Samsung, Meta, Nvidia and more giants disclosed cybersecurity breaches this year.
The global average cost per data leak in 2022 was 4.35 million US dollars, up from 4.24 million US dollars the previous year. This varied by industry, with the healthcare industry having the highest average cost.
For several years, there has been a significant increase in global data breaches, and 2022 has made no exception. They have affected companies and organisations of all sectors, sizes and shapes this year, causing millions of dollars in damage to US businesses.
As shocking as it may sound, hackers don’t shy away and have targeted over 60 Red Cross societies worldwide in January 2022. They stole data from over 515,000 people, some fleeing war zones.
Nvidia, Microsoft, and many more renowned companies have been victims of data thieves. Keep reading to find more information on some of the most impactful data leaks of the year.
Microsoft
A hacking group called Lapsus$ targeted Microsoft on March 20th, 2022. They posted a screenshot on Telegram through the fact that the giant was hacked and compromised Bing, Cortana and other products in the process. However, Microsoft benefited from publicity for its effective security response. They announced the hacking attempt was stopped by March 22nd, only one account was compromised, and no customer data was stolen.
Hearing this might frighten many because who hasn’t ever used Microsoft?! However, hackers aren’t demoralised by the company’s security and will likely try to breach users’ data again. If someone were to go through such an event, probably they would have suffered from mental injury, financial loss, and the like.
Here’s an interesting fact. If they, or you – should you ever be involved in such a hazard – were involved in a data breach and could prove that it led to mental harm or other forms of distress, they might be compensated. For example, some people who suffer from unintentional information disclosure in the UK reach out to claim solicitors for advice on how they could cut the losses. Solicitors analyse their cases and get involved in the process only if they see a chance to win. They offer No Win No Fee services, which are suitable for victims because they won’t lose money over unsuccessful processes.
Crypto.com
On January 17th, an attack targeted nearly 500 people’s cryptocurrency wallets. In this case, hackers stole roughly $18 million in Bitcoin and $15 million in Ethereum and other cryptocurrencies. This was mainly made possible thanks to the hackers’ skill to circumvent two-factor authentication and gain access to users’ wallets. This is another reason why using a password manager is critical.
After Crypto.com dismissed the attack as “an incident”, the company retracted its statement, stating that the victims’ money had been reimbursed, the systems had been audited, and security had been improved. Businesses should be aware of the dangers of cryptocurrency theft and always remember that the best way to avoid this type of theft is to encrypt all sensitive data they store.
Nvidia
News broke down about the cyberattack on America’s biggest microchip company – Nvidia. The giant was targeted by Lapsus$, the group that’s made a name for itself for cracking systems of the Portuguese media conglomerate Impresa, the Brazilian telecommunications operator Claro and Brazil’s Ministry of Health from which they collected 50 TB of data, including citizens’ vaccination data. Phishing is their primary technique; they gain a foothold and work to breach the network from it.
For two days, Nvidia had parts of its business offline and was threatened to have inside secrets about graphics, drivers, etc., disclosed. Later, the company made a statement and said they’ve hardened their network, notified law enforcement and engaged experts in cybersecurity incidents.
70K employees have been required to change their passwords after these were involved in the leakage and circulated within the hacking community. Because the event occurred a day before the Russian invasion of Ukraine, there were speculations that the cyberattack could be linked to the political disaster.
Cash app
A former employee of Cash App downloaded corporate reports after leaving the company, leading to more than eight million users of the app having their sensitive data exposed. The stolen information included details of their stock trades and the value of several clients’ portfolios but nothing about the company’s payments system. The company said they’d notified law enforcement after realising their reports were accessed and launched an investigation, helped by a big forensics firm. Luckily, data like passwords, names and Social Security numbers weren’t accessed, according to the Block. Yet, the spokesman said they’re working continuously to strengthen technical and administrative safeguards to secure data.
Non-bank financial companies typically face far less scrutiny from regulators regarding their security systems than tightly regulated banks. Square Financial Services received a banking charter last year, allowing it to provide some banking services, but that unit works unassisted by Cash App. All the users of this app were advised to change their passwords and enable two-factor authentication to avoid future problems.
Twitter, Meta and more
After threat actors compiled a database of phone numbers and email addresses, Twitter suffered a data breach affecting 5.4 million accounts. Account data, including businesses, random users and celebrities, is likely being sold on a hacker forum.
Other cyberattacks of the year are the following:
– Apple and Meta. In late March, these giants were duped by hackers posing as law enforcement officials. In mid-2021, the big techs gave the threat actors access to their customers’ personal information. Some of the hackers were mistakenly identified as Lapsus$ members.
– Uber. The company found out it was hacked after a weird announcement in the company’s Slack organisation that stated the business was the victim of a data breach. As a result, the company had to shut down its internal engineering systems and messaging service in order to investigate the incident.
– Tata power. On October 14th, the company announced that it had targeted its Information Technology infrastructure, affecting some of its systems. However, in a filing to the Bombay Stock Exchange, the Mumbai-based company stated that all critical operational systems were operational and that it had “taken steps to retrieve and restore its systems.”
