2022 data breaches have been on the rise. This is not good news for us, we mere humans, who rely heavily on technology đđ
A data breach occurs when a threat actor breaks into (or breaches) a company, organization, or entityâs system and purposefully lifts sensitive, private, and/or personally identifiable data from that system. When this happened, companies are sometimes forced to pay ransoms, or their information is stolen ad posted online. In 2021 it was reported an estimated 5.9 Billion accounts were targeted in data breaches đđ
After reading about the password manager LastPass being breached this week, I did a deep dive to see who else has been hit. The listing includes international breaches.
It’s alarming yet important to know to determine how you might be impacted. Sit back and skim through to see if your information may have been compromised.
Recent Breaches
August 2022 Source: https://tech.co/news/data-breaches-2022-so-far
August 25
LastPass Breach: The password manager disclosed to its customers that it was compromised by an âunauthorized party’. The company assured customers that this took place in its development environment, and that no customer details are at risk.
August 24
Plex Data Breach: Client-server media streaming platform Plex is enforcing a password reset on all of its user accounts after âsuspicious activityâ was detected on one of its databases. Reports suggest that usernames, emails, and encrypted passwords were accessed.
August 20
DESFA Data Breach: Greece’s largest natural gas distributor confirmed that a ransomware attack caused an IT system outage and some files were accessed. However, a quick response from the organization’s IT team â including deactivating online servers â meant that the damage caused by the threat was minimal.
August 10
Cisco Data Breach: Multi-national technology conglomerate Cisco confirmed that the Yanluowang ransomware gang had breached its corporate network after the group published data stolen during the breach online. Security experts have suggested the data is not of âgreat importance or sensitivityâ, and that the threat actors may instead be looking for credibility.
July 2022
July 26
Uber Data Breach Cover-Up: Although this data breach actually took place way back in 2016, it was revealed in late July that Uber had covered up an enormous data breach that impacted 57 million users, and even paid $100,000 to the hackers just to ensure it wasn’t made public.
July 22
Twitter Data Breach: The first reports that Twitter had suffered a data breach concerning phone numbers and email addresses attached to 5.4 million accounts started to hit the headlines on this date, with the company confirming in August that the breach was indeed genuine. The vulnerability that facilitated the breach was known by Twitter at the turn of the year and had been patched by January 13, 2022, so data theft must have happened within that short window.
July 19
Neopets Data Breach: On this date, a hacker going by the alias âTarTaXâ put the source code and database for the popular game Neopetâs website up for sale on an online forum. The database contained account information for 69 million users, including names, email addresses, zip codes, genders, and dates of birth.
July 18
Cleartrip Data Breach: Travel booking company Cleartrip â which is massively popular in India and majority-owned by Walmart â confirmed its systems had been breached after hackers claimed to have posted its data on an invite-only dark web forum. The full extent of the data captured from the companyâs internal servers is unknown.
July 13
Infinity Rehab and Avamere Health Services Data Breach: The Department of Health and Human Services was notified by Infinity Rehab that 183,254 patients had had their personal data stolen. At the same time, Avamere Health Services informed the HHS that 197,730 patients had suffered a similar fate. Information stolen included names, addresses, driverâs license information, and more. On August 16, Washingtonâs MultiCare revealed that 18,165 more patients were affected in the same breach.
July 12
Deakin University Data Breach: Australia’s Deakin University confirmed on this date that it was the target of a successful cyberattack that saw the personal information of 46,980 students stolen, including recent exam results. Around 10,000 of the university’s students received scam text messages shortly after the data breach occurred.
July 5
Marriot Data Breach: The Hotel group â which is no stranger to a data breach â confirmed its second high-profile data breach of recent years had taken place in June, after a hacking group tricked an employee and subsequently gained computer access. According to databreaches.net, the group claimed to be in possession 20 GB of data stolen from the BWI Airport Marriottâs server in Maryland. Marriot would be notifying 300-400 individuals regarding the breach.
