October 2019, healthcare: Canadian medical testing company, LifeLabs was hacked in the biggest data breach in Canadian history. The personal data of 15 million LifeLabs customers was obtained by hackers in a malware attack. Lifelabs paid a ransom to resecure the data.

November 2019, hospitality: The Gekko Group, as subsidiary of AccorHotels, confirmed that it leaked over a terabyte of personal data belonging to customers clients and partners. The data includes names and addresses, passwords, invoices and unencrypted payment data.

December 2019, IT: Citrix announced that it had found critical vulnerability in its Application Delivery Controller and Citrix Gateway. If a malicious actor had made use of the vulnerability, they would have been able to access the local networks of over 80,000 businesses and manipulate their coding.

January 2020, UK government: The Department of Education let an education and training provider use its Learning Records Service database. The training provider then broke their agreement by giving another company access to the database, which contained the personal details of 28 million children. Betting companies then used that data to target children and increase the number of young people who gamble online.

April 2020, video conferencing: With the rise of home working, Zoom quickly became a target for cyber criminals. Over half a million personal and business account login details, meeting URLs and host keys were stollen through a credential stuffing attack and quickly appeared on the dark web.

July 2020, social media: In a coordinated phishing attack, hackers were able to gain access to high-profile and verified twitter accounts. They then posted tweets that promised to return double the value of Bitcoin sent to an address included in the tweet. Over $100,000 worth of Bitcoin was sent to the address in nearly 300 transactions.

February 2020, hospitality: MGM Resorts reported that they had suffered a data breach in 2019 and that the personal details of 10.6 million hotel guests, including myself, had been posted on a hacking forum. But by July 2020 the details of 142 million MGM Resorts guests were for sale on the dark web.

May 2020, hospitality: Marriott suffered a breach involving 5.2 million guests. Later in the year, we worked with Which? and found 497 vulnerabilities with Marriott-run websites. Three critical vulnerabilities were found on a website of one of Marriott’s hotel chains that involved errors in the software used to run the website. This could potentially mean an attacker could target the site’s users and their data.

August 2020, social media: Researchers discovered an unsecured database belonging to the defunct social media data broker, Deep Social. 235 million Instagram, TikTok, and YouTube user profiles were exposed online. The scraped profile information included names, ages, genders, profile photos, account descriptions and statistics about follower engagement and demographics.

March 2020, pharmaceuticals: ExecuPharm was hit by a ransomware attack that accessed customers’ social security numbers, financial information, driving licences and passport numbers. The hackers then went on to publish the stolen information.

June 2020, marketing: Social media marketing company, Preen.Me suffered a ransom attack where the personal information of over 100,000 affiliated social media influencers was compromised and started being gradually released onto the dark web. The details of over 250,000 more users of Preen.Me’s app were then also leaked in full.

September 2020, credit bureau: Following an event in August, where information relating to 24 million people and nearly 800,000 businesses was stollen from Experion SA, it was found that some of the information was still available on public websites. The data includes phone numbers, addresses, and banking details.