The notion of cybersecurity is pushed to the limit with every new major data breach reported in the press.
It goes without saying that no company can feel safe today, not even the Fortune 500 companies that pride themselves in their robust security measures. Cybercriminals are everywhere and they are becoming bolder by the day.
With each new data breach, we can learn something valuable; these attacks will be valuable lessons for us going forward. In this article, we will explore 3 of the most significant data breaches of 2022.
Most significant data breaches of 2022
Medibank data breach
Australian healthcare and insurance company Medibank discovered some “strange behaviour” on its internal systems on October 13, 2022. The malevolent party then got in touch with the business on October 17 to “negotiate with the company on their purported removal of client data.” But Medibank clarified that it would not give in to the hacker’s demands.
On November 7, Medibank disclosed the full scope of the attack, noting that the hostile actor had illegally accessed 9.7 million previous and present customers’ data and stolen it. The data includes private and personally identifying details about medical procedures, including codes linked to diagnoses and prescribed operations.
A high-level user with access to Medibank’s systems had compromised their credentials, which is how hackers entered the system. The credentials were acquired by a third party, who later sold them to hackers on a Russian forum for online criminals.
The Optus data breach
On September 22, 2022, the Australian telecommunications company Optus experienced a major data breach that allowed unauthorised access to the personal information of 11 million consumers.
Customers’ names, birth dates, phone numbers, email addresses, residential addresses, driver’s licenses, passport numbers, and Medicare ID numbers were among the data accessed.
After Optus declined to pay a ransom demand made by the hacker, files containing this private information were shared on a hacking forum. The hacker allegedly contacted the victims and demanded payment of AU$2,000 (US$1,300) or else their data would be sold to other nefarious parties.
An unprotected, publicly accessible API was the source of the Optus data breach. This API allowed connections without requesting user authentication. Because there was no authentication procedure in place, anyone who came upon the API online may use it without providing a username or password.
Revolut data leak
On September 11, 2022, a data breach occurred that allowed unauthorised access to the personal data of more than 50,000 Revolut members. The incident involves a third party gaining access to Revolut’s database and 50,150 users’ personal data.
Names, residential and email addresses, and some payment card information were among the data obtained; however, Revolut has confirmed that card details were hidden.
Revolut took “rapid steps to eliminate the attacker’s access to the company’s client data and terminate the incident,” according to the Lithuanian authorities, after it was detected.
Revolut provided evidence to the Lithuanian authorities that inferred that the hackers gained access to their database through social engineering. In simple terms, hackers tricked Revolut employees into providing them with access credentials through social manipulation.
Companies should use cloud storage to prevent cyberattacks
Companies are under constant attack from cybercriminals, who seek to infiltrate their systems and steal sensitive data.
Cloud storage helps companies prevent cyberattacks by providing a secure and reliable way to store information. Cloud storage is essentially a virtual storage platform that allows employees to save files on the cloud server instead of on their own computers.
This means that if an employee’s computer gets hacked, they won’t lose any of the information they’ve stored on the cloud server.
Companies should use cloud storage to prevent cyberattacks because it’s a cost-effective way for them to protect their data and keep it safe from hackers.
They don’t have to invest in new software or hardware, which can be expensive and time-consuming, and they don’t have to worry about installing security measures on each individual device within their offices.
Cloud storage also makes it easier for them to keep track of what information needs protecting—they can set up policies that require every employee within an office to upload all sensitive files onto the cloud server at least once per week (or whatever frequency works best).
Featured image: Kaur Kristjan/Unsplash