Data Breaches: What Made Them Silent Killers [Updated 2023]
If you have any online presence or use digital devices, you must be educated on data breaches, their types, and dangers. This post is dedicated to them only. It is going to be an exciting ride. So, stay tuned.
- VPN statistics: What should you know about VPNs in 2022
- 5 VPN Tinder That You Need For Ultimate Peace of Mind
- The Risks of Reusing Passwords on Multiple Sites
- TikTok privacy violation: What is the news?
The Must-Know Data Breaches: Case Study
By a data breach, we mean an incident of information stolen, accessed, or exposed without the permission of the information owner. The most common information that becomes a data breach victim is email addresses, constant customer data details, trade secrets, or credit card details.
Talking about the origin of recent credit card breaches or other types of breaches, they have been present since the beginning of time. In the digital world, it became prominent in the 1980s and grew immensely in the early 2000s.
In 1986, TRW, a global credit information corporation, was hacked, and around 90 million records were taken away. The same year, Revenue Canada became a victim of an information breach and one security data breach. Speaking of the impact of data breaches, it is of assorted types. For instance, one can lose a massive chunk of money when an individual is victimized.
For an organization, becoming a victim of an information breach means losing reputation and customers’ trust.
Here are some of the statistics related to the loss of data breaches:
These figures show that data breaches are no less than a headache for individuals and cooperate.
How Does a Data Breach Happen?
A “data breach” occurs when a hacker or cybercriminal manipulates the data sources and extracts crucial information from that resource.
For instance, a hacker can access a computer or network in an unauthorized manner and steal information. Data can also be extracted by bypassing the network security protocols.
Some of the most common tools to make this happen are malware attacks, viruses, phishing, and Denial of Services. However, ways like payment card fraud and insider data leaks are also responsible for many data breaches.
Massive Data Breaches to be aware of (Case by Case)
Here is a quick overview of some of the most talked-about and famous recent data breaches in 2021, out of which some resulted in exp data breach settlement and losses for the organization who were victims:
#1 – Facebook
Despite many cybersecurity breaches prevention measures, Facebook has been victimized by data breaches a couple of times. It was reported that nearly 500 million users’ data were stolen and posted on a low-key hacking forum. The contact details like phone numbers and email addresses were revealed. It is as scary as it sounds.
Even the CEO of Facebook, Mark Zuckerberg, wasn’t able to save its private credentials from online predators. The data was leaked on the dark web for free. The only sigh of relief that those 540 million users have been the assurance that the finance and password-related information was not exposed.
Users from 160 countries fall into the trap of this recent data breach. The US was most affected as 32 million compromised accounts were from the US.
Facebook IDs, full names, locations, birthdates, bios, and – in some cases – email addresses were disclosed. A Facebook official revealed that it happened because of the vulnerability that the company handled in 2019. The data scraping process was adopted to make this happen.
#2 – Instagram
In May 2019, around 49 million records exposed online contained crucial information about Instagram influencers and celebrities. Users’ biodata, profile pictures, locations, and other essential details were disclosed. In 2021, it happened once again. But, this time, Instagram wasn’t at fault. It happened because of SocialArks, a Chinese Data-scraping company.
Because of cloud misconfiguration at the hands of SocialArks, around 318 million records were left unprotected in outer space. These records were of Facebook, Instagram, and LinkedIn.
#3 – LinkedIn
Around 500 million LinkedIn accounts were compromised in April 2021. It was said that a considerable sum in 4 digits (bitcoin) was used for negotiation. However, LinkedIn never explained the reasons and even tried to investigate the causes.
Besides, LinkedIn was also a part of the data breach that happened because of mishandling by SocialArks.
#4 – Cancer Treatment Centers of America
Recently, on March 18, 2021, Cancer Treatment Centers of America revealed that around 104,808 patients of its, Midwestern Regional Medical Center were accessed by authorized personnel. Information like names, health insurance information, medical record numbers, and CTCA account numbers was likely to get exposed. Thankfully no financial information was revealed.
#5 – Ubiquiti Inc.
