As this year of 2021 comes to an end, let’s have a look at some of the worst data breaches that has disrupted businesses and individuals in one way or another.
As we come to the end of this year, we we have already seeing that 2021 is a major year for data breaches. Whether it’s disruptive attacks on supply chains or cyberattacks based on Covid-19 pandemic, one fact that’s certain is the increasing number of cyberattacks and data breaches that have been reported throughout the world.
Let’s take a look at some of the worst data breaches observed throughout the world so far this year.
- Data Breaches on Various Social Media Platforms: Socialarks, a firm you’ve probably never heard of, has exposed tens of millions of Facebook, Instagram, and LinkedIn profiles. The rapidly rising Chinese social media management company leaked Personally Identifiable Information (PII) of 214 million social media users, including several prominent influencers and celebrities, due to an insecure database. Due to the PII leaks, anyone can piece together the victims’ data, which included 400GB was leaked. Some of the PII which was leaked by each platform included victims’ names, users’ names, mobile numbers, email accounts, profile links, logins, profile pictures, profile detail, follower and interaction logistics, location, messaging ID, website URL, job specification, LinkedIn profile URL, linked social media account user account names, and company name
- Accellion Data Breach: In January, Accellion, a provider of file transfer and collaboration technologies, released 4 fixes to address flaws in its File Transfer Appliance service that was exploited by malicious attackers. Unfortunately, before 17 consumers could deploy the fix, ransomware group Clop and financial crime group FIN11 exploited the flaws, gaining access to client’s data. Clients affected included the US Department of Health and Human Services, as well as the University of California. This occurred less than a month after Accellion discovered a zero-day vulnerability in the same service and released a patch to address it.
- Kroger Supermarkets via Accellion: Grocery stores aren’t usually thought of as potential targets for attackers, but that’s exactly what occurred to supermarket based company Kroger. In February 2021, hackers gained unrestricted access to Kroger’s Human Resources data and pharmaceutical records due to a breach at third-party cloud provider, Accellion. The 1,474,284 breached records included sensitive information such as names, phone numbers, home addresses, dates of birth, Social Security numbers, prescriptions and health insurance information, despite the firm claiming that only one percent of its clients were affected.
- Data Breach of Audi and Volkswagen: Due to data that was left unsecured, an undisclosed marketing services company was accountable for the breach of 3.3 million Volkswagen and Audi customers and prospects in Canada and the United States. In March, an unauthorised party accessed the vulnerable data, which was collected between 2014 and 2019. The information was sensitive in nature, such as make and models of vehicles that had been purchased or inquired about, to a smaller number of breached Social Security numbers, tax IDs, loan numbers and driver’s license numbers.
- Amazon based Twitch Service Data Breach: Twitch, an Amazon-owned streaming service, disclosed in October this year that it had experienced a massive data breach. When configuring a server, a “human error” resulted in an exploitable vulnerability, allowing reams of confidential data was exposed online. Twitch, which employs over 5,000 people, is the latest largest company to fall victim to cybercrime this year; between January and June of 2021, about 5 billion private business records were exposed from businesses.
- Mimecast: In January, a cybercriminal hacked a Mimecast document that is used to verify the cloud-based email marketing service’s Sync and Recover, Endurance Monitor, and Internal Email Protect (IEP) products to Office365 Exchange online services. Microsoft notified the company of the breach, and about 10% of its clients used the exposed connection before being prompted to reinstall a newly issued licence, according to the firm. Over 60,000 firms use Mimecast’s services; the precise number of potentially compromised data records is unknown.
A Brief Concluding Note
As is so often the case, data breaches are an issue of when, not if. Maintaining a one-step advantage over adversaries necessitates protecting of your consumer data. To prevent social media data breaches, businesses must protect user information as well as company data. Effective training and technology, in addition to raising employee awareness and regularly updating security policies, can help reduce the likelihood of a data breaches.