10 Data Leaks that have cost even Fortune 500 companies a fortune (2020 Update)
Data is undoubtedly the most important element in an organization. Securing data during these testing pandemic times is a tightrope walk not just for data security heads, but for CEOs too.
Here is a list of the top 10 data leaks that have cost even Fortune 500 companies dearly – and how such tragedies can be averted.
Due to the COVID-19 Pandemic crisis, more and more organizations are shifting to the remote mode of operations. While this has ensured continuity of work, it has also given rise to cybersecurity risks and data breaches.
According to a security report, as much as 8.4 billion records have been compromised in the first quarter itself. This is a 213% increase when compared to the data breaches last year first quarter.
Studies have found that an average of 10 percent of all Fortune 500 employee email credentials have been leaked via some form of data breach and analysis of public data revealed that 27% of Fortune 500 companies have experienced major data breaches in the past decade.
Human error and insider threats are the biggest cause of such data breaches.
Also Read our old blog post: 10 Data Leaks that have cost Fortune 500 companies a fortune
What these companies fail to understand is the fact that there are no exceptions when it comes to malfunctions and insider threats.
If such huge companies with the best data security tools and procedures can fall prey to data breaches and leaks, how much more care other organizations have to take to secure their intellectual property.
In the following blog, we’ll have a look at 10 data leaks that have cost even Fortune 500 companies a fortune in losses, repairs and more.
Twitter Hack – July 15, 2020 – Top politicians and celebrities accounts in US hacked
In what is termed as one of the most brazen online attacks in memory, high profile Twitter accounts were hacked. This helped a Bitcoin wallet receive over $100,000 via at least 300 transactions. The attackers were able to gain control of the accounts and then send tweets from those accounts.
According to Twitter support, “the coordinated social engineering attack” was executed by people who successfully targeted some of the employees with access to internal systems and tools. This clearly shows that even social media giants can fall prey to cyberattacks.
Nippon Telegraph & Telephone (NTT) – May 7, 2020 – 621 customer information were stolen
NTT said hackers gained access to its internal network and stole information on 621 customers from its communication subsidiary. Hackers breached several layers of its IT infrastructure and reached an internal Active Directory (AD) to steal data and then upload it to a remote server.
Cisco – May 2020 – part of its IT structure affected
Cisco recently announced a security breach affecting part of its IT structure. The breach affected approximately six servers serving the backend infrastructure of Cisco Virtual Internet Routing Lab Personal Edition. Cisco detected these vulnerabilities and patched all compromised servers.
Zoom Credentials– April 2020 – 500,000 passwords hacked
Over half a million zoom account credentials, usernames and passwords were up for sale on in dark web crime forums. The attackers used a four-prong approach.
Firstly, they collected databases from any number of online crime forums and dark web supermarkets that contained user names and passwords compromised from various attacks dating back to 2013.
Then they wrote a configuration file for an application stressing tool pointing at zoom. Thirdly, credential stuffing attack employing multiple bots to avoid the same IP address being spotted checking multiple zoom accounts. All the valid credentials were then bundled together as a new database for sale.
Magellan Health Data Breach – April 2020 – 361 K patients compromised
Magellan Health was the victim of a sophisticated data breach in April, 2020. The hackers first exfiltrated data before deploying the ransomware payload.
By leveraging a social engineering phishing scheme that impersonated a Magellan client, the attackers were able to gain access to the system five days before the ransomware attack.
With its tally of 365,000 breach victims, the Magellan incident is the third-largest reported healthcare data breach in 2020, so far.
Marriott Data Breach – March 31, 2020 – 5.2 Million Hotel guests accounts hacked
Marriott confirmed a second data breach within a span of three years. This time personal information of 5.2 Million guests was stolen. The hotel confirmed that the hackers obtained the login details of two employees and broke in weeks earlier during mid-January.
Though the hotel said that no payment data was stolen, but warned personal information such as names, addresses, phone numbers, loyalty member data, dates of birth and other travel information were taken in the breach.
Marriott was slapped a $123 Million fine by UK authorities over the data breach.
Antheus Technologia Biometric Data Breach – March 2020 – 76,000 unique fingerprints exposed
Antheus Technologia, a Brazilian Biometric company had left sensitive information, including 76,000 unique fingerprint records on an unsecured server which could be reverse-engineered from their binary records to create a full biometric fingerprint image.
The vulnerable server contained roughly 16 gigabytes of data with 81.5 million records also including administrator login information, employee telephone numbers, email addresses and company emails.
Virgin Media Breach – March 2020 – 900,000 customer details exposed
US-based telecom giant T-Mobile admitted a data breach exposing the personal information of roughly 900,000 customers. The information stored in one of the databases had been accessed without permission.
The exposed database stored information on both customers and potential customers. Customer names, home addresses, email addresses, phone numbers, technical and product information including any requests made, date of births were accessed.
Wawa Breach – Jan 2020 – 30 Million Payment Cards compromised
The company admitted that hackers planted Malware on its point-of-sale systems and collected card details of all its customers who used credit cards or debit cards to buy goods at convenience stores and gas stations.
The breach affected over 850 stores and potentially exposed 30 million sets of payment records. It is the largest payment card breach of all time.
TESCO CLUBCARD– March 2020 – 600,00 accounts compromised
Around 600,000 TESCO Clubcard customers‘ accounts were compromised in March 2020. Details of accrued loyalty points were accessed. The data breach was due to hackers attempting to gain access to Clubcard accounts using a database of credentials stolen from other platforms.
This goes to show that there are threats both inside and outside of an organization and your data might not be as safe as you think. It would be in the company’s best interest to review the safety measures they take to ensure that their data and therefore their business, is in safe hands.
Now, if you are a large company with sensitive business, operations of client data residing in your enterprise resource planning platform, such as SAP, should you be worried about its integrity?
SECUDE has interacted with many SAP users, from government entities to large and medium corporations who have voiced concern about data security – especially data that leave the boundaries of their IT landscape.