We’re just halfway through the year, and 2020 is on track to set a new data breach record. The new year started off on the wrong foot, with the coronavirus wreaking havoc across the world, creating the perfect storm for cybercrime to flourish. From healthcare institutions, tech, software, social media and meal delivery companies, cybercriminals have targeted every industry, stealing billions of records.
Around 16 billion records have been exposed so far this year. According to researchers, 8.4 billion were exposed in the first quarter of 2020 alone, a 273% increase from the first half of 2019 which saw only 4.1 billion exposed.
While the number of publicly reported breaches in Q1 2020 decreased by 58% compared to 2019, the coronavirus pandemic gave cybercriminals new ways to thrive. Phishing scams skyrocketed as citizens self-isolated during the lockdown, and social-engineering schemes defrauded Internet users of millions.
However, the surprising decline in disclosed breaches is no cause to celebrate. The lack of disclosure can also be attributed to confusion brought on by the pandemic.
The rise in compromised records was steered by one infamous breach, a misconfigured ElasticSearch cluster that exposed over 5 billion records, including hashtypes, leak dates, passwords, email addresses, email domains and leak sources.
As we’ve reached the half-year mark, more and more data breaches have been revealed, and here are some noteworthy ones:
The personal data of millions of users has been exposed on various online dating apps, creating multiple possibilities for targeted attacks and extortion. MobiFriends was attacked in May, and hackers stole nearly 3.7 million records containing dates of birth, gender, website activity, mobile numbers, usernames, email addresses and MD5 hashed passwords.
Additionally, a bundle of dating apps were found leaking 845GB of sensitive data, with over 20 million files containing photos, users name and financial data.
Hospitality and travel industry
In March, hospitality giant Marriott confirmed a security incident that exposed personal information of 5.2 million guests. While the company said there is “no reason” to believe financial data was stolen, the attackers managed to swipe travel information, names, addresses and loyalty member data.
EasyJet also announced an attack on May 19 that exposed the personal details of 9 million customers. While the malicious actors accessed details of just 2,208 credit cards, exfiltrated travel details are enough for cyber criminals to deploy targeted phishing campaigns.
A Virgin Media database was left unsecured for 10 months, exposing the personal information of 900,000 customers. While the data breach was not a result of a cyber-attack, anyone could have stumbled upon the database and viewed the names, phone numbers, emails, and home addresses of users.
The healthcare industry has been a prime target for cyber criminals this year, and ransomware attacks continue to plague medical facilities that focus on coronavirus research. In Q1, more than 100 incidents were reported, affecting more than 2.5 million individuals. Medical records are highly sought on the dark web, and the number of medical identity theft cases is expected to rise.
Personal information is not safe online. While most Internet users do not understand the importance and value of their data, cyber criminals do. According to University of Maryland researchers, hackers launch an attack every 39 seconds.
Bad actors have managed to create a profitable business, making millions by selling our personal identifiable information on dark web marketplaces, and according to a 2017 study, a new identity theft victim pops up every 2 seconds in the United States.
It’s true that some data breaches pose higher risks to victims, but cyber criminals can work wonders with miscellaneous data gathered from their intrusions. Human error plays a big part in data breach incidents, and if your information is still safe, your personal identifiable information will eventually be up for grabs.
We’re all part of this digital world, and we can’t always rely on companies to safeguard our data. Shift your focus to minimizing the side effects that can cripple you financially and emotionally.
Install a local security solution on your Internet-enabled devices, and don’t use the same password for all your online accounts. Avoid sharing too much information on social media platforms and be vigilant for phishing emails and unsolicited text or private messages.