The worst data breaches of 2022
The post-pandemic boom has attracted a lot of unwanted attention from hacker groups looking to take advantage of a gullible employee or an unknown vulnerability. Recent research reports also show that attacks on organisations have increased this year and so has the cost of the breach due to the disruption of business and fines slapped by regulators. According to IBM Cost of a Data Breach Report 2022, 83% of organisations have suffered more than one data breach, while the average cost of a data breach has grown to $4.35 million in 2022 as compared to $3.86 million in 2020.
Financial gain remains the primary motivation behind attacks on private organisations.
The war between Ukraine and Russia also triggered a wave of cyberattacks on firms in Europe and the US.
Here are some of the cyberattacks suffered by organisations that touch the lives of most Internet users in some form.
400 million Twitter accounts at risk
Early this week, a hacker named Ryushi threatened Twitter to pay a ransom of $200,000 or they will publish the personal information of 400 million Twitter users. The hacker claims the data was stolen in 2021 through the exploitation of an API vulnerability, which has since been fixed. The stolen data reportedly includes phone numbers and email information of Twitter users including Google CEO Sundar Pichai, US congresswoman Alexandria Ocasio-Cortez, Salman Khan, and singer Shawn Mendes. Twitter is yet to verify the breach and claims made by the hacker.
LastPass breach more serious than believed
The data breach suffered by leading password manager LastPass in August turned out to be more serious than earlier believed to be. The firm had earlier said that no customer data was accessed during the incident and only some technical information and source code were stolen. However, last week it said in a blog post that hackers copied the backup of customer vault data from the encrypted storage container which also contains usernames and passwords along with other data. LastPass assured its users that the information is fully encrypted using 256-bit AES encryption and it will be extremely difficult to break it even using brute force attacks.
GTA V footage stolen and leaked
US-based Rockstar Games, which develops and publishes action games in the Grand Theft Auto (GTA) or Red Dead Redemption (RDR) series, confirmed in September that it suffered a network intrusion, which allowed hackers to steal confidential information from the company systems. The stolen data included unseen game development footage of the next game in the GTA series, which is expected to release in 2024. The breach was detected after the hacker leaked the stolen footage online. Rockstar is one of the biggest game publishers in the world. Its last GTA game “GTA V” sold over 170 million copies.
Nvidia takes on hacker groups after data theft
In February, a little-known ransomware group Lapsus$ broke into the networks of Taiwan-based chip giant Nvidia and stole 1 terabyte of data, which includes sensitive information such as the designs of next-gen graphics processing unit (GPU), Nvidia AI rendering system DLSS, and the login credentials of over 71,000 employees. The hacker group threatened to make the stolen information public if the firm didn't remove the anti-crypto mining feature called Little Hash Rate (LHR) from its GPUs. Nvidia retaliated by counter-hacking the hacker group to retrieve the stolen data.
Samsung data breach
After Nvidia, the Lapsus$ hacker group targeted South Korean chip and electronics maker Samsung. The hackers stole and leaked nearly 200 gigabytes of sensitive data which includes source codes for Samsung’s TrustZone environment and algorithms for biometric unlock applications. Samsung confirmed the breach and acknowledged that some source codes were compromised. The hacker group asked Samsung for ransom for not leaking the data.
Uber suffers dual security incidents
In September, cab booking firm Uber’s internal systems were compromised, according to an NYT report. The hackers shared images of the firm’s cloud storage, email, and code repositories with security researchers and the media company to substantiate their claims. Uber on its part acknowledged in a Twitter post that it had suffered a cybersecurity incident and was working with law enforcement agencies to address it. Later in December, Uber suffered a separate data breach after one of its supply chain partners was compromised. According to Uber, the data was stolen from Teqtivity, which provides asset management and tracking services to Uber.