angeles County Department of Health is in the process of notifying patients. The phishing attack happened in March 2019, and the hackers seemingly had access to employee accounts for several hours. Among the exposed information is: names, addresses, phone numbers and patient information.

78,000 - Maryland Dept. of Labor, July 6, 2019

According to Yahoo News, 78,000 people may have had their personal information exposed, due to a data breach affecting Maryland's Department of Labor. The data reportedly occurred earlier this year and no evidence of malicious activity was found. Nevertheless, the Department is offering all affected customers two years free credit monitoring.

Mars Mission Data - NASA, June 24, 2019

On the 24th of June it was reported that NASA had experienced a significant security incident. According to this report, an unauthorized individual managed to access NASA's Jet Propulsion Laboratory, making off with highly sensitive information. The hacker supposedly went undetected for 10 months and had access to many critical projects - including details about NASA's Curiosity Rover.

11 Million - Emuparadise, June 10, 2019

ZDNet has reported that 11 million user accounts of the popular gaming emulator Emuparadise were exposed after a recent data breach. The user passwords were stored as salted MD5 hashes, a form of encryption deemed unsafe since 2012, and were easily cracked. The full extent of the breach is still unknown, although ZDNet claims that passwords, email addresses, IP addresses and usernames are involved.

7.7 Million - Labcorp, June 4, 2019

Just a day after Quest Diagnostics announced its breach, another company dealing with highly sensitive medical records announced a major security incident. According to USA Today, Labcorp was also using the collections firm American Medical Collection Agency (AMCA), which experienced a supposed breach earlier this month. Specifics are hard to come by, but names, addresses, dates of birth, and balance information are likely among the compromised data.

11.9 Million - Quest Diagnostics, June 3, 2019

Quest Diagnostics, a clinical laboratory company, announced that an "unauthorized user" gained access to the medical records and social security numbers of up to 12 million customers.  Information is still sparse, but it appears that AMCA, a billing vendor used by Quest, was exploited for the attack. All parties are working closely together to understand the full scope of the data breach.

Unknown - Checkers Restaurants, May 30, 2019

ZDNet reported that hackers breached the security systems of Checkers Restaurants and installed malware which infiltrated the restaurant chain's point of sale software. As a result, the hackers managed to steal customers' payment card number, cardholder name, expiration date and card verification code.

Hundreds of locations have been affected although the total number of impacted customers is still unknown.

Unknown - Flipboard, May 29, 2019

The popular news aggregation app Flipboard announced that it had detected unauthorized  access to some of its databases between June 2, 2018 and March 23, 2019. It's still unclear how many of the 145 million monthly users are affected, but names, email addresses and cryptographically protected passwords are among the exposed data.

139 Million - Canva, May 28, 2019

Marketingland reported that the leading graphic design tool Canva had experienced a cyber attack which affected up to 139 million users. According to the report, the attack targeted usernames, email addresses and passwords, although luckily credit card details were not compromised. Canva is particularly popular among entrepreneurs and online marketers from all over the world.

885 million - First American, May 25, 2019

Renowned cyber security experts Krebs on Security reported that Fortune 500 giant First American Financial Corp exposed customers' bank account numbers, statements, mortgage as well as tax records through its faulty website. 885 million highly sensitive records were leaked to anyone who knew where to look, with the records going back to 2003.

49 Million - Chtrbox, May 20, 2019

An unsecured database seemingly belonging to Chtrbox, a Mumbai-based social media marketing firm, was discovered online. TechCrunch reports that the database contained more than 49 million records comprising bio info, email address, phone number, and profile picture of millions of Instagram users.

1.5 Million - Freedom Mobile, May 9, 2019

The VPN Mentor research team discovered a data breach which exposed the personal information of 1.5 million Freedom Mobile users. Worryingly, the data included credit card numbers and CVV numbers, meaning that significant financial damage will likely be incurred as a result.

1.6 Million - AMC Networks, May 1, 2019

Renowned security expert Bob Diachenko discovered a publicly available MongoDB instance exposing the data of 1.6 million AMC network subscribers. The subscriber information contained names, emails, subscription plan details and more personally identifiable information. This is another alarming example of failure to meet the very lowest security standards.

Unknown - Atlanta Hawks, April 23, 2019

Struggling Basketball teams are just as vulnerable to data breaches as governments, businesses and Universities. On April 23, CNet reported that the Atlanta Hawks eCommerce store had been infected with malware designed to steal the payment information of customers. Expert Willem De Groot identified the notorious hacking group Magecart as the culprit and the Atlanta Hawks are still investigating the full extent of the hack.

9 Million - Bodybuilding.com, April 22, 2019

One of the biggest service providers in the fitness industry, bodybuilding.com, suffered a serious hacking attack potentially impacting its 9 million users. According to Forbes, a sophisticated phishing attack had allowed hackers to gain access to the highly sensitive data including billing addresses, names, email addresses and birth dates.

Unknown - Microsoft Email Services, April 15, 2019

Popular email services msn.com, hotmail.com and outlook.com were affected by a significant data breach according to TechCrunch. The vulnerability seemingly existed between January 1st and March 28 2019, and allowed hackers to access email accounts.