This one is also a recent data breach that was initiated at the end of 2020. It lasted for two months, and the organization was able to take control by the end of January 2021.
The “data breach” impacted a considerable chunk of its customers when an intruder gained unauthorized access to information like names, hashed passwords, salted emails, and addresses. The data breach reduced the stock value of the company by 30%.
#6 – Parler
Parler, the one who ripped off Twitter, was a victim of a data breach in Jan 2021 and went offline suddenly. An immense number of information and personal conversations were leaked. Soon after the hack, it was removed from Amazon Web Hosting.
#7 – Mimecast
Around 10% of Mimecast users fall into the trap of data breaches. It happened when a threat actor compromised the company’s certificate used to authenticate a couple of Microsoft Office 365 Exchange Web Services. The company hired a seasoned security expert to look into the issue.
#8 – Pixlr
This famous photo editing website was in the news for bad reasons when a notorious hacker exposed its 1.9 million Pixlr user records for free on an online forum.
He even invited people to use this data for phishing and other malicious activities. However, the company didn’t accept the incident. But BleepingComputer revealed that this is a legitimate breach.
#9 – Bonobos
Bonobos’ data breach affected 12.3 million records in Jan-2021. A cybercriminal backed up its server and stole 7 million shipping addresses, 3.5 million partial credit card records, and 1.8 million account information.
Bonobos confirmed the breach but made it clear that the data was stolen from the backup done on a third-party app.
#10 – VIPGames
Think before using an online gaming platform twice, as you can end up using crucial information. It has already happened with 66,000 users of VIPGames, a leading online gaming platform. Around 23 million data records were stolen and compromised. All of this happened because of a misconfigured server.
#11 – Kroger
The incident happened on January 23, 2021. Gladly, credit or debit information and account passwords were also saved from this attack.
This is not the first time any company is attacked by a data breach because of Accellion FTA. There are many others as well. Experts say that replacing old and tattered software is an excellent option to stay protected from such data breaches.
#12 – T-Mobile
T-Mobile was attacked once again in 2020 when a hacker gained unauthorized access to the customer’s proprietary network information (CNPI) and exposed the call-related information. T-Mobile is the world’s third-largest mobile service provider.
Yet, it can’t keep data breaches at bay. After the T mobile data breach in 2021, the company revealed that the hacker wasn’t successful in accessing sensitive customers’ data and compromised their financial information. This intrusion impacted around 200,000 users.
#13 – CAM4 data breach
Around 10.88 billion records were leaked in March 2021. The credit for this data breach goes to its Elasticsearch server that leaked the information.
Customers’ information, such as names, sexual orientations, email addresses, payment logs, IP addresses, and password hashes, were exposed.
#14 – Microsoft Exchange
Around 250,000 servers were corrupted and gave full unauthorized access to hackers. Information like the use of emails and passwords, saved in the targeted servers, was exposed. Out of those 250,000 servers, 30,000 were in the United States alone.
It was figured out that ransomware of a new family was injected into the servers and infected the datasets, even the encrypted ones.
The event took place in many phases. The first exploit was reported on 5th January 2021, while the first beach was reported the next day, i.e., on 6th January 2021.
In March 2021, the data breach was fully accepted by Microsoft.
#15 – SITA
In February 2021, another data security breach happened, and this time the victim was air transport data giant SITA. The company confirmed in a statement that certain crucial information saved on its US servers had been breached.
Because of this information security breach, many airlines, such as Malaysia Airlines, Air New Zealand, Singapore Airlines, Finnair, Cathay Pacific, Jeju Air, and Lufthansa, were hugely impacted.
#16 – Wegmans
Wegmans is a very famous US supermarket chain that fell victim to a data breach in 2021. The data breach happened due to cloud storage misconfiguration. The technical error guided the servers to make the database accessible to all. Assorted details were exposed, such as user name, phone number, addresses, shopper number, hashed password, and many more.
#17 – U.S. Cellular
When we talk about the biggest data breaches, US Cellular data breaches should be there. US Cellular is US’s leading wireless carrier and claims to adopt best security practices. Despite that, hackers successfully downloaded the malware on the employees’ software and devices and gained swift access to 4.9 million records. The data was related to 270 customers.
