We reveal the biggest data breaches of 2020

2020 has seen more than its fair share of high profile data breaches and cyber-attacks, with a number of the world’s biggest and best known brands falling victim to online attacks.  

As hundreds of millions of workers around the world found themselves working from home as a result of the global Coronavirus pandemic, cyber criminals have been quick to exploit the raft of opportunities that enforced work from home initiatives have presented.  

A recent report by Kaspersky suggested that there had been as many as 726 million confirmed cyber-attacks since the start of the year, putting 2020 on course to rack up somewhere in the region of 1.5 billion cyber-attacks for the year. That’s an eye watering statistic and one that will have serious impact on businesses around the world.

A new report by Security Intelligence estimated that the average cost of a data breach is $3.92 million, with the most expensive part of the process being data recovery.

Twitter

Twitter wins the dubious accolade of having been the victim of the highest profile data breach so far this year. In a massive hack, several high-profile accounts were compromised. Elon Musk, Joe Biden, Jeff Bezos, Michael Bloomberg, Kim Kardashian West and Bill Gates were among the accounts pushing out tweets claiming that followers would receive double the money they send to a certain Bitcoin address.

Twitter confirmed the breach and said it was a “co-ordinated social engineering attack” on its employees that had access to “internal systems and tools”.

The scam targeted the accounts of 130,000 high profile public figures, with the assailants able to reset the passwords of the celebrities’ accounts.  

The cyber attackers were able to solicit $121,000 in donations following the social engineering hack.

Cybersecurity experts claim that the social engineering featured in this scam demonstrates that the attackers targeted Twitter employees with access to internal tools and preyed on the trust associated with verified accounts and the attraction of doubling your money.

Zoom

The Covid 19 pandemic fuelled the exponential growth of virtual meeting app Zoom, as hundreds of millions of people across the world were forced to work and study from home.

In April 2020, as the pandemic was ratcheting up into fifth gear, Zoom suffered a humiliating data breach that saw cyber criminals make off with the log in credentials of over 500,000 users. Hackers then sold log in details to those accounts on the Dark Web, enabling pranksters and criminals to log in and join meetings mid-stream. The hackers were also able to harvest the personal details of the Zoom members, including email addresses and other contact information.

Marriot

In March 2020, the Marriot Hotel Group suffered a huge data breach, which compromised the records of 5.2 million hotel guests.

“At this point, the company believes that the following information may have been involved for up to approximately 5.2 million guests, although not all of this information was present for every guest involved:

  • Contact details (e.g., name, mailing address, email address, and phone number)
  • Loyalty account information (e.g., account number and points balance, but not passwords)
  • Additional personal details (e.g., company, gender, and birthday day and month)
  • Partnerships and affiliations (e.g., linked airline loyalty programs and numbers)
  • Preferences (e.g., stay/room preferences and language preference),” the company said in a statement on its website.

Hackers were able to syphon off the data of 5.2 million guests by hacking the user credentials of just two members of Marriot staff! This attack highlights the importance of companies using multi factor authentication for their employees and the potentially huge penalties for failing to do so.

Nintendo

Online gaming pioneer Nintendo suffered a major data breach earlier this year, when more than 160,000 user accounts were compromised in a single attack. Hackers used the online accounts to buy digital products through the Nintendo network, following the credential stuffing attack.

Such attacks are commonplace in the gaming and media sector, with Disney, Spotify and streaming giant Netflix all falling victim to similar attacks over the past year.

Easy Jet

UK based low-cost airline EasyJet announced that cyber criminals had stolen data records for 9 million of its customers. With Europe’s strict GDPR rules, companies who breach data protection regulations can be in for some eye watering penalties. Law firm PGMBM filed a class action lawsuit on behalf of the affected EasyJet customers for $23 billion (£18bn).

In addition to the 9 million EasyJet customers who had their personal details compromised, a further 2,200 had their credit card details exposed, compounding the potential damage.

While EasyJet promptly reported the matter to the Information Commissioner’s Office and other regulatory authorities, critics have claimed that the low cost airline was slow to inform its customers of the breach, with some customers not finding out for up to 4 months after the event.

Don’t miss your opportunity to hear from some of the region’s leading thought leaders on cybersecurity as we examine the role of cybercrime in the Middle East’s banking and financial sector. 

At 12 noon on Tuesday 29th September The ITP Tech Group will present the second instalment in its three part cybersecurity webinar series in association with Cybereason. The 1 hour, free to view webinar will be entitled ‘Security you can bank on – Safeguarding the Middle East’s financial sector’, and will bring together leading experts from the cybersecurity and banking sectors.

You can register for this webinar in less than one minute by clicking here…

Leave a Reply

Your email address will not be published. Required fields are marked *