540 Million - Facebook, April 2, 2019

Mark Zuckerberg was in the news for all the wrong reasons in April 2019. The (so far) newest addition to the litany of blunders involved exposing the personal records of over 540 million Facebook users. According to TechCrunch, cybersecurity experts found the data on an unsecured, publicly accessible database.

1.3 Million - Georgia Tech, April 2, 2019

Universities are just as likely to get hacked as a business or government organization. On April 2nd, a host of highly sensitive personal information managed by Georgia Tech was accessed by a hacker. The information of 1.3 million faculty members, students and employees was affected according to patch.com. Social Security Numbers, birth days, names and addresses were breached.

980 Million - Verifications.io, March 29, 2019

Towards the end of March 2019, cybersecurity expert Bob Diachenko found an unsecured database containing 982 million email addresses along with names, genders, employers and home addresses. The server was unsecured and available to anyone who knew were to look. Upon notification verifications.io, the company seemingly behind the database, shut down its website and ostensibly ceased to operate.

2 Million - Earl Enterprises, March 29, 2019

The credit card information of more than 2 million customers of Earl Enterprises was stolen and later sold according to krebsonsecurity.com. Criminals managed to install sophisticated malware on the company’s point of sale software, allowing them to syphon off the highly sensitive payment information.

1.8 Million - Federal Emergency Management Agency, March 22, 2019

Data breaches are particularly harmful when they affect vulnerable people. In March 2019, the Washington Post reported that 1.8 million disaster survivors had their banking information plus their home addresses accidentally shared with contractors. These people had primarily sought shelter after wildfires and hurricanes.

2 Million - Oregon Department of Human Services, March 21, 2019

Government organizations are just as likely to suffer data breaches as hospitals, businesses and two person startups. On March 21st, the Oregon Department of Human Services announced that poorly trained employees had fallen for a phishing attack, comprising highly sensitive personal information of roughly 1.6 million people. This includes emails, addresses, names and much more.

600 Million - Facebook, March 21, 2019

Facebook has a long history of privacy abuses and data scandals. At the end of March 2019, the social media giant admitted that it had failed to secure the passwords of 600 million users since around 2012. Thousands of Facebook employees had access to the millions of unsecured records, which were stored in a plain text file.

1.5 Million - Gearbest, March 14, 2019

In March, the VPN Monitor research team reported that Gearbest, a highly successful Chinese eCommerce company, had a completely unsecured database. The VPN Monitor team managed to access a database containing 1.5 million records. Alarmingly, the information contained payment information, billing address, order history and much more highly sensitive information.

2.4 Million - Dow Jones, March 1, 2019

One of the most significant data breaches ever occurred on March 1st, when more than 2 million identity records including government officials and politicians was leaked online. According to reports from Zdnet, the information was stored, alarmingly, on a publicly accessible database.

1 Million - UW Medicine, February 20, 2019

February 20th was a particularly bad day for the personal data of medical patients as both Advent and UW Medicine reported significant data breaches. In the case of the UW Medicine data breach, nearly 1 million people were affected by a simple bug: A problem with the platforms server indexed highly sensitive data on search engine’s, meaning that patient’s financial history, passwords, social security and more were available with a simple Google search.

42,000 - Advent Health, February 20, 2019

Data breaches affecting medical records are particularly hazardous. In February, the Advent Health Medical Group notified its members of a 16-month long data breach exposing medical histories, social security numbers and a host of highly sensitive information. According to reports, 42,000 individuals were affected.

14.8 Million - 500px, February 15, 2019

The popular photo sharing site 500px was hacked, exposing the data of 14.8 million users. Information such as names, usernames, emails, locations, gender, and birth dates were revealed. The website notified its users and forced a password reset, although the hack happened in July 2018 and they weren’t aware of it until February 2019.

6 Million - Coffee Meets Bagel, February 14, 2019

In a case of ironically poor timing, the dating app Coffee Meets Bagel announced a data breach just in time for Valentine’s Day. While only names and emails of users were exposed, the breach impacted approximated 6 million people.

Unknown - Dunkin’ Donuts, February 12, 2019

Dunkin’ Donuts announced a data breach for the second time in three months, affecting DD Perks rewards members. Hackers used credential stuffing attacks to gain access to customer accounts, then sold them on the Dark Web for profit. The first of these attacks happened at the end of November, and although the company didn’t say how many customers had been affected, there are currently 10 million DD Perks members.

24,000 - EyeSouth Partners, February 6, 2019

An unauthorized third party gained access to an employee email account of Georgia-based EyeSouth Partners. Over 24,000 patients had their data compromised, such as names, health insurance information, and account balance information.

Unknown - Huddle House, February 4, 2019

The US-based casual dining and fast food restaurant chain, Huddle House had their point of sale system compromised, giving hackers the ability to install malware to steal the payment information of customers between August 2017 and February 2019. How much damage was done is still unclear as Huddle House is continuing their investigation.

20,000 - Catawba Valley Medical Center, February 4, 2019

Phishing scams seems to be a popular and effective cyberattack in the medical industry, as three employee email accounts at Catawba Valley Medical Center were hacked by one in the summer months of 2018. An estimated 20,000 patients of the North Carolina-based medical facility had their names, birth dates, social security numbers, and personal health information exposed in the attack.

