5 Top-Profile Data Breaches in 2022
By Yuki Fang
June 8, 2022
According to the Identity Theft’s Resource Center’s 2021 Annual Data Breach Report, there were 1,862 overall data breaches in 2021, which is up more than 68 percent compared to 2020. In addition, this denotes a new record of data compromises that is 23 percent over the previous all-time high of 1,506 set in 2017.
A data breach, also known as a data leak or compromise, is unauthorized access and retrieval of sensitive information by an individual, group, or software system. These take place when data falls into the wrong hands without the knowledge of the user/owner. Data breaches can have deeply felt effects in every part of a company, from negative financial impacts, reputational loss, and decreased productivity, all the way to legal liabilities, and even risks in business continuity.
How Do Data Breaches Happen?
Data breaches can take place both intentionally and unintentionally. While most may associate it with hackers, it can also happen because of its simple oversight or inadequate company infrastructure. For instance, when there are accidental or malicious insiders who access company files and data without authorization, or when company laptops/hard drives with sensitive information are not adequately secured, data compromises can occur.
Common vulnerabilities that hackers target are weak credentials, payment card fraud, mobile devices, and third-party access.
Here are five top-profile company data breaches in 2022 thus far.
5 Top-Profile Company Data Breaches in 2022
Even Microsoft, the world’s largest personal computer software company, commonly faces cyberattacks and data breach risks.
On March 20th, 2022, Microsoft was targeted by a threat group it tracks as DEV-0537, also known as LAPSUS$. This South America-based threat group is known for targeting organizations in government, technology, telecom, media, retail, and healthcare sectors. It targets these organizations through methods such as SIM-swapping to facilitate account takeover, accessing personal email accounts of employees at target organizations, paying connections of target organizations for access to credentials and multifactor authentication (MFA) approval, and more.
With an effective security team, Microsoft reported to have shut down the hacking attempt by March 22nd and had only one account compromised.
On January 17th, 2022, around 483 users experienced data breaches and lost more than $30 million in cryptocurrency from Crypto.com, one of the world’s largest cryptocurrency exchanges in the world. Crypto.com immediately suspended all withdrawals on their platform after detecting unauthorized activity on some accounts, in which transactions were being approved without the 2FA authentication control being inputted by the user.
Despite the crypto blockchain model being regarded as one of the most secure forms of processing transactions, hackers still managed to steal 4,836.26 ETH (around $15 million), 443.93 BTC (around $18 million) and approximately $66,200 in other currencies from Crypto.com users.
After fully reimbursing any of the respective users who experienced losses, Crypto.com sought to migrate to a new 2FA infrastructure, introducing additional layers of security to prevent any future financial, reputational, and business losses.
3. Red Cross
On January 18th, 2022, Red Cross, a non-profit humanitarian organization, suffered from a significant data breach. Their servers comprised data on over 515,000 recipients of aid and services from at least 60 affiliates of the charitable organization worldwide. Red Cross’ analysis showed that data breaches occurred on November 9th, 2021, and it was detected within 70 days and immediately investigated.
The hackers, utilizing “sophisticated obfuscation techniques to hide and protect their malicious programs” and exploiting an unpatched critical vulnerability in an authentication module (CVE-2021-40539), successfully entered the Red Cross’ networks and systems and acquired highly sensitive data. While the hackers have not communicated any demands yet, the Red Cross’ biggest concern is that they will leak, sell, or demand ransom on sensitive user data and highly vulnerable families.
This data breach incident is the perfect example of how cybersecurity risks can have real-world consequences and therefore should not be taken lightly.
4. Cash App Investing
Cash App, a mobile payment service developed by Block, Inc., reported over 8 million of its users were affected after a former employee downloaded sensitive corporate reports regarding user investment information.
Upon discovery of data exposure and after investigations with support from a leading forensics firm, Block concluded that the leaked information included customers’ names, brokerage account numbers, portfolio values, holdings, and trading activities, but not any of their personally identifiable information.
Declining to comment on how the former employee could gain access to this sensitive data, this has resulted in company distrust and customer uncertainty of Block.
Ronin Network, a blockchain gaming platform that is tied to Axie Infinity, announced on March 23rd, 2022 that it was breached by Lazarus, a North Korean hacking group. In the breach, Lazarus managed to gather 173,600 ETH and $25.5 million – totaling nearly $615 million in stolen funds after noticing the platform’s security flaws.
Announcing the breach five days after one of the platform users reported their inability to withdraw 5,000 ETH, Ronin was able to locate the group of hackers, and the U.S. Treasury Department helped sanction a cryptocurrency wallet used by attackers to receive stolen funds. Despite its company being emptied, the company confirmed that all money would be safe after a massive injection from cryptocurrency giant Binance.
The hack is now the second biggest cryptocurrency data breach ever, and the latest in a string of mass cryptocurrency heists in the last year totaling well over $2 billion.
How Companies Can Effectively Combat Breaches
From analyzing these five top-profile breaches in 2022, we can reach several findings:
- Any company, regardless of its wealth, influence, and field, can be at risk of data breaches.
- Companies can be especially vulnerable to data breaches if their data are not properly safeguarded and regularly checked upon, or simply do not have cybersecurity systems safe enough for their customers.
It is therefore essential for companies to utilize effective and comprehensive cybersecurity solutions to protect their data.
humanID is an example of a comprehensive cybersecurity solution that can help ensure companies’ and their customers’ well-being and safety. humanID has developed one-click, anonymous authentication solutions that provide a safer online experience by guaranteeing user privacy. No personal needed, no personal data stolen. humanID currently offers apps and websites an easy-to-use single sign-on tool and a CAPTCHA user authentication that can act as an extra layer of security for many companies.
To minimize data leaks, ensure better cybersecurity, efficiently detect data leakages, and prevent further company data breaches, companies must invest in applications and resources that can successfully tackle these recurring cybersecurity issues.