Security breaches are on the rise, and so is the global amount of money that they cost. By 2025, the global cost of breaches is expected to reach at least $10 billion. This year has been no exception, so we’re bringing you a list of the biggest security breaches that have happened so far this year. First, we’ll take a look at the breaches across the world that had a big impact on the companies and customers they targeted e.g., the first ever national emergency caused by ransomware. Then, we’ll put a spotlight on some of the breaches that happened near home for us at CyberPilot: breaches in Denmark, Norway, and Sweden. We’ll wrap up with some trends in this year’s breaches and suggestions for how your organisation can prevent a breach.
8 of the biggest breaches around the world
Since many of these breaches are still new, it’s difficult to determine exactly how many people were impacted, in what ways, and how much the breaches cost financially. So, we’re going to go through the breaches based on when they took place. Keep reading, because you’ll see that the breaches from this year impacted a wide range of organisations, including governments, non-profits, tech companies, education providers, healthcare systems, and financial services providers.
FlexBooker – 3.75 million users’ data stolen and sold online
Starting at the end of 2021 and continuing into January 2022, FlexBooker experienced a security breach that impacted about 3.75 million users. These users had their information compromised such as their names, addresses, phone numbers, partial credit card data, driver's licenses, passwords, and ID information. The data was stolen by the hackers and put up for sale online. The breach was caused by the hacking group Uawrongteam. They got into FlexBooker’s AWS servers and installed malware, which gave them control over the systems.
As a result of the breach, many users decided to leave the platform after the incident - an example of how experiencing a data breach is costly both financially and in loss of customer trust.
Cash App – former employee accessed 8.2 million customers’ data
In April, Cash App informed authorities that they suffered a security breach at the end of 2021 that impacted about 8.2 million customers. The information accessed by the hackers includes customer names, stock trading information, brokerage account numbers, portfolio values, and other sensitive financial information. The source of the breach was a former employee, who breached the company’s servers and downloaded internal reports without permission.
Lapsus$’ attacks on Nvidia, Microsoft, and more through phishing emails
At the beginning of 2022, the hacking group Lapsus$ launched attacks on several prominent companies, including Nvidia, Microsoft, and Samsung. In the Nvidia breach, information about more than 71,000 employees was leaked, along with data about product hardware and future product models.
Microsoft was also targeted by Lapsus$, and their Bing and Cortana products were impacted. The hackers attacked Microsoft’s Azure DevOps Server and accessed confidential data, including source code for Bing, Bing Maps, and Cortana. Microsoft was able to respond to the breach quickly, meaning that only one account was compromised, and no customer data was stolen.
Lapsus$ often uses social engineering techniques and phishing emails to get into their targets’ systems. That’s why it’s more important than ever that everyone knows how to spot a phishing email.
Crypto.com – $35 million stolen from cryptocurrency wallets
In January 2022, a security breach targeted about 500 people’s cryptocurrency wallets held through Crypto.com, resulting in the theft of about $35 million from the impacted users. Although Crypto.com initially denied any theft, they eventually reimbursed the impacted users. To pull off the breach, the hackers got past Crypto.com’s two-factor authentication and then got access to the users’ cryptocurrency wallets.
Red Cross – data on 515,000 vulnerable people exposed
The Red Cross suffered a severe security breach in January, which left the personal data of about 515,000 vulnerable people exposed. Personal data from at least 60 Red Cross and Red Crescent National Societies around the world was compromised, including data such as the names, contact information, and locations of missing persons, their families, detainees, and others receiving assistance from the Red Cross. In response to the breach, the Red Cross had to take their systems offline. The breach happened through an attack on a third-party contractor. Then, the hackers got access to the ICRC systems through an unpatched critical vulnerability.
Did you know that the GDPR requires data processors to take measures to protect their cybersecurity and that data controllers are responsible for choosing to work with reliable data processors? These kinds of partnerships are of concern in the Red Cross breach and the next breach that happened in the New York City Department of Education.
New York City Department of Education – personal data of 820,000 students accessed
At least 820,000 students in New York were impacted by a breach in January. Among the information accessed was economic, academic, and demographic profiles of the current and former students in the New York City public school system. Specifically, the students’ names, birthdays, genders, ethnicities, native languages, special education and socioeconomic statuses, and academic information were accessed.
The department of education placed the blame for the breach on the software company, Illuminate Education, which left some data unencrypted. This enabled a bad actor to gain access to the data. Since the breach happened, some parents have been asking whether it even makes sense for organisations to collect and store so much personal data, when doing so can expose people to the risk of having their data stolen. You can read our recommendations on who should have access to personal data and secure data destruction here.
Health care breaches in the US – over 3 million patients impacted
A series of security breaches in health care systems across the US left sensitive patient data compromised.
In Texas, the Baptist Health System and the Resolute Health Hospital experienced a breach that impacted 1.24 million patients between March and April. The cybercriminals gained access to the patients’ sensitive data, including their full names, social security numbers, insurance information, and health data. The breach is one of the largest tracked by the US Department of Health and Human Services. Officials say that malware was behind the attack.
