Data breaches continue to grow at an alarming rate as millions of consumers’ personally identifiable information is leaked each month.
Canalys, a well-known market analysis firm, has recently reported that within 12 months, 2020 experienced more data breaches than the previous 15 years combined. Some 30 billion records were compromised in the cyber-attacks recorded over this period.
So far, data breaches are showing no signs of slowing down. Since the start of the year, many large enterprises have announced even more significant attacks.
Let’s take a look at some of the biggest data breaches of 2021 (so far).
T-Mobile Data Breach
The T-Mobile data breach impacted only 0.2% of the company’s total userbase, which means that roughly 200 000 records were affected. Not very significant in comparison to some of the other 2021 cyber-attacks, but we felt that we should include T-Mobile’s security breach because this is the fourth breach that the cellular giant experienced in just three short years.
Socialarks Data Breach
This year, the Chinese data-management startup, Socialarks, found themselves in the cross-hairs of a cyber-attack that allowed the leak of more than 318 million records in total.
Users of popular social media platforms such as Facebook, LinkedIn, and Instagram were affected by the data breach, including several high-profile celebrities and social media influencers.
COMB – The Compilation of Many Breaches
On Tuesday, February 2nd, COMB was leaked on a popular hacking forum.
A compilation of past leaks from Netflix, LinkedIn, Exploit.in, Bitcoin and more, the compilation, which contains more than 3.2 billion unique pairs of cleartext emails and passwords, is widely recognized as the largest data leak of all time.
The impact to consumers and businesses of this new breach may be unprecedented. In addition to an increased vulnerability to phishing attacks or a barrage of spam emails, people that reuse their passwords and usernames across multiple accounts face the looming threat of credential stuffing attacks.
CyberNews recommends that users immediately check if the leak includes their data. You can head over to their data leak checker now.
Facebook Data Breach
On April 3rd, Business Insider published a story saying that information from more than 530 million Facebook users had been made publicly available in an unsecured database.
“The exposed data includes the personal information of over 533M Facebook users from 106 countries, including over 32M records on users in the U.S., 11M on users in the U.K., and 6M on users in India,” says Business Insider.
Facebook believes that the data was scraped by “malicious actors” using a contact importer feature prior to September 2019. However, the public argues that the data varies and that the cyber-attack must be new.
Microsoft Exchange Data Breach
At least 30,000 users ranging from enterprise giants to small and medium-sized businesses worldwide using Microsoft Exchange Server were the targets of an aggressive zero-day hacking campaign exploiting four recently discovered vulnerabilities in the on-premises versions of the email software.
Experts estimate that hundreds of thousands of Exchange Servers may have been affected. These servers may suffer the potential installation of additional malware that can facilitate long-term access to the infected environments.
In response, Microsoft applied updates to patch the vulnerability. However, patching merely blocks the four entry points. If hackers are already in your network – it does nothing, which means that there is a high chance that many Exchange Servers are already breached.
Pixlr Data Breach
In January 2021, a San Francisco hacker leaked 1.9 million user records stolen from the online photo editing application Pixlr.
Reports state that threat actors can use the information leaked by the data breach to perform targeted phishing and credential stuffing attacks.
Pixlr’s database was left unprotected, and the threat actor was able to download the entire database from the company’s AWS bucket.
Other notable online data breaches as of 2021
- Ubiquiti Inc. – Unauthorized access through a third-party cloud provider.
- Mimecast – Breached by a compromised certificate used to authenticate several of the company’s products.
- Bonobos – External cloud breached to download a backup of their database.
- U.S. Cellular – Hackers scammed employees into downloading malicious software onto company computers (the dreaded insider threat).
- MultiCare – A third-party ransomware attack exposed the personal information of over 200,000 patients, providers, and staff of MultiCare Health System.
What is next for data breach protection in 2021?
It is apparent that cybersecurity plans and data protection tools should be front and center of all digital plans. Organizations must take the necessary steps to proactively prevent cyber-threats such as email phishing, insider threats, and ransomware attacks.
With proper planning and implementation, establishments can avoid data breaches, halting the growing breach rate.
The place to start is with next-generation BeyondDLP™ protection. Contact us now to find out more.