Exploring The Top Data & Cybersecurity Breaches Of 2021 with PGH Networks
This past year has seen a continuance in the trends towards digital life that began last year.
In 2021, life continues to grow more and more virtual. Work-from-home and digital meetings have become entrenched in the daily working lives of many — if not most — Americans. And it doesn’t look like there’s any going back for many employees. The rebrand of Facebook to Meta reflects the bullish forecast many perceive to be a continuing migration towards a digital life in the future.
Additionally, the complicated and ever-changing world of cybersecurity continues to remain in the headlines. Bad actors — many with the illicit backing of states — continue to wreak havoc.
One major story that broke this year included a malicious email attack discovered by Microsoft’s Threat Intelligence Center — MSTIC. The sophisticated attack from the hacker group NOBELIUM threatened user data across various websites, services, and platforms.
While maintaining vigilance in data security against bad actors remains a top priority of Information and Technology departments both in the United States and across the globe, businesses and developers have become increasingly aware of the shifting landscape surrounding data privacy. Following the European Union’s lead, California and other American states — including Pennsylvania — have begun to enact or consider legislation that makes some of the past business models of collecting and sharing data increasingly difficult.
It can be a tough needle to thread.
That’s why the best way to protect your client’s data while ensuring your policies are compliant is by incorporating professional network security services into your company’s arsenal. A high-tech partner such as PGH Networks is the best way to make sure your business is safe. By implementing a layered, strategic approach, you can rest assured that your team follows best practices and protects your customers’ data.
Cybersecurity Breach Statistics
As your business grows, cybersecurity can also grow in importance, as you can become a larger target for hackers. The increasing sophistication of hacker groups means those in charge of protecting critical information are fighting multiple fronts.
As more businesses moved from brick-and-mortar to the online marketplace during pandemic lock-downs, ransomware became a favorite tactic of cybercriminals. By conducting espionage on potential victims, then luring them into giving access to systems through phishing attacks, the critical data of companies in fields like healthcare and government are increasingly targets for hijackings. Criminals then forced these organizations to pay a ransom to release their systems.
Even as the world rallied around hospital workers, online bad guys took advantage of overworked teams to make illicit gains. In fact, “more than 90 percent of all healthcare organizations reported at least one security breach in the last three years,” according to this article from Becker’s Health IT.
Unfortunately, we expect these trends to continue. This article from Cyber Crime Magazine quoted a source who expected “global cybercrime costs to grow by 15 percent per year over the next five years, reaching $10.5 trillion annually by 2025, up from $3 trillion in 2015.”
The pandemic seems to have offered up previously secure data to hackers on a silver platter. Of course, we all know the pandemic caused many office-based employees to work exclusively from home suddenly. But because this drastic shift caught many companies and IT departments off guard, the hodge-podge mix of professional and private equipment used to access company databases, websites, and data sets meant vulnerabilities were bound to occur.
Listen to some of these statistics from the IBM Data Breach Report for 2021:
“The average cost was $1.07 million higher in breaches where remote work was a factor in causing the breach,” the report states. “Additionally, organizations that had more than 50% of their workforce working remotely took 58 days longer to identify and contain breaches.” Most alarming was the fact that “organizations that did not implement any digital transformation changes as a result of COVID-19 experienced $750,000 higher costs compared to the
The global average, a difference of 16.6%.”
The facts are undeniable — if you have not strengthened your digital defenses in the past two years, it’s time for an upgrade!
Cost of Cybersecurity Breaches
The information held in your online systems is priceless to hackers.
On the dark web and other sources, the personal information of your customers can be sold to the highest bidder. In recent years, personally identifiable information — 80% of the data stolen online — may be the most lucrative but anonymized customer data, employee profiles, corporate intellectual, financial, and operation data all bring in revenues to industrious data criminals.
The costs for enterprises that get infiltrated can be disastrous. In addition to the direct financial losses, indirect repercussions include reputational damage, lost revenues due to operational downtime, costs of recovering data and patching systems, and legal actions to recover funds, protect liabilities and compensate victims.
