Major Data Breaches In 2018…So Far

May 28, 2021

Data is the new gold. It is a resource that creates and destroys power. With it, individuals, companies, and governments can sway public opinion, gain insight into the competition, and develop the most strategic plans. So it is for this reason that data breaches have become one of the more lucrative criminal operations.

These data breaches are being deployed on the giants of every industry. They are able to overcome some of the most advanced security systems and they are destroying the reputation of household names. Here are the most significant data breaches that have occurred in 2018 so far:

Under Armour

In March, this leading active-wear company’s app, MyFitnessPal, found out that an unauthorized party had accessed user data a month prior. After investigating, the company found that roughly 150 million users’ information had been compromised, including their usernames, email addresses, and hashed passwords. Because the app’s payment information was processed separately it was protected.

2. St. Peter’s Surgery & Endoscopy Center

On January 8, 2018 hackers gained access to the surgery center’s server. The center discovered the breach the same day. This quick detection likely limited the damage or theft that the hackers were able to accomplish, however, investigators can not be sure exactly how much patient information was viewed or copied. During the breach, the hackers were able to access nearly 135,000 patient medical records.

Hudson’s Bay Co.

This parent company to Saks Fifth Avenue, Saks Off 5th, and Lord & Taylor discovered a data breach in March. The breach was created by malware and lasted about nine months. Investigators are estimating that roughly 5 million customers’ credit and debit card information was stolen.

Sacramento Bee

In January, the California-based newspaper failed to restore the firewall that protected its database. This allowed more than 19.5 million voter files to be publicly accessible, as well as the personal information of the paper’s more than 50,000 subscribers. The unrestored firewall, investigators found, was due to a ransomware attack.

Health South East RHF

Norway’s biggest health authority suffered a data breach in January. Cyber attackers targeted two types of data, patient information and Health South East’s engagement with the nation’s armed forces (i.e. upcoming military operations). 2.9 million patients’ information was compromised, which is the equivalent to roughly half of the country’s population.

MBM Company/Limoges Jewelry

In February 2018, security researchers found that Limoges Jewelry, a Walmart partner, had left their Amazon s3 bucket open to the public. This bucket contained a database backup that had information on more than 1.3 million individuals. The information included everything from names and email addresses to IP addresses and even plain text passwords.


This oxygen concentrator supplier experienced a data breach that lasted from the beginning of January through the middle of March 2018. The cyber criminals used a phishing scam to gain access into an employee’s email account. Through that email account, the criminals were then given unauthorized access to up to 30,000 former and current customers’ data. This data included both personal and medical information.

Data Breaches Disclosed In 2018

Many of the largest data breaches of the past few years have only been adjudicated or even disclosed in 2018, including:


For the past two years the FTC has been investigating this electronic toymaker. The investigation was due to a hack and the FTC found that millions of customer data had been copied, including demographic information about over 6 million children. Additionally, parent information was copied, such as profile information, email addresses, passwords, download history, mailing information, and much more. In January, the company reached a $650,000 settlement with the FTC.

Panera Bread

In August 2017, this fast-casual food chain was informed by a security researcher that there was a data leak on their website. The company initially dismissed the warning as a scam. In April of 2018, Panera finally reacted to the problem, but only after at least 10,000 customer records had been exposed. These records included personal information and some financial information. Additionally, several security experts dispute Panera’s estimation that only 10,000 customer records were exposed. They believe that as many as 37 million customer accounts could have been leaked.


This online customer service software provider has implemented its online chat tool for Delta, Sears, Best Buy, and Kmart. In September and October of 2017, though, the tool was infected with malware for a two-week period. Information about the data breach is still being uncovered, but hundreds of thousands of shopper’s information could have potentially been stolen, including financial and personal information.


In March, Orbitz announced that a data breach of their records took place between October and December of 2017. It is not clear how many customers have been effected, but the company estimates that it numbers in the thousands. They also suggested that the information from nearly 900,000 payment cards had been exposed, as well as customer passport and intinerary information.


In March 2018, it was reported that a data-mining company, Cambridge Analytica, had exploited Facebook to harvest up to 87 million individuals’ personal details. This exploitation was accomplished through an app that paid users to take a personality test and give consent for data collection. However, not only was their data collected but also data from the participants’ ‘friends’ on Facebook.

Jason’s Deli

In 2017, the American restuarant chain faced a data breach. Cyber criminals used a RAM-scraping malware at the restaurant’s point-of-sale terminals. The criminals were able to steal customer card information from early June through December 2017. Experts estimate that nearly 2 million customers’ information was compromised, with some financial information already being sold on the ‘dark web’.

Forever 21

Over the course of seven months, from April through November 2017, Forever 21 failed to prevent hackers from accessing customer payment information. The criminals gained network access and installed malware into point-of-sale devices in the stores. It is unclear as to how many stores and customers were affected by the attack.

These are just a handful of the data breaches that have occurred or have been reported in 2018. The digital world is getting more dangerous and companies need to be prepared with the right security tools.

Get Your FREE Demo of Kiuwan Application Security Today!

Identify and remediate vulnerabilities with fast and efficient scanning and reporting. We are compliant with all security standards and offer tailored packages to mitigate your cyber risk within the SDLC.

Related Posts