Are your employees the chink in your armor when it comes to data breaches? It may be the case based on findings surrounding an increase in secure data retrieval cyber-attacks in the first half of 2020. But as we approach 2022, the threat of these attacks still looms large.
As a business owner or executive, you are responsible for many things…including protecting the sensitive data that is at the core of your business, whether internal or customer data. What could happen if that data fell into the wrong hands? The consequences can be dire. And that’s why the importance of understanding secure data retrieval attacks is more important to highlight than ever.
The Importance of Understanding Secure Data Retrieval Attacks
With many businesses transitioning to online activities during the COVID-19 pandemic, there has been a dramatic increase in data breach activity. According to one security research firm, 80% of data breaches have occurred either because of stolen credentials or brute-force attacks.
Even now, as many businesses return to in-office operations, these threats remain just as serious and as prevalent.
(Are you a healthcare worker who still works from home? Here’s another post you’ll want to read next)
In just the first half of 2020, several Fortune 500 companies had been victims of massive data breaches. Hackers sold account credentials, sensitive data, confidential and financial information of these organizations in cybercriminal forums.
Probably just a few, though, right? I mean, we hear about it often on the news, but really, how many people/businesses are exposed?
In 2020, 16 billion records were exposed, 8.4 billion of which in the first quarter alone. This number is a 273% increase compared to the first half of 2019, during which 4.1 billion records were exposed. (Source: Security Boulevard)
Top Five Data Breaches of 2020
Does this still all seem abstract – like it only happens to other people? Well, let’s discuss the top five secure data retrieval breaches from 2020 and see if they change your mind!
Several targeted accounts of public figures got conned into changing their passwords, and the hackers gained access to their accounts and posted fake tweets with the intent to get people to send bitcoin… result: approximately $121,000 in bitcoin for the hackers from about 300 transactions.
(Does your business have a plan in place for disaster recovery? Read eight of the benefits of disaster recovery as a service (DraaS) in this post)
Marriott
By getting the login information of TWO employees, hackers were able to retrieve data of 5.2 million guests. These hackers had the data for about a month before the breach was even discovered, which was the second security breach in two years. The first security breach in 2018 cost the company $123 million in fines, the first time in the UK alone.
And with this company already experiencing a significant revenue drop due to COVID-19 restrictions this year, more fines will not help their bottom line.
MGM Resorts
This breach happened in late 2019, but it was reported in February of 2020. It was first reported that hackers leaked the info of 10.6 million hotel guests. But later, that number was increased to a staggering 142 million.
MGM says that they do not believe any financial information was stolen; however, according to the Las Vegas Review-Journal, the personal data stolen, included some guests’ driver’s licenses and passport information.
MGM customer John Smallman alleges the company failed to protect his personally identifiable information or implement “adequate and reasonable” cybersecurity procedures and protocols. He believes he and other guests will have to spend a significant amount of time and money protecting themselves from fraud, according to a lawsuit filed in U.S. District Court in Nevada. This suit has since morphed into a class-action lawsuit.
Mr. Yanchunis, a lawyer with the Florida firm that filed the lawsuit, said: “I expect to discover that the company’s cybersecurity system was not up to par and not utilizing the best practices.”
Zoom
In April 2020, the platform used the world over during the COVID-19 pandemic reported that login credentials, personal meeting URLs and HostKeys were stolen and were available for sale on the dark web.
The leaked accounts’ details belonged to financial institutions, banks, colleges, and various organizations. In all, these attacks compromised over half a million accounts.
“So what if a financial company’s Zoom credentials get hacked, how does that affect me?”
Simply put, sensitive data is being discussed on these Zoom calls. If a virtual board meeting discusses non-public financial information, the bad guys now have insider information. They can make money in stocks by cheating the system, etc…
According to Law Street, in April alone, Zoom was sued 17 times, ranging from securities fraud to breach of contract for privacy violations and false and misleading statements about its security and privacy practices.
Magellan Health
This Fortune 500 company was a victim of ransomware specifically as well as a secure data retrieval attack. (Learn more about ransomware and protecting your business from it in this article)
Over 365,000 patients were affected by this attack. A class-action lawsuit has been filed against Magellan Health, citing that information compromised in the breach included names, contact information, employee ID numbers, W-2 or 1099 information (such as Social Security numbers or taxpayer ID numbers), treatment information, health insurance account information, member IDs, email addresses, phone numbers, physical addresses, and other health-related details, per the complaint.
Learn More About Secure Data Retrieval (and How We Can Help!)
These are just some of the most reported attacks. Truthfully, small businesses get attacked constantly.
But those go largely unreported in the media and many times undetected at all. We are watching all of the legal activity regarding security breaches, and it has become very apparent that companies are being held accountable for “reasonable” cybersecurity protection.
They’re also responsible for implementing “cybersecurity best practices” as a core responsibility of the company holding their customers’ and employees’ data. Do you know if you have implemented best practices?
The COVID-19 pandemic has given more opportunities to cybercriminals to launch highly sophisticated cyberattacks. Is your business next? Have you taken the proper precautions to ensure that you and your organization’s employees protect your sensitive data?
Make sure that your critical data is protected from both inside and outside. For a free preliminary Cybersecurity Analysis, fill out this quick questionnaire, and we can help to make sure that your data is secure: https://www.cloudnexusit.com/.
Did you learn a lot about secure data retrieval in this post? Here are three more posts to read next:
- Our Top 10 Tips for How to Prevent a Ransomware Attack
- Why IT Managed Services? Six Key Benefits
- 5 Top Cybersecurity Trends of 2021
This post was first published in 2020, but it was updated in 2021 just for you.