Cybersecurity Roundup for the First Half of 2018

Cybersecurity Roundup for the First Half of 2018

Each day tens of thousands of people from all over the world are hacked. Not just sent run-of-the-mill phishing emails, but legitimately hacked. This has made the cybersecurity industry grow at a rate only surpassed by the Internet of Things (which ironically may be one of the largest threats to cybersecurity in the world). We thought it would be good to go over some of the largest cybercrimes of the first half of 2018, and some telling statistics that will give you an idea of what exactly you are up against.

In trying to establish what were the most devastating hacks, we’ve combed through this year’s records and have decided to break it down by public and private hacks. Public hacks have to do with individuals and municipalities, while private hacks are the ones that infiltrate businesses and make available thousands and millions of records for sale. Without further ado, here are the biggest hacks so far in 2018:


  • 280,000 Medicaid records were exposed when a hacker broke into Oklahoma State University Center for Health Sciences. Patient names and provider names of these individuals were exposed.


  • FedEx had customer records leaked after an unsecured server owned by a company acquired by FedEx, Bongo International, was hacked. Over a hundred thousand files, including names, drivers’ licenses, national ID cards, voting cards, and utility bills were exposed.


  • Travel booking site, Orbitz, had a security vulnerability that resulted in upward of 880,000 customers’ payment card information, or about two whole years of customer data, taken off their server.
  • French news site L’Express exposed reader data by leaving a database up for weeks without a password needed for access. After being warned, the Paris-based periodical left the database exposed for weeks.
  • Hackers gained access to 134,512 patient and financial records after a malware attack at St. Peter’s Surgery and Endoscopy Center in Albany, NY.
  • Under Armor, one of the largest sports apparel brands in the world, had their mobile application, MyFitnessPal, hacked, exposing around 150 million people’s personal information.
  • Aerospace giant Boeing was hit by the WannaCry ransomware that affected “a few machines” that weren’t protected with Microsoft’s 2017 patch.


  • Twitter forced its hundreds of millions of users to change their passwords after admitting that, at one time, user passwords were stored in plaintext, and may have been exposed to internal company staff.
  • An unauthenticated API found on T-Mobile’s website exposed the personal information of all of their customers, by simply using their cell phone number. Information that was available included full name, address, account numbers, and in some cases, tax IDs.
  • A bug found in Atlassian development software titles Jira and Confluence allowed hackers to infiltrate the IT infrastructures of several companies and one U.S. government agency.
  • The predominant way for American travelers to secure European rail tickets, Rail Europe, had a three-month breach of credit cards. It’s thought that thousands of users’ credit card information was taken in the breach.


  • Around 340 million records were stolen from marketing company Exactis. It may be amazing to you that a company that you have never heard of leaked what amounts to the personal information of nearly every American. The company, which aggregates and compiles business and consumer data, has been hit with a class action lawsuit in response to the breach.
  • Apparel giant Adidas had their website hacked, resulting in the loss of a few million people’s personal and credit card information.
  • At least 800 e-commerce sites, including Ticketmaster, had consumer card information skimmed in a huge campaign by a hacker collective named Magecart. Targeting third-party developers, they are able to alter code and syphon off the information they wanted.


  • Department of Homeland Security was affected by a data breach that exposed 247,167 current and former employees and other individuals.


  • The City of Atlanta, Georgia was hit with a ransomware attack, dubbed SamSam, that caused a massive problem for their municipal infrastructure. Hackers asked for $51,000 to release the encrypted files, a number Atlanta’s leaders were unwilling to meet. It has subsequently cost the city more than 10x that. In fact, as of early June, there were still some parts of the city that were using analog or manual systems. Some experts believe that the total cost to taxpayers will be nearly $20 million.
  • India’s national ID database, Aadhaar, leaked data on over a billion people. In one of the largest-known breaches in history, a user could pay 500 rupees ($7) and get the login credentials that allowed anyone to enter a person’s 12-digit code and get their personal information. An additional 300 rupees ($4.20) gave users access to software through which anyone could print an ID card for any Aadhaar number.
  • It came to the forefront that Cambridge Analytica, the data analytics company that U.S. President Donald Trump used to help his campaign had harvested personal information from over 50 million Facebook users without their permission. While Facebook denied this was a “data breach”, Cambridge Analytica was banned from the service over the ordeal.


