It’s no secret that security breaches are becoming more and more common. There were 1,864 data breaches in 2021, according to the Identity Theft Resource Center. That’s an increase of 68% from the previous year. And as we become more reliant on technology, it’s only going to get worse. This trend is likely to continue in 2022, with hackers becoming more sophisticated and organizations struggling to keep up with the latest cybersecurity threats.
That’s why it’s important to be aware of the security risks that come with using certain applications. After all, it only takes one security breach to jeopardize your personal information. In this article, we’ll take a look at some of the most common security breaches of 2021. We’ll also provide some tips on how you can protect yourself from becoming a victim.
What Is a Security Breach?
A security breach is any incident that results in the unauthorized access, use, or disclosure of confidential information. This can include anything from losing your laptop to having your email account hacked. Security breaches can have serious consequences. They can lead to identity theft, financial losses, and damage to your reputation.
Top 5 Most Iconic Data Breaches in the U.S.
The United States has had its share of high-profile data breaches. Here are five of the most iconic security breaches in U.S. history:
1. Equifax (2017).
In 2017, the credit reporting agency Equifax announced a data breach that affected 147 million people. Hackers were able to exploit a vulnerabilities in Equifax’s website and gain access to sensitive information like Social Security numbers, birthdates, addresses, and driver’s license numbers.
2. Yahoo (2013-2014)
The Yahoo data breach is one of the largest security breaches to date. In 2013 and 2014, 500 million user accounts were compromised by what is believed to be a state-sponsored actor. The information stolen includes names, email addresses, phone numbers, dates of birth, hashed passwords, and in some cases, security questions and answers. While the cause of the breach is still under investigation, it highlights the importance of security applications and app hardening.
3. Target (2013)
The personal information of more than 70 million Target customers was exposed in this data breach. Hackers accessed Target’s point-of-sale (POS) systems and were able to steal customer names, credit and debit card numbers, expiration dates and security codes. This breach cost Target approximately $292 million.
4. JPMorgan Chase (2014)
Hackers accessed the contact information of 76 million JPMorgan Chase customers in this security breach. The security breach was the result of a spear-phishing campaign that allowed hackers to obtain employee credentials, which they used to gain access to the company’s servers.
JPMorgan Chase is one of the world’s largest banks, with more than $2 trillion in assets. The security breach affected 76 million households and 7 million small businesses.
The hackers accessed customer names, addresses, phone numbers, email addresses, and dates of birth. They also obtained customer account information, such as account numbers and balances.
5. Anthem (2015)
The personal information of 78.8 million Anthem customers was exposed in this security breach. The security breach occurred when hackers gained access to Anthem’s servers through a phishing attack.
The hackers accessed customer names, birthdates, Social Security numbers, street addresses, email addresses, and employment information, as well as Anthem member ID numbers.
Five Major U.S. Data Breaches in 2021 – How They Happened
The year 2021 was marked by a number of high-profile data breaches. Here’s a look at five of the biggest security breaches that occurred in the U.S. last year.
1. Microsoft Exchange Server Data Breach (January 2021)
In January 2021, it was discovered that a number of vulnerabilities in Microsoft’s Exchange Server software had been exploited by a Chinese state-sponsored hacker group. The vulnerabilities allowed the hackers to gain access to the email accounts of Exchange Server users. However, it is now thought that China sucked up a lot of data to enhance their artificial intelligence (AI) program.
The attack was made possible by a number of vulnerabilities in Exchange Server that were first discovered in early 2021. These vulnerabilities, which are known as “zero-days,” were not made public until after the attacks had been carried out.
The security breach affected more than 30,000 organizations in 150 countries. The hackers are thought to have used a number of techniques to gain access to Exchange Server systems, including password spraying and brute-force attacks.
Once they had gained access to a system, the hackers planted malicious code on the victim’s servers. This allowed them to remotely run commands on the server and steal data.
The data that was stolen includes email addresses, subject lines, and the contents of emails. The hackers may also have gained access to contact lists, calendar entries, and tasks.
