Published: 22/06/2020

Top 5 Data Breaches in 2020

  • Netacea, Agentless Bot Management

3 minutes read

In 2020, the chances of falling victim to data breaches are increasing. Keeping customers in the loop can be costly, time-consuming but very necessary and important to help prevent loss of personal data and decrease the risk of fraud.

Cyber-attacks and data breaches can rarely be kept quiet and if the incident occurs at a high-profile organization, it’s only a matter of time before it makes the news.

To mark the halfway point in the year, we take a look at the top 5 data breaches in 2020 so far:


5.2 million hotel guests were impacted by a data breach in March. The hacker had used the login credentials of two Marriott employees who had access to customer information, linking to the hotel’s loyalty app scheme.

Information such as names, genders, phone numbers, travel information, and loyalty app data was accessed. Marriott customers can fall victim to identity theft.


Estée Lauder was involved in a data breach in which 440 million records were compromised. The incident mainly included the exposure of internal company emails and. Although there was no direct risk to customers, the cyber-criminals could gain access to more important information further down the line which could result in financial losses or reputational damage.


Virgin Media admitted that a database containing the personal details of 900,000 people was left unsecured and accessible online for 10 months. The information exposed was for marketing purposes and didn’t include passwords or financial details, but contained phone numbers, home and email addresses.

Virgin Media have acknowledged that they “do not know the extent of the access or if any information was actually used.”


Nintendo revealed an account hijacking scheme that compromised around 160,000 users when attackers gained unauthorized access to their accounts. The company has warned customers that hackers might have gained access to account information, such as nicknames, dates of birth, and email addresses.

Nintendo has since triggered password resets.


Easyjet announced that the personal information of nine million customers may have been exposed in a cyber-attack, including over 2,200 credit card records. The hacker gained access to financial information, email addresses and travel details. PGMBM said: “In particular, the exposure of details of individuals’ personal travel patterns may pose security risks to individuals and is a gross invasion of privacy.” Customers are more vulnerable to credential stuffing attacks following a data breach and should practice good password hygiene as a precaution.

easyJet is now facing a potential liability fine of £18 billion due to the incident.

Someone else’s data breach is still your problem

The tendency for consumers to reuse passwords from one account to the next means that although a data breach occurred on another business’s website, that same data breach can become your problem. Once the compromised credentials – username and password – have been breached, bots make it easy to verify those same credentials on other websites and gain access to further accounts held by the customer.

Although the breach may not have occurred on your website, it is your responsibility to put a sophisticated, defensive bot solution in place. It is vital that your bot management technology provides comprehensive protection against bot activity that targets weaknesses in your business logic across your website and API-based systems.

Talk to the bot management experts at Netacea today to find out how our best-of-breed bot management technology protects websites, mobile apps and APIs from malicious attacks such as scraping, credential stuffing and account takeover.

Schedule Your Demo

Tired of your website being exploited by malicious malware and bots?

We can help

Subscribe and stay updated

Insightful articles, data-driven research, and more cyber security focussed content to your inbox every week.


By registering, you confirm that you agree to Netacea's privacy policy.