  • A major hack at a U.S. Government-funded active shooter training center exposed the personal data of thousands of U.S. law enforcement officials, while also exposing that many police departments are ill equipped or unable to respond to an active shooter situation.

These are just the most major of the hacks of 2018. There is still major fallout from 2017’s major breaches, including the Friendfinder hack that exposed 412 million user accounts and the Equifax data breach that affected 148 million people. In fact, even though the hacks referenced above cover a lot of ground, hundreds of organizations have their cybersecurity compromised each day. According to billionaire investor Warren Buffet, there is reasonable evidence that there could be a major cyberattack that could cost insurers tens of billions of dollars. The statistics back this up:

  • In 2017 over 130 large-scale breaches were reported, a 27 percent increase over 2016.
  • Nearly 1-in-3 organizations have experienced some sort of cyberattack in the past.
  • Cryptojacking (stealing cryptocurrency) increased 8,500 percent in 2017.
  • 100,000 organizations were infected with the WannaCry ransomware (400,000 machines).
  • 5.4 billion WannaCry attacks were blocked in 2017.
  • The average monetary cost of a malware attack for a business is $2.4 million.
  • The average time cost of a malware attack for a business is 50 days.
  • Ransomware cost organizations over $5 billion in 2017.
  • 20 percent of cyberattacks come from China, 11 percent from the United States, and six percent from the Russian Federation.
  • Phone numbers are the most leaked information.
  • 21 percent of files are completely unprotected.
  • 41 percent of companies have over 1,000 sensitive files left unprotected.
  • Ransomware is growing at 350 percent annually.
  • IoT-based attacks are growing at about 500 percent per year.
  • Ransomware attacks are expected to quadruple by 2020.
  • 7.7 percent of web requests lead to malware.
  • There were 54 percent more types of malware in 2017 than there were in 2016.
  • The cybersecurity market will be worth over $1 trillion by 2025.

Cybersecurity risk is high, and it’s just getting more and more risky. By assessing your company’s cybersecurity health the IT professionals at BNMC can put you with the solutions and services needed to keep threats at bay. If you are looking to improve your cyber security, or if you would like to know how to, contact us today at 978-482-2020.


Comments 1

Milli Catery on Friday, 17 January 2020 07:02

Companies must protect their employees not only from cyber threats but also from physical threats. An active threat response training is more than necessary nowadays when violence seems to be too much. This training is quickly becoming a standard across the country.

Companies must protect their employees not only from cyber threats but also from physical threats. An [url=]active threat response training[/url] is more than necessary nowadays when violence seems to be too much. This training is quickly becoming a standard across the country.
Already Registered? Login Here
Tuesday, February 25 2020

Captcha Image

Subscribe to Our Blog!