Unknown - Houzz, January 31, 2019

To finish off January, the popular home improvement website Houzz announced a data breach affecting users of their platform. While Houzz did not disclose how many people were affected by the breach, the site has approximately 40 million users. The company stated that public profile information such as names, locations, usernames, and hashed passwords were taken by an unauthorized third party.

23,000 - Critical Care, Pulmonary & Sleep Associates, January 31, 2019

Employees of the Critical Care, Pulmonary & Sleep Associates (CCPSA) fell for a phishing attack that led to approximately 23,000 patients having their data breached. The Colorado-based healthcare facility realized that the hacker had access to names, dates of birth, addresses, medical information, social security numbers, and driver’s licenses for three months

100,000 - Alaska Department of Health & Social Services, January 23, 2019

Alaska’s Division of Public Assistance was the target of a cyberattack that exposed data of at least 100,000 people. It is still unknown who the attacker was, but they were able to access the names, birth dates, addresses, social security numbers, health information, and income of people who had applied for government programs.

24 Million - Ascension, January 23, 2019

The data analytics company Ascension, based in Fort-Worth, Texas, left more than 24 million mortgage and banking documents unprotected in an online database for at least two weeks. According to a report from TechCrunch, the documents included people’s names, addresses, dates of birth, social security numbers, and financial information.

108 Million - Various Online Betting Sites, January 23, 2019

Four different online betting sites stored data on Elasticsearch cloud storage without securing it. Approximately 108 million records were breached including names, addresses, emails, phone numbers, usernames, birth dates, IP addresses, account balances, games played, and win and loss information. If you’ve placed bets via kahunacasino.com, azur-casino.com, easybet.com, or viproomcasino.net, your information was likely exposed.

12,000 - Graeters Ice Cream, January 22, 2019

The Cincinnati-based purveyor of sweets, Graeter’s Ice Cream notified approximately 12,000 online customers that their data had been compromised. Malicious code was discovered on the company’s checkout page which captured customer data such as customer credit card details, names, addresses, phone numbers, and fax numbers.

20,000 - BlackRock Inc., January 22, 2019

The world’s largest asset manager, BlackRock, accidentally leaked the information of as many as 20,000 financial advisors. The company had posted confidential spreadsheets which contained information related to the advisors who work with BlackRock’s iShares unit. The names, emails, and assets managed by advisors were amongst the information that was exposed.

773 Million - Collection #1, January 17, 2019

On the same day, security researcher Troy Hunt discovered a massive database of leaked data on a cloud storage site called MEGA. The database contained over 773 million emails and 22 million passwords, amalgamated from thousands of different data breaches dating back to 2008. The information was also shared on a popular hacking forum, so it is unknown who exactly accessed the data. Needless to say, it doesn’t look good. If you are worried that your credentials have been compromised, you can check on Have I Been Pwned?

Unknown - Oklahoma Department of Securities, January 17, 2019

The Oklahoma Department of Securities (ODS) left millions of government files exposed and unprotected on an open server belonging to the agency. Amongst the exposed files were records pertinent to FBI investigations. The oldest records that were exposed dated back to 1986, and range from personal data to login credentials and internal communications records. The ODS is currently investigating how many records were exposed, who may have accessed them and the potential damage this data breach may have caused.

Unknown - Fortnite, January 16, 2019

The popular online video game Fortnite was found to have exposed players to being hacked. A security firm called Check Point discovered the vulnerabilities in the game and alerted Fortnite to the threat. The vulnerabilities could have allowed malicious actors to take over the account of any player, view their personal information, purchase V-bucks (the in-game currency), and listen in to game chatter. While it is unknown just how many users were affected, Fortnite has 200 million users worldwide of which 80 million are active each month.

31,000 - Managed Health Services of Indiana, January 11, 2019

A phishing attack on the Managed Health Services of Indiana (MHS) exposed the health information of more than 31,000 patients in 2018 and was not discovered until January. The compromised data included names, insurance ID numbers, dates of birth, addresses, and medical conditions. While the MHS says there has been no evidence that the data has been misused, patients were obviously upset.

Unknown - OXO, January 10, 2019

The New York-based manufacturer, OXO discovered that they had been hacked in two separate incidents over the past two years. Both hacks exposed customer information entered on their website. OXO found unauthorized code on their website which collected customer names, addresses, and credit card information. The company has declined to announce the number of customers who were affected by the breach.

Unknown - BenefitMall, January 7, 2019

BenefitMall, a US provider of HR, payroll, and employer services, announced a data breach that occurred after an email phishing attack compromised employee login credentials. The exact extent of this breach is unknown as the company has not released the exact number of records that were affected by the attack. That being said, the stolen information could include customer information such as names, social security numbers, addresses, bank account numbers, dates of birth, and information about their insurance premiums.

Unknown - DiscountMugs.com, January 4, 2019

A major online retailer of custom mugs and apparel, DiscountMugs.com was hacked over a four-month period during the latter half of 2018. Although the company did not disclose how many customers were affected by the breach, it is believed to be upwards of several thousand. A malicious card skimming code had been placed in the company’s payment section of their website and hackers were able to steal full card payment details, names, emails, phone numbers, and addresses.

7.6 Million - BlankMediaGames, January 3, 2019

In almost no time at all, the next great data breach occurred the day after Blur announced their breach. This time, the information of 7.6 million gamers had been stolen during a hack of the game Town of Salem by BlankMediaGames (BMG). According to BMGs announcement, the server had been compromised and emails, usernames, IP addresses, in-game purchases, and in-game activity had been exposed.