#18 – California DMV
Be it private or public, no firm is safe from data breaches, and the attack that happened on The California Department of Motor Vehicles is the biggest example of this.
On February 18, 2021, the department declared that its Automatic Funds Transfer Services software was attacked by ransomware. The attack exposed driver records for the past 20 months. Details like VINs, names, and license plate numbers were leaked.
#19 – MultiCare
The Healthcare industry is one of the many favorites of hackers. Recently, in March 2021, MultiCare, a leading healthcare firm, faced the wrath of a data breach. Data like bank account numbers, policy numbers, personal information, and the DOB of 200,000 patients were leaked.
#20 – Hobby Lobby
Hobby Lobby, despite taking appropriate, has lost crucial information of over 300,000 customers due to a massive data breach. Any hacker did not do it, as the company declared that its cloud storage suffered misconfiguration.
#21 – ClubHouse
On April 10, 2021, ClubHouse became the victim of a data breach. As a result, more than 1.3 million scrapped user records were revealed. The data was posted on a famous hacker platform and was available for free. Speaking of the type of leaked data, it featured details related to photos, URLs, Instagram accounts, IDs, number of followers, and many more.
#22 – GEICO
The auto insurance giant, GEICO, had to deal with a huge data breach in 2021.
The company announced that unauthorized access to its driver’s license database was spotted. The company failed to provide the exact number of users who suffered. But, speculations are that they are in millions.
#23 – Experian
Experian had to face a data breach on April 26, 2021. It was caused due to a compromised API used for researching student loan providers. Other than Experian, many other companies were also using this API. When it was corrupted, it granted access to the secret credit score of more than 10 million Americans. Random people can see the DoB, mailing address, and other personal details.
#24 – Volkswagen & Audi
In 2021, more than 3 million records of Volkswagen and Audi subsidiaries were released to the public by a 3rd party marketing company. The exposed data featured details like name, email address, and phone number. Information related to leased vehicles was also exposed.
#25 – SeniorAdvisor
It was not in the notice of SeniorAdvisor that its database was not password protected.
Some cybersecurity researchers figured that out. Because of no protection, hackers had no trouble accessing the 3 million records. Hackers steal information related to DoB, phone numbers, and email.
#26 – GetHealth, Fitbit, and Apple
People swear by the security practices that Apple adopts. But, it has also fallen into the trap of data breaches. The recent one happened in 2021 and involved GetHealth and FitBit.
Actually, the breach targeted GetHealth, a leading wellness app. But, as it was keeping the user records of Apple and Fitbit, over 61 million user records were exposed. It was indeed a huge data breach of 2021. Data related to trackers and wearables were affected.
#27 – UNM Health
2021 was the year of data breaches in the healthcare industry, and UNM Health was among the victims. Unidentified access to the database of UNM Health was spotted, and it’s believed that nearly 630,000 personal and medical records were exposed.
#28 – OneMoreLead
OneMoreLeadis, a marketing company, reported a data breach on August 4, 2021. The data breach was huge, as over 126 million records were exposed and posted on an online forum. The attack exposed information like work address, name, email, phone number, and IP address. No serious damage was reported.
#29 – Guess
Though the company prefers not to disclose the total number of affected data, it announced that the ransomware only attacked information like driver’s license number and passport number. But, few internal sources commented that it was more severe, and sensitive information like financial account numbers and social security numbers were also revealed.
Common Causes for a Data Breach Incident to take Place
- Data mishandling by insiders: In this process, a company’s insider or trusted personnel steal customer data, sell it to peers, or use it for personal use.
- Theft or loss of data: It refers to stealing or losing the source of the database. For instance, you have customer data stored in a laptop, and it got misplaced. Any other person got access to the laptop and stole the data. It can happen to paper-based data as well. Sometimes, it happens accidentally.
- Denial of Service or DoS – It occurs when a threat action overloads an organization’s system and network and prevents authorized personnel from accessing them. Mostly, the targets of this mode of data breach are large enterprises and MNCs.