June 2022
June 29
OpenSea Data Breach: NFT marketplace OpenSea â that lost $1.7 million of NFTs in February to phishers â suffered a data breach after an employee of Customer.io, the companyâs email delivery vendor, âmisused their employee access to download and share email addresses provided by OpenSea users⊠with an unauthorized external partyâ. The company said that anyone with an email account they shared with OpenSea should âassume they are affectedâ.
June 17
Flagstar Bank Data Breach: 1.5 million customers were reportedly affected in a data breach that was first noticed by the company on June 2, 2022. âWe have no evidence that any of the information has been misused. Nevertheless, out of an abundance of caution, we want to make you aware of the incidentâ a letter from Flagstar bank to affected customers read.
June 14
Baptist Medical Center and Resolute Health Hospital Data Breach: The two health organizations â based in San Antonio and New Braunfels respectively â disclosed that a data breach had taken place between March 31 and April 24. Data lifted from its systems by an âunauthorized third partyâ included the social security numbers, insurance information, and full names of patients.
June 11
Choice Health Insurance Data Breach: On this date, Choice Health Insurance started to notify customers of a data breach caused by âhuman errorâ after it realized an unauthorized individual was offering to make data belonging to Choice Health available online. This had actually been publicly available since May 2022. The data dump consisted of 600MB of data with 2,141,006 files with labels such as âAgentsâ and âContactsâ.
June 7
Shields Health Care Group Data Breach: It was reported in early June that Massachusetts-based healthcare company Shields was the victim of a data breach that affected 2,000,000 people across the United States. The breach was first discovered on March 28, 2022, and information such as Social Security numbers, Patient IDs, home addresses, and information about medical treatments was stolen. A class action lawsuit was filed against the company shortly after.
May 2022
May 26
Verizon Data Breach: A threat actor got their hands on a database full of names, email addresses, and phone numbers of a large number of Verizon employees in this Verizon data breach. Vice/Motherboard confirmed these numbers were legitimate by ringing the numbers contained in the databases and confirming they currently (or used to) work at Verizon. According to Vice, the hacker was able to infiltrate the system after convincing an employee to give them remote access in a social engineering scam.
May 23
Texas Department of Transportation Data Breach: According to databreaches.net, personal records belonging to over 7,000 individuals had been acquired by someone who hacked the Texas Dept. for Transportation.
May 20
Alameda Health System Data Breach: Located in Oakland, California, Alameda Health System notified the Department of Health and Human Services that around 90,000 individuals had been affected by a data breach after suspicious activity was detected on some employee email accounts, which was later found to be an unauthorized third party.
May 17
National Registration Department of Malaysia Data Breach: A group of hackers claimed to hold the personal details of 22.5 million Malaysians stolen from myIDENTITI API, a database that lets government agencies like the National Registration Department access information about Malaysian citizens. The hackers were looking for $10,000 worth of Bitcoin for the data.
Costa Rican Government: In one of the most high-profile cyberattacks of the year, the Costa Rican government â which was forced to declare a state of emergency â was hacked by the Conti ransomware gang. Conti members breached the government’s systems, stole highly valuable data, and demanded $20 million in payment to avoid it being leaked. 90% of this data â amounting to around 670GB of the data â was posted to a leak site on May 20.
May 7
SuperVPN, GeckoVPN, and ChatVPN Data Breach: A breach involving a number of widely used VPN companies led to 21 million users having their information leaked on the dark web, Full names, usernames, country names, billing details, email addresses, and randomly generated passwords strings were among the information available. Unfortunately, this is not the first time supposedly privacy-enhancing VPNs have made the headlines for a data breach.
April 2022
April 4
Cash App Data Breach: A Cash App data breach affecting 8.2 million customers was confirmed by parent company Block on April 4, 2022 via a report to the US Securities and Exchange Commission. The breach had actually occurred way back in December 2021, with customer names and brokerage account numbers among the information taken.
Emma Sleep Data Breach: First reported on April 4, customer credit card information was skimmed using a âMagecart attackâ. âThis was a sophisticated, targeted cyber-attack on the checkout process on our website and personal information entered, including credit card data, may have been stolenâ an email to customers read.