2.4 Million - Blur, January 2, 2019

It didn’t take long for the first major breach announcement of 2019. Blur announced a breach after an unsecured server exposed a file containing 2.4 million user names, email addresses, password hints, IP addresses, and encrypted passwords. The password management company urged their users to change their Blur login credentials and enable two-factor authentication.

However, COVID-19 has brought about changes in unexpected areas of our lives, in particular surrounding our data security. Cybercrime has been noticeably increasing, and there are concerns that ransomware attacks could disrupt both government and healthcare organizations. Here’s everything you need to know, including how to stay safe.

The current state of data security

The past year was not great for your data security. There were innumerable data breaches and billions of records were exposed. What has been notable is that there has been an increase in government agencies and healthcare companies becoming victims of data breaches. To give you some perspective, the following government or healthcare organizations were hacked in the last twelve months: the United Nations, the US Defence Information Systems Agency, LabCorp, LifeLabs, Bulgaria’s National Revenue Agency, Los Angeles County Dept. of Health Services, Maryland Dept. of Labor, and many, many more. 

Why exactly has there been an increase in targeting these types of organizations? There are a couple of reasons. The first is that, unfortunately, government agencies are generally not the most technologically advanced when it comes to cybersecurity and this makes them a prime target for data breaches. Old computer systems and out of date security measures allow hackers easy access. Obviously, this is not the case with every government system, but the majority do not have state-of-the-art security protocols in place to prevent breaches. 

Secondly, the data that healthcare and government organizations hold is incredibly valuable. In particular, there has been a rise in medical identity theft over the past few years, which makes medical records very appealing to hackers. Additionally, if a criminal has your social security number, they can steal your tax refund. Even if they don’t use the information themselves, hackers can sell your data to other criminals who can then steal your identity or use it to extort funds from you.

Thirdly, most major countries have their own government-backed hacking groups that they use to target rival countries. Naturally, confidential information and disrupting services like healthcare hurt the most, which makes them prime targets. While individuals are rarely the targets of these types of hacks (unless you’re a high ranking official), they can certainly have a major impact on your life.

What the past couple of years have shown us is that your data is not safe in the hands of organizations. Unfortunately, when it comes to government and healthcare related services, you don’t have much of a choice when it comes to handing over your personal information. However, it has been a wake up call for many organizations, especially with laws like the GDPR and California Consumer Privacy Act that make a lack of security and a lack of response punishable by law. 

The threats COVID-19 poses

During any tragic event, there are always people trying to capitalize off of it, and the Coronavirus is no exception. Cybercrime around the global pandemic has increased over the past few weeks, and in particular, phishing scams have used the virus as a theme. 

What makes phishing scams work (some of the time) is that they create a sense of fear, urgency, or curiousity; feelings that are already elevated right now due to COVID-19. These are extremely powerful emotions that can cause you to make decisions you normally wouldn’t. If you receive an email that looks like it is from your government regarding the Coronavirus, your natural inclination is to do what the email says. Hackers are counting on you not taking a closer look, which is what makes phishing scams so effective. Using real human emotions to prey on innocent victims is called social engineering and can be incredibly powerful in the right (or wrong) hands. 

In January and February 2020, Japan was hit by a massive phishing scam. An email appearing to be from a Japanese disability welfare service provider was sent out with an attachment supposed to contain important information about the Coronavirus. When the document was opened, malware was downloaded onto the victim’s computer. And this is only the beginning, there are certainly going to be more phishing scams in the future.

There has also been an uptick in website domains related to COVID-19, and the majority of these websites are 50% more likely to be malicious than other domains registered since January. All sorts of suspicious websites are claiming to sell testing kits, vaccines, and protective gear when in reality they are just capitalizing on fear.

Ransomware may be imminent

If you’re unfamiliar with ransomware, it’s a pretty basic idea. Hackers gain control of a computer or other device and hold it for a ransom. If the victim fails to pay within a given time frame, then the victim loses access forever. Since ransomware is a criminal activity, sometimes paying the ransom doesn’t restore access at all.

It’s a pretty effective technique because it preys on your fear of losing all of your files, photos, messages, etc., that are stored on your devices. When you apply this to a medical or government setting, ransomware could have devastating consequences, especially during a global pandemic. Criminals are viewing this time as an opportunity rather than a crisis.

A recent report by RiskIQ proposes that criminals are going to leverage the Coronavirus pandemic to launch ransomware attacks, particularly on healthcare organizations. Why? Because healthcare organizations are going to be more likely to pay and willing to pay more to have data released, especially when lives may be at risk. The effects could be devastating, especially if hackers target COVID-19 response and relief efforts.

There is a very real fear in the cybersecurity community that ransomware is imminent, and that the effects it will have in the fight against COVID-19 could be devastating. In fact, ransomware attacks could lead to the spread of the virus if governments and health services are delayed in finding and relaying important information to the general population. So far, there is no evidence that hospitals and government agencies are being specifically targeted, but if the trend of increasing ransomware attacks continue, things could get ugly.

