It’s no secret that security breaches are becoming increasingly common. According to the Identity Theft Resource Center, there were 1,864 data breaches in 2021, an increase of 68% from the previous year. As we become more reliant on technology, this trend will only worsen. This trend will likely continue in 2022, with hackers becoming more sophisticated and organizations struggling to keep up with the latest cybersecurity threats.
That’s why knowing the security risks of using certain applications is important. After all, it only takes one security breach to jeopardize your personal information. In this article, we’ll look at some of the most common security breaches of 2021. We’ll also provide some tips on protecting yourself from becoming a victim.
A security breach is any incident that results in the unauthorized access, use, or disclosure of confidential information. This can include anything from losing your laptop to having your email account hacked. Security breaches can have serious consequences, including identity theft, financial losses, and damage to your reputation.
The United States has had its share of high-profile data breaches. Here are five of the most iconic security breaches in U.S. history:
In 2017, Equifax, the credit reporting agency, announced a data breach that affected 147 million people. Hackers exploited vulnerabilities in Equifax’s website and accessed sensitive information like Social Security numbers, birthdates, addresses, and driver’s license numbers.
The Yahoo data breach is one of the largest security breaches to date. In 2013 and 2014, 500 million user accounts were compromised by what is believed to be a state-sponsored actor. The information stolen includes names, email addresses, phone numbers, dates of birth, hashed passwords, and, in some cases, security questions and answers. While the cause of the breach is still under investigation, it highlights the importance of security applications and app hardening.
This data breach exposed the personal information of more than 70 million Target customers. Hackers accessed Target’s point-of-sale (POS) systems and stole customer names, credit and debit card numbers, expiration dates, and security codes. This breach cost Target approximately $292 million.
In this security breach, hackers accessed the contact information of 76 million JPMorgan Chase customers. The breach resulted from a spear-phishing campaign that allowed hackers to obtain employee credentials, which they used to access the company’s servers.
JPMorgan Chase is one of the world’s largest banks, with over $2 trillion in assets. The security breach affected 76 million households and 7 million small businesses.
The hackers accessed customer names, addresses, phone numbers, email addresses, and dates of birth. They also obtained customer account information, such as account numbers and balances.
This security breach exposed the personal information of 78.8 million Anthem customers. Hackers gained access to Anthem’s servers through a phishing attack.
The hackers accessed customer names, birthdates, Social Security numbers, street addresses, email addresses, employment information, and Anthem member ID numbers.
Several high-profile data breaches marked the year 2021. Here’s a look at five of the biggest security breaches in the U.S. last year.
In January 2021, it was discovered that a Chinese state-sponsored hacker group had exploited several vulnerabilities in Microsoft’s Exchange Server software. The vulnerabilities allowed the hackers to access Exchange Server users’ email accounts. However, it is now thought that China sucked up a lot of data to enhance its artificial intelligence (AI) program.
The attack was made possible by several vulnerabilities in Exchange Server that were first discovered in early 2021. These vulnerabilities, known as “zero-days,” were not made public until after the attacks had been carried out.
The security breach affected more than 30,000 organizations in 150 countries. The hackers are thought to have used various techniques, including password spraying and brute-force attacks, to access Exchange Server systems.
Once they had gained access to a system, the hackers planted malicious code on the victim’s servers. This allowed them to remotely run commands on the server and steal data.
The stolen data includes email addresses, subject lines, and email contents. The hackers may also have access to contact lists, calendar entries, and tasks.
A security researcher who goes by the name “Orange Tsai ” discovered the breach. Tsai reported the breach to Microsoft, which released a patch for the vulnerabilities in March 2021.
Facebook has since attributed the breach to its contact sync tool. The company cited hackers who exploited a vulnerability to compromise and scrape user data.
Even though Facebook recorded one of its largest leaks in 2021, the problems began in 2013 when the social network started facing data breaches. This exposed it to vulnerabilities, which hackers took advantage of in 2021. One of Facebook’s spokespersons confirmed to Business Insider that this incident was due to vulnerabilities that ensued in 2019.
In 2019, Facebook’s security issue included employees accessing 600 million user accounts. Additionally, the company stored Facebook and Instagram account IDs and passwords in plaintext files, which is risky.
During the same period, UpGuard revealed that two third-party-developed Facebook apps with 540 million user records did not protect their data records, thus exposing user information to the public. The same year, investigations revealed that hackers tampered with Facebook’s application programming interface (API), user IDs, phone numbers, and names.
Following these eventualities, Facebook’s over 530 million users were affected in 2021, and 300 million others were affected in 2019. The company encountered an outage in some countries, which cost it $40 billion. The company also faced some reputational nightmares. As per Facebook’s report, the data scraping lasted two weeks before being detected.
In May 2021, the Colonial Pipeline, which supplies fuel to the US East Coast, was hit by a ransomware attack. The attack resulted in the shutdown of the Colonial Pipeline, which caused fuel shortages and panic buying across the U.S. East Coast.
The attack was carried out by a group of hackers known as DarkSide. The group is thought to be based in Russia and operates as a ransomware-as-a-service operation.
The hackers, believed to have gained access to Colonial Pipeline’s network through a phishing attack, deployed ransomware and encrypted the company’s data once they were inside the network.
The hackers then demanded a ransom of $4.4 million in Bitcoin. Colonial Pipeline eventually paid the ransom, but not before the attack, which caused widespread disruption that resulted in fuel shortages, panic buying, and soaring fuel prices.
JBS, the world’s largest meat supplier, was hit by a ransomware attack in May 2021. The attack caused JBS to shut down its U.S., Australia, and Canada operations.
The attack was carried out by a group of hackers known as REvil. The group is thought to be based in Russia and operates as a ransomware-as-a-service operation.
The hackers are believed to have gained access to the JBS network through a phishing attack, deployed ransomware, and encrypted JBS data once inside the network.
The hackers then demanded a ransom of $11 million. JBS paid the ransom, but the attack still caused significant disruption to the company’s operations and had a knock-on effect on the global meat supply chain.
In December 2020, Peloton, the exercise bike company, suffered a data breach. Up to 2.4 million customers’ personal information was compromised.
The breach occurred when Peloton’s website was hacked. The hackers accessed Peloton’s customer database, which contained information such as names, email addresses, and birthdates.
Peloton was aware of the breach in December 2020 and took steps to secure its website. However, the damage had already been done, and the hackers now had the personal information of Peloton’s customers.
These are just some of the biggest security breaches in recent years. As we can see, no company is safe from attack, and all companies need to be vigilant about security. The best way to protect your company from a security breach is to invest in security applications and app hardening. These measures will help to make your company’s data more secure and less attractive to hackers.
The above incidents of data breaches and the aftermath can devastate businesses, no matter their size. That’s why organizations must take steps now to protect their data and applications.
At PreEmptive Solutions, we provide products that help make applications more resistant and resilient to hacking and tampering. Our layered approach provides multiple layers of protection, making it much harder for attackers to succeed.
Please contact us to learn more about our products or how we can help protect your organization’s data.