When a data breach occurs, companies will usually haul in third-party investigators, notify regulators, promise to do better and give any impacted consumers free credit monitoring — but we’ve reached a stage where you should consider signing up to such services anyway, given how much of our information is now available in data dumps strewn all over the internet.
(Consider using Have I Been Pwned to check if you’ve been involved in a breach.)
The reasons a cyberattack or data breach occur vary. In some cases, such as Equifax, the failure to patch a known vulnerability that has the potential to impact software or libraries in use — and in a reasonable timeframe — has serious repercussions.
In others, unsecured databases left exposed to the internet may be the problem, zero-day vulnerabilities may be exploited in the wild before fixes are available, or in some of the worst cases, an organization or individual may be targeted by state-sponsored advanced persistent threat (APT) groups with substantial resources and tools at their disposal.
Source: These are the worst hacks, cyberattacks, and data breaches of 2019 | ZDNet