The rate at which companies – large and small alike – are experiencing cybersecurity attacks and data breaches is alarming. With recent high-profile attacks targeting healthcare, finance, retail, government, manufacturing, and energy, it’s clear that the threat landscape has evolved significantly over the past few years.
According to projections, cybercrime is forecast to cost the global economy $10.5 trillion by 2025, reflecting a 15% increase year on year. Businesses have never been more vulnerable, and even large enterprises with substantial cybersecurity defenses can fall victim. For smaller businesses, lessons learned from these attacks can help you prepare your security strategy for any eventuality.
This article discusses some of the most notable company data breaches from recent months, their causes, impacts, and what you should do to remain protected.
Top 5 Recent High-Profile Company Data Breaches in 2022
1. Uber: September 2022
One of the largest companies in the world, Uber, discovered they were hacked in mid-September after the hacker announced in the companies Slack organization “I am a hacker and Uber has suffered a data breach” followed by several emojis. This caused the company to shut down its internal messaging service and engineering systems in order to get to the bottom of the incident.
The hacker also claimed it could hack into several of the company’s databases, including messaging data. Uber got in touch with law enforcement and found out the hacker compromised an employee’s account. Uber had dealt with a cyber attack in the past and didn’t report it, which led to a legal battle and thousands of dollars in fees. This time they were upfront and taking the precautions in hopes of avoiding a similar situation again.
2. Plex: August 2022
An August data breach into Plex, a media server app used by millions, resulted in personal encrypted data of their customers being compromised; including passwords, usernames, and emails. Millions of people’s personal info being accessed can damage a brand’s trust for years to come.
Although the vulnerability was addressed and secured, Plex still is encouraging their customers to reset their passwords and enable multi-factor authentication. Again, this should be standard practice to protect yourself against data breaches in 2022.
3. Ronin: April 2022
One of the appeals of crypto currency is that it is not stored in a traditional bank, however, many crypto networks don’t have the security they need to protect against a data breach. In April of 2022, Ronin reported that they were hacked for $540 Million. Not only did they lose that money, but they also had to reimburse their customers for the amount they lost.
This is the second biggest crypto hack of all time, and is sure to not be the last. While the prospect of accruing more crypto wealth and having non fungible tokens grow in value is enticing, it’s important to evaluate the crypto network’s cyber security protocols to make sure your assets aren’t affected in a data breach.
4. GiveSendGo Breach: February 2022
The recent hijacking of a Christian fundraising site, GiveSendGo, took place in response to the Ottawa truckers’ protests, and resulted in the personal details of those who donated to their funds being compromised.
The hackers redirected the fundraising site to a page that condemned the Freedom Convoy protests – a case of Distributed Denial of Service (DDoS) attack. They then published the personal information of the 90,000 donors who had contributed to the initiative via the GiveSendGo website.
This incident highlights how important it is to ensure your business uses secure payment methods and platforms. If not, your customer data could easily end up being compromised. Be sure that after your company experiences a data breach, you take the correct steps to resolve the cause of the breach.
5. Crypto.com Breach: January 2022
The blockchain model has long been regarded as one of the most secure forms of transaction processing. However, this hasn’t stopped hackers from trying to compromise crypto-based transactions. This is evident in the January 17, 2022 attack that targeted 483 users’ wallets on Crypto.com.
As part of this hack, the perpetrators stole approximately $18 million worth of bitcoin and $15 million worth of Ethereum, plus other cryptocurrencies. This was primarily possible thanks to the hackers’ ability to bypass two-factor authentication and access users’ wallets. Another example of why using a password manager is so important.
Initially dismissing it as a mere ‘incident,’ Crypto.com later retracted their statement, confirming that money had been stolen and that affected users had been reimbursed. The company also stated that they had audited their systems and worked to improve their security posture.
Businesses must be aware of the risks associated with cryptocurrency theft. The best way to protect against this type of fraud is to ensure that all sensitive data is encrypted.
Other Cyber Security Breaches
Hackers may not just be after customer data, but they may breach a company’s cyber security measures in order to steal other important information.
On August 25th, 2022, Last Pass, a password management provider used by over 30 million people, announced that a third-party had been able to infiltrate their network by accessing a compromised developer account.
Although the security of the company had been breached, they stated that they don’t believe any encrypted customer data had been accessed, but rather the user “took portions of source code and some proprietary LastPass technical information”. This means that no customer data was breached and that Last Pass’s security and encryption measures for their customer’s passwords did its job. Although this cyber security breach has prompted Last Pass to hire third-party investigators and work towards protecting themselves against more breaches in the future.
Thanks to our friends over at Electric for this awesome content!