How to stay safe

While there’s not a lot you can do to prevent a ransomware attack against a healthcare or government organization, there are some steps you can take to protect yourself against hackers. Here’s what we recommend:

• Be suspicious - If you receive any email that claims to have important information, check to see who the sender is and what their email address is. Hackers will imitate actual organizations very closely, but something will be off. Don’t download any attachments without making sure it’s from a safe, legitimate source.
• Be cautious of tempting offers- There is so much misinformation circulating right now regarding the Coronavirus. If something sounds too good to be true, especially regarding a cure or vaccine, it definitely is. Only follow the advice of your government and legitimate sources like the World Health Organization.
• Install an anti-virus or security suite and keep it up-to-date - In case you don’t spot malware, it’s important that your computer does. Most email software is pretty good at catching phishing scams, but you may want something heftier just in case. Most importantly, make sure that your software is regularly updated as updates can include important security patches. To make things even simpler, turn on auto updates so you don’t even have to think about it. 
• Enable two-factor authentication - This is one of the easiest ways to see if someone is trying to gain access to your accounts and stop them in their tracks. While not all websites and apps offer two-factor authentication, most of the major ones do. It might feel like a hassle at the beginning but it does a great job of protecting your data.

These small steps could protect your data from being compromised. Given the uptick in ransomware attacks, hopefully government and healthcare organizations will update their security systems too. This is a trying time, in more ways than one.

Conclusion - Data security during the COVID-19 outbreak

The future feels very uncertain right now, in more ways than one. The effect that the Coronavirus is having on data security may seem like an unexpected one, but it is also incredibly important. Suspicious criminal activity is on the rise, and the elevated emotions surrounding COVID-19 could make them far more effective than normal. If ransomware is used on hospitals and government services, the effects could be truly devastating.

This is a difficult time for most of the population, however, for criminals it’s a time that could be very profitable. Crime never stops, even during a global pandemic. In meantime, we should remain hopeful that this chaotic time will soon be over, and that healthcare and government organizations are paying attention to the habits of cybercriminals.

The data collected in data breaches can be incredibly valuable to hackers. They can sell it to other hackers, use it to drain your bank accounts, or impersonate you. In this article, we outline the best ways to protect your data so that when a data breach does happen, your data is not exposed.

1. Separate your emails

Your email address is one of the most common pieces of information that can be exposed in a data breach. It might not seem like much, but hackers can discover a large amount of information about you from just this one piece of information. Additionally, your email may be easy to find already through social media accounts.

As a result, you should create a separate email for important accounts and another for less essential ones. For example, you can use one email address for all of your entertainment accounts (such as Netflix, Spotify, Youtube, Steam, social media, online games, etc.) and another for more important accounts (such as banking, taxes, finances, etc.). By keeping this information separate, you reduce the chances of valuable information falling into the wrong hands.

2. Use a password manager

Most people have a very bad habit of using the same password for multiple websites and apps. This means that if hackers get access to one password, they can usually access multiple accounts. In order to prevent this, experts say that you should have a unique password for each website and app that you use. Additionally, your password should not be a word in the dictionary, and should contain symbols, numbers, and uppercase and lowercase letters.

While it may seem overwhelming to keep track of unique, individual passwords for each account, password managers solve this problem. A password manager stores all of your passwords in one place. Some password managers can even generate completely random passwords for you (usually a long, random, case-sensitive string of numbers and letters). In some cases, the password manager may have a browser extension which automatically enters your password for you. In others, you have to open the app or website each time to copy and paste your password.

While password managers are a target for hackers because they contain a lot of sensitive information, they are better than any current alternative. If someone manages to hack into a password manager’s server, the data they can access is generally useless. The data will not make any sense unless the malicious actors also have the master password, and obtaining a master password is even more difficult.

When looking for a password manager, something to keep in mind is that a good password manager should not allow master password recovery. If a hacker can get a hold of your master password, it puts all of your online personal data at risk.

3. Enable two-factor authentication

You might employ this already, but two-factor authentication (2FA) puts another wall between your personal information and hackers. In essence, 2FA requires you to provide two different authentication factors when logging into an account. Typically, one of these factors is your password and the other is a notification on your smartphone or email.

While not all online accounts offer 2FA, you should enable it wherever you can, in particular for accounts that may contain more personal information. Your social media accounts, email, online banking, and online marketplaces (such as Amazon) should all have 2FA enabled if possible.

4. Use platforms with strong security

It’s vital that the platforms you use have a good system in place to protect your data in the event of a breach. Some companies are extremely committed to security, while others aren’t fussed. One good way to get an idea of how good a platform’s security protocol is is to check if they’ve ever experienced a data breach, and what their response was (take a look at the latest data breaches here).

Repeat offenders and platforms that have a delayed (or non-existent) response to a data breach are places where you don’t want your personal data to be. It very well may be in your best interest to delete accounts and remove yourself from the platform. Consider Facebook, which experienced five separate data breaches )affecting nearly nearly 2 billion user accounts) in 2019 alone. While the social media company has said that they are making changes, the numbers speak for themselves. It might be time to get off Facebook (including Instagram and WhatsApp, also owned by Facebook) or at least severely limit your presence on the platform.

Ultimately, it’s up to you if you want to completely remove yourself from a platform, but in some cases it could make a big difference. We also recommend that you do your due diligence before joining a new platform. Check to see if they’ve dealt with data breaches in the past and how it played out. If it doesn’t look good, don’t make an account.

