Data can be defined as quantities, characters, or symbols on which operations are performed by a computer. This data may be stored and transmitted in the form of electrical signals. In today’s technology-driven world, data has become one of the most valuable assets.
A data breach is a malicious security incident in which private or sensitive data is accessed, disclosed, or “leaked” without authorization. While social media companies such as Facebook, Yahoo, and Instagram are common targets, data breaches can affect businesses of all sizes and industries—some recover quickly, while others do not.
It is evident that organizations that respond to data breaches promptly tend to suffer fewer financial losses and long-term consequences.
Below are some of the most significant data breaches reported in 2020:
A hacker gained unauthorized access to a server used to operate teacher and student web portals at Wichita State University. The compromised historical database contained sensitive information such as names, email addresses, dates of birth, and Social Security numbers.
Although the breach occurred in December 2019, the university disclosed in March 2020 that approximately 440,986 records had been exposed.
The widely used video conferencing platform experienced a surge in usage for online classes and business meetings. Reports suggested that login credentials of over 500,000 users were found for sale on the dark web for less than a penny.
A cybersecurity firm named Cyble reportedly purchased the data from an individual who appeared to be Russian-speaking. Zoom later issued an official statement confirming that it was investigating the incident, locking compromised accounts, prompting users to reset passwords, and implementing additional security measures.
The theft of a laptop belonging to an employee of a third-party vendor resulted in the exposure of personal and medical information of Health Share of Oregon members. While names, Social Security numbers, and medical ID numbers were reportedly not exposed, the incident raised serious concerns.
The theft occurred at GridWorks’ office on November 18, 2019. As compensation, Health Share offered free credit monitoring and identity restoration services to affected members.
Personal information of approximately 100,000 users who downloaded the PhotoSquared app was exposed. The leaked data included names, photographs, addresses, and order receipts.
Data of nearly 49 million users was exposed due to an unsecured Amazon Web Services (AWS) server. The breach was discovered in mid-May by security researcher Anurag Sen. The database belonged to a Mumbai-based company named Chtrbox.
A massive data exposure involving the China-based app TikTok and Google-owned YouTube reportedly resulted in the leakage of approximately 235 million user profiles on the dark web. The data was sourced from publicly viewable profiles.
Researchers attributed the leak to a company called Deep Social, which had been banned by Instagram and its parent company, Facebook, for web scraping user data. Web scraping is an automated technique used to collect data from websites to create databases.
Perform regular penetration testing for web, mobile, and cloud environments—ideally every quarter or after each major release.
Conduct compliance audits to reduce the overall threat landscape.
Ensure you have a comprehensive endpoint security solution, including data loss prevention (DLP), encryption, and up-to-date firewall and server policies.
Educate employees, as end users are the last line of defense. Phishing remains one of the leading causes of data breaches. Implement phishing simulations and security awareness training programs.
Regularly monitor whether your credentials appear in known data breaches.
Have you already experienced a data breach, or would you like to prevent one? Get in touch with us for more information—we’d be happy to assist you.