- Crimeware includes introducing the assorted type of malware or planning social engineering attacks to steal information.
- Ransomware involves taking the file of the targeted system/computer captive until the victim pays what is asked to access them.
- SQL injection is where the hacker introduces arbitrary code to the web form of an online user. If the user fails to handle the form correctly, the code will enter the database and steal information.
- Phishing is a type of social engineering attack and involves proposing the threat actor as a trusted source, contacting them via multiple means, and stealing crucial information.
- Data breach via web applications: Access to the majority of web applications demand customary personal information like name, phone number, and emails. Hackers gain access to web applications and steal this information.
- Attacks by Cyber-espionage: This type of data breach involves sending a malicious email to the affiliated actors to drill the system.
- Skimming of payment card: If you use a debit or credit card, then you can be the victim of a data breach as criminals will place a skimming software/tool on the ATM or card reader and capture the card details.
- Introduction of multiple errors: Sometimes, multiple errors like cloud storage misconfiguration and server misbehaving will lead to data leaks.
- Point-of-sale intrusions: This type of data breach means/medium is mostly used in restaurants and controllers and involves information leaks from POS terminals and controllers.
- Various other things: Ways like using a compromised email account and following the bogus directive are rarely used for hacking the databases.
What Troubles Can Cybercriminals Create With Stolen Data?
Well, one’s life can get into a serious mess if the stolen data falls into the wrong hands after a data breach target attack. They can use the information in various wrong ways. Here is a glimpse of the mess that they can create.
They can use the information to steal your money
This is the most common use of stolen data. Cybercriminals can steal your money directly or indirectly. They can:
- Use the credit card and make the payment;
- Directly withdraw money from one’s account and spend or invest it elsewhere;
- Get things like medical treatment, avail of a home loan, or purchase expensive things using your money;
- Use your information to avail the government perks;
- Open an account;
- Steal the rewards offered on the credit cards.
They will sell your information to a third party or expose it on the dark web
Your data has a lot of worth in the outer world. If you wonder where all these loan companies get your personal information, then it’s because a hacker has sold your information to them. Some hackers are so generous that they steal the information and release it on the dark web for free. In either case, the information owner is at a loss.
How Can You Help Protect Your Personal Data?
- Organizations can update and review their data governance policies frequently and make changes as per the need of the hour.
- Ensure that data classification and governance are at par with data privacy standards like HIPAA, SOX, and ISO 27001.
- It is essential to do risk assessments frequently and spot the vulnerabilities in their infancy stage.
- If you can afford a full-time data security expert, then it’s good. Else, outsource this service. Don’t ever try your hand in this domain. It is something that demands perfection and expertise.
Organizations can reduce the harm of data breaches by creating a viable disaster recovery plan. When there is an effective recovery, data can be recovered easily.
7 Viable Ways To Stay Protected Online on the Personal/Organizational Level
Considering the frequency at which data breaches occurred, it’s imperative to adopt ways that will help an online user stay protected. Gladly, there are many ways available.
#1 – Don’t entertain anything unverified or unofficial while being online
While you’re online, make sure that you don’t open emails from strangers, open an unverified link, or even visit any unofficial website. Such online resources are mostly well-planned phishing attacks planned to steal personal information. Always entertain information or data coming from trusted individuals or resources in the online sphere.
#2 – Use updated system/software
Whatever devices or applications are used while being connected to the internet, make sure they all running over an updated OS. Outdated OS and systems will help cyberpunks in causing harm to your or your personal data/information because legacy systems are over-exploited, lack security patches against modern security threats, and fail to do quick error detection. Activate automatics OS updates to avoid any delays.
#3 – Always use strong passwords
Gone is the era of passwords like 1230 or john12. Easy-to-guess passwords are the greatest threat to personally identifiable information PII. Just as you protect your legal documents, you should be attentive enough to protect online documents or data with a powerful password. Also, avoid using the same password for multiple websites. We also recommend changing passwords frequently.
