Today’s leading organizations use personal data to create eerily accurate insights into user behaviors, preferences, and conversations. While the primary goal is often to improve customer experience, the stakes are higher when sensitive or confidential information is involved.
Malicious actors are always on the hunt for fresh exploitation opportunities; one might even say data is the new oil in terms of espionage! User credentials, medical records, and financial information have all come under attack in recent years, leading to millions of dollars in costs.
This article will highlight the most prominent high-profile data security breaches of 2022. In it, we’ll also share how each organization responded with the intention of learning from their experiences. Let’s get started:
5 Lessons Learned From 2022’s Biggest Security Breaches
Unfortunately, 2022 was no exception to breach activity.
According to Statista, approximately 24 million data records were exposed worldwide during the year’s first three quarters. Has data taken over for oil as the most valuable commodity of the modern age?
- Crypto.com Witnesses Widespread Theft
Crypto.com is a cryptocurrency trading exchange based in Singapore. On the 17th of January 2022, it became the latest (at the time) high-profile victim of hackers targeting crypto wallets and making away with customers’ crypto tokens.
What Happened?
According to an official report from the exchange company, its risk monitoring systems detected transactions from customer accounts that were approved without two-factor authentication (2FA) from the account holders. The attack targeted 500 customers’ accounts and saw the actors steal up to $33 million worth of bitcoin and Ethereum.
The Aftermath
Crypto.com put its withdrawal services on hold for 14 hours and upgraded to a new 2FA infrastructure. It revoked existing 2FA tokens and required users to create new ones compatible with the new infrastructure.
The exchange also maintained that it conducted a full-scale audit of its network infrastructure and improved its security posture.
It also contracted with external security firms to carry out security checks and provide threat intelligence services.
What about the poor customers whose crypto tokens got filched? Despite initially claiming that “No funds were lost,” Crypto.com acknowledged that money had been stolen and reimbursed its customers.
2. International Committee of the Red Cross Gets Attacked
The Red Cross is a reputable international organization that provides essential medical and humanitarian aid to vulnerable persons worldwide.
However, in January 2022, they became data insecurity victims after cyberattackers gained entry to their network due to a late patch of their security systems. The attack led to the breach of records of 515,000 vulnerable persons, containing their names, locations, and other personal data.
What Happened?
The attack on the Red Cross’s servers was a deliberate target that featured sophisticated techniques and codes designed to run on specific ICRC servers.
The cyberattackers gained access to the Red Cross’s network on the 9th of November 2021 through an unpatched vulnerability in an authentication module. Upon gaining entry, they deployed security tools that helped them pose as authorized users and admins.
From there, the attackers could access the sensitive information they wanted despite the data encryption.
To date, there’s been no evidence that the information stolen from this attack has been traded or used for illicit purposes. And despite speculation that the responsible actors may be state-sponsored, the identity of the persons behind the attack and their motives is still anyone’s guess.
The Aftermath
After determining on the 18th of January that their systems had been compromised, the Red Cross worked with security experts to investigate and secure the vulnerability through which the attackers gained entry.
For a time, the affected systems were taken offline and were only taken back up after several penetration tests had been carried out to prevent reoccurrence.
The organization also took extensive measures to communicate the breach to those affected.
3. Whistleblower Reveals Suisse Secrets
Switzerland is world-famous for three things: the Alps, staying neutral during conflicts, and banking secrecy laws. The latter forms the background of this data breach incident.
At its forefront was Credit Suisse, one of the world’s biggest financial institutions, with its clients’ financial details totaling assets worth $108.5 billion being publicly revealed.
What Happened?
The leak was an intentional attempt by a person or group to expose the bank’s alleged lucrative business of helping clients hide their wealth. Financial details from as far back as the 1940s-2010 were revealed to a network of 163 journalists from 48 media organizations worldwide.
It is believed that the attack was from an inside threat, as the source was most likely an employee of the bank who gained access through their legitimate credentials.
Although the bigger story is definitely about how some of the bank’s clients controversially acquired their wealth, there is no shying away from the fact that the data breach itself is a significant concern for the organization’s security integrity.
This is particularly so when one considers that, as the whistleblower themselves admitted, owning a Swiss bank account is not a crime, and many of the bank’s clients had gotten their wealth through honest means.
