We reveal the biggest data breaches of 2020

The Coronavirus pandemic has fuelled a surge in data breaches – we reveal the most high profile breaches of the year so far
Cybereason, Cyber security, Data breach, Networks, Security

Share

2020 has seen more than its fair share of high profile data breaches and cyber-attacks, with a number of the world’s biggest and best known brands falling victim to online attacks.  

As hundreds of millions of workers around the world found themselves working from home as a result of the global Coronavirus pandemic, cyber criminals have been quick to exploit the raft of opportunities that enforced work from home initiatives have presented.  

A recent report by Kaspersky suggested that there had been as many as 726 million confirmed cyber-attacks since the start of the year, putting 2020 on course to rack up somewhere in the region of 1.5 billion cyber-attacks for the year. That’s an eye watering statistic and one that will have serious impact on businesses around the world.

A new report by Security Intelligence estimated that the average cost of a data breach is $3.92 million, with the most expensive part of the process being data recovery.

Twitter

Twitter wins the dubious accolade of having been the victim of the highest profile data breach so far this year. In a massive hack, several high-profile accounts were compromised. Elon Musk, Joe Biden, Jeff Bezos, Michael Bloomberg, Kim Kardashian West and Bill Gates were among the accounts pushing out tweets claiming that followers would receive double the money they send to a certain Bitcoin address.

Twitter confirmed the breach and said it was a "co-ordinated social engineering attack" on its employees that had access to "internal systems and tools".

The scam targeted the accounts of 130,000 high profile public figures, with the assailants able to reset the passwords of the celebrities’ accounts.  

The cyber attackers were able to solicit $121,000 in donations following the social engineering hack.

Cybersecurity experts claim that the social engineering featured in this scam demonstrates that the attackers targeted Twitter employees with access to internal tools and preyed on the trust associated with verified accounts and the attraction of doubling your money.

Zoom

The Covid 19 pandemic fuelled the exponential growth of virtual meeting app Zoom, as hundreds of millions of people across the world were forced to work and study from home.

In April 2020, as the pandemic was ratcheting up into fifth gear, Zoom suffered a humiliating data breach that saw cyber criminals make off with the log in credentials of over 500,000 users. Hackers then sold log in details to those accounts on the Dark Web, enabling pranksters and criminals to log in and join meetings mid-stream. The hackers were also able to harvest the personal details of the Zoom members, including email addresses and other contact information.

Marriot

In March 2020, the Marriot Hotel Group suffered a huge data breach, which compromised the records of 5.2 million hotel guests.

“At this point, the company believes that the following information may have been involved for up to approximately 5.2 million guests, although not all of this information was present for every guest involved:

  • Contact details (e.g., name, mailing address, email address, and phone number)
  • Loyalty account information (e.g., account number and points balance, but not passwords)
  • Additional personal details (e.g., company, gender, and birthday day and month)
  • Partnerships and affiliations (e.g., linked airline loyalty programs and numbers)
  • Preferences (e.g., stay/room preferences and language preference),” the company said in a statement on its website.

Hackers were able to syphon off the data of 5.2 million guests by hacking the user credentials of just two members of Marriot staff! This attack highlights the importance of companies using multi factor authentication for their employees and the potentially huge penalties for failing to do so.

Nintendo

Online gaming pioneer Nintendo suffered a major data breach earlier this year, when more than 160,000 user accounts were compromised in a single attack. Hackers used the online accounts to buy digital products through the Nintendo network, following the credential stuffing attack.

Such attacks are commonplace in the gaming and media sector, with Disney, Spotify and streaming giant Netflix all falling victim to similar attacks over the past year.

Easy Jet

UK based low-cost airline EasyJet announced that cyber criminals had stolen data records for 9 million of its customers. With Europe’s strict GDPR rules, companies who breach data protection regulations can be in for some eye watering penalties. Law firm PGMBM filed a class action lawsuit on behalf of the affected EasyJet customers for $23 billion (£18bn).

In addition to the 9 million EasyJet customers who had their personal details compromised, a further 2,200 had their credit card details exposed, compounding the potential damage.

While EasyJet promptly reported the matter to the Information Commissioner's Office and other regulatory authorities, critics have claimed that the low cost airline was slow to inform its customers of the breach, with some customers not finding out for up to 4 months after the event.

Don't miss your opportunity to hear from some of the region's leading thought leaders on cybersecurity as we examine the role of cybercrime in the Middle East's banking and financial sector. 

At 12 noon on Tuesday 29th September The ITP Tech Group will present the second instalment in its three part cybersecurity webinar series in association with Cybereason. The 1 hour, free to view webinar will be entitled ‘Security you can bank on – Safeguarding the Middle East’s financial sector’, and will bring together leading experts from the cybersecurity and banking sectors.

You can register for this webinar in less than one minute by clicking here...

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.

Editor's Choice

Emerson expands analytics platform for industrial enterprise-level wireless infrastructure management
Plantweb Insight platform adds two new Pervasive Sensing applications that manage wireless networks more efficiently with a singular interface to the enterprise
Digitalisation seen as a competitive advantage by Middle East private businesses
Nearly 80 per cent of private business leaders acknowledge that digitalisation can impact business sustainability
Etisalat introduces Multi-Access Edge Computing architecture delivering best-in-class video streaming performance for 5G networks
MEC architecture achieves performance gains of as much as 90% in video streaming, validating how ultra-low-latency applications will be delivered over 4G and 5G networks

Most popular

Don't Miss a Story