What is a Data Breach?GRIDINSOFT TEAM
Each corporation has a lot of internal information that circulates exclusively inside of it. Some preliminary reports, production documents, stocktaking reports, and invoices never get outside the company. And the majority of this documentation carries nothing valuable - what would you do with the pack of invoices of Apple inc., if you are not an employee of that company? Probably, you will check it a bit - just because of simple interest and then throw it away (or delete it if it was in electronic form). However, not all documents are so useless - check the text below.
Data breaches (or data leakages) are when one or several mentioned documents are leaked outside the company, and somebody who has no relation to the company can check it. This situation may occur for various reasons - human factors or problems with the document flow security. The consequences, however, may vary, too - from nothing to bankruptcy.
Which data is for sale?
The first thing you need to understand is that something that is not valuable for you may have great value for somebody else. If you are not a financial analyst, there is no use in the preliminary quarter results of a particular company for you. Meanwhile, a man or woman who knows how to interpret these digits will be highly interested in something like this. Such papers gain even more value if they are the first person “from outside” who reaches this document. If the company is about to release its earnings report, and you have this report leaked - it is effortless to predict the reaction of its stock price and have a good profit from it.
Another sort of information, which is valuable for interested persons, is operating information. When you can see the information about some internal transactions, amount of new devices this company is planning to produce, and possible notes about the financial situation inside of the company, it is straightforward to use it for your profit. Even if you know nothing about financial analysis, a note like “We need to get a debt restructuring, or our co is about to go bankrupt” will give you explicit instruction. At least, you may sell this information to a third party and get a pretty hefty profit.
Leaks of some secret information are rare but carry the most hazard for the company and its employees. Primarily, private information turns only to companies employed in aerospace and defense or some innovative industries. So, for example, it will be a pleasant surprise for the spies to get some blueprints of a new fighter constructed by Boeing. Another example is calling the datasheet for a new battery type developed by Tesla - EV-makers worldwide will be happy to see the detailed documentation.
How does it happen?
Common cyberattacks used in data breaches include the following:
It is pretty easy to detect the possible point of the leak, especially if you devote enough time to controlling your employees and the computer network in the corporation. The majority of data breaches happen because of the actions of your employees. Even when we talk about the cyberattack - with ransomware or spyware injection, it is pretty easy to understand that those viruses do not appear out of the blue. Someone opened a strange email or launched a hack tool of some sort - and this is enough for malware injection.
Sometimes, people in your staff are just the dispatched agents of other companies. Such a situation is a sure sign that you must make some severe changes to your recruitment policy. It is pretty easy to detect such a spy and prevent its activity if you do it immediately.
For instance, thanks to these agents, Microsoft received a tremendous amount of information about the window interface at the early stages of its development in Apple. Later, Gates' company applied these developments in the first version of Windows. But, of course, Apple couldn’t leave such an incident without the attention - and started legal action against Microsoft due to the illegal use of patented stuff.
The examples of malware-related leakages can be met in the last five years. First, you probably heard about the cyberattacks on corporations - viruses encrypted their files and stole many internal corporate data. Then, this information is sold on the Darknet - the info obtained in such a way can barely be sold without anonymity.