5. Monitor your accounts regularly

You might be able to spot a data breach before a company does if you keep a regular eye on your accounts. In particular, your bank account can be a tempting target for hackers. It’s important to actively monitor your financial statements. If possible, check your bank account and credit card statements online at least once a week. If checking your statements online isn’t possible, make sure you are monitoring your monthly statements. You can also go the extra step of freezing your credit.

Another great tool is Have I Been Pwned?, which allows you to see if any of your accounts have been subject to a data breach. You can even sign-up to receive notifications in the event that one of your accounts is breached. Additionally, if you’ve had data exposed in a breach, you can see exactly what company was involved so you can take action from there.

6. Clean up your accounts

How many of you have an inbox that is full of old emails? If they contain any sensitive information, that could be used against you in the event of a data breach. By keeping your inbox empty and deleting any old emails containing your personal details, you’re ensuring that there is nothing of value in the event that your account is hacked.

Additionally, malicious actors can hack into your email and threaten to release personal information (in particular explicit photos and messages) to the public for a ransom. If you don’t pay up, your reputation could sadly be ruined. Naturally, this data is even more valuable if the victim is a public figure, such as when the National Enquirer allegedly threatened to release photos of Jeff Bezos and his mistress.

You should consider updating any old accounts too. Payment methods you don’t use anymore, old addresses, and more can be extremely valuable. If you don’t use an account anymore, consider deleting it entirely or at least strip any personal identifying information off of it. 

7. Increase your privacy settings

Is your Facebook profile public? What about Instagram? Who can see your posts? If there’s any information you don’t want to be publicly available, delete it and increase your privacy settings on social media. By removing information and making it harder for people to find you, you stand a better chance of weathering a data breach.

It’s also a good practice to be critical of anyone (friends or not) who randomly starts messaging or calling you asking for seemingly random information or funds. This is called social engineering and is a popular way for hackers to make off with your personal information and your money too. Additionally, familiarize yourself with phishing scams and what they look like.

Conclusion - Surviving a data breach

Data breaches are inevitable, but with the above tools, you are well on your way to making sure that your personal data is protected. Unfortunately, most people do not understand the gravity of the problem until they are personally affected. Taking a proactive approach to your personal data is incredibly important in this day and age, especially when you consider that there is a new victim of identity theft every 2 seconds just in the United States.

While we can hope that companies will begin to take a more proactive approach to user security, that may be a way off. For now, the responsibility lies with the individual to ensure that they are doing all they can to protect themselves. The situation isn’t ideal, but hopefully change is on the horizon.

This is why ESelfKey is working on an end-to-end self-sovereign identity management system which will do a far superior job of protecting you from data breaches. You can learn more about our solution here.

Want to learn more about ESelfKey? Check out this third party review.

Since then, hackers have evolved and become more malicious. From hacking major companies, to stealing millions of dollars and revealing government secrets, hackers are now a major part of modern society. Here’s a look at the most notorious hacking groups of all time and what they’ve done.

7. Lizard Squad - Active

The Lizard Squad originally announced that it disbanded in 2014, but it actually didn’t go anywhere. This hacking group appears to mostly be run by teenagers and young adults. They have mainly hacked gaming-related services like League of Legends and PlayStation. 

The group has claimed responsibility for hacks against Facebook, although Facebook denies that they were ever hacked. In general, the Lizard Squad has a reputation for claiming to have performed hacks when they haven’t actually done anything. They even made a false bomb threat against a Sony executive. The group did manage to successfully hack Taylor Swift’s Twitter account though, but nothing came of it.

Several members of the Lizard Squad have been arrested and charged for their activities. However, that hasn’t stopped the group from continuing to hack. Most recently, they attacked the Labour Party in the United Kingdom.

6. Carbanak - Active

Very little information is known about this mysterious hacking group, but so far it has managed to steal millions from banks. Carbanak (also known as Fin7) started in 2013 and has been one of the most successful hacking groups to date. So far, the group has managed to steal $1 billion from banks around the world. 

The alleged mastermind behind the group was arrested in 2018 along with two other high ranking members. However, Carbanak has carried on successfully without them. A recent report from Bitdefender alleges that the group is still alive and well. Carbanaks modus operandi seems to be to remain unnoticeable; so far they have managed to stay in the shadows. 

5. Syrian Electronic Army - Active

The Syrian Electronic Army emerged in 2011 as a pro-Assad group of hackers. Given the group’s avid support of the Assad regime, it is widely believed that the group has government ties, and Assad has publicly stated his support of the hacking group.

The hackers have primarily focused on targeting US media outlets and social media pages. The Washington Post was a victim of the hacking group (twice), as was the New York Times. Their most notorious attack was when they hacked the Associated Press’s Twitter account, claiming that the White House was under attack and that then President Barack Obama had been injured.

Over the past few years, the Syrian Electronic Army has stayed out of the headlines as it has focused on targets closer to home. However, in 2018 it was discovered that they have been developing malware for Android phones. To date, only one member of the hacking group has been arrested, while others are wanted by the FBI.

4. Lazarus Group - Active

The Lazarus Group (also known as Guardians of Peace) is a group believed to be run by the North Korean government, and it has been very successful. The hacking group seems to have started in 2009, and mostly uses malware in its attacks. 

