Here is a look back at this year’s badly handled data breaches:

The food delivery giant confirmed to TechCrunch that attackers accessed the names, email addresses, delivery addresses, and phone numbers of DoorDash customers, along with partial payment card information for a smaller subset of users. It also confirmed that for DoorDash delivery drivers, or Dashers, hackers accessed data that “primarily included name and phone number or email address.”

But DoorDash declined to tell TechCrunch how many users were affected by the incident — or even how many users it currently has. DoorDash also said that the breach was caused by a third-party vendor, but declined to name the vendor when asked by TechCrunch, nor would it say when it discovered that it was compromised.

Because that was Samsung’s priority, obviously.

The company also declined to say what types of data were accessed. In a message sent to affected customers, the company said that “no card details, PINs or passwords were accessed.” However, Revolut’s data breach disclosure states that hackers likely accessed partial card payment data, along with customers’ names, addresses, email addresses, and phone numbers.

Advanced said there is “no evidence” to suggest that the data in question exists elsewhere outside our control and “the likelihood of harm to individuals is low.” When reached by TechCrunch, Advanced chief operating officer Simon Short declined to say if patient data is affected or whether Advanced has the technical means, such as logs, to detect if data was exfiltrated.

Twilio spokesperson Laurelle Remzi declined to confirm the number of customers impacted by the June breach or share a copy of the notice that the company claims to have sent to those affected. Remzi also declined to say why Twilio took four months to publicly disclose the incident.

In one of the company’s first updates, published on December 6, Rackspace said that it had not yet determined “what, if any, data was affected,” adding that if sensitive information was affected, it would “notify customers as appropriate.” We’re now at the end of December and customers are in the dark about whether their sensitive information was stolen.

The fault and blame is squarely with LastPass for its breach, but its handling was egregiously bad form. Will the company survive? Maybe. But in its atrocious handling of its data breach, LastPass has sealed its reputation.

It’s all in the (lack of) details: 2022’s badly handled data breaches by Carly Page originally published on TechCrunch