What are Data Breaches?
A data breach is when a user who does not have permission accesses a data source. Then extracts sensitive digital info, thus compromising the data.
Also called “unauthorized access”, data breaches are a type of cyber attack. These security incidents threaten the safety, privacy and integrity of information. And cause damage to people, society and businesses alike.
The most common kind of data breaches, according to Symantec are of personal info. Or, form jacking. This is when a cybercriminal loads a malicious code onto a retailer’s website. Then steals shoppers’ credit card info. There are over 4,800 of these per month.
But data breaches also destroy electronic info with the goal of disrupting businesses. So, they use tactics like spear phishing and supply chain attacks. Or deploy malware to delete files.
Why do data breaches occur?
Data breaches happen for a few reasons and are on the rise. For one, cybercrime makes lots of money for attackers. According to Cybersecurity Ventures, cybercrime will cost the world over $6 trillion annually by 2021.
That’s up from $3 trillion in 2015 and totals more than the illegal global drug trade. Cyber crime is also becoming more complex and larger scale. This due to the increasing number of human and digital targets. And the much bigger job of protecting them.
Some data breaches may be accidental. You click on a link and it takes you to a phony site for instance. But most targeted attacks happen in one of four ways.
- System weakness caused by outdated software
- Weak passwords that are easy for a hacker to guess
- Drive by downloads that happen if you visit a compromised site and end up with malware or a virus
- Targeted tactics like phishing, spam and emails with bogus links
Ways to prevent Data Breaches
Here are 10 ways to prevent many common data breaches:
- Update your software
- Use strong passwords (not your birthday) and hope we move to biometrics in the future
- Double check what you download and from where
- Use strong security and anti-spam software
- Limit where you store data (keep your credit card info offline)
- Restrict access (that’s why companies do background checks)
- Use software to wipe out a hard drive if you plan to dispose of any hardware
- If you have people working for you, don’t use their social security numbers as ID numbers
- Control who has access to your devices and block unauthorized users
- Avoid using WI-FI as you risk data interception
Recent Data Breaches
According to Accenture, the average number of security breaches in the last year grew by 11% from 130 to 145. Here are a few of the more recent data breaches to keep you in the loop.
#1 Slick wraps
Slickwraps is an online store that sells skins for tablets, smartphones and the like. If you checked out as a guest, you may be ok but otherwise maybe not.
On February 21, 2020, they reported a data breach to 857,611 customer accounts. So, names, email addresses, physical addresses, phone numbers, and purchase histories.
The breach happened because their databases were not protected enough. They found out about in on Twitter and are now auditing their security processes.
PhotoSquared is a USA-based app available on iOS and Android. If you are a customer, here’s what you need to know.
On January 30, 2020, their exposed database compromised the privacy and security of 100,000s of users.
The database in question was hosted in the state of Maryland. It contained over a million records, totaling 94.7GB of data dating from November 2016 to January 2020.
If you were a guest of the MGM hotel last summer, this breach might affect you.
The chain just made public a data breach that compromised the personal details of more than 10.6 million former hotel guests. That means full names, home addresses, phone numbers, emails, and dates of birth. MGM reports they notified customers last year.
Health Share of Oregon is the state’s largest Medicaid coordinated care organization (CCO). They now report a breach that took place on January 2, 2020.
The cause of the attack was a break into a vendor’s office. Vendor GridWorks who supplies Ride to Care suffered a stolen laptop.
The laptop contained personally identifiable information (PII) of 654,362 members. Letters went out to those involved along with one year of free credit monitoring.
#5 Fifth third
Fifth third is a Cincinnati bank. They report a data breach that has exposed an undisclosed number of people to identity theft.
Compromised info included: name, Social Security number, driver’s license information, mother’s maiden name, address, phone number, date of birth and account numbers. The bank is keeping silent on more details though sent letters out to inform customers.
#6 Estee Lauder
Cosmetic company legend Estee Lauder reports a data breach to a non-password protected cloud database.
The database contained over 440 million pieces of data. Including customer records and internal logs.
On the positive, the attack spared sensitive employee info and payment data. But millions of email addresses may now be in hackers’ hands.
Privacy researchers discovered a data breach in THSuite, a point-of-sale system in the cannabis industry.
The breach occurred on December 24, 2019 to an S3 bucket owned by THSuite. And, exposed sensitive data from many marijuana dispensaries around the US and their customers.
Among the leaked data were scanned government and employee IDs. This exposes personally identifiable information (PII) for over 30,000 people.
Microsoft announced a data breach that took place in December 2019. The breach affected one of its customer databases and contained 250 million records.
While Microsoft claims the data did not contain personal info, it did have email addresses. And there is no head count on how many.
They are warning people to be on the lookout. So, don’t automatically click on a link that asks you to log in “for security reasons” Or to “confirm your account”, and other pretexts.
US children’s clothing retailer Hanna Anderson reports a huge breach to their online shopping platform.
The hack deployed malicious code to steal customers’ credit card info and did so for almost two months. And if that’s not bad enough, these credit cards were used on the dark web.
As counter measures the company secured their cloud commerce site and is working with law enforcement.
Peekaboo Moments, a mobile app that stores baby videos and photos was hacked in January 2020.
Experts say the app’s developer, Bithouse Inc., is to blame for leaving the database open on the Internet.
The Peekaboo Moments database contains more than 70 million log files of more than 100 GB. This includes about 800,000 email addresses. And, has stored info that appears to date back to March 2019.
On January 20, 2020, Landry, who owns over 600 popular restaurants in the US announced a point-of-sale malware attack. It is their second data breach since 2015.
This breach targeted customers’ payment card data. Malicious code is the culprit.
It likely picked up payment details from credit and debit cards swiped on Landry’s order entry systems. This took place between March 13 and October 17, 2019.
If you dined at any at Landry’s restaurants during that time, you may be at risk for credit card fraud.