The Largest Third Party Data Breaches of 2018

As technology quickly advances and the internet becomes more accessible, many benefits are offered to us, but this past year, we have also seen a lot of damage. Without even following the news too closely, you likely recall that there has been an increase in security regarding our personal information (especially regarding online purchases). Data breaches have been on the rise and this has brought about much concern for both customers and retailers alike. To no surprise, every time a data breach occurs, there is a loss of trust — trust in the company, and perhaps a trust of purchasing and sharing personal information in general.

According to Business Insider, a recent report (published by Shape Security, a cybersecurity firm) showed that 80% to 90% of the people that log in to a retailer’s e-commerce site are hackers using stolen data. Interestingly, Business Insider also reported that a KPMG study shows that after a data breach, 19% of consumers would stop shopping at a retailer completely, and 33% would take a break from shopping there for a time period after the breach. According to this study, that means that after the discovery of a data breach about 1 in 5 people will permanently stop shopping at that store; that’s pretty significant!

Many big name retail stores were affected by these data breaches. Some include Macy’s, Sak’s Fifth Avenue, Adidas, Lord and Taylor, and K-Mart. Restaurants such as Panera Bread, Sonic, and Arby’s were hit. You’ll recognize these very well known companies too: Whole Foods, Best Buy, Gamestop, Delta Airlines, ORBITZ, SEARS, Ticketfly, Ticketmaster, Facebook, and T-Mobile. Even two South Korean cyptocurrencies — Coinrail and bithumb — were hacked, and cryptocurrency has been created for trading and information to have a higher degree of protection in the first place. Universities, health care facilities and insurance companies, social media accounts, banks, the military and government were not left untouched either.

What Were The Largest Breaches Of 2018?

Among some of the biggest data breaches is Under Armour. Under Armour is an American company whose headquarters is in Baltimore, Maryland. They do have locations internationally as well. In this particular data breach, Under Armour-owned MyFitnessPal was the source of the breach. MyFtinessPal is a popular App for tracking nutrition and health information. There were reportedly 150 million people impacted by this breach. CNBC noted that usernames, email addresses and hashed passwords were affected.

Another massive breach of data was from a company called Equifax. Equifax is a consumer credit reporting agency. They have investments and 24 countries all over the world, with offices located in North, Central and South America, Europe and countries in Pacific Asia. Although a global company, their headquarters is located in Atlanta, Georgia. As a credit reporting agency, they manage the most sensitive identifying information. NBC reports that approximately 146 million people were exposed during this breach. Passports and driver’s licenses were compromised, and about 99% of those whose information was compromised included their Social Security number.

Exactis, a marketing and data firm whose headquarters is in Florida, had a breach that left a whopping 340 million records compromised. As a company that provides data solutions to other companies around the world, this is a scary thought! Identity Force, an American company that provides theft protection, reports that in this breach about two thirds of these records were related to consumers’ information, while about one third were related to businesses.

These breaches undoubtedly have caused a lot of stress, concern, and doubt, for people all over the globe. While these three large scale breaches occurred for American companies, we cannot forget an extensive breach that occurred in India. The Tribune, an Indian newspaper, reported that 1.1 billion people’s identities were compromised by Aadhar. Aadhar is a government issued ID number for Indian residents, much like a social security card for an American resident.

What To Do If Your Information Has Been Compromised

It’s clear that the types of data breaches are widespread, and certainly unexpected. We can see that they happen in to all kinds of retailers, businesses and even government related sectors. With such unpredictability, you really want to keep your information as secure as possible. It may take some extra work, but you should continually monitor your accounts and account activity and regularly update passwords.

There are a couple of other things that may help. The Identity Theft Resource Center ( has now begun to release a monthly report outlining details about the breaches that are occurring; this report is made public.

The Federal Trade Commission also suggests that if your social security number was stolen, for example, you should order free credit reports and check for any accounts or account activity that you don’t recognize. They also suggest that if a company affected by the data breach offers you certain services such as credit monitoring or identity theft insurance, to be sure to take advantage of it.

Another thing you can do is place a freeze on your own credit report — especially after a breach occurs where your information was used (or a purchase made). Keep in mind, though, that there are often fees associated if you want to unfreeze the credit report at a later time. You would need to do this in order to apply for a new credit card.

Unfortunately, the consumer doesn’t have a big hand in the way security and personal, sensitive information is handled by companies. Sometimes the best thing that can be done is to contact the company, ask about how sensitive information is handled and to advocate for greater security measures. Doing your homework about security companies might be able to offer a greater peace of mind. While this cannot control what happens, the more information you know, the better you can put protective measures in place.