Blog/Infosec 101/

Recent data breaches: the scope, the impact, and the implications

Elisa Armstrong

Elisa Armstrong

·

Nov 30, 2022

·

7 min read

Jump to section

It is hard to overstate the importance of protecting your data. Data breaches have become a huge issue for companies of all sizes all over the world, and the impact on both clients and commercial viability can be massive. It is therefore becoming increasingly important to secure your personal data, whether this involves on-premise or cloud-based data.

Unfortunately, there are few signs that the number or severity of data breaches is slowing down. But before examining this year's biggest breaches thus far, let's first remind ourselves of a few critical issues that emerged last year.

Data breach

Date

How much was stolen

The social media nightmare

January 2021

214 million accounts

Parler

January 2021

70TB of user data

Crypto.com theft

January 2022

$80 million of Bitcoin, and $15 million of Ethereum

Microsoft data breach

March 2022

Only one account had been compromised

News Corp server breach

February 2022

Email accounts were stolen from journalists

Red Cross data breach

January 2022

Personal information associated with over 500,000 people affiliated with the Red Cross and Red Crescent Movement

Ronin crypto theft

March 2022

$625 million

FlexBooker data breach

January 2022

Confidential data was stolen, including ID information, driver's license numbers, user data, and system passwords.

GiveSendGo breach

January 2022

Personal information related to 90,000 donors

Cash App Data Breach

April 2022

A huge tranche of customer data

PressReader data breach

March 2022

Attack halted the publication of several top news titles distributed by PressReader

Important data breaches in 2021

A familiar cybersecurity story unfolded throughout 2021, namely that of companies suffering from a raft of major data breaches. During this calendar year, a number of large social media data breaches occurred, which included huge ransomware attacks against Electronic Arts and the Colonial Pipeline.

The social media nightmare

Two separate cybersecurity incidents occurred on January 11, and in both cases millions of social media users had their data exposed. The first attack included at least 214 million accounts with Facebook, Instagram, and LinkedIn usernames and passwords, geolocation data, email addresses, and phone numbers stolen by hackers. This theft of data occurred because Socialarks, a Chinese social media management company, left a key database unsatisfactorily protected.

Parler was hacked on the very same day. Parler is not as well-known as other social media platforms but is popular with American conservatives and raised $56 million across several funding rounds. In the case of Parler, a hacker stole 70TB of user data, including posts and media, again compromising users.

Facebook and LinkedIn attacked

Furthermore, in April 2021, two data breaches took place, each exposing over 500 million accounts. The leaked database associated with Facebook contained 533 million entries of account data, with passwords, addresses, and phone numbers among the data stolen. And almost simultaneously, researchers found a LinkedIn database for sale on the dark web with personal data from 500 million accounts. In fact, LinkedIn has repeatedly experienced cybersecurity breaches, with its troubles extending back as far as 2012, when data from over 160 million accounts was leaked.

Figures for 2022

Certainly, numerous significant data breaches occurred in 2021. But emerging data for 2022 indicates that the problem has only increased during the current calendar year.

The Identity Theft Resource Center indicates that data breaches increased by 14% in Q1 2022 compared to the same period 12 months previously. This data means that we have experienced three consecutive years of increases in data breaches, at least based on currently available figures. This situation is significant for a wide range of organizations, as the cost of data breaches can be severe. Indeed, the average cost of a data breach globally is $4.35 million, and this increases to $9.44 million in the United States.

Statista data indicates that 300 million people are now impacted annually by data breaches. As phishing and ransomware continue to increase, one of the big issues uncovered by the Identity Theft Resource Center is the number of data breaches whose identity was never uncovered. Of the 367 data breaches in the first quarter of 2022, 154 were marked as unknown, meaning that the cause of the breach was never established. This “unknown” attack status has been the largest vector throughout the calendar year, in common with the 2021 period. However, this unknown figure has even increased by 40% in 2022 thus far, compared to 2021 as a whole.

It is also notable that the healthcare sector has been particularly heavily targeted, with financial services, manufacturing and utilities, and the professional service sector all facing a significant number of compromises in the early months of 2022.

So despite attempts to raise awareness of the risks associated with data breaches, multiple sectors still have massive problems with this issue. In fact, the number of data breaches continues to increase, although the level of escalation has been smaller so far in 2022 than the 68% increase that was noted in 2021.

Several major breaches and cyberattacks have already been successful in 2022, and these include the following:

Crypto.com theft

In January, Crypto.com was targeted in a theft of nearly 500 users’ cryptocurrency wallets. Hackers successfully stole $80 million of Bitcoin and $15 million of Ethereum along with other cryptocurrencies.

In this scenario, hackers were able to bypass two-factor authentication and gain direct access to user wallets. Crypto.com initially described the data breach as an “incident” before later confirming that money had indeed been stolen. Affected users were reimbursed by the company, and Crypto.com audited systems, taking steps to improve the security associated with its operation.

Cryptocurrency theft remains a major issue due to the relative anonymity of such hacks, and it therefore remains essential to encrypt all sensitive data in this niche.

Microsoft data breach

Proving that big companies remain a major target for hackers, Microsoft was breached on March 20 of this year. A hacking group referred to as Lapsus$ posted a screenshot on Telegram indicating that it had hacked the software giant, compromising Cortana, Bing, and several other Microsoft products.

