3 of the Biggest Data Breaches of 2020 (So Far)

About halfway through every year, we post some of the most severe data breaches. These breaches are headline-grabbing.

We’ve intentionally drawn you into this article to educate you on the breaches, how they happened and to make sure you don’t make the same mistakes in your business.

It has to be pointed out before we go any further that cybersecurity breaches are happening at an alarming rate. The concept of a breach may seem abstract to you let me put this into plain English:

Everyday criminals are holding small businesses hostage in return for financial gain. If you are a local business owner, the chances are you know of another local company that has had a cybersecurity incident.

Don’t let the next one be you. Here’s the top 3

1: Marriott Suffers Another Credential-Based Breach

March 31st 2020, Marriot published an article stating: “an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property.

The actual figure was 5.2 million guest details had been stolen.

How did it happen?

The attacker gained access to a wide range of customer data, including addresses, dates of birth and gender.

The lesson:

Make sure you know where all your data is stored and what protection is in place. Who has ownership and who is responsible for controlling the access to this data? Do you have this mapped? Start now.

2: Antheus Tecnologia

March 2020 saw a Brazilian biometric company get hacked and 76,600 fingerprints were exposed on an unsecured server.

The server did not store the actual scan but a binary data stream that allowed the hackers to recreate the fingerprints.

The worst part about this story is the fact that those fingerprints are now in the public domain and the individuals on the database may find themselves with problems in the future as biometrics become more widespread.

The lesson:

Encrypt data that may be on the edge of your network. If there’s a public-facing server, this should be regularly patched and updated to the latest security standards.

3: LiveJournal

Back in the early days of blogging, millions of people took to LiveJournal to air their secrets, form communities, and write reams of fanfic. In May, many of those users had an unpleasant shock when Bleeping Computer reported that hackers were passing around a database containing 26 million login credentials.

What Data Was Exposed

The database contains email addresses, user names, and unencrypted passwords. Typically, this type of data would only have value as a tool to enable further credential stuffing attacks. However, blogging’s highly personal nature means that hackers can use private drafts and messages for blackmail.

The Lesson

Your old data practices can come back to haunt you. Storing plaintext passwords, as LiveJournal seems to have done, is a big no-no, and they should have changed their policies to keep up with best practices.

The world has become a digital playground for cybercriminals. There are many vulnerabilities that you and your staff need to be aware of.

Contact us now for a security audit of your systems. Don’t let your business be the next local headline.