Safe Boomer Logo Art

Data Breaches in the U.S.

Debit/Credit Card Fraud, Digital Security, Email Fraud, Financial Security, Identity Theft, Mortgage Fraud, Privacy, Privacy Policies, Red Flags, Social Media Security, Uncategorized

Data breaches are caused by unauthorized access, unlawful disclosure, or even theft of sensitive…

Data breaches are caused by unauthorized access, unlawful disclosure, or even theft of sensitive information. Examples include many of the large-scale data breaches that over the past 20 years. In 2013 AND again in 2016, Yahoo’s experienced a breach that impacted billions of accounts. The credit company Equifax experienced a data breach affecting 148 million US citizens in 2017. Capital One bank, the Louisiana Department of Motor Vehicles and many more, have experienced data breaches, which exposed social security numbers, driver’s licenses numbers, bank accounts, credit scores, employment information, and much more! Some data breaches actually can be caused by human error, such as emailing personal or sensitive information to the wrong recipient, or unknowingly downloading malware to your phone or computer by clicking on a link, or an image in a website or email. 

AT&T faced multiple significant breaches, notably in 2024 where data for 73 million users was leaked (names, SSNs, etc., from 2019 or earlier), and another revealed in July 2024 impacting nearly 109 million customers’ call/text records from 2022, linked to a Snowflake cloud breach. A separate 2022 breach also saw call/text data from most wireless customers stolen between May-Oct 2022.
National Public Data (December 2023): Exposed data for 270 million people
The Capital One Data Breach was discovered on July 19, 2019, and publicly disclosed on July 29, 2019. A misconfigured cloud storage bucket allowed an unauthorized individual to access personal data tied to 106 million credit card applicants in the U.S. and Canada.
Real Estate Wealth Network (December 2023): Exposed 1.5 billion records.
LinkedIn (June 2012): Exposed data for around 165 million users and (June 2021): 700 million users was scraped
Facebook (April 2019): Exposed 530 million users.
Equifax (2017): Exposed sensitive data of 159 million individuals.
Adobe (October 2013): Hackers stole data of estimated 153 million users.
The U.S. Army website was notably hacked by the (SEA) OR Syrian Electric Army in June 2015, defacing the site and displaying propaganda. Separately, a significant breach in 2023 a DOD provider exposed emails a DOD service provider, exposing emails of over 26,000 Army/DOD personnel, containing personal information (PII) online.
2024 (Salt Typhoon): Year: 2024 (March-December). Details: A Chinese group, Salt Typhoon, compromised a U.S. Army National Guard network, stealing credentials and network maps.
2008 (Operation Buckshot Yankee): A significant malware infection of Department of Defense computers led to the creation of U.S. Cyber Command.

CURRENT:
2026 Social media lawsuits, specifically MDL No. 3047, accuse major platforms —Meta (Facebook/Instagram), Snap (Snapchat), ByteDance (TikTok), and Google (YouTube)—of deliberately designing addictive, algorithm-driven features that harm adolescent mental health. These suits allege platforms cause anxiety, depression, eating disorders, and suicide risks.
2026 A privacy class actions, including a significant one for secretly recording private conversations via Google Assistant, settling $68M.
Privacy Violations on Google Assistant: alleging the Assistant recorded private conversations without consent after false activations (not hearing “Hey Google”) and shared data with advertisers.

Here’s a more detailed breakdown:

Breaches Involving Human Error:

    • Incorrect Emailing: Sending a document or email text containing sensitive data to the wrong recipient.
    • Misplaced Devices/Documents: Misplacing or losing your laptop or paper documents containing personal information.
    • Sharing Credentials: Accidental or intentional sharing of passwords or other sensitive information with “friends” or unauthorized individuals. 

    Malware and Phishing Attacks:

      • Malware Infections: Malicious software, like ransomware, can infiltrate systems and steal or encrypt data, holding you hostage.
      • Phishing: Deceptive emails or messages tricking users into revealing sensitive information or downloading malware. This is especially easy with emails that mimic the look and feel of a trusted company.
      • Ransomware Attacks: This involves accessing a computer (or server) and encrypting the data (making it unreadable) and then demanding a ransom (money or something of value to the hacker) for its release. 

      Other Examples:

        • Insider Threats: Malicious or negligent employees accessing and stealing sensitive data from a company database.
        • Insecure Endpoints: Like mentioned above, if your computer or cell phone does not have a secret pin code or some other form of identifying you as the owner, your device is vulnerable.
        • Server Misconfigurations: Improperly configured cloud storage or services leading to unauthorized access. This should not usually be an issue with the big cloud service providers. But, if you are using a company who manages their own servers, or hires a 3rd party to manage their server, this is more of a risk.
        • Third-Party Breaches: A company’s data breach can affect its vendors and partners, who also have access to their data. It can also affect you!
        THE BAD GUYS - Steal or buy our personal information and use it to benefit themselves.

        Thousands of devices are lost and/or stolen each year!

        Similar Posts

        Leave a Reply