Biggest Global Data Breaches in the Past Year
We live more and more of both our professional and private lives online. The global pandemic conditions have only accelerated this transition to digital activity as the mainstay of our daily activities; from banking to blogging, entertainment to e-commerce, our increasingly digital existence means there is much more data online.
Cyber criminals are well aware of this, and are working to take advantage of lapses in security. With penalties now being attached to infractions in digital security, the consequences of a data breach are sky high—not only in terms of the fines that can be levied, but also in terms of the reputational damage sustained. Good cybersecurity services are absolutely vital for any company to avoid the fate of these latest high-profile victims:
Marriott Hotels
The international hotel conglomerate faced a steep challenge when the personal details of 5.2 million guests were compromised. The data was accessed using the login credentials of two employees stolen by a hacker.
The criminal siphoned data for roughly a month before being detected which included highly sensitive protected personal information such as the date of birth, gender, and linked account data such as airline loyalty programs. The lack of multi-factor authentication was cited by experts as being a big downfall in the Marriott systems, along with the lack of monitoring for suspicious employee activity which could have flagged up the breach much earlier on.
LifeLabs
It’s hard to think of a more sensitive area of operations than personal biometric data, and that’s exactly what was hit when medical testing company LifeLabs fell prey to the biggest data breach in Canadian history. The data of 15 million Canadians (40% of the population) was exposed which has led to several class-action lawsuits, the largest of which is for over $1 billion.
The company claims to have paid to retrieve the data, which isn’t very reassuring given the ease of copying data. Data was stored badly on unencrypted servers without properly trained security personnel, leading to a leak of birthdates, addresses, passwords, lab test results, and national health card numbers.
Nintendo
The gaming company famous around the world hit the headlines for a less glowing reason this year when they had to announce that 300,000 accounts had been hacked in what was possibly a credential stuffing attack. Hackers used the stolen data to buy digital items on the hijacked accounts.
They could also view sensitive information such as birth dates, email addresses, and locations. The lack of multi-factor authentication was a downfall in this case, and Nintendo have since disallowed use of logins using a Nintendo Network ID.
Estée Lauder
Migrating to the cloud is something that many businesses have been doing, or planning to do this year, but if not carried out correctly could pose as many security risks as it does advantages.
Case in point is the cosmetics giant Estée Lauder, which used a cloud database that was not properly secured, leading to a data breach of roughly 440 million customer records including IP, and email addresses. The lesson here is that cloud migration needs to be a properly managed and secured process if it’s not to result in disaster.
When it comes to cybersecurity and avoiding data breaches, you can’t be too careful. Many businesses are choosing to outsource their IT to professional IT companies. Others rely on internal staff to get the job done. Whatever route you take, ensure that you have a proactive, multi-layered cybersecurity plan enacted to prevent a data breach in your business.
