Data can be defined as the quantities, characters, or symbols on which operations are performed by a computer, which may be stored and transmitted in the form of electrical signals. And amongst others, Data is becoming one of the most valuable assets of today’s tech-dominant world.
What is a “Data Breach”? It is a mischievous security incident in which private data is accessed or “leaked” without authorization. Social media companies Facebook, Yahoo, and Instagram are obvious targets to such data breaches, data breaches can affect businesses of other sizes and types too, where some recover from and some don’t.
It is obvious, yet noteworthy that companies that recover from data breaches as soon as possible, lose lesser money.
Let us have a look into some of the worst data breaches so far in 2020:
Wichita State University
A data breach by a hacker gained access to the server used to operate teacher and student web portals at the Wichita State University containing information stored in a historical database on the server which contained names, email addresses, dates of birth, and social security numbers.
The university was struck by the data breach in December of 2019. An estimate of 440,986 records was exposed as disclosed by the University in March 2020.
The widely used video-conferencing app saw a boom in its usage for hosting online classes, business meetings, etc. Reports suggest that over 5 lakhs users and login data have been found for sale on the dark web for even lesser than a pence.
It has been reported that the data was bought by a cyber security company called Cyble from a person who apparently spoke Russian. Zoom revealed an official statement after it was made aware of the breach in which they said they continue to investigate, locking accounts that have been found to be compromised, asking users to change their passwords, and are looking at implementing additional technology solutions to boost their efforts.
Health Share of Oregon
The theft of a laptop of an employee from a third-party vendor of Health Share of Oregon, proved costly as it has led to the exposing of personal and medical information of its members. Data like names, Social Security Numbers, Medical ID numbers were not exposed, HealthShare said. The break-in and theft occurred at GridWorks’ office on Nov. 18, 2019, according to Health Share.
As compensation, Health Share has offered free credit monitoring and identity restoration services to the members whose information was on the stolen laptop.
The personal information of around 100,000 users who have downloaded the app has been exposed. The exposed data includes names, photos, addresses, order receipts.
Data of around 49 million users was caused due to an unprotected Amazon Web Services (AWS) server and was discovered by security researcher Anurag Sen around Mid-May. The AWS database belongs to a Mumbai based company called Chtrbox.
Facebook,Youtube, Tik Tok:
A humongous data breach at the China-based app Tik Tok and Google-owned app Youtube has seen a leak of around 235 million users’ personal data on the dark web.
These profiles were taken from profiles that were publicly viewable to the audience. The researchers claimed that the data leak was due to a company called Deep Social, which was banned by both Instagram and parent company Facebook for web scraping user profile data. Web scraping refers to a way of collecting data from the pages of websites in an automated way to form databases.
How to Avoid Data Breaches
- It is recommended that companies perform penetration testing of web, mobile, cloud once in every quarter or every release(recommended). Compliance regular audits have to be performed to eliminate the threat landscape.
- Make sure all you have a comprehensive endpoint solution and your endpoint security with DLP, encryption, and policies around your firewall and servers is up to date.
- The last line of security is your end-users. Phishing is one of the major causes of data breaches. Train and educate your users using phishing simulation and security awareness training program.
- Regularly check if your credentials are in data breaches(contact us for more information)
Have you already had a data breach? or do you want to avoid data breaches? Get in touch with us for more information. We will be happy to assist you.