But here’s another statistic: $4.62 million. That’s the cost of an average ransomware breach in 2021, according to IBM. And Secure Networks has another figure: $8.64 million — the United States average cost of a data breach!
In August 2021, the cellular service provider T-Mobile was the victim of a massive data breach. The personal data and identifying information of about 40 million current, former and prospective customers was stolen and later found for sale on the dark web.
For the victims of this type of attack, it can be a dizzying experience. Current users had to change pins and update passwords. T-Mobile provided two years of McAfee security services free of charge, but it was up to customers to activate the services. And because driver’s licenses and social security numbers were among the stolen information, customers had to maintain vigilance against identity theft. They were encouraged by the company to lock their credit.
Popular computer manufacturer Acer was also attacked in March of 2021 by the hacker group REvil. This ransom was $50 million, one of the largest ransoms that are known to date. The group released sensitive documents, financial spreadsheets, and other financial information.
In October, Acer was hit by a different hacking group known as ‘Desorden,’ attacking Acer’s after-sales service systems in India. This occurred just several months after the initial attack, with similar information being exposed, along with personal customer information.
The hacker group REvil didn’t just target Acer but is also speculated to have attacked JBS Foods, one of the largest meat processing companies in the world with locations in the United States, Mexico, Canada, United Kingdom, Europe, Australia, and New Zealand.
This attack resulted in some plants shutting down, causing rippling effects throughout their supply chain. The White House, Department of Agriculture, and Russian government all communicated on the matter, as a ransomware attack of this scale posed distribution issues across multiple countries.
According to BBC News, JBS Foods paid the hacking group around $11 million in Bitcoin to stop the cyber-attack and resume operations.
The Colonial Pipeline may have been one of the more notorious hacks because of its effect on America’s energy grid — and the overall economy. What was remarkable about this story was that it was not a governmental actor but a criminal hacking enterprise that stopped the movement of gas pipelines across the U.S. In this case, the DarkSide hacking gang that operated out of Russia caused international tensions between the two powers.
The headlines of drivers queuing at gas stations may have faded, but the danger remains. The sophistication to hijack a critical energy pipeline in the United States — territory governed by the U.S. Department of Energy — is no laughing matter. If an international company like Colonial Pipeline’s systems are vulnerable, it only shows how important it is for local businesses to beef up their security.
In May 2021, the hacker group DarkSide also attacked the North American division of Brenntag, a German chemical distribution company headquartered in Essen, Germany.
DarkSide’s demanded ransom was 133.65 Bitcoin – equalling over $7 million. According to IT Governance, Brenntag agreed with the group, handing over $4 million in Bitcoin to DarkSide.
April 2021 was a busy month for hackers. That month, the dark web began to see the personal identifying information of 533 million Facebook users become available for sale. The data scraped by Facebook was a treasure trove for hackers: full names, birth dates, photographs, email accounts, personal phone numbers, Facebook profiles and IDs, addresses, interests, travel data, home towns, in-depth biographies, and much more.
According to Identity Force, users in 36 countries, including 32 million in the United States, were affected. Those affected by the hack are vulnerable to identity theft and other scams. In addition, an online scammer posted the information on the web for free — making all affected by the hack extremely vulnerable.
Perhaps the least known company affected by the hacks listed in this post, Astoria is a company that owns numerous online websites targeted to customers looking to find lower rates on everything from medical insurance to home loans. By offering personal information to websites like mortgageleads.loans and freequotes.loans, customers get a discount while Astoria gets the personal identifying information of users — full names, dates of birth, phone numbers, IP addresses, email accounts, home addresses, and more — a virtual goldmine for advertisers and marketers.
Unfortunately, that same data is also extremely valuable for criminals hoping to steal identities.
A sophisticated hack broke into the back-end code of some of Astoria’s websites, gaining extremely sensitive data of 300 million users, according to Night Lion Security. Amazingly, Astoria was unaware of the breach until after the personal data appeared on the dark web.
Don’t let your company get caught unawares! Instead, let professionals like our friendly team at PGH Networks run through your backend code to point out any vulnerabilities, so these types of hacks don’t happen to your business — or your customers.