The Aftermath
Credit Suisse denied any wrongdoing and maintained that the information revealed was history taken out of context.
As for the data breach itself, well, all of the information itself had become publicly available, and, as such, remediation was not really possible.
What the bank could do, however, was to review and reinforce its internal processes and data security protocols. All of which they, of course, said they did.
4. The North Face Data Breach
The North Face is one of the world’s leading apparel companies and has been supplying outdoor adventurers with everything they need to get out into nature since 1968. However, in August 2022, they became one of the companies that fell victim to a data breach.
What Happened?
The attackers had used credential-stuffing tactics to gain access to about 200,000 customers’ accounts, where they acquired names, emails, billing & shipping addresses, phone numbers, and more. Tellingly though, no financial information was compromised in the attack.
The public got informed of the data breach through a notification the company sent out to customers who may have been affected. In it, they mentioned that the attack was launched on the 26th of July and got detected and blocked on August 11 and 19, respectively.
The Aftermath
Upon detection, The North Face moved quickly to contain the attack, resetting passwords of all affected accounts and erasing payment card tokens. The company maintained that compromising the payment card tokens did not put the customers at risk, as the information in them is only useful on the North Face’s website. Customers were also encouraged to use new passwords which they hadn’t used in other accounts.
5. Toyota Exposed by Contractor Mistake
Think all data breaches boil down to malicious intent? Think again.
Toyota is arguably the biggest name in the automotive industry so we can skip the introductions. In October 2022, Toyota experienced a significant data breach due to an error made by a third-party contractor.
What Happened?
Sometime in 2017, Toyota hired a website development subcontractor for its T-Connect service. The subcontractor then mistakenly posted some of the source code to a GitHub repository that was publicly accessible. This granted third-party access to almost 300,00 persons’ email addresses and customer control numbers.
This remained in place for five years and was discovered in 2022.
The Aftermath
As soon as Toyota made the discovery, it immediately changed the access key and made the source code private. It assured customers that there was no possibility of data such as names, telephone numbers, or credit cards being compromised as the affected servers held no such information.
It also urged customers to remain vigilant and watch out for phishing or spoofing attacks. It also set up a help center where customers can confirm whether their email address was among those that were breached.
How to Reduce Your Risk of Data Breaches
If there’s any lesson the aforementioned events provide, it’s to never be too careful as the data security space can be unpredictable. Data breaches can happen anytime, from insider threats to malicious external actors and even human error.
Here are a few measures you can take to minimize the risk:
- Implement multi-factor authentication (MFA) systems for all sensitive accounts and services.
- Ensure that all software is up to date and patched with the latest security updates.
- Restrict employee access to sensitive data and use encryption software whenever possible.
- Perform regular security audits and risk assessments to identify any possible weak points in your data security.
- Use a reputable cloud provider for all of your data storage needs.
- Make sure all passwords are strong, unique, and changed regularly.
Following these measures will help you stay one step ahead of the bad guys and keep your data safe. And as hackers become more sophisticated, we must become even more vigilant and update our security strategies accordingly.
Beef Up Security With JumpCloud
The JumpCloud Directory Platform boosts IT admin and MSP peace of mind by unifying their most integral security tools in one place. From MFA to single sign-on (SSO) to mobile device management (MDM), JumpCloud provides a comprehensive solution to keep organizational data safe and secure from nefarious hackers.
It provides time-saving capabilities like automated patch management, wipe and lock, and one-touch deployment that help save time. The best part? Most users saved money after switching to JumpCloud and reduced their IT stacks. Stay steps ahead of making the news for the wrong reasons. Sign up for a free trial today.
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About JumpCloud
At JumpCloud, our mission is to build a world-class cloud directory. Not just the evolution of Active Directory to the cloud, but a reinvention of how modern IT teams get work done. The JumpCloud Directory Platform is a directory for your users, their IT resources, your fleet of devices, and the secure connections between them with full control, security, and visibility.
I want to discuss a subject that doesn’t get enough attention in the world of OT/ICS cyber security considering how fundamental it is, and also sparks a surprising amount of controversy. The topic is the importance of conducting ongoing research into OT endpoint device vulnerabilities, particularly for legacy devices.