Over the next five years, cybersecurity incidents are estimated to cost businesses more than $5 trillion. The frequency, complexity, and targeted nature of cyberattacks are intensifying, especially for small and medium-sized businesses. Many organizations lack the necessary security measures to protect themselves from network security breaches that are becoming a popular target for cyberattacks.
An Accenture study reported that 43% of cyberattacks target small and mid-sized business owners, but only 14% are prepared to defend themselves. The average time it takes an organization to discover a breach is 212 days, and to localize it takes 75 days.
In this article, we have summed up the biggest data breaches of 2021.
Top data breaches of 2021
Cyberattacks on smaller and medium-sized businesses often go unreported, and rarely make national headlines, unlike cyberattacks against large corporations. Let's have a look at some of them.
Hobby Lobby’s consumers’ data disclosed
In March 2021, after Hobby Lobby suffered a cloud-bucket misconfiguration, a database containing the records of almost 300,000 consumers was exposed. Data thieves disclosed customers' names, phone numbers, and the last four digits of their payment cards, as well as the source code for the company's app.
Bose’s former employees’ information threatened
Following a ransomware attack, audio maker Bose Corporation revealed a data compromise in May 2021. During the examination into the ransomware's impact on the company's network, they discovered that the attackers had gained access to some of its present and former employees' personal information. Names, Social Security numbers, and other HR-related information were among the personal data revealed in the attack.
Europol arrested 106 cybercriminals of the Italian mafia
Europol arrested 106 members of an organized crime group in September 2021. This syndicate has deployed modern phishing and vishing attacks to get access to bank accounts or trick their victims into disclosing sensitive information. The adversaries have accessed and stolen $11.7 million from their scams.
And, of course, large companies do not go unnoticed by cybercriminals.
Pixlr database was breached
A data thief published a database containing 1.9 million user records from Pixlr, a free online photo-editing tool, on January 20, 2021. Similarly, around the same time there was a 123RF data breach, which exposed over 83 million user records. Among the documents seized were email addresses, usernames, hashed passwords, and other sensitive information.
Adversaries were able to fool U.S. Cellular retail workers
Through a targeted attack on the fourth-largest wireless provider in the United States, adversaries were able to fool U.S. Cellular retail workers into downloading dangerous malware onto corporate computers on January 28, 2021. Once downloaded, the malware provided remote access to the company's devices as well as the customer relationship management (CRM) software, which contained account records for 4.9 million clients. Cybercriminals acquired access to names, addresses, PINs, cell phone numbers, service plans, etc.
Amazon Web Services removed Parler from its servers
The cybercriminal compromised Parler's data in January 2021. This information was revealed after Amazon Web Services removed the conservative social media app from its servers. The 70TB of data shared includes 99.9% of posts, conversations, and video material with EXIF data - metadata such as date, time, and location. Thus, users’ personal information who had verified their identities by uploading personal documents was disclosed.
Microsoft Exchange servers were attacked
On March 3, 2021, attackers exploited weaknesses in Microsoft Exchange servers and got access to email accounts of at least 30,000 entities across the United States, including small businesses, towns, cities, and local governments. Cyber thieves have complete remote control of the systems, allowing them to breach and compromise data. Microsoft has released security updates to address these issues, which users should install as soon as possible.
A breached database from Whole Foods Market and Skaggs
In October 2021, researchers identified a breached database containing over 82 million records belonging to Whole Foods Market and Skaggs - a public safety and uniform firm, which supplies uniforms for Police, Fire, and Medical customers across the United States. Customer order data, names, email addresses, credit card numbers, and other information were among the details exposed.
GoDaddy’s Security Incident affected 1.2 million users
On 17 November 2021, GoDaddy announced that using a compromised password, an unauthorized third party had gained access to its systems. The alarming truth is that the world’s giant web host was able to detect the breach only 2 months after the incident. The data breach affected 1.2 million active and inactive users of Managed WordPress Hosting. GoDaddy had to reset customer passwords and private keys, as well as issue new SSL certificates.
Attacking small and midsized businesses offers cybercriminals many opportunities. The information small businesses have about their customers, such as credit card numbers, emails, and insurance information, makes them attractive to cybercriminals. Additionally, these companies can act as the entry point into networks of larger companies.
To survive in such an environment, it is imperative to mitigate risks by simply adopting a layered approach to security with numerous methods, policies, and procedures.
Contact Humanize Security to learn more about ways to keep your organization safe from cyberattacks with its attack surface management and quantified cyber risks management solutions.