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Technology Best Practices Business Computing Privacy Productivity Cloud User Tips Email Software Microsoft Hackers Computer Network Security Hosted Solutions Malware Google Business Data Efficiency Communication IT Services Tech Term Mobile Devices Small Business Hardware IT Support Workplace Tips Internet Cloud Computing Ransomware Managed IT Services Innovation Smartphone Outsourced IT Backup Upgrade Data Recovery Android Saving Money Mobile Device Smartphones Information Data Backup Facebook Users Miscellaneous Windows 10 Windows Server Phishing Cybersecurity Social Media Office 365 Business Continuity Managed IT Services Microsoft Office Business Management Browser Internet of Things Data Management communications Windows 10 Network Passwords Gadgets Word Vulnerability Remote Monitoring App Gmail Productivity VoIP Chrome Apps Quick Tips Artificial Intelligence Disaster Recovery Infrastructure Encryption Managed Service Settings Managed Service Provider Save Money VPN Access Control Employer-Employee Relationship Virtual Reality Applications Router Analytics Website BYOD IT Support Money Tip of the week Avoiding Downtime Development Collaboration Firewall Maintenance Antivirus Robot Networking Google Drive Bandwidth Automation Content Filtering YouTube IT Management Data Security Education Apple Risk Management Storage Virtual Private Network Paperless Office Office Tips Government Computers Company Culture Unified Threat Management Employee-Employer Relationship Hacker Data storage Big Data Display Remote Workers Managed IT Service Spam Computing OneNote Downtime Outlook WiFi Data Breach Customer Relationship Management Scam Marketing Bring Your Own Device Operating System Social Windows 7 Monitors IT LiFi Vendor Management Software as a Service Break Fix Chromebook Social Network Hosted Solution Information Technology Document Management Humor Administration HIPAA Search Wireless Solid State Drive Mouse BDR End of Support Mobile Security Business Technology Hard Disk Drive Server Management Touchscreen Business Intelligence SaaS Printing Managed IT Password Tablet Wi-Fi Virtualization Laptop Holiday The Internet of Things Data loss MSP Telephone Systems Retail Alert Augmented Reality desktop Two-factor Authentication Managing Stress Patch Management Customer Service Cybercrime Star Wars Disaster PowerPoint User Error Chatbots eWaste Digital Alt Codes Laptops Nanotechnology Office Samsung Wearable Technology Network upgrade Mobility Batteries Specifications Private Cloud Alerts USB Budget Co-Managed IT Heating/Cooling Multi-Factor Security Tech Support Motherboard Cables Managed Services Provider Fraud Cost Management Uninterrupted Power Supply Onboarding GDPR Time Management Printer Identity Continuity Spyware Typing Screen Reader Charging File Sharing Current Events Slack Hard Disk Drives Social Engineering Smart Office Computer Care IBM Best Practice Print Toner Myths Black Friday Wires Messaging Emergency Holidays Halloween Licensing Dongle Content Huawei Servers Google Calendar Websites Entertainment Vendor Dark Web Distribution Assessment Digital Signage Data Warehouse Network Management Solar Identity Theft Cryptocurrency Smart Tech IT solutions Going Green Monitoring Solid State Drives Safety Work Training Corporate Profile Google Docs Shortcuts Mobile Management Cyber Monday Voice over Internet Protocol Automobile Hacks Employee-Employer Relationships Remote Computing Payment Card Scary Stories Cooperation Service Level Agreement G Suite Streaming Processor Legislation iOS Hybrid Cloud Microsoft Excel Network Congestion Logistics Running Cable Hotspot Internet Exlporer Dell Google Wallet Troubleshooting Business Analysis SharePoint Compliance Bitcoin Smart Technology Connectivity Cabling Spying National Security Techology Buisness IT Technicians Optimization WannaCry Business Growth Security Cameras Profiles Modem FinTech Google Maps Analysis Students How To Lenovo Writing Inventory Sports Staff Leominster Legal Human Error Memory Statistics Virtual Desktop Windows 8 Scalability Conferencing Mail Merge Blockchain Asset Management Language Value Unified Communications Drones Virus Downloads Regulations Shortcut Distributed Denial of Service Dark Data Update IoT Updates VoIP Unified Threat Management Mirgation Recycling Managed Services Utility Computing Cookies Mobile Device Management Mixed Reality Firefox Superfish Shadow IT K-12 Schools Deep Learning Device Reducing Cost Bluetooth Comparison Migration Consulting Address Permissions Memes Computing Infrastructure Professional Services LED Threats Politics Social Networking Digital Payment Recovery Meetings How To Work/Life Balance Tracking Mobile Computing Cleaning Health Black Market CCTV Financial Webcam Law Enforcement Notifications Electronic Medical Records Error Twitter Physical Security Emoji Point of Sale Ben McDonald shares Upgrades Gadget Regulation Travel Crowdsourcing Personal Information Botnet Cortana 3D Printing Supercomputer CrashOverride Motion Sickness Staffing Administrator Processors Taxes Machine Learning Web Server what was your? Printers Unsupported Software IT Budget GPS IT Consultant Computer Repair Relocation Cameras Mobile Data

What Our Clients Say

  • BNMC has provided us with nothing less than outstanding service and results for all of our IT needs for the past few years. Every member of their staff is professional, knowledgeable, friendly and eager to solve any problem...
  • 1
  • 2
  • 3