By Leslie Wheeler • January 21, 2020

Top Cybersecurity Horror Stories of 2019

As 2020 kicks off, it’s becoming clear that most organizations still don’t have a strong sense of how to keep their data secure. 

Between organizations falling victim to ransomware attacks, spyware, unintentional breaches, and other forms of cybersecurity events, we’ve seen many significant security incidents last year. The average data breach costs nearly $4 million, yet less than half of organizations believe they’re adequately prepared to face a cyberattack. 

From small municipal governments to multinational corporations, cybersecurity breaches can impact any type of organization. Here’s a look at some of the biggest cybersecurity horror stories from 2019.

WhatsApp spyware attack

WhatsApp is a hugely popular chat software owned by Facebook and used by more than 1.5 billion users worldwide. But in May, it was discovered that the software contained a vulnerability that left it susceptible to powerful surveillance spyware that allows others to spy on a user’s message threads. The Israeli spyware could be remotely installed on a user’s phone even if he didn’t answer a call, and impacted both the Android and iOS platforms. While it’s not known how many WhatsApp users were affected by the hack, it’s been reported that it was used to target high-level government and military officials in at least 20 countries. While WhatsApp has a massive user base, it’s likely the hack was limited to a relatively small group of targets who had valuable information. (That said, if you use WhatsApp, make sure that your software is up to date so that you’re not vulnerable to this exploit.)

Quest Diagnostics data security breach

In June, the medical testing company Quest Diagnostics shared the news that more than 11 million patients’ confidential data had been breached, due to an attack on a third-party provider, American Medical Collection Agency. The data breach included social security numbers, financial data, and medical data. Experts say this data can be used to develop sophisticated phishing scams that specifically target patients with particular medical issues. This breach shows the hazards of disclosing sensitive data to third-party contractors—when working with business partners, you should make sure that their cybersecurity protocols are as strict as your own.

Ransomware attacks on local governments

In 2019, at least 70 state and local government offices were hit with ransomware attacks. In these attacks, hackers, who investigators say come from Eastern Europe, Iran, and sometimes even the United States, target small-town municipalities and encrypt their data, disrupting their entire networks. They then ask for ransom in the amount of hundreds of thousands, or even millions of dollars, for the restoration of their data. It’s not known how many corporations also fall victim to these types of attacks, as they might decide to pay up and keep it quiet—but government offices aren’t allowed to do so. As a result, it can cost millions to independently restore systems (Atlanta spent $2.6 million rather than pay $52,000 in ransom). To reduce the risk of your business falling victim to a ransomware attack, make sure that you have strong firewalls and user authentications in place, and consider purchasing cybersecurity insurance to cover your potential losses.

First American leaks hundreds of millions of customer files

Sometimes, there’s not another party to blame for a cybersecurity breach—it’s your own company’s negligence. That was the case for First American Financial Corp., which was alerted by a security news publication that it had inadvertently leaked 885 million customer mortgage documents. Although there’s no evidence that the data was harvested, the company’s security vulnerability left private data including Social Security numbers, bank details, and mortgage records open to anyone who simply modified a URL, with no password protection or data encryption. Fortunately, the company had patched the vulnerability by the time it made headlines, but the vulnerability dated back to at least 2017, opening up the company to huge liability risk.


How can your organization stay out of the headlines for cybersecurity scares?

  • Start the new year by completing a comprehensive cybersecurity audit to ensure that your data is well-protected.
  • Your security solution should cover email and web security, network security, and endpoint security. 

To learn more about how to defend your organization, click below to register for our NYC security event on April 1 (THIS IS NOT A JOKE!), 2020.

Click here for more information!

For any additional questions, please reach out below!