Separately, the Shields Health Care Group in Massachusetts also experienced a breach in March. In this breach, an unknown user got access to their systems and stole access to the personal data of about 2 million Americans. The kind of data stolen includes names, social security numbers, birth dates, addresses, billing information, and medical diagnoses. Since the breach, affected patients have filed a class action lawsuit against the health care group.
Conti ransomware attack on the government of Costa Rica leads to a national emergency
Various parts of the government of Costa Rica were breached by Conti ransomware, believed to be distributed by a Russian-based group. The first attack happened in April on the Ministry of Finance and the effects lasted for months after. Costa Rica lost millions of dollars daily because the country’s import and export businesses were frozen. The effects were so bad that the president declared a national emergency - the first ever national emergency declared as a result of a ransomware attack (but probably not the last).
Then, the Social Security Fund experienced a similar breach in May, which impacted the country’s health care system.
In all, at least 28 different official institutions were targeted, and some databases and websites were down during the breach. Through ransomware, the hackers gained access to governmental data and demanded $20 million in order to unlock the systems and return the data. In May, they posted about 670MB of the stolen data online, making it available for e.g., identity fraud criminals to take advantage of.
Security breaches in Scandanavia
Now that we’ve covered the biggest breaches around the world, we’re moving closer to home. The breaches that happened in Scandanavia may not have topped the global news headlines for weeks, but they matter to the organisations operating here, and their customers.
LIFA A/S and Borger.dk – more Conti victims
In March, the Danish company LIFA suffered a breach which resulted in large parts of the company being shut down. LIFA supplies IT tools to other services, including the website borger.dk, meaning that Danes could not register changes of address during the outage. The Russian group Conti has been blamed for the breach. You may remember Conti from their attacks on the government of Costa Rica.
7-eleven payment system shut down
In August, 7-eleven temporarily closed 176 stores across Denmark after experiencing a security breach that cut off their ability to use cash registers to receive payments. The stores were able to re-open eventually.
Norkart AS – 3.3 million property owners impacted
In a breach that was recognized in May, an unauthorized user accessed and downloaded the information of previous or current property owners or occupiers in Norway. Up to 3.3 million people could have been impacted. Information such as names, addresses, and birth dates were compromised. Norkart says that the attack happened when “unknown players exploited a vulnerability in a search service that retrieves copy data from Norway’s official property register.” From there, the unauthorized persons were able to download data from the search service.
Norwegian Parliament website disruption
In August, the website of the Storting experienced a denial-of-service attack, which overloaded the system and prevented traffic from getting through to the website, causing disruptions. This breach is yet another that demonstrates that both government institutions and private companies can experience unpredictable security breaches.
Attacks on Swedish public authorities, companies in the finance and transportation sector
Following Russia’s invasion of Ukraine, the Public Safety and Preparedness Agency (MSB) in Sweden received several reports of security incidents in March. The breaches were reported to have limited impact, but they were targeted on public authorities and organisations that work with finance and transportation – all important sectors.
Trends across breaches in 2022
At this point, we’ve mentioned a lot of security breaches that impacted different kinds of organisations all over the world. So, what can you take away from the breaches of 2022? Here are a few trends that we can see in the breaches that have happened so far in 2022:
- Russian hackers are active, seen by the various Conti ransomware attacks that are believed to be distributed by a Russian group. With the war in Ukraine, companies and governments that support Ukraine are increasingly vulnerable to attacks by Russian hackers who want to make a political statement
- Malware and ransomware are common methods of attack. These kinds of attacks are dangerous and often begin with a phishing email. Training your staff to recognize the signs of a phishing email can make your organisation less likely to suffer from one of these breaches. Read more on how to train your employees on phishing and social engineering.
- Attacks on government organisations are common. From the government of Costa Rica to the Norwegian parliament, these breaches show that both public and private bodies need to improve their security.
- The usual targets, like healthcare or financial organisations, are still popular. Healthcare systems and financial services providers have always been, and continue to be, valuable targets for attackers. These organisations have a lot of sensitive data and serve important societal functions, meaning that they are valuable targets for hackers.
Even if your organisation isn’t one of the usual targets for security breaches, they really can happen to anybody. Companies big and small should take steps to strengthen their security so that they can avoid breaches. In the next section, we’ll give you some tools to do just that.
How to protect your organisation from a security breach
Security breaches are the number one threat to companies around the world, and the number of breaches continues to rise every single year. Even though you mostly hear about the breaches that happen to big companies, small organisations are also at risk and need to maintain a strong cybersecurity. The cost of a security breach is simply too much to ignore.
9 out of 10 breaches are due to human error
We can’t overstate how important employees are in protecting an organisation’s cybersecurity. Since mistakes made by people are the number one cause of a security breach, the best way to protect your organisation from a breach is to train your staff. Simple actions, like providing continuous awareness training for your staff, and testing their skills with phishing testing, can help your organisation understand the risks and prepare for an attack. You can try out awareness training for free for 14 days to see if it could be a good fit for your organisation.
If you are interested in learning more about how to get started with different trainings, we have several blog posts that can guide you. For example, check out this post on how to get started with awareness training or our post on how to do good phishing simulations. You are also welcome to use our free posters about cybersecurity and the GDPR to raise security awareness within your office.
We hope this post was useful! Please feel free to contact us if we can help you strengthen your organisation’s cybersecurity.