Data breaches have become a part of people’s daily lives. Every day, there is news about network infiltrations and data stealing. So far, almost 3.5 billion people have their data stolen only from the two most significant data breaches in history in the current century. Data is the most valuable asset any entity holds, be it a giant corporate or an individual. The frequency at which these mishaps keep occurring is an indication of the criticalness of adopting robust cybersecurity measures. Numerous tools available in the market promise complete network and hardware security, and it is wise that they are given adequate importance.
The graphs below prove the fact that the threat from data breaches is real. There has been a significant jump in data breaches affecting the financial sector because of its data-rich repositories. The nature of the violations has changed over the years too. The government and military data breaches have seen dwindling numbers, while those occurring to banking institutions have seen a quantum leap.
The statistics of data breaches and records exposed in the USA from 2005 to 2020 (in millions)
Sector-wise distribution of records exposed due to data breaches in the USA from 2014 to 2019
6 Recent Significant Data Breaches That Shook The World
Below listed are six of the severe data breaches that have taken place in recent times.
There was an attack on July 15, 2020, which targeted a small group of employees. It was a spear-phishing exercise aimed at stealing internal information. It was also focused on misleading the staff and planting rumors. One of the tools that the spear-phishing activity used was human vulnerability and the ease with which an individual would trust another. The malicious actors ultimately attacked 130 Twitter accounts, tweeting using 45 of them and accessing the inbox of 36. They had also downloaded the Twitter data of 7. They did all of it by using specific employee credentials.
In April 2020, the communication app, Zoom, faced one of the worst data breach attempts. More than 500,000 Zoom accounts were compromised, and the data obtained was sold on the Dark Web. The malicious actors stole credentials through credential stuffing method, where malicious actors used data from older data breaches to log into the respective accounts. Usually, such log-in credentials are all recorded and turned into a list. The list is then sold to the highest bidder on the Dark Web.
A data breach that left almost 300,000 Nintendo Network IDs and accounts exposed occurred in April 2020. The breach occurred through unauthorized log-ins. Additional data breaches were countered through the resetting of passwords, after which Nintendo informed the users. Since then, the Japanese video gaming giant has been highly cautious and on strong guard for any future attacks.
The Marriott group is one of the largest chains of hotels in the world. Hence, it was pretty disturbing for the group to discover the massive data breach in January 2020 that left almost 5.2 million data exposed. The stolen information included the following:
- First Name
- Last Name
- Email Address
- Mailing Address
- Phone Number
Other than this, there was further loss of additional information about loyalty programs and discount coupons. Dates of birth, affiliations, and partnership to the hotel group were also part of the stolen package. Being one of the world’s largest hotel chains, they ought to protect customer information with greater zeal and intent.
Unacademy is a Bengaluru-based online educational platform. It has witnessed huge popularity in recent times and hence has a sizable clientele. In January 2020, it suffered its worst data breach attempt. Consequently, almost 20 million passwords were compromised and exposed to the public. The information stolen included the following:
- SHA-256 hashed passwords
- Date Joined
- Last Login Date
- Email Address
- First Name
- Last Name
- Account Status
The exposed accounts also included a few corporate accounts belonging to prestigious organizations, such as Google, Wipro, Infosys, and Cognizant. US-based cybersecurity organization Cybele announced the data breach.
In October 2020, the famous Indian eCommerce platform Big Basket faced its biggest cybersecurity nightmare. A massive data breach left exposed almost 20 million user accounts. Further analysis of the breach showed that it occurred on October 14 and was made public on November 07. The information that was made public through this data breach was:
- Full Names
- Dates of Birth
- IP Addresses of users’ devices
As with most of the data stolen, the list was put up on sale on the Dark Web for $40,000. It was a tremendous cyber setback for the eCommerce giant.
Preventive Measures For Organizations To Avoid Data Breaches (Especially For SMEs)
Given the number of data breaches taking place and their alarming frequency, organizations must take immediate steps to enhance their cybersecurity with the best phishing protection service. It is applicable especially for SMEs who could not afford the losses incurred from a cybersecurity breach. The following steps can help mitigate such data breaches to a significant extent.
- Initiate training and awareness sessions for employees to prevent them from falling into the phishing trap.
- Place more focus on email security and its management since most phishing attempts happen through ubiquitous email.
- Install and use appropriate cybersecurity tools after carefully going through the credentials of the service provider.
Cybersecurity threats continue to increase as technology advances. It has forced organizations to spend more on cybersecurity tools such as anti-phishing and anti-ransomware ones. The recent data breaches are testimony to the fact that no one is out of risk. Hence, the effort to enhance both internal and external security is a vital requirement. It is always better to be safe than sorry.