#4 – Try multi-factor authentication
Multi-factor authentication is an ideal way to prevent unauthorized access to email addresses, mobile devices, bank account details, and any other sensitive information stored online or on digital devices. This concept combines more than one login process together to strengthen online security.
#5 – Don’t get carried away with public WiFi
If you want to protect sensitive data and don’t want to compromise the user accounts, you need to stay away from public WiFi. Such WiFis are open to all, and cyberpunks use them to access personal data and plan a massive data breach.
#6 – Use viable security tools
There is no dearth of security tools in the market. All you need to do is to understand their power and use them in an intelligent way. For instance, you should use anti-virus software and scan the device at regular intervals. This tool will spot hidden vulnerabilities and alert you to take immediate action.
You can also use a VPN or proxy server to make the entire traffic fully encrypted. A proxy server is good for encryption applications but it fails to match the offerings of a VPN. VPN is an advanced technology that protected traffic so much so that sensitive information, bank accounts, legal documents, online presence, and everything else that you do while being connected to the internet remains in a safe hand. VPN also helps in bypassing geo-restriction.
Using a firewall is also a great way to avoid authorized access to devices such as computers, IoT, phones, and so on.
#7 – Delete your user account information from unverified devices
First of all, you should never use someone else’s computer or device to stay connected. But, if you have to use another’s device, make sure you log out from that device immediately. Never let any confidential detail be saved on unverified devices.
The effective utilization of these practices will help you to stay protected as you browse the internet.
What Should You Do if Your Personal Data is Exposed?
We know that it is a heart-breaking and shattering thing to know that your personal data has been stolen. Thoughts of getting robbed, blackmailed, or exposed will run through your mind, and it is about to happen. But, you need to maintain your sanity as you are not alone in this. Many leading firms have also faced it.
This is what a prey of data breach must do soon after the attack.
- Figure out what kind of attack has happened. Whether your personal information has been stolen or financial credentials have been compromised.
- Once you figure out what has been stolen, take remedial actions immediately. Change all the passwords and update your account details. In case of financial data theft, contact your bank and report the incident. Ask for an inquiry as well.
- Enable the two-factor authentication on all your accounts for added security. With this, you will be notified when someone is trying to gain unauthorized access to your dataset.
- If you feel that a crucial dataset has been stolen, it is better to hire a security expert to find the root cause and recover the data. This is primarily the case with organizations and businesses. But, individuals with heavy loss can also take up this way.
How Can You Recover If Your Data Is Exposed In a Data Breach: Steps to Take on Your Own
- Find out the type of data hampered. In the US, companies have to inform the end-user about the data breach and the kind of information stolen. If this is not the case where you reside, try to figure out this first to determine how much damage is about to happen.
- Contact your bank or other financial institutes. If your debit or credit card is compromised, block them as soon as you spot a breach.
- Change all the current passwords. Some attacks are visible immediately, while few take time to come to the surface. So, it’s better to change all your passwords once you face a data breach.
Keep an eye on any suspicious activity. If the attack was made by malware, then you might face its impact after some time as well. We will also suggest hiring an expert and getting a thorough check done so that if there is anything hidden, it will come to the surface. As a prevention, you should implement powerful anti-virus software in your system.
It will add an added layer of security. Using a VPN is also a great way to enhance system security and stay safe in the virtual space.
The Bottom Line
Data breaches are common and are likely to target all of us. However, one can save its neck by being a little extra vigilant. It is wise not to entertain any email, post, or message with unknown or unauthorized information. Keeping devices and software updated is also very crucial. Doing regular security audits can save tons of hassles. So, stay aware and informed.
Let VPNWelt warn you: to be completely secure on the internet, you will need the help of the best VPN service.
You probably don’t have time to learn all the details about VPN services, but you want to know which one is the best for you. Here are six trustworthy VPNs I can recommend to you, depending on the scope of use of each of them.
- Best VPN overall: NordVPN
- Best value for money: CyberGhost
- Cheapest annual subscription: PIA
- Best for streaming: Surfshark
- Best premium VPN: ExpressVPN
- Largest country selection: VeePN
For more information, see our picks for the best VPNs here.