Balance innovation and agility with security and compliance
risks using a 3-step process across all cloud infrastructure.
Step up business agility without compromising
security or compliance
Everything you need to become a Kubernetes expert.
Always for free!
Everything you need to know about Magalix
culture and much more
Data breaches can cost billions of people their sensitive information. "Risk-Based Security" issued their 2021 Mid Year Data Breach QuickView Report, which revealed major alterations within the data breach scenario. This came into view even with a 24 percent decrease in intrusions in 2021.
During the first half of 2021, around 1,767 publicly announced breaches happened, exposing a cumulative of 18.8 billion records. The decrease in recorded data breaches, unfortunately, doesn't really imply that security has advanced since the Coronavirus pandemic began..
Data breaches have been prevalent for a while now, and only the course has changed. So let us look at the biggest data breaches in 2021 and the impact they had.
The average per-record cost of a data breach stands at $4.24 M - An amount too huge to not be concerned.
Astoria Company specializes in marketing. It uses sophisticated, effective, proprietary processes and scalable technology platforms to help businesses acquire new customers and expand their companies.
In January 2021, it was discovered that many new breached databases were getting auctioned on the dark web. These databases included 40 million "U.S. Social Security" numbers about the Astoria Company. Astoria was oblivious that their information had been published for purchase on a dark web market.
According to Night Lion's investigation of the data, Astoria clients' driver's license, bank accounts, and Social Security numbers license information were all exposed. Moreover, the breach compromised data from over 10 million Astoria clients, including automobile, house, medical data, and credit history information.
The released Astoria data also included email transaction data. It showed critical user data being sent via email unprotected. Additionally, the multiple emails in this log file included comparable sensitive material sent to various sites.
Researchers identified 30 million records about Astoria Company clients in the United States reportedly exposed in a data breach. What's more, this was only a small portion of the information that's been exposed.
There were 400 million active social media users in the exposed data. Moreover, there was a database containing information on Instagram users plus 300 million Astoria Company client records.
Some claimed that Astoria's data had 40 million U.S. social security numbers. However, this figure was ultimately found to be overstated.
Jefit, a fitness monitoring app, uncovered a data breach during March 2021 due to a security flaw that affected customer accounts created prior to September 20, 2020.
While making a Jefit account, you must provide your I.P. address, encrypted password, email address, and username. I.P. addresses are stored by Jefit primarily for anti-bot purposes and to prevent inappropriate accounts from being created.
The firm says it took quick steps to safeguard its servers and the compromised customers and determine the root source of the data leak and confirm that other Jefit services were not affected.
Jefit claimed it had implemented security measures to prevent its system from future attacks. It is also implementing a much stricter password requirement on its platform to double secure user profiles.
There is no critical financial data concerned, according to Jefit. This is because the firm never stores client payment details. When users purchased items on Jefit's website, the third party handled the transaction procedure entirely.
The trusted third parties are Apple App Store, Play Store, or the payment gateway business.
The data contained over 9 million I.P. addresses and email, passwords, and usernames stored as argon2 or vBulletin hashes. Thus, over 9 million users were impacted. It was eventually sold to the hackers' community. Millions of cracked passwords were eventually widely distributed.
In April 2021, ClearVoice discovered that an unauthorized user had placed a database online. Passwords, contact information, and inquiries about ethnicity, political affiliation, and health were among the data that could be accessed.
ClearVoice links companies and brands to freelancers and provides a solution for content marketing.
According to ClearVoice, the data sets could be abused by undesirable actors, leading to survey participants being approached for purposes like advertising.
The publicly available data might be utilized to create personal profiles potentially exploitable in a political or commercial context. ClearVoice said it found the backup file, encrypted it.
Moreover, the team removed any further access to the information in the cloud service. All these steps were taken one hour after getting the email from the unauthorized user. ClearVoice also required all users whose data was left vulnerable to update their passwords.
Moreover, the company adopted security procedures to prevent a repeat of the incident and preserve user data privacy.
The unauthorized user was selling users’ survey details from August to September of 2015. Around 15.7 million people were impacted. Thus, a lot of people’s data became exposed. The hacker was selling this information on unauthorized sites.
ParkMobile offers a cashless park app in multiple parts of the U.S. In March 2021, ParkMobile was informed of a cybersecurity mishap involving a weakness in the third-party software it employs. As a result, the firm introduced an inquiry right away.
This inquiry exposed basic user data like license plate numbers, vehicle nicknames, phone numbers, and email addresses. Mailing addresses were also retrieved in a small number of cases.
Secure passwords were also retrieved. However, the encryption keys needed to read them were not compromised, according to the firm. ParkMobile claims that it encrypts user passwords using powerful hashing and salting algorithms.
This data breach impacted more than 21 Million users of ParkMobile. The App is quite popular in multiple cities of North America like Washington, Baltimore, Towson, etc. The firm claims to be the most widely used parking app in the U.S.
Hence you can imagine what a huge impact it had. The exposed data included hashed passwords, email addresses, license plate numbers, phone numbers, and mailing addresses.
JP Morgan Chase, a financial and banking service provider company, warned consumers in August 2021 of a site-wide issue. This bug exposed personal details. Customers of the Chase Mobile app or chase.com could access the financial data and information of others with identical personal details, according to the bank.
Transaction details, account numbers, account balances, and account names are among the client data that has been compromised. The problem was allegedly present from 24th May 2021 to 14th June 2021, a span of three weeks.
According to the firm, no proof has been discovered that the private details of clients affected by the data breach were "used illegally."
Clients were told that they would not be held accountable for any potential fraud on their Chase accounts that they immediately notified them about. Moreover, they should monitor their accounts for unusual activity on a regular basis.
JPMorgan Chase apologized for the data leak and provided a year of complimentary credit monitoring to the seven clients who were affected by it.
A serious breach impacting Reindeer, an American marketing firm, was discovered by experts at WizCase's. Phone numbers, physical addresses, email addresses, dates, users' names, and other personal information were leaked as a result of this incident.
The ethical cyber hackers at WizCase identified a corrupted Amazon S3 bucket owned by Reindeer that had approximately 50,000 files worth 32GB of data.
Over 3,000,000 users were impacted as Reindeer compromised their sensitive information.
Data breaches can cause havoc in the lives of the company it impacts as well as the users. Be it ParkMobile or Jefit, we saw how huge the consequences were. Thus, it is always better to be safe than sorry.
One way to ensure the minimization of data breaches is by employing companies like Magalix. Magalix works towards enforcing governance-as-code across your company’s entire Kubernetes infrastructure. Thus, your security standards get guaranteed.
Find out how to avoid misconfigurations in Kubernetes that may lead to security breaches or sensitive data leaks.
In this episode of the SaC, we will discuss with Daniel Feldman, Zero Trust Architecture, the SPIFFE and SPIRE project, and what the future holds for zero-trust networks.