May Security Breaches — WhatsApp Tops the List with Breach That Affects Over 1 Billion Users

Jun 5, 2019 | Identity Theft, News

Data breaches happen every day. It’s just a matter of whether or not people find out. By the time you finish reading this sentence over 250 data records will have been compromised.

Think about how many times you’ve provided your name, address, and credit card information into different sites around the web. Is it crazy to say that it’s a monthly occurrence that you sign up for a new account on a cool website you just discovered? Weekly? Daily? This is why identity theft was named the fastest growing crime in America by the FBI; Everybody is at risk of becoming a victim. That’s what makes keeping an eye on major data breaches so important!

Here are five of the biggest companies to have fallen victim to data breaches this month. If you have ever shopped or signed up for one of the companies listed in this post, you might want to consider identity theft insurance. Credit goes to ID Watchdog for the following information:

 

WhatsApp

Date of Incident: Unknown

Date Made Public: May 13, 2019

Records Affected: 1.5 billion global users

Data Compromised: Users of Facebook’s WhatsApp messaging app are being advised to immediately update the software to fix a security vulnerability that is reportedly being used to remotely install surveillance software. Reports suggest that attackers have been abusing the app’s audio call feature to place spyware on devices and steal data. The cybercriminal makes a WhatsApp call to install the software with no action required by the victim. Once installed, the spyware is able to erase the record of the incoming call from device logs making it difficult to detect the activity. WhatsApp users of both iOS and Android devices remain vulnerable until they install the latest version of the software.

Boost Mobile

Date of Incident: March 13, 2019

Date Made Public: May 14, 2019

Records Affected: Unknown

Data Compromised: Boost Mobile, a mobile network owned by Sprint, has reported that hackers broke into an unknown number of customer accounts. The hackers reportedly used phone numbers and account PINs to access customer accounts on the company’s website, Boost.com. Boost says that it blocked access to the Boost.com website after it detected suspicious activity and has since implemented a permanent solution. Customers’ credit card and Social Security numbers were not compromised. Boost has notified affected customers by text and sent them a new temporary PIN.

Wolters Kluwer

Date of Incident: May 6, 2019

Date Made Public: May 13, 2019

Records Affected: Unknown

Data Compromised: Accounting software vendor Wolters Kluwer was hacked on May 6, resulting in an outage of the company’s CCH software used by some tax professionals. As a result, CCH users were unable to complete required tasks on behalf of their customers, including submitting electronic tax filings to the IRS. According to the company, the IRS has approved extensions for tax return types 990, 1120, and 1065 filings that were impacted by the service interruption. Affected users have until May 22, 2019 to file without incurring penalties and interest. Wolters Kluwer reports that it has not seen any evidence that customer data or systems were compromised.

First American Financial Corp.

Date of Incident: Unknown

Date Made Public: May 24, 2019

Records Affected: 885 million documents

Data Compromised: The website for First American Financial Corp., a real estate title insurance company, exposed an estimated 885 million documents dating back more than 16 years. The digitized records contained information from home or property buyers and sellers including: bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and images of driver’s licenses. No authentication was required to access the documents. First American has since disabled the site that provided the records. The company says that it is currently evaluating what effect the incident had on the security of customer information.

Inmediata

Date of Incident: Estimated January 2019

Date Made Public: April 26 and May 21, 2019

Records Affected: 1,565,338

Data Compromised: Inmediata, a provider of clearinghouse services, software, and other tools for health plans, hospitals, and physicians, announced in April that the company had experienced a data security incident in January that was still under investigation. Patient health information had been exposed online when an internal web page was made accessible over the internet. The web page was indexed by Google, and patient information could be found through online searches. On May 21, a breach report made to the Department of Health and Human Services revealed that the incident exposed personal health information of 1,565,338 individuals. Patient information included: names, addresses, dates of birth, gender, claims data and, for a smaller number of patients, Social Security numbers. Inmediata immediately deactivated the web page, but cannot confirm that the data had not been accessed by unauthorized parties.

Have any questions about identity theft insurance? Contact us at marketing@mgmbenefits.com or tweet us on Twitter @mgmbenefits!

Editor’s Picks

Recommended Reading

Get monthly updates on industry trends.

Don’t worry, no spam here! We share with you only industry best practices and trends to keep you in the know. No longer interested in our content? No problem — we don’t hide our “unsubscribe” option.

You have successfully subscribed!