The breach didn't prove to be hugely problematic for either users of Microsoft products or the company itself in a commercial sense, but it was definitely embarrassing. By March 22, Microsoft announced that the hacking attempt had been overcome and that only one account had been compromised. The corporation also confirmed that no customer data had been stolen. The Lapsus$ team had previously previously targeted Nvidia, Samsung, and other major technology firms, and thus Microsoft was already somewhat familiar with its methods, which helped it respond appropriately.

News Corp server breach

The News Corp organization conceded in February 2022 that its servers had been breached on several occasions in attacks that dated back to February 2020. The company confirmed that no customer data had been stolen and that its operation hadn't been hindered in any significant way. However, evidence was uncovered by the news agency that email accounts were stolen from journalists.

News Corp believes that espionage is behind this attack, but its perpetrators have yet to be identified.

Red Cross data breach

Red Cross services were targeted in a major data breach in January 2022, with hackers stealing personal information associated with over 500,000 people affiliated with the Red Cross and Red Crescent Movement. The Red Cross took servers offline in a response to this attack. Again, no culprit has been definitively identified.

Ronin crypto theft

Another significant cryptocurrency heist was announced in March 2022. Ronin, the author of the popular Axie Infinity game, indicated that its servers had been breached, resulting in major cryptocurrency theft. This data breach was particularly controversial because Ronin had reportedly reduced security protocols so that its servers were able to handle its growing audience.

An incredible $625 million was stolen as part of this hack. Ronin continues to work with law enforcement authorities in order to identify the culprits and recover funds.

FlexBooker data breach

The appointment management business Flex Booker was hit by a major attack during the early weeks of 2022. During this period, confidential data was stolen, including ID information, driver's license numbers, user data, and system passwords. All of this information was then offered for sale on hacking message boards.

This issue proved to be commercially damaging for FlexBooker, which lost an array of customers after the incident was publicized.

GiveSendGo breach

In February 2022, the website GiveSendGo was breached as a political gesture by a hacker. GiveSendGo is a fundraising site, favored by the Freedom Convoy, an activist group of hauliers based in Canada that generated headlines during the Covid pandemic by protesting against what it deemed to be unfair regulations.

In this case, a hacker broke into the website before publishing personal information related to 90,000 donors.

Cash App Data Breach

In April 2022, Cash App was another major company to be breached, on this occasion via a disgruntled former employee.

A huge tranche of customer data was stolen during the hack, and 8 million customers were contacted by Cash App in accordance with the incident. However, no account credentials were stolen in the attack. Nonetheless, it was certainly an embarrassing episode for the financial services company, and a class-action lawsuit was later filed against the company for what was alleged to be “negligent behavior.”

PressReader data breach

In March 2022, an attack halted the publication of several top news titles distributed by PressReader. This involved some of the biggest names in the industry, such as The New York Times.

PressReader has never revealed the full details regarding the attack, believing doing so would be detrimental to its security efforts. Nonetheless, the three-day attack prevented a myriad of users from accessing over 7,000 news sources.

It’s not always about the size

The most important aspect of data breaches is not always the quantity of accounts compromised. This concept is illustrated by the data breach that the IT infrastructure firm SolarWinds endured in 2020, which turned out to have a lasting impact. The software company, which has 33,000 business clients, was hacked, and to make matters worse, it sent out a security patch with malicious code, exposing even more accounts. As a consequence of this attack, new data breaches connected to SolarWinds continued to surface several months after the initial malware was discovered.

Regardless of the type of attack, companies must put cybersecurity at the forefront of their growth strategy. Without a sea change in our attitude to data security, we will continue to experience cyberattacks that expose personal data and cost millions to recover from.

How to prevent data breaches

Protecting online databases is no easy feat because they contain valuable information and are therefore highly valued by hackers. So how do you go about preventing a data breach? While we can’t give a definitive, one-size-fits-all answer, you should never forget one constant: hackers almost always pick the easiest target. You can avoid allowing your database to become this easy target by following these principles:

  • Don’t cut corners. Cybersecurity is only as strong as its weakest component. If you’re going to build a citadel for the data that you collect, make sure you don't leave any windows open.

  • Always password protect your data. Surprisingly, too many companies leave their databases unprotected. The use of strong passwords, multi-factor authentication, and end-to-end encryption of user data is all critically important in providing this protection.

  • Limit data collection. You can’t expose what you don’t collect – it’s as simple as that. So don't go overboard in keeping information – be selective when you're collecting data.

  • Promote education. Some people have never heard terms such as “social engineering” and therefore can never imagine that the delivery person roaming around their offices may actually be a hacker in disguise. Teach people in your company how to protect their physical devices and online accounts.

  • Establish clear guidelines. We’ve already mentioned not cutting corners, but you can only do so in one way — through clear and straightforward cybersecurity guidelines and procedures. Cybersecurity often comes down to a checklist, so make sure that your checklist is crystal clear.

How NordLocker can help protect against data breaches in your company

NordLocker is a secure file vault on your device and in the cloud. If you lose your device or cybercriminals get access to it, your files (and your reputation) will remain intact. And since your cloud data is always backed up in an end-to-end encrypted cloud, you can get it back by logging in to your account from another device.

NordLocker’s secure cloud storage for business also helps you control all your company data from your Admin Panel and manage access permissions easily with private group sharing.

Elisa Armstrong

Elisa Armstrong

Verified author

Elisa’s all about languages. She speaks five, loves stand-up comedy, and is writing her first novel. Besides her extensive knowledge of cybersecurity, she’s an expert in persuasion techniques hackers use and strives to teach people how to avoid online scams.