March 2022
March 30
Apple & Meta Data Breach: According to Bloomberg, in late March, two of the worldâs largest tech companies were caught out by hackers pretending to be law enforcement officials. Apple and Meta provided the threat actors with customer addresses, phone numbers, and IP addresses in mid-2021. The hackers had already gained access to police systems to send out fraudulent demands for the data. Some of the hackers were thought to be members of the Lapsus$ hacking group, who reportedly stole the Galaxy source code from Samsung earlier in the month.
March 26
US Department of Education Data Breach: It was revealed that 820,000 students in New York had their data stolen in January 2022, with demographic data, academic information, and economic profiles all accessed. Chancellor David Banks blamed software company Illuminate Education for the incident.
March 24
Texas Department of Insurance Data Leak: The state agency confirmed on March 24 that it had become aware of a âdata security eventâ in January 2022, which had been ongoing for around three years. âTypes of information that may have been accessibleâ, the TDI said in a statement in March, included ânames, addresses, dates of birth, phone numbers, parts or all of Social Security numbers, and information about injuries and workersâ compensation claims. 1.8 million Texans are thought to have been affected.
March 18
Morgan Stanley Client Data Breach: US investment bank Morgan Stanley disclosed that a number of clients had their accounts breached in a Vishing (voice phishing) attack in February 2022, in which the attacker claimed to be a representative of the bank in order to breach accounts and initiate payments to their own account. This was, however, not the fault of Morgan Stanley, who confirmed its systems âremained secureâ.
February 2022
February 25
Nvidia Data Breach: Chipmaker Nvidia confirmed in late February that it was investigating a potential cyberattack, which was subsequently confirmed in early March. In the breach, information relating to more than 71,000 employees was leaked. Hacking group Lapsus$ claimed responsibility for the intrusion into Nvidiaâs systems.
February 20
Credit Suisse Data Leak: Although this is technically a âdata leakâ, it was orchestrated by a whistleblower against the companyâs wishes and one of the more significant exposures of customer data this year. Information relating to 18,000 Credit Suisse accounts was handed over to German publication SĂŒddeutsche Zeitung, and showed the Swiss company had a number of high-profile criminals on their books. The incident kickstarted a fresh conversation about the immorality of Switzerland’s banking secrecy laws.
January 2022
January 20
Crypto.com Data Breach: On January 20, 2022, Crypto.com made the headlines after a data breach led to funds being lifted from 483 accounts. Roughly $30 million is thought to have been stolen, despite Crypto.com initially suggesting no customer funds had been lost.
January 19
Red Cross Data Breach: In January, it was reported that the data of more than 515,000 âextremely vulnerableâ people, some of whom were fleeing from warzones, had been seized by hackers via a complex cyberattack. The data was lifted from at least 60 Red Cross and Red Crescent societies across the globe via a third-party company that the organization uses to store data.
January 6
Flexbooker Data Breach: On January 6, 2022, data breach tracking site HaveIBeenPwned.com revealed on Twitter that 3.7 million accounts had been breached in the month prior. Flexbooker only confirmed that customer names, phone numbers, and addresses were stolen, but HaveIBeenPwned.com said âpartial credit card dataâ was also included. Interestingly, 69% of the accounts were already in the websiteâs database, presumably from previous breaches.
Pause …
Pause, Rest and Never Lose Heart – thanks to Brett Jordon at Unsplash for this picture reminder! You can only do what you can do to protect you and your information. If this is something you’d like to discuss, let’s talk! You can send me a note:Â Lynn@thelivingplanner.com or call/text my office +1951.400.5966.
If youâd like general information about what I do and why I do it, my website is: https://thelivingplanner.com and my online courses/resources will give you an idea of what I offer to assist people, pets and businesses on this website: https://courses.thelivingplanner.com
To the week ahead, here is a reminder from Albert Einstein “Out of clutter, find simplicity. From discord, find harmony. In the middle of difficulty lies opportunity.” To Finding Harmony đ –Lynn
LifeHacks #CareForPeopleCareForBusiness