Data Breach Roundup: Q1 2020

Data Breach Roundup: Q1 2020

Just over a quarter of the way through 2020 there have already been several significant data breach incidents this year. Not surprisingly, cybercriminals are taking advantage of the global economic upheaval created by the COVID-19 pandemic to target people and organizations via phishing and malware attacks, create malicious websites with coronavirus-related domains, and attack remote workers with unsecured devices.

How big is the cybercrime spike? Reuters reported that VMWare Carbon Black, a software and security company, found a 148% month-over-month increase in ransomware attacks in March.

With 2020 being a decennial U.S. Census year, there was a report that a hacked 800-gigabyte database owned by a third party exposing over 200 million personal records originated from the United Census Bureau. The agency conducted a review of sample data from the breach and determined it wasn’t the source of the stolen data.

Here are some significant breaches thus far in 2020:

Clearview AI

Date: February 2020

What happened: The facial recognition software company had its entire customer list hacked due to a misconfigured server.

Clearview AI has been the source of controversy over privacy concerns with its database of three billion photos, mostly scraped from social media platforms, and its client roster largely comprised of law enforcement agencies. Per the company, the breach – first reported by the Daily Beast — didn’t include its image database, but TechCrunch reported the chief security officer of Dubai-based cybersecurity firm SpiderSilk was able to find Clearview’s source code repository using a misconfigured setting allowing anyone to register as a new user. The repository included its app source code and keys and credentials to its cloud storage buckets along with Slack tokens.

Marriott International

Date: January/February 2020

What happened: Marriott reported finding that the network of one of its hotel chains was hacked using employee credentials exposing the records and personal details of around 5.2 million customers.

The breach reportedly began in mid-January and was not discovered by Marriott until late February. According to the company, hackers obtained the credentials of two employees for the unnamed hotel chain division of Marriott providing the cybercriminals with access to names, birthdates, telephone numbers, language preference, and loyalty account numbers of approximately 5.2 million guests. In response, the company contacted guests who might have been affected by email and created a website on the event.

“While our investigation is continuing, we currently have no reason to assume that the details involved included passwords or PINs for Marriott Bonvoy account, payment card details, passport information, national IDs, or driver’s license numbers,” stated Marriott.

The breach was Marriott’s second in two years.


Date: February 2020

What happened: A misconfigured Amazon S3 bucket totaling 747 gigabytes of files including records on 120 million U.S. residents was accessed by an UpGuard researcher.

It’s unknown if cybercriminals accessed the records left open by a misconfigured server, but the security breach allowed anyone to find and download the files using a browser. The exposed data included Tetrad’s own account as well as client data from industries including retail, restaurants, commercial real estate, healthcare, banking and finance, and others. The exposed data included spreadsheets on Kate Spade e-commerce purchases, IBM Tririga deployment locations for Chipotle and 3.8 million Bevmo loyalty card accounts.

According to a TechNadu report, the UpGuard repeatedly contacted Tetrad and the database was secured a week later.


Date: January 2020

What happened: A white-hat hacker found an unsecured database including the personal details of 56.25 million U.S. residents on a server with a Chinese IP address.

Metadata in the exposed database linked it to, a background check company, and the records in the 22-gigabyte database included names, home addresses, phone numbers, and ages of U.S. residents. The exposed records did not include criminal record searches which are part of CheckPeople’s services.

A Security Affairs reported a notable and unusual aspect of the exposed database was it was found on an IP address handled by Alibaba’s web hosting company in Hangzhou, China. The report added it wasn’t clear if CheckPeople hosted its server in China or if the data was stolen and exposed on the Chinese server.

These data breaches range from poor security practices leading to exposed records to a breach involving employee credentials. Cybercriminals never stop, and during this time of uncertainty caused by the COVID-19 pandemic, there are opportunities for cybercriminals to exploit in phishing and ransomware attacks while sudden changes in work environments are leaving businesses vulnerable. Companies and organizations in the healthcare industry are especially being targeted right now, And because of the necessary increase in remote work and remote access to company records, cybercriminals have increased avenues of attack for most businesses.

Meeting these challenges means teaching and employing best security practices such as enforcing strong login credentials and multi-factor authentication across all employee devices, conducting regular security audits, encrypting business data, and avoiding social engineering attacks. To further defend against data breaches, organizations should take proactive action and sign up for Keeper’s BreachWatch™ for business. BreachWatch for Business is easy to set up and manage while offering enterprise-grade protection that scales with your business.