The breach was discovered by a security researcher who goes by the name “Orange Tsai.” Tsai reported the breach to Microsoft, and the company released a patch for the vulnerabilities in March 2021.
2. Facebook (April 2021)
Facebook has since attributed the breach to its tool to sync contacts. The company cited that hackers took advantage of a vulnerability to compromise and scrape user data.
Even though Facebook recorded one of its largest leaks in 2021, the problems began way back in 2013 when the social network started facing data breaches. This exposed it to vulnerabilities of which hackers took advantage in 2021. One of Facebook’s spokespersons confirmed to Business Insider that this incident was due to vulnerabilities that ensued in 2019.
In 2019, one of Facebook’s security issues was that company employees had access to 600 million user accounts. Additionally, the company had stored Facebook and Instagram account IDs and passwords in plaintext files, which is risky.
During the same period, UpGuard revealed that two third-party-developed Facebook apps with 540 million user records did not protect their data records, thus exposing user information to the public. The same year, investigations revealed that hackers tampered with Facebook’s application programming interface (API) along with user IDs, phone numbers, and names.
Following these eventualities, Facebook’s over 530 million users were affected in 2021, and 300 million others were affected in 2019. The company encountered an outage in some countries, which cost the company $40 billion. The company also faced some reputational nightmares. The data scraping went on for two weeks before being detected, as per Facebook’s report.
3. Colonial Pipeline (May 2021)
In May 2021, the Colonial Pipeline, which supplies fuel to the US East Coast, was hit by a ransomware attack. The attack resulted in the shutdown of the Colonial Pipeline, which caused fuel shortages and panic buying across the U.S. East Coast.
The attack was carried out by a group of hackers known as DarkSide. The group is thought to be based in Russia and operates as a ransomware-as-a-service operation.
It is believed that the hackers gained access to Colonial Pipeline’s network through a phishing attack. Once they were inside the network, they deployed ransomware and encrypted Colonial Pipeline’s data.
The hackers then demanded a ransom of $4.4 million in Bitcoin. Colonial Pipeline eventually paid the ransom, but not before the attack had caused widespread disruption that resulted in fuel shortages, panic buying, and soaring fuel prices.
4. JBS (May 2021)
JBS, the world’s largest meat supplier, was hit by a ransomware attack in May 2021. The attack caused JBS to shut down its operations in the U.S., Australia, and Canada.
The attack was carried out by a group of hackers known as REvil. The group is thought to be based in Russia and operates as a ransomware-as-a-service operation.
It is believed that the hackers gained access to the JBS network through a phishing attack. Once they were inside the network, they deployed ransomware and encrypted JBS data.
The hackers then demanded a ransom of $11 million. JBS did pay the ransom, but the attack still caused significant disruption to the company’s operations. The attack also had a knock-on effect on the global meat supply chain.
5. Peloton Data Breach (January 2021)
In December 2020, Peloton, the exercise bike company, suffered a data breach. The breach resulted in the compromised personal information of up to 2.4 million customers.
The breach occurred when Peloton’s website was hacked. The hackers were able to gain access to Peloton’s customer database, which contained information such as names, email addresses, and birthdates.
Peloton was made aware of the breach in December 2020 and took steps to secure its website. However, the damage had already been done, and the personal information of Peloton’s customers was now in the hands of the hackers.
These are just some of the biggest security breaches that have occurred in recent years. As we can see, no company is safe from attack, and all companies need to be vigilant about security. The best way to protect your company from a security breach is to invest in security applications and app hardening. These measures will help to make your company’s data more secure and less attractive to hackers.
Your Safety and Security Come First.
The above incidents of data breaches and the aftermath can have a devastating effect on businesses, no matter their size. That’s why it’s critical for organizations to take steps now to protect their data and applications.
At PreEmptive Solutions, we provide a range of products that help make applications more resistant and resilient to hacking and tampering. Our layered approach provides multiple layers of protection, making it much harder for attackers to succeed.
If you want to learn more about our products or how we can help your organization protect its data, please contact us.