The Biggest Hacks & Data Breaches of 2021
The Biggest Hacks & Data Breaches of 2021
More than 1,700 publicly reported data breaches occurred in the first half of 2021, exposing 18.8 billion pieces of information, according to a report issued by cybersecurity company Risk Based Security Inc. The effects of a cyberattack can ripple for years, leading to a wide range of costs. Companies face operational disruption, reputational damage, and regulatory fines, among other consequences. In a year where cyberattacks have become more damaging to organizations than ever, we’ve compiled a list of the biggest hacks and data breaches of 2021. Read on to learn more.
Microsoft Exchange Server Cyber Attack
Microsoft disclosed it was the victim of a cyberattack from a Chinese-linked hacking group known as Hafnium on March 2nd, 2021. The attack exploited a vulnerability in Microsoft Exchange—one of the most popular email software programs in the world—allowing hackers to steal data from an organization’s network, including intellectual property. One of the top cybersecurity events of the year, the attack impacted more than 30,000 organizations across the United States, including private companies, government agencies, and universities. U.S. intelligence officials believe that the data breach was part of China’s artificial intelligence ambitions, though China denies allegations that it carried out the attack. Microsoft has subsequently released “patches” for multiple versions of Exchange, urging customers to apply updates as soon as possible.
Automatic Funds Transfer Services Ransomware Attack
Seattle-based Automatic Funds Transfer Services, a payment service used by multiple state agencies across the United States, was the victim of a ransomware attack on February 3, 2021. The attack, which was carried out by a cybercriminal organization known as “Cuba,” raises questions about our government’s ability to protect the private data of its citizens. One of many agencies impacted by the data breach was the California Department of Motor Vehicles, which has said the attack may have compromised 38 million vehicle registration records that contain names, addresses, license plate numbers, and vehicle identification numbers. Other organizations impacted by the attack include the Washington cities of Kirkland, Lynnwood, Monroe, Redmond, Seattle, and Port of Everett, among other cities, agencies, and organizations. The cyberattack was discovered when hackers began selling Automatic Funds Transfer Services’ stolen data on their data leak website.
Facebook Data Breach
On April 3rd, 2021, hackers posted the personal data of over 533 million Facebook users online for free in a hacking forum. The data included phone numbers, full names, locations, email addresses, and biographical information that could be used to identify individuals from 106 different countries, with the United States, the United Kingdom, and India experiencing the highest numbers of exposed records. Although the data is from 2019, this year is the first time it was found to have been posted in an online database. While the leak did not include information such as credit card or social security numbers, security experts warn that hackers could use the data to impersonate people and commit fraud. Facebook released a help center page for users concerned that their data may have been published on sites used by hackers.
Scripps Health Ransomware Attack
On May 1, 2021, San Diego-based Scripps Health was the victim of a ransomware attack that forced the health system to take a portion of its network offline for several weeks, which significantly disrupted care and forced medical providers to use paper records. The cyberattack cost the five-hospital health system $112.7 million through the end of June. The hackers stole data on nearly 150,000 patients, including addresses, dates of birth, social security numbers, health insurance information, medical record numbers, patient account numbers, and clinical information. Scripps Health is now facing several class-action lawsuits from patients who blame health system leaders for failing to protect their medical data, subjecting patients to potential consequences including identity theft and medical fraud.
Colonial Pipeline Ransomware Attack
On May 7, 2021, ransom-seeking hackers broke into the Colonial Pipeline, one of the largest fuel pipeline operators in the United States, causing it to shut down its fuel distribution operations. The attack caused widespread shortages and price increases at gas stations along the east coast. It was the largest cyberattack on an oil infrastructure target in the history of the United States, according to energy experts. Colonial Pipeline made the decision to pay $4.4 million to the cybercriminal hacking group DarkSide, which is believed to be operating out of Russia, to contain the attack and turn the 5,500-mile pipeline back on. Authorities later recovered some of that ransom money. The Colonial Pipeline cyberattack exposed how readily critical infrastructure in the United States can be compromised because of inadequate security standards.
LinkedIn Data Breach
Data associated with 700 million LinkedIn users, or about 92% of the total LinkedIn user base, was posted for sale on the dark web on June 22, 2021. The data include email addresses, full names, phone numbers, physical addresses, geolocation records, LinkedIn usernames and profile URLs, personal and professional experience, genders, and other social media accounts and usernames. It appears the data was scraped from LinkedIn by bots. According to LinkedIn, the data breach did not include passwords or financial information, but security experts say bad actors can use the personal data records in identity theft scams, or to conduct phishing attacks and targeted social engineering.
T-Mobile Data Breach
On August 17, 2021, mobile service provider T-Mobile, the third-largest wireless carrier in the United States, announced it had suffered a data breach that exposed the information of more than 40 million current, former, and prospective customers. Some of the stolen data included first and last names, social security numbers, driver’s licenses, and other information. A 21-year old American hacker living in Turkey claims to be responsible for the cyberattack, saying the company’s weak security enabled him to gain access to the information. The breach was one of several attacks on the wireless company in recent years. T-Mobile is now facing a class-action lawsuit over the data breach.
Protect Your Organization From Security Threats
There are many factors to consider for the security and protection of your company’s data. An organization must determine what security measures will be optimally designed for your specific needs.
Network Coverage understands the reality and challenges facing today’s most vulnerable industries. This is why Network Coverage has assembled a set of technology and business solutions to support your organization in maneuvering through this complex and critical environment.
Set up a consultation with Network Coverage today for experienced advice and support.