However, in 2014 the Lazarus Group caught the world's attention when it hacked Sony Pictures in retaliation for the movie The Interview being released. It is also responsible for Wannacry, a ransomware software that requires users to pay to have their data given back to them.

The Lazarus Group has also had a large amount of success with cryptocurrency. So far they have managed to steal $471 million from different cryptocurrency exchanges, and they are responsible for nearly bankrupting the Japanese crypto exchange CoinCheck. The United States government currently has sanctions placed on the hacking group and has frozen any known financial assets associated with them. 

3. Fancy Bear - Active

While the name may sound cute, this hacking group certainly is not. Fancy Bear (also called Sofacy) is a Russian hacking group that is firmly believed to be working under the Russian government. They tend to target foreign governments, embassies, media companies, defence organizations, energy companies, Russian dissidents, and even the Olympic games.

The hacking group got its start in 2008 when it targeted the Georgian government and has been going strong ever since. Fancy Bear was allegedly responsible for the Democratic National Convention hack prior to the last presidential election in the United States. They have also been responsible for the recent attacks on the German Parliament, and tried to influence the French elections in 2017. The group’s members remain largely unknown, and they show no sign of stopping. 

2. Equation Group - Active

If this name doesn’t sound familiar, you’ve probably heard of the organization it is allegedly tied to - The National Security Agency (NSA). Kapersky first announced its discovery of the Equation Group in 2015, lauding it as the most advanced hacking group it had seen to date.

The Equation Group only came to light because it’s members made a number of errors over the years. Given that the group was mostly targeting countries and governments considered to be enemies of the United States (such as Russia and Iran) and that the group seemed to have an unlimited budget, suspicions arose that the Equation Group had government ties.

While it has never been confirmed that this hacking group is working under the NSA, there is strong evidence that it probably is. Obviously, the NSA isn’t going to confirm this connection. Very little is known about the Equation Group, and they likely intend to keep it that way.

1. Anonymous - Inactive

This is probably the most recognizable hacking group on our list. Known for wearing Guy Fawkes masks, the Anonymous group has been behind some of the largest hacks of the 2000s. The group emerged out of 4chan in the early 2000s, and are some of the most well-known “hactivists” to date. 

Anonymous has been involved with a large number of hacks including the Church of Scientology, the Occupy Wall Street movement, the Canadian government, the Westboro Baptist Church, ISIS, and many more. While some of the group’s reasoning for their attacks was questionable at best, most people think of Anonymous as a Robin Hood-esque group of hackers, helping to better the world.

What has made the group so successful is that it is largely decentralized; members do not often know the identities of others in Anonymous. Anonymous has been responsible for 45% of all hacks in the last four years, however, the group now seems to be defunct… or at least very quiet

Honorable Mention: Legion of Doom - Inactive

No list of hacking groups would be complete without The Legion of Doom. This legendary hacking group is no longer active, but it is a hacking group that has gone down as being the most influential of all time. The group was active through the mid-80s to early 2000s, but they are mostly known for their work from 1984-1991. The group is also responsible for penning the infamous Hacker’s Manifesto.

At the time, the most common type of hacking was that of phone companies. This included setting up phone lines that could not be billed by phone companies. The Legion of Doom feuded with another hacker group called Masters of Deception, and their battle royale to decimate one another became known as The Great Hacker War. 

In comparison to the hacking we see nowadays, their activities seem very tame, but it was some of the biggest cyber warfare at the time. Most of the members are still largely unknown.

Conclusion

Since hackers emerged, they have become more and more nefarious. Hacking groups have gone from setting up free phone lines to attempting to destroy whole governments. We have certainly seen a rise in government-sanctioned hacking groups. While protection against cyber warfare is a necessity in today’s age, it would be nice to see governments focus more on preventing attacks instead of initiating them.

Individuals are very rarely the targets of hacking groups (unless you are a high profile individual). However, that doesn’t mean there isn’t potential for your personal data to be compromised as the result of a hack. Major companies and social media platforms are amongst the most common targets.

If you’ve been the victim of a data breach or hack (you can check on the website Have I Been Pwned?), it’s important to know what could happen to your personal data afterwards. Most people aren’t able to prevent a hack, but there are a number of things you can do to protect yourself, and it’s vital that you do your due diligence. If anything, hacking groups are only going to become more advanced as time goes on.

For many, the question remains - what actually happens to your personal data once it’s been stolen? In this article we cover the typical use cases, including what type of data is most valuable and why hackers hack in the first place. 

Why hackers hack

There are a number of reasons why hackers steal data in the first place. The most popular and most obvious reason is financial gain. The majority of hackers want to make a profit, and they can easily do so by stealing information like bank or login details. They can steal your money from your accounts, apply for a credit card or loan under your name, or they can also resell your information to another criminal on the internet. The dark web is full of criminals buying and selling stolen personal information. 

In the past few years, there has been a new development in hacking for financial gain. It has become increasingly popular for hackers to break into your device and encrypt the data on it. It’s called ransomware, and malicious actors hold your files hostage until you pay the ransom within a certain period of time. If you don’t pay, the data is usually destroyed by the hacker. 

