Businesses are practically defined by how they handle their cyber security. Even businesses with the most high tech security systems can be a part of a data breach because of one minor vulnerability that leads to a cyber attack. To understand breaches, lets look at the major breaches that have happened so far this year.
January
There were no major breaches until Jan. 11:1/11/21
Ubiquity Inc. – Through their third party cloud provider, Ubiquity, one of the largest vendors, had their database accessed by unauthorized entities. Some items that may have been accessed were customer names, hashed passwords, addresses, email addresses, and phone numbers.Parler- After being removed from Amazon servers, Parler, a former social media news app, got even more bad news. A hacker scraped its data and leaked 70 terabytes of information. Not only did this include almost every post to the platform, it also included private messages and video data. Driver’s license information was also exposed due to Parler’s “Verified Citizen” feature.
Instagram, LinkedIn, and Facebook- Socialarks, a Chinese social media management organization suffered a data leak that exposed personally identifiable information (PII) of at least 214 million Facebook, Instagram and LinkedIn users. This info included phone numbers, email addresses, profile photos, usernames and more.
1/12/21
Mimecast- Mimecast, a cloud cybersecurity company had their tools hacked, which exposed ten percent of their customers who use their programs for Microsoft Office 365 emailing.1/20/21
Pixlr- This photo editing app had 1.9 million users’ information compromised. The data that was included was hashed passwords, email addresses, usernames and more sensitive info.1/22/21
Bonobos- Bonobos, a men’s clothing retailer, was hacked and had their customer data posted on a hacker forum. This info included home addresses, account information, phone numbers and even partial credit card information.1/24/21
MeetMindful- The dating platform was hacked and had 2.28 million users; personal information posted to a hacker forum. The information posted included birth dates, IP addresses, location, email addresses, names and more.1/26/21
VIP Games- This free gaming platform had 66,000 users’ information and 23 million records leaked. This was explained to be a cloud misconfiguration. The leaked info included status of user accounts, hashed passwords, IP addresses, emails and usernames.1/28/21
U.S. Cellular- Hackers attacked U.S. cellular through a phishing attack aimed at employees. After this attack, they were able to access almost five million user profiles. Luckily, U.S. admitted to only having 276 of those users as being victims of that attack. These records included cell phone numbers, plan information, PINs, home addresses, full names and more.February
2/2/21
Compilation of many breaches (COMB)- A database which contained 3.2 million cleartext email and password from last leaks (such as those from Netflix, Bitcoin, Yahoo, LinkedIn and more) was discovered to be available online. In this data base, hackers had access to 200 million Gmail addresses, 450 million Yahoo addresses and account credentials.2/10/21
Nebraska Medicine- This was the first major medical breach of 2021. Nebraska Medicine was attacked by malware, allowing hackers to access and copy medical records of more than 219,00 patients. This included home addresses, dates of birth, full names, lab results, health insurance information, medical record numbers, imagine, diagnosis, and more.2/18/21
The California Department of Motor Vehicles- California’s DMV was hit with a data breach after their contracted company Automatic Funds Transfer Services was attacked by ransomware. Any CDMV information from the past 20 months, including names, license information, addresses, and more.2/20/21
Kroger – A hack of a third-party cloud provider, Accellion, allowed hackers to steal HR data and other sensitive information from supermarket company, Kroger. Some of the records that were disclosed include names, email addresses, home addresses, phone numbers, Social Security numbers, and health insurance information for pharmacy customers.
2/26/21
Accellion- A third-party cloud provider, allowed hackers to steal HR data and other sensitive info from Kroger, the supermarket company. These records included email addresses, home addresses, Social Security numbers, health insurance information from pharmacy customers, full names and phone numbers.March
3/3/21
T-Mobile- With the use of SIM-swapping, an undisclosed number of T-Mobile customers were affected by hackers. This method of hacking allowed them to take control of customer’s smartphones to steal money from their accounts, change their passwords to hijack accounts, and even lock users of their devices. Microsoft Exchange– There was a vulnerability found in Microsoft Exchange Server email software that gave hackers access to the email addresses of 30,000 organizations in the U.S. This led to data theft and taking control of affected systems. Microsoft has fixed this vulnerability since.
Cyberattacks happen often and millions of people every year are victims. Keep your organization and its customers safe by contacting MyTek today to discuss your security options at 623-312-2440.