The Biggest Data Breaches in 2022
|Crypto.com||January 17th, 2022||500 wallets with $33 million||Crypto.com described the hack as a mere “incident” and denied any theft, but clarified the situation a few days later and reimbursed the affected users.|
|Microsoft||March 20th, 2022||Leaked source code||The Lapsus$ group posted a screenshot on Telegram to indicate that they’d managed to hack Microsoft and, in the process, they’d compromised Cortana, Bing, and several other products.|
|Red Cross||January 2022||515,000 records||Thousands of people had their sensitive data stolen, and most of the victims are currently listed as missing or vulnerable. The Red Cross took servers offline to stop the attack and investigate this seemingly political breach, but no culprit has been identified.|
|Ronin||January 2021||173,600 ethers and $25.5 million||Ronin’s Axie Infinity game enables players to earn digital currency and NFTs, and its increasing popularity saw the firm dial back security protocols so its servers could handle a growing audience. That helped Axie Infinity deal with the number of people who wanted to play, but it also let criminals in - and they stole $600 million of cryptocurrencies.|
|FlexBooker||January 2022||3 million records||A hacking group called Uawrongteam was responsible for the hack, and it wasn’t a particularly sophisticated affair - the group cracked FlexBooker’s AWS servers and installed malware to control the firm’s systems.|
|GiveSendGo||February 2022||90,000 records||Hackers stole and then published the information of 90,000 people who had donated money and then redirected the fundraising page to another site that criticized the truckers (a classic DDoS attack).|
|Cash App||April 2022||8 million records||The culprit clearly had a significant axe to grind with the business. The hack involved customer names, stock trading information, account numbers and portfolio values alongside loads of other sensitive financial information.|
The Biggest Data Breaches in 2021
|2021||500 million records||According to information security experts, back in 2019, cybercriminals exploited a vulnerability related to the "Add a Friend" function, which allowed them to gain access to phone numbers. This bug has been fixed long time ago. The same leak has been posted on the darknet for free.|
|June 2021||700 million records||Data associated with 700 million LinkedIn users was posted for sale in a Dark Web forum on June 2021. This exposure impacted 92% of the total LinkedIn user base of 756 million users.|
|Sociallarks||January 2021||200 million records||Sociallarks, a rapidly growing Chinese social media agency suffered a monumental data leak in 2021 through its unsecured ElasticSearch database. The breached database stored the scraped data of over 200 million Facebook, Instagram, and Linkedin users.|
|Bonobos||January 2021||12.3 million records||Men’s clothing store Bonobos suffered a data breach in 2021 after a cybercriminal compromised its backup server containing customer data. This database was not connected to Bonobo’s private data, which was siloed for protection. But threat actors could still exploit the stolen information.|
|MeetMindful||January 2021||2.28 million records||MeetiMindful, a dating app focusing on the mindful community, was breached by a well-known hacker by the name of ShinyHunters. Breached MeetMindful data dumped on dark web hacker forum.|
|Pixlr||January 2021||1.9 million records||A database of 1.9 million user records belonging to online photo-editor Pixlr was dumped on a dark web hacker forum by notorious cybercriminal ShinyHunters. The data was stolen when the 123RF data breach occurred.|
Consequences of the Data Breach
As already mentioned, people could make a good profit using or selling the leaked data to a third party. Cybercriminals who got the data in an outlaw way often ask the company for the additional ransom for keeping the stolen data unpublished. In contrast to reputational ones, financial losses may be recovered, so corporations usually pay for keeping their secrets.
Usually, after a data leak, the company's management starts searching for a guilty person. Finding a scapegoat is a bad idea: if the HR department missed a potentially hazardous person (who had similar cases in the past), it must work hard on its recruiting policy. Blaming the only man or woman is useless - even if this person is a source of a leak, it is evident that such cases must be prevented in the future. And it is better to stop all possible “spies” earlier than they can even reach the internal information. Terrorizing all of your employees and restricting their Internet access or external storage devices is less effective.
Of course, sometimes, these restrictions are reasonable. For example, removable drives are a perfect career for various viruses, so the limits of their use are pretty logical. However, setting the firewall will not stop the viruses (they can easily disable it) but brings a lot of discomfort into the working process. On the other hand, genuinely motivated employees will never procrastinate on Facebook or Twitter, so there is nothing to fear if you have done good work on the stage or in recruiting.
Frequently Asked Questions
- 1. identify the source of the breach as well as the scope of the leak;
- 2. Alert your data breach task force to address the breach as soon as possible;
- 3. Test your defenses after the correction;
- 4. Inform the authorities and any affected clients;
- 5. Prepare to clean up and repair the damage after the breach