2019 Data Breach Year in Review: The industries hit the hardest, the people impacted, and the personal data put at risk

Although 2019 has come to a close, the wide-spread effects of the data breaches that made headlines during the year are far from over. As we begin 2020, it’s time to take a look back at the significant cybersecurity events that struck companies across various industries last year, what was exposed and why it matters to your identity and privacy.

Companies, Compromise, and Consumers

Minute by minute, day by day, 2019 was the year of nearly 1,300 damaging data breaches.¹ The epidemic hit the healthcare/medical industry the hardest, claiming the highest number of sensitive personal records exposed: over 38 million records, with more than 450 breaches. But healthcare wasn’t the only sector to fall victim to hackers, as compromised records incidents significantly impacted the Banking/Credit/Financial, Education, Government, and Military sectors too.

As our lives become more and more digitally connected, identity thieves are also increasing their capability to access and exploit different types of personal information that can then be used to commit identity theft. Identity thieves can use your personally identifiable information (PII), such as your Social Security number, name, and date of birth, to access the personal details of your life to commit crimes in your name. They can also clone your identity, commit tax fraud, and ruin your reputation, your finances, and your life.

Let’s explore the security events that defined the year, highlight the impact on the organizations and industries involved, what was exposed, and why it matters to you.

2019 Data Breach Review

Breached Industry: Healthcare/Medical

Breaches/Records Exposed: Over 38 million records and more than 450 breaches¹

12 million patient records exposed including medical data and more through Quest Diagnostics data breach.²

Compromised Company Spotlight: One of the most significant healthcare breaches occurred at Quest Diagnostics, the clinical lab results company which, according to its website, “serves one in three adult Americans and half the physicians and hospitals in the United States.” Translation: they have a ton of medical data on people like you.

The Impact: 12 million patients records, exposing credit card numbers, bank account details, medical data, Social Security numbers, and more.

Why it Matters: When identity thieves get ahold of your health insurance data, they can use it to schedule doctor visits, secure prescriptions, and even file health insurance claims. If your information is exposed in this type of breach, it could amount to insurance claim denials, racked up medical charges in your name, and harm to your credit due to unpaid medical debt.

Breached Industry: Banking/Credit/Financial

Breaches/Records Exposed:  83 reported breaches.¹

The Capital One data breach exposed 100 million customer accounts including 1 million Canadian Social Insurance numbers.³

Compromised Company Spotlight: The Capital One breach became one of the most massive data breaches of 2019 when an employee-turned-hacker gained access to more than 100 million customer accounts and credit card applications in the U.S. and Canada. Compromised records included 140,000 Social Security numbers and 1 million Canadian Social Insurance numbers. The breach of the banking services, credit card, and loan company also exposed customer names, addresses, credit scores, and account balances.

The Impact: 100 million exposed customer records.

Why it Matters: Financial institutions are responsible for storing your sensitive PII, such as your Social Security number and account numbers. If your banking data is breached, the hacked data can be used to gain insight into your shopping habits and if places you shop have online accounts connected to them, the fraudster can use compromised username and passwords from other data breaches to make fraudulent purchases, for example. Additionally, the identity thief can use the compromised information to open fraudulent accounts in your name. This information is vital because identity thieves can use it to commit identity theft.

Breached Industry: Education

Breaches/Records Exposed:  2 million records exposed in over 100 data breaches.¹

Two different data breaches in Arizona affected 12,000 students.

Compromised Company Spotlight: A handful of the higher institutions of learning were compromised in 2019, including the University of Pittsburg Graduate School of Public Health and Arizona State University. The Arizona State breach exposed the email addresses of 4,000 students alone.⁴ On the high school level, Arizona found itself in the spotlight twice, this time in Flagstaff, when its primary school district was the victim of a ransomware attack affecting nearly 7,000 student records.⁵ Across the country, there were many other education-related data breaches, representing a growing target industry.

Why it Matters: Identity theft can happen to anyone of any age, at any time. Educational institutions collect and store sensitive personal data on their students, namely Social Security numbers and date of birth information. If cybercriminals access it, they can use it to create fraudulent credit files for minors before they turn 18.

