Since joining his new organization, Paul is working from home for the very first time. Due to the lock-down imposed by the government in order to curb the spread of the global pandemic Covid-19. Now Paul loves his freedom and the flexibility, he can now work from the favorite corner of his room. Soon his company faced a massive data breach.
However, Paul was never interested in reading his company’s updated policy regarding Bring Your Own Device. So, as expected Paul is not aware of the fact that his personal laptop’s automatic update is turned off and it is now protected with the updated security patches.
On the other side of the planet, Ryan’s $2000 ultra-cool laptop is way faster than the laptop that has been provided by his office to work from home during the global pandemic situation. However, he needed speed and portability. So, to jazz up things up a little bit, he used his own external hard drives to transfer large files black and fourth. And as expected, he started to work on his uber cool laptop within a few days. But the worst part is, he is unaware of the fact that there’s a key-logger hiding in his flagship laptop.
Christina is getting bored with the company provided app that she needs to use while working from home, during this global pandemic situation. But, she believes that her friends are using apps that are much better looking and have a few more features. So, she starts downloading those apps and she asks a few of her colleagues to use those even though using any other app is against the policy.
What’s Causing Data Breaches?
Now the main question arises. What’s the main common factor in all these situations?
Yes! As you all know that all of these incidents carry grave security concerns that can bring down any company into its knees.
These are not very rare instances and people are often exposing organizations to the world of cybercriminals due to sheer ignorance. Currently, various organizations around the planet are facing multiple issues related to cybersecurity that are often related to massive changes that are currently happening to people, technology, and various processes due to the pandemic.
Data breaches that are resulting from various human errors continue to be the second largest reason for all the notified data breaches, which accounts for as much as 34 percent of all data breaches. The shocking revelation was, the leading cause of data breaches are often attributed to human error is sending personal information to the wrong recipients over email.
The Legal Aspect of Data Breaches
Often a data breach also comes with a chance of litigation. Internationally, attacks on personal data cost the healthcare industry billions of dollars each year. In the US, a major data breach can cause massive reputation harm and loss of business. Additionally, healthcare organizations including hospitals can face reporting obligations under various state and federal laws, contractual relations, impacted patients and their families, and obviously expensive litigation from the regulators.
Currently, as much as 16 billion records have been exposed. Additionally, researchers believe only during the Q1 of 2020, 8.4 billion records have been exposed. This number is a massive increase of 273% when compared to the first half of 2019 whereas much as 4.1 billion records were exposed.
So, below we are sharing a few instances of data breaches which changed the overall outlook of 2020 in terms of data safety.
Top 5 Data Breaches of 2020:
The Marriott Data Breach: The international hotel chain Marriott disclosed a massive security breach on 31st of March 2020, which impacted the data of as much as 5.2 million guests, who used Marriott’s loyalty applications. In this case, hackers got hold of two accounts of Marriott employees, who had access to the said data. And, after getting hold of the credentials, the hackers siphoned off the client-related data a month before the breach was discovered. Previously, the Marriott group announced a data breach in late 2018, where hackers got hold of 500 million guests’ data.
When Zoom Credentials were up for Sale: Due to the global pandemic Covid19, companies around the world started to lean towards the work from home mode. As expected, Zoom became a very popular choice for virtual team meetings. Sadly, Zoom was not only popular amongst its users, but it also became popular amongst the cybercriminals. Within a very short span of time, this application fell prey into the hands of cybercriminals and became vulnerable to various security threats. During the first week of April, it was reported that as much as 500,000 Zoom passwords were stolen and were available for sale in the dark web.
The Infamous MGM Data Breach: The famous MGM Resorts suffered a data breach last year. However, the news of the breach started circulating only in February 2020, when the hackers leaked the personal details of as much as 10.6 million hotel guests. But later the number was increased by 14 times. The leaked information contained the names of Justin Bieber, Jack Dorsey, and others.
The Twitter Hack: This hack probably caused the most high-profile data breaches amongst all these. This hack was targeted towards verified twitter users like Jeff Bezos, Barack Obama, Bill Gates, and Elon Musk. Out of the 130 hacked accounts, the hackers were able to reset the password of 45 user accounts. This breach was a well co-ordinated scam to siphon of $121,000 in Bitcoin through 300 transactions.
Attack on Magellan Health: Lastly, one of the Fortune 500 companies, Magellan Health was recently attacked by a ransomware and data breach in April of 2020. The healthcare giant confirmed the attack and stated that as much as 365,000 patients were effected by this cyber attack.
Conclusion
Thanks to the global pandemic Covid19, the global shift in work culture has helped cybercriminals to launch cyber attacks on the organization. DDoS, BEC Attacks, Ransomware, etc are amongst the most common types of data breaches this year. Till now, 2020 has been quite challenging for various organizations in terms of cybersecurity. However, just to be safe from these cyber attacks few points are very important, which include;
- Educating employees with security awareness training
- Incorporation of phishing incident response tool
- Securing email domains again email spoofing
- Keeping software updated with the latest security patch
- Encouraging the use of VPN tools