Top 10 Data Breaches of 2022
Data breaches can harm businesses, individuals, and governments and affect national security.
Technology’s rapid advancement has altered the nature of business, and the global efforts to strengthen cybersecurity have resulted in a more secure workplace than ever before. However, the rate at which businesses of all sizes are experiencing cybersecurity breaches is alarming, and this trend is reflected in the rising curve of cybercrime findings, which peaked in 2022.
Cyber criminals use various methods to exploit the companies’ vulnerabilities, resulting in widespread data breaches that cost the affected businesses millions of dollars. Data breaches and cyberattacks will continue to be major concerns into 2022, and we have compiled a list of the most notable cyber-attacks.
In January 2022, a cybercriminal group going by the name “Uawrongteam” targeted the appointment management company Flexbrooker got access to the sensitive information of company’s clients. The cybercriminals exploited its AWS configuration to gain access to the system. They installed malware, which gave them complete control of the system and enabled them to steal the personal information of about three million users, including IDs, driver’s licenses, and passwords.
Even though it is hard to imagine anyone launching a cyber-attack on the Red Cross, that is exactly what happened in January 2022. Over half a million records were stolen from a third-party contractor that was the target of the attack.
Documents were connected to the group’s Restoring Family Links services, which seek to reunite relatives who may have become estranged due to migration or conflict. The Red Cross has taken its servers offline and begun investigating as a precaution, but no one has yet been identified as the attack’s source.
In January 2022, cybercriminals launched an attack on cryptocurrency transactions on Crypto.com, stealing funds from around 500 users’ cryptocurrency wallets. An estimated $18 million in Bitcoin and $15 million in Ethereum were lost in the attack. The cybercriminals took advantage of the weak passwords to get around two-factor authentication.
Canadian truckers who participated in a cross-country protest COVID-19 rules called “Freedom Convoy” raised the most money through the Christian fundraising website Give Send Go. To protest the Freedom Convoy, a group of cybercriminals launched a massive politically motivated Distributed Denial of Service (DDoS) attack in February 2022.
Ninety thousand donors’ personal data were stolen and become publicly available. They also reroute visitors from the Give Send Go fundraising page to another site that attacks the Freedom Convoy.
Ronin is a blockchain gaming platform that allows players to make some earnings in the form of digital currency (cryptocurrency) and non-fungible tokens (NFTs). While the game became popular, the company took the risk and cancelled some of security protocols to help the servers handle the number of growing gamers. The procedure led to a fatal vulnerability as more players joined the game, and cybercriminals, in March 2022, managed to sneak in and steal around 600$ million in cryptocurrency.
In March of 2022, a cyber-attack crippled PressReader, the world’s largest online distributor of newspapers and magazines. PressReader stated that no ransomware was used, however, the three-day attack still prevented users from reading over 7,000 news sources, including the New York Times.
In March of 2022, the massive computing company Microsoft stood firm against a cyber-attack. A group of cybercriminals known as “Lapsus$” claim responsibility for the attack, and they reveal details about it via a secret screenshot posted to Telegram.
The screenshot features several well-known Microsoft services, including Cortana and Bing. However, no customer information was compromised due to Microsoft’s robust cybersecurity strategy and prompt response.
A former employee was the key to a successful cyberattack on Cash App, a popular mobile payment tool. Cybercriminals stole limited customer credential data, including names, stock trading details, account numbers, and portfolio values. The company had to face its eight million users and explain to them the ugly truth about what happened.
In August 2022, a massive data breach affected the Plex media server app, exposing millions of users’ passwords, usernames, and email addresses. The attack damaged the company’s reputation, but the flaw has since been patched.
Data including names, addresses, dates of birth, and insurance card numbers were exposed when Australian health insurance provider MediBank suffered a massive data breach. MediBank lost over $25 million because it had to compensate its clients whose private data was compromised after the attack.
Data breaches continue to be the primary concern of all businesses, no matter how advanced their cybersecurity measures may be. Many kinds of cyber-attacks have caused devastating financial damage in 2022.
Malware attacks and other forms of vulnerability exploitation, such as insecure passwords, were used. Proper monitoring and careful analysis of the most severe incidents allows companies to draw lessons and improve their cybersecurity practices.