Breached Industry: Government/Military

Breaches/Records Exposed:  75 breaches with over 3.5 million records exposed.¹

 2.5 million disaster survivor’s personal information exposed in FEMA’s “major privacy incident.”⁶

Compromised Company Spotlight: In March, news broke that the Federal Emergency Management Agency, or FEMA, had a ‘major privacy incident’ that exposed the data of 2.5 million disaster survivors. The incident exposed the banking information and addresses of 1.8 million people, with 725,000 additional people having only their addresses exposed.

The Impact: 2.5 million disaster survivors

Why it Matters: This type of breach is significant because identity thieves can target people previously affected by financial hardship and gain access to crucial PII typically used by companies and organizations for identity verification, such as date of birth and the last four digits of one’s Social Security number.   

So how can you protect yourself from being a victim of data breaches and identity theft in 2020?

Live life confidently with IDSeal. 

More than 33% of Americans have experienced identity theft.⁷ While there’s no way any company can 100% avoid a data breach, which could expose your personal data to potential identity theft, there are steps you can take to significantly reduce the risk of theft in these industries and more.⁸

For a price families can afford, IDSeal’s comprehensive protection solution offers a 24/7 virtual security perimeter to help protect your credit, your finances, and your life. Features include Social Security Number Trace, Digital Spy Dark Web Monitoring, Child Identity Protection Features, fully managed identity restoration, and up to $1million of identity theft protection insurance.⁹ Click here to find out how IDSeal works – and how it can work for you.

¹Identity Theft Resource Center, October Data Breach Package
²Quest Diagnostics, Quest Diagnostics Statement on the AMCA Data Security Incident
³Capital One, Information on the Capital One Cyber Incident
⁴AZCentral, ASU Exposed Student Email Addresses in Health Privacy Breach
⁵Arizona Daily Sun, FUSD Community Notified About Breach
⁶TheWashington Post, FEMA ‘Major Privacy Incident’ Reveals Data from 2.5 Million Disaster Survivors
⁷Wombat Security, 2018 User Risk Report
⁸It is not possible to prevent all identity theft or cybercrime or to effectively monitor all activity on the internet. IDSeal cannot and does not guarantee complete protection against cybercrime or identity theft. IDSeal does not monitor the activities of all financial institutions, or all activities of any particular financial institution. Review the IDSeal Terms & Conditions for specific details regarding IDSeal services.
⁹The Identity Theft Insurance is underwritten and administered by American Bankers Insurance Company of Florida, an Assurant company under group or blanket policy(ies) . The description herein is a summary and intended for informational purposes only and does not include all terms, conditions and exclusions of the policies described. Please refer to the actual policies for terms, conditions, and exclusions of coverage. Coverage may not be available in all jurisdictions. Review the Summary of Benefits.

¹Identity Theft Resource Center, October Data Breach Package
²Quest Diagnostics, Quest Diagnostics Statement on the AMCA Data Security Incident
³Capital One, Information on the Capital One Cyber Incident
⁴AZCentral, ASU Exposed Student Email Addresses in Health Privacy Breach
⁵Arizona Daily Sun, FUSD Community Notified About Breach
⁶TheWashington Post, FEMA ‘Major Privacy Incident’ Reveals Data from 2.5 Million Disaster Survivors
⁷Wombat Security, 2018 User Risk Report
⁸It is not possible to prevent all identity theft or cybercrime, or to effectively monitor all activity on the internet. IDSeal cannot and does not guarantee complete protection against cybercrime or identity theft. IDSeal does not monitor the activities of all financial institutions, or all activities of any particular financial institution. Review the IDSeal Terms & Conditions for specific details regarding IDSeal services.
⁹The Identity Theft Insurance is underwritten and administered by American Bankers Insurance Company of Florida, an Assurant company under group or blanket policy(ies) . The description herein is a summary and intended for informational purposes only and does not include all terms, conditions and exclusions of the policies described. Please refer to the actual policies for terms, conditions, and exclusions of coverage. Coverage may not be available in all jurisdictions. Review the Summary of Benefits.