Posted by Trevagh Stankard on Tue, Aug 10th, 2021
The number of exposed data records in 2020 reached staggering numbers, increasing by 141% to 37 billion. With the impact of remote working and increasing digitization of business processes, 2021 looks set to beat even this breach record. Many of these data breaches come from very large data exposures. Here is a look at some of the most worrying data breaches in 2021, so far…
Data Breaches During 2021
The list below shows ten of the largest or worrying data breaches of 2021, so far. They are listed in the date of breach order and show the extent of the breach and how the breach is likely to have occurred.
Social engineering was behind the cyber-attack on U.S. Cellular in January 2021. Hackers tricked employees into downloading malicious software designed to give an attacker remote access to the computer. The attacker used this access to then subsequently access the company’s customer relationship management (CRM) platform once an employee logged in. From there, the hacker stole customer personal data that included their name, address, PIN, cell numbers, and billing statements.
A Mimecast digital certificate, used to authenticate Mimecast products to Microsoft 365 Exchange Web Services, was compromised by hackers. Mimecast’s stock dropped by 5% after the breach, affecting around 10% of its customers. During analysis of the attack, it was discovered that the Mimecast breach was carried out by the hacking group that carried out the December 2020 SolarWinds attack.
A hacker used remote desktop software (TeamViewer) to hack into the company’s SCADA-controlled, dosing system, and increase the amount of sodium hydroxide added to the water from 100 parts per million to 11,100 parts per million. The change was detected as it happened, alerting the plant operator to the problem. The hacker is thought to have used stolen credentials available on the dark web to gain access. It is believed that the same password was being used for all users to allow remote access. Security analysts point out that the attack was multi-part and included reconnaissance to identify email domains followed by credential stuffing using the stolen passwords.
A Microsoft Exchange vulnerability led to a major ransomware infection at the electronics manufacturer, Acer. The resultant ransom, $50 million, was the largest in history. The hacking group ReEvil was believed to be behind the ransomware attack on Acer. Data was stolen as well as encrypted in the attack; stolen data included bank balances and bank details.
The state-sponsored hacking group, Hafnium, exploited four zero-day vulnerabilities within Microsoft Exchange server email to access the email accounts of around 30,000 U.S. organizations. Once accessed, the hackers were then able to use the remote control of computers to gain access to customer data. Microsoft quickly released patches for the vulnerabilities, but the hacking group continued to use scanners to find unpatched Microsoft Exchange servers to exploit.
At least 530 million Facebook users across 106 countries had data exposed in the cyber-attack. The exposed data records included personal details such as Facebook ID numbers, names, phone numbers, dates of birth, and location. Screen scraping, as opposed to a database breach, was used to capture personal details displayed in user profiles. This was allowed because of a vulnerability in a Facebook feature that was deployed in 2019, called “Contact Importer”. Profiles that were set to “public” or “share with friends” along with allowing a lookup using a phone number, made the system open to exploit.
Colonial Pipeline is responsible for 45% of all fuel consumed on the East Coast of the U.S. A ransomware attack resulted in an operational shutdown affecting around 50 million customers. The hacking group, DarkSide, carried out the attack. As well as encrypting data and systems disabled by the ransomware, the gang stole a large amount of data; these data were used to put pressure on the company to pay the $4.4 million ransom. Security analysts believe that a compromised password was the starting point for the cyber-attack.
Hackers stole 780 gigabytes of source code data from Electronic Arts. Although no personal data was stolen during the attack, the access to source code used to supply games to consumers means that vulnerabilities can be located and exploited, putting customer data at risk. Since the breach, the hackers have also dumped source code snippets online to increase pressure on Electronic Arts to pay the ransom. Stolen Cookies, for sale at $10, were used by the hackers to gain initial access to a company Slack account. The hackers then used social engineering to trick an IT support employee into believing they had lost their phone and to issue them a temporary multifactor authentication token to gain privileged access to data. This attack shows a move away from the traditional methods of holding a company to ransom, stealing data, as opposed to the use of encryption only.
Over 3 million customers of the car manufacturing giant, Volkswagen with Audi, had personal data exposed in June 2021. The breach occurred via a third-party vendor, who had collected and stored the data over several years for marketing purposes. The data was stored in an insecure manner.
Software vulnerabilities or credential theft are behind many of the breaches shown above. The use of social engineering tactics is also an integral part of the hacker's strategy. Preventing data breaches doesn't work using a one-stop-shop approach. Instead, multiple layers of protection offer a more comprehensive way to deal with inventive and persistent hackers.
2021 is only halfway done. Let’s see what the next 6-months have for us, and here’s to a time when the data breach pandemic is a thing of the past.
Protect your organisation from data breaches with TitanHQ’s multi-layered security. Contact our team of security experts today to discover how you can implement a multi-layered defence against data breaches. Contact us.