Monday, December 5, 2022
HomeCyber Security BlogCyber Security NewsBIGGEST DATA BREACHES SO FAR





Data breaches have decreased in how many victims there are and there were in recent years. Hacking of healthcare organizations, financial service companies, manufacturing, and utilities is on the rise. Threats such as phishing, malware, and credential stuffing pose the most severe risk of data breaches. However, 154 of the 404 filed reports failed to specify the reason for the breach.

18 Major Data Breaches
  1. Baptist Medical Center

Unidentified attackers succeeded via malware attack and caused a major breach at Baptist Medical Center and affiliate Resolute Health Hospital of New Braunfels, Texas. The breach of the healthcare company ranks among the largest breaches ever seen. It affected patient records, compromising sensitive information that was accessed by hackers.

2. Yahoo data breach 2017

Yahoo released information saying hackers breached a billion accounts on their database. The breach caused more personal info to be revealed, increasing the risk of identity theft. Yahoo announced this breach when they were negotiating to sell themselves to Verizon on December 14, 2016.

Yahoo initially predicted that 3 billion user accounts were compromised, but this was revised to 1 billion. The investigation revealed that passwords, payment card data, and bank details weren’t stolen as originally reported.

3. Aadhaar data breach

In March of 2018, an individual named Sanjay was able to purchase private information of citizens such as their address or phone number and other personal data for 100 Rupees. The Indian government exposed the photo identification details of its citizens. This adds to Facebook’s exposure as a company that was hacked in 2019 and one of the few companies with a severe security breach in 2021.

4. “Starwood (Marriott) data breach”

Marriott recently announced that hackers have stolen 500 million records of hotel customers. Despite this discovery being made in November 2018, attackers have had unauthorized access since 2014.

Marriott has revealed that its database was hacked and as a result, personal information about customers, including contact information and travel information, was stolen. The company is not sure yet whether credit card numbers were also accessed but it is safe to assume that Marriott’s database was fully exploited.

5.  MySpace data breach

Russian hackers secured confidential information in 2013. The breach wasn’t publicly disclosed until 2016. During this time, anyone with access to these accounts could take them over. Myspace has since invalidated all passwords that were set up before 2013.”

6. Court Ventures Data Breach

The hacker was selling information in the breach he accessed, including credit card numbers and social security numbers. In 2020, Experian suffered another breach when pirated a database (used without permission), which was then used for marketing purposes. Experian suffers one of the most damaging data breaches in the financial service industry.

7. LinkedIn data breach

In 2012, LinkedIn data was breached, but they never confirmed how many passwords were stolen. Years later, we found out that 117 million passwords were exposed in the breach, and an additional 165 million user accounts were compromised.

After this revelation, other services looked at their LinkedIn data, notified their users that had the same password, and asked them to change it. There are still some unanswered questions about why LinkedIn didn’t notify people in the four years following the initial breach and why they didn’t look into it in more detail.

8. California Concealed-Carry Permits

Just days after a consequential US Supreme Court decision, there was a data breach that made publicly available the information of people who applied for concealed-carry permits in California, including their names, ages, addresses, and license types.

9. Decentralized Finance Platform Hacks

The risk of cryptocurrency storage has come with a variety of mistakes and oversights, some of which hackers have been eager to capitalize on. And in April, attackers took advantage by targeting Beanstalk’s stablecoin protocol system and taking $182 million worth of cryptocurrency at the time.

10. Russia/Ukraine Hacking

Russia has been mounting cyberattacks against Ukraine, while Ukraine has hacked back. Russia invaded Ukraine in February which lead to the two countries fighting differently. Online the conflict is between pro-Russian and pro-Ukrainian hackers forming a volunteer IT army and citizen hackers hacking into Russian websites.

11. Horizon Actuarial Services LLC

An attack on a security breach occurred within Horizon Actuarial and the theft of information from their servers, which included customers’ names, birthdays, and Social Security numbers. Horizon Actuarial then settled with the criminals in exchange for retrieving the data and removing it from circulation.

12. Slickwraps data breach

SlickWraps had a breach of over 370,000 customer information, which could have been prevented had they listened to white hat hackers. One attempted to do a medium pot, and another breached the company’s defense in an email to 370,000 customers.

13. SolarWinds data breach

SolarWinds customers were hacked in March 2020, including six U.S Government departments. The breach wasn’t discovered until December 2020 and was the impetus and very influential for Joe Biden’s Cyber Security Executive Order.

14. Microsoft

Microsoft was targeted in a cyberattack and there were some consequences. However, its prompt security team helped them to quickly shut down the hacking attempt. On March 20th, Lapsus$ announced their breach on Telegram, claiming to have overcome Microsoft. Bing and Cortana are used by millions of people around the world daily, so, unsurprisingly, many were up in arms about the idea of their data being compromised.

The Lapsus$ hacker group published a screenshot on March 20, 2022, of Microsoft’s Azure DevOps that seemed to prove Microsoft had been breached. The screenshot was taken by the hacker group from within Azure DevOps and indicated that Bing, Cortana, and other projects may have been compromised in the breach.

Microsoft posted that on March 22, the attack occurred and there was no customer data being compromised. Lapsus$ wasn’t able to find active customers.

15. PressReader

PressReader is a company that was attacked by people who sent hundreds of requests to its website in March, halting the publication of loads of its titles.

PressReader’s servers were hacked, and no one is sure yet how. Whatever the motive, it immediately followed their announcement of free access in Ukraine.

PressReader was able to quickly reconnect to its global content readers, but an attack stopped access to more than 7,000 different news sources for three days.

16. Marquard & Bahls

Marquard & Bahls: Exploring The Role of News Outlets as Part of Your Media Mix. Previously unheard of, Germany’s “Gas Autohof GmbH” was targeted and its IT infrastructure destabilized. As a result, more than 200 gas stations across the country closed.

Experts have said that Shell’s fuel supply was halted due to an attack from the BlackHat gang. The Russian group has attacked oil pipelines in the past, and it is insinuated that this is the cause for Shell’s lack of fuel. Attacks against energy suppliers will continue as the climate crisis worsens and the Ukrainian war escalates.

17. GiveSendGo

Many of these hacks are not motivated by a desire for money, but due to politics. Such is the case with GiveSendGo in February 2022. GiveSendGo is a fundraising website that is trending among Canadian truckers because it’s open to all religions.

The authors found it surprising that political hacks stole and published the information of 90,000 people who had donated money to protestors and also redirected the fundraising page to another site against truckers. Data was also sent to a group that publishes leaked data coming from right-wing entities.

Clear lesson: companies need top-notch security to ward off political attacks.

18. Cash app

You can use an app to pay for things with your phone, and in April 2022 the app’s creators admitted that one of its employees had illegally accessed their servers.

There was a particular grudge against the business. The hack included names of customers, trading information, account numbers, and portfolio values as well as other private information such as money and stock transactions.

It hasn’t been mentioned how many customers have been affected, but the company has contacted 8 million customers after the attack. Also, no account credentials were stolen, and only a limited amount of identifiable information was taken in the attack.