Surprisingly, not all hackers are in it for the money; some steal information and act as shadowy vigilantes. Known as “hacktivism”, groups or individuals work together to take down terrorist groups, oppressive regimes, governments, and trafficking rings. We’ve all heard of Edward Snowden, probably one of the most well known hacktivists, who leaked data from the National Security Agency. There’s also the Anonymous group, which has been behind 45% of hacktivism in the past four years. However, the group now seems to be defunct, or at least very quiet. 

A very small number of hackers just want to show off what they can do, and they have no intention of stealing information or making a profit. Sometimes they launch a hack to show how poor a corporation’s cybersecurity is. An example of this is the infamous Ashley Madison data breach, where the profiles of 32 million users were made publicly available. The hackers didn’t want money; they just wanted the website taken down. Ashley Madison is a dating platform for people seeking extramarital affairs, and the leak quite literally tore some families apart.

What data is the most valuable?

There are typically five types of data that malicious actors will want to steal:

1. Payment information - Given that financial gain is the primary reason why hackers hack in the first place, payment data is the most valuable. 
2. Authentication details - Once a hacker has gained access to one account, chances are they can get into others too. The more accounts they hack, the more information they collect.
3. Copyrighted material - Most software can be pretty pricey, and hackers would rather not pay. 
4. Medical records - This might come as a surprise, but medical identity theft is extremely common. Perpetrators will use your information to gain access to healthcare for themselves. 
5. Classified information - While this won’t affect most people, classified information is very valuable for blackmail purposes. 

What happens to your data after it’s stolen?

Once a hacker has your data, there are a few things they can do. The first step is to scan your data for important and/or valuable information like bank details, login information, photos, emails, or messages. The perpetrator will then decide whether they are going to keep the files or sell them to a third party (often called a “broker”). 

Typically, hackers will sell your data. This reduces risk for them, and also gives them an immediate profit. The price for stolen personal information depends on how valuable it is. For example, personal data from a government official or a celebrity is far more valuable than that belonging to the average person. 

As mentioned earlier, credit card and payment details are the most popular on the dark web, and clearing funds from your account is dead easy. Usually a “broker” will buy your card details on a marketplace and resell them to a “carder”. The carder will then get as much money out of your accounts as possible before you or your bank notices. 

They can generally replicate a card by printing one themselves, but more commonly they will use them for a gift card shell game. What happens is the carder will use your payment details to buy online gift cards, and then make purchases with the gift cards. Typically, they will purchase electronics because they are always in demand and can be easily resold, making them relatively low risk. 

The risk of losing your funds is very small with a credit card compared to the risk involved with debit cards. Banks usually have policies in place for credit card fraud and are quite good about spotting suspicious purchases. Debit cards are unfortunately a different story; not much can be done if your funds are stolen. Debit cards are far more common in Europe than in North America, and they are extremely valuable on the dark web. 

Personal information is far less valuable on the black market, since it is already widely available. Your name, birthday, address, and email can sometimes just be gathered by looking at your social media accounts. As a result, there has been a huge growth in extortion regarding personal data.

Malicious actors will obtain your personal information and threaten to release it to the public. This is very common with explicit photos and messages, as hackers will hold them for a ransom. If you don’t pay up, your reputation could sadly be ruined. Naturally, this data is even more valuable if the victim is a public figure, such as when the National Enquirer allegedly threatened to release photos of Jeff Bezos and his mistress. 

Companies, in particular financial organizations, have tried to fight identity and financial crime by implementing Know Your Customer (KYC) procedures. This requires companies to verify the identity of their users by using personal documents such as passports or other forms of government-issued ID. However, this has led to an increase in theft of personal documents, tax information, and insurance numbers. 

KYC information contains everything a malicious actor needs to commit fraud and steal your identity. By having your passport or driver’s license, they can apply for loans, and claim your tax credits and your insurance claims. While this type of hack is very difficult to orchestrate, it is one of the most valuable, making it more and more appealing to criminals. 

How to prevent your data from being stolen

Unfortunately, it is difficult to tell if your data has been stolen, but there are a number of preventative measures you can take. One crucial step is to use a password manager in order to create unique passwords for all of your individual accounts. This prevents hackers from being able to access more of your accounts if they gain access to one.

Blockchain technology can also be of use here. Decentralized identity (DID) gives you far more control over what data you share and who you share it with. Through DID, you prove your identity once to a trusted third party, and said third party handles all requests for identity and access so you don’t have to. Not only is it more convenient, it is far safer.

Lastly, keep an eye on your finances. They are likely to be the first target in any type of hack and you can do things like freeze your credit or place a fraud alert on your accounts for extra protection.

Conclusion

As we’re aware by now, having your personal information stolen is not a problem that is going to go away any time soon. Unfortunately, there is no true way to prevent your data from being hacked as long as you are not in charge of the security of your data. This is why digital identity management solutions like the ESelfKey Identity Wallet have become so popular - it puts you back in control of your own data. It’s not enough to blindly trust big corporations like Facebook anymore. 

If you are worried that your data has been breached (the answer is yes), you can check on the website Have I Been Pwned. You can also set up notifications so you are aware if your accounts have been compromised. 

Your data, and most of your life, is online. Every action you take or interaction you have could potentially put you at risk. It is vital to take a proactive approach when it comes to managing your personal data. It can be annoying, but it’s probably worth your time to understand how your data is protected on the websites and apps you use regularly. Be cautious and vigilant, because crime never sleeps.