Inside the Briefcase

Solving the steam_api.dll Missing Issue

Solving the steam_api.dll Missing Issue

Usually this error is faced by the gamers -...

How Security in Tech is Being Reinforced

How Security in Tech is Being Reinforced

In an increasingly digital world, security has become a...

2022 Business Spend Management Benchmark Report

2022 Business Spend Management Benchmark Report

Read the 2022 Coupa Benchmark Report to explore 20...

Cloud Security: Understanding “Shared Responsibility” … and Keeping Up Best Security Practices

Cloud Security: Understanding “Shared Responsibility” … and Keeping Up Best Security Practices

Cloud computing has been around for many years now,...

Webcast: HOW TO SCALE A DATA LITERACY PROGRAM AT YOUR ORGANIZATION

Webcast: HOW TO SCALE A DATA LITERACY PROGRAM AT YOUR ORGANIZATION

Join data & analytics leaders from Starbucks, Cardinal Health,...

Fortify Your Data Protection Security: Learn From The Largest Corporate Data Breaches of 2022 

December 7, 2022 No Comments

by Jeff Broth

Data breaches can harm the reputation of a business, affect the value of stocks, and drain its finances during remediation.

The year 2022 recorded an enormously high number of breaches — many of which hit the news.

What do the high-profile cases teach us about the importance of data protection security, and what caused major breaches in the first place?

Largest Corporate Data Breaches of 2022

#1 Optus

In the month of September in 2022, Australian telecommunication company Optus stated that the company has been the target of hackers. The exact nature of the incident hasn’t yet been confirmed, but it’s most likely that the hacker exploited the API that has been exposed on the internet.

Right now, this is considered to be one of the most severe data breach cases in Australia. The breach resulted in the compromised sensitive data of almost 10 million current as well as former users.

Threat actors obtained information such as names, passwords, ID documents, addresses, Medicare details, driving license numbers, birthdates, cell phone numbers, and emails.

Optus notified the public about the hacking activity 24 hours after noticing unauthorized activity within systems. The company also put a stop to the hacking activity as soon as it was discovered.

Although the company claims that no passwords or credit card data had been stolen in the attack, the users whose driving licenses and passwords were stolen are at heightened risk of identity fraud.

Lessons for other businesses:

– Data breaches happen even to organizations that supposedly have strong security — let alone smaller and mid-sized businesses with smaller budgets they can allocate towards protecting the company

– Once the attack occurs, it’s difficult to rebuild the reputation of a company — 56% of customers considered changing the provider, and 10% instantly cut ties with the company

#2 Cash App (Block)

In April 2022, Cash App, a popular payment service, experienced a breach of its servers. The company that created the app, Block, identified a former employee who still has access to the account as the hacker.

The information that has been compromised in the Cash App breach includes names of the users, data concerning their stocks, portfolio, and account numbers.

When the organization found out about the cyber breach, it got in touch with over 8 million users whose data had been compromised in the incident and notified them about the hacking.

Later, it came to light that the company has been familiar with the attack since December 2021, when it actually took place and failed to notify the users on time to avoid fraud.

The case is currently being investigated even further for the purposes of a class action lawsuit.

Lessons for other businesses:

– Avoid lack of transparency about the breach — the company notified the public months after the breach, in the meantime, their customers were hacked, lost their savings, and experienced identity fraud

– Restrict who has access to the network and regularly update access privileges to avoid insider threats that led to the leak of sensitive information — as it was in this case, for ex-employees

#3 Crypto.Com

In January 2022, the cryptocurrency exchange company known as Crypto.com stated that their website suffered a cyber attack. Threat actors managed to get into the system, access the wallets of users, and obtain over $30 million worth of crypto.

According to the company’s official website, the data breach compromised the crypto wallets of 483 users.

The company hasn’t elaborated on how the attackers managed to breach the system, abstain data, and steal funds.

On the day of the attack, security teams were alerted of withdrawals that went through bypassing two-factor authentication.

Following the attack, Crypto strengthened its security posture and replaced its 2F infrastructure with another one. Also, they got in touch with additional security companies for added security testing and to avoid similar threats in the future.

Lessons for other businesses:

– Having tools that can detect suspicious activity using AI and machine learning combined with a great security team is a recipe for early discovery and mitigation of threats

#4 Flagstar Bank

In June 2022, Flagstar Bank completed the investigation of a data breach that took place in December 2021 and notified the public. They uncovered that sensitive information was  stolen, but don’t have evidence of data misuse.

The cause of the data breach came from unauthorized access from a malicious actor. The exact attack vector that caused the breach hasn’t been disclosed by the company.

Ultimately, the breach resulted in the compromised data of over 1.5 million users. Here, we’re talking about sensitive information such as social security numbers, names, and personally identifiable information.

The operation of the bank which has 150 branches all over the U.S. hasn’t been affected by the breach.

An incident response plan has been started and impacted users have been notified of the data breach of the bank’s private network.

Lessons for other businesses:

– Regularly manage cybersecurity — discovering these threats early is important since attacks get more damaging and costly with every minute

– Most cyber-attacks are financially motivated, making the finance industry one of the top targets of hackers (next to healthcare)

To Conclude: Improving Data Protection Security

Even with these four cases that have been headlining the news in 2022, we’ve barely scratched the surface of all the data breaches that took place over the year.

However, even these incidents are a reminder that it’s important to have layered security and properly manage it to discover any unauthorized activity early and patch up the vulnerabilities within the system.

Recovery following the data breach is more than just improving security to prevent further data breaches.

The public closely followed those cases and paid close attention to how said companies navigated these attacks. They vigilantly followed any discrepancies in the statements released by the organizations. Depending on their reactions, user trust might have been harmed irrevocably.

Click here to view more IT Briefcase content!

DATA PRIVACY, DATA SECURITY

Sorry, the comment form is closed at this time.

ADVERTISEMENT

Gartner