As we are in the midst of the October Cybersecurity Awareness Month of 2022, all of us need to be more cautious than ever regarding the risks surrounding an increasingly complex and lethal cyber threat landscape.
Appknox takes this opportunity to join forces with cybersecurity champions and stakeholders to raise awareness about mobile app security. Our aim is to empower everyone to protect their personal data from cybercrime.
We are dedicated to creating resources and communications for our team members, customers, and brand followers about staying safe online. Stay tuned to our LinkedIn page for ongoing activities on Cyber Security Awareness Month.
One of the best ways to get acquainted with the existing data security threats is to look at some of the most devastating data breaches that wreaked havoc on businesses and put vast volumes of critical customer and business information at risk.
So, let's go through the top 10 data breaches of 2022 (so far) and see what key lessons we can learn from them.
1. It's High Time Businesses Start Taking Social Engineering Attacks Seriously
Rockstar Data Breach:
Rockstar Games, the developer behind the Grand Theft Auto series, was the victim of a hack that saw the footage of its upcoming Grand Theft Auto VI game leaked by the hacker. Furthermore, the hacker claims to have the game's source code and is attempting to sell it.
The breach is suspected of having occurred due to social engineering, with the hacker gaining access to an employee's Slack account.
The hacker also claims to be behind the Uber attack earlier in September 2022.
2. Employees Pose the Greatest Risk to Organizations of All Types and Sizes Globally — Regardless of Whether or Not They Intend To
Uber Data Breach:
Organizations function better when everyone shares information. However, the same tools that help us become better and more productive — Slack, Teams, and Zoom, to name a few — also make it extremely simple to steal data.
Uber's computer network was recently compromised, and several engineering and communications systems were taken offline while the company continued investigating how the hack occurred. According to one researcher, the perpetrator sent an email, cloud storage, and code repositories to security firms and The New York Times as soon as the hack occurred.
Uber employees discovered that their systems had been attacked when a hacker broke into a staff member's Slack account and sent out messages saying they had broken into the network.
3. Non-Profit Organizations Are Not Outside the Reach of Threat Actors
Red Cross Data Breach:
It seems highly unlikely that someone would wish to attack the Red Cross, but it did happen in January 2022. Data of more than 500,000 Red Cross members were compromised in an attack on a third-party contractor of the highly deemed organization, including records that the Red Cross deemed "highly vulnerable.".
In the end, sensitive information about thousands of people was stolen, and most people are now listed as missing or vulnerable. The Red Cross shut down servers to stop the attack and look into what seemed to be a political breach, but no one has been found to be responsible.
4. Even the Most Well-Guarded Secrets Are Not Safe When It Comes to Data Breaches
Credit Suisse Data Leak:
The customer databases of Swiss banks are among the most well-guarded secrets in the world, preserving the identities of some of the richest people on the globe and providing details about how they came to be so wealthy.
Now, a remarkable data breach from Credit Suisse, one of the most renowned banks in the world, is revealing how the bank kept hundreds of millions of dollars for heads of state, intelligence agents, blacklisted businesses, and human rights violators, among many other people.
Although it legally qualifies as a "data leak," this particular exposure of customer data this year is more noteworthy because a whistleblower carried it out against the company's desires. The German tabloid Süddeutsche Zeitung received information pertaining to 18,000 Credit Suisse accounts, which revealed the Swiss corporation had several high-profile criminals on their books. The incident sparked a new debate over the morally indefensible nature of Switzerland's banking confidentiality laws.
5. Fintech Mobile Apps Take Centre Stage as Breaches Become More and More Common
Cash App Data Breach:
In a report to the US Securities and Exchange Commission on April 4, 2022, Block, the parent company of the well-known US fintech mobile application - Cash App, said that 8.2 million customer records had been stolen.
The breach actually happened in December 2021, when a disgruntled employee accessed the sensitive databases of the company, and information like customer names and brokerage account numbers were stolen.
Good Read: Top 100 Android Mobile Apps Tested for Cybersecurity
6. Third-Party Data Breaches Can Have Devastating Consequences
Revolut Data Breach:
A cyberattack hit Revolut after an unauthorized third party gained access to the personal information of tens of thousands of the app's customers. There are reports that 50,150 customers have been affected.
The State Data Protection Inspectorate in Lithuania, where Revolut has a banking license, said that email addresses, full names, postal addresses, phone numbers, payment card data, and account data were probably exposed.
7. Identity Theft is Real - and Virtual Reality Platforms are at High Risk!
Neopets Data Breach:
In July 2022, a hacker put up sensitive information about 69 million Neopets users for sale on an online forum. Personal information like name, email address, date of birth, zip code, and more were part of the leak, and 460 MB of compressed Neopets website source code. The Neopets team said on Twitter that there had been a data breach.
Over the years, Neopets, the very well-known virtual pets website, has been broken into many times. Several hackers and people who use Neopets have gotten into the source code and user databases. If you've ever used Neopets, you might want to delete your account to keep your information safe from data breaches.
8. Threat Actor Groups Are Targeting Tech Giants by Gaining Unauthorized Access to Cloud
Microsoft Data Breach:
Microsoft was one of the latest victims of the notorious hacking gang, the Lapsus$ group. More than 37GB of data, including the source code for the Bing, Bing Maps, and Cortana services, were allegedly stolen by the Lapsus$ gang when they targeted Microsoft's Azure DevOps server.
A torrent containing the source code for over 250 Microsoft-owned projects in a 9GB bundle was also published. Microsoft acknowledged the problem but insisted that no consumer data was impacted.
9. Encryption is Basic but Very Critical for Data Security
New York City Department of Education Data Breach:
The New York City Department of Education recently disclosed that 820,000 current and previous students enrolled in the New York City Public School System had their personal information improperly accessed by a criminal entity.
During the attack, the grade and attendance tracking programs Skedula and PupilPath were compromised. The California-based Illuminate Education owns both sites.
Some information was apparently left unencrypted, leading to the breach, despite the company's earlier assurances that all data would be secured. Student information was leaked, including names, birthdays, gender, ethnicity, mother tongue, special education status, socioeconomic status, and academic information. Both services were taken offline after the attack.
10. Ransomware Attacks Garner Increasing Attention As More and Larger Attacks Continue To Plague Business Entities
South African Credit Bureau Breach:
A ransomware data breach recently occurred at the credit bureau TransUnion South Africa, and the notorious Brazilian organization N4aughtysec admitted liability for the attack.
TransUnion acknowledged the ransomware incident and said that more than 3 million South African households and 600,000 businesses had been impacted as a result of the hack.
The hacking group claims they own more than 4 TB of data that belongs to TransUnion clients. In addition to business information like company registration numbers, business credit scores, and industry sector classification codes, the stolen data also includes personal consumer information such as name, identity number, date of birth, address, employer's identity, spouse information, passport number, and credit or insurance score.
The attackers demanded a $15 million ransom in return for this data.
Final Thoughts on Data Breaches in October 2022
In 2022, the leading causes of cyberattacks still continue to be malware (22%) and phishing (20%). Even with the rise of advanced tools, old-age yet lethal techniques like human error, unauthorized access, social engineering, and ransomware continue to be the most reliable and cost-effective attack vectors for hackers throughout the world. Therefore, it is crucial that we all be knowledgeable about how to prevent security breaches and defend ourselves. Gain some knowledge of cyber security with Appknox's cyber security jargon and safeguard your mobile application.