Case Study: Data Breach

Covid-19 has changed the way companies work, working from home has been undertaken as a new corporate culture which makes cybersecurity more challenging for the industries or companies. The Internet has an important role in our daily life.

The pandemic situation has pushed the organization and business to make transactions in their working format by adopting remote working, using digital tools, etc, and hence accelerated the technology adoption. We all are aware of cybercrime and its consequences. Website hacked, data of millions of users leaked like personal information, credit and debit cards details 

It seems like we discern new data breaches every day. So what does it means 

The question that arises is 

WHAT IS A DATA BREACH? 

The sensitive or important information of a company, organization, or any user being accessed by cybercriminals without the authorization of the system is considered to be a case of a data breach or it s a violation of security in which sensitive, protected, or confidential data is copied, transmitted, viewed, stolen or used by an individual who is unauthorized to do so which is illegal. 

In broad terms, a data breach happens when sensitive data falls into the hands of someone who has no business handling it. It is done by hackers. Usually, we hear about data breaches when a company fails to safeguard its data, in one attack a hacker can purloin hundred of millions of collected data’s details. 

TYPES OF DATA BREACHES

There are five most common data breaches.

1. Physical security breaches: Here, sensitive information is stolen directly or physically. When data or computer files are not physically secured, accidental exposure and vulnerable theft may be the consequences. If a desktop or server is located in the open without any security measures, data can be easily taken for some embezzlement. Sometimes this may happen due to the laxity of employees or even the executives which can cost billions worth of damage. This breach can happen or be done in several ways for instance any employee who led their guard down stole a prototype sample and supplied it to another organization, sensitive information may be misplaced by any employee, or any thief could break in and purloin the information or data, etc.
2. Phishing attack: it is a type of social engineering attack which steals the data through telephone, emails, messages which seem quite genuine and reliable.  Here, hackers reveal information by manipulating the target. They usually pretend to be a part of a company’s official website The email makes unrealistic threats or demands. Intimidation has become a popular tactic for phishing scams. After Clicking on a phishing link or opening an attachment, messages start installing malware, like viruses, spyware, or ransomware, on your device. This is all done behind the scenes, so it is undetectable to the average user.
3. Password breaches: When passwords are hacked, it usually means the service you use the password in becomes the victim of a data breach. Stealing the password of millions of users is the most common data breach known as password breaches. Cybercriminals have advanced tactics and can rapidly effectuate databases to the passwords. It just takes a second for hackers to reveal the personal information of any individual.
4. Keystroke logging: cybercriminals can access the keyboards and able to record all their inputs is considered as a keystroke. Keystroke logging, often referred to as keylogging or capturing the keyboard, is the action of recording the keys struck on a keyboard, typically covertly, so that a person using the keyboard is oblivious that their actions are being monitored. hackers can record everything that a person types on the keyboard and gain every information most of that they are looking for.  By gaining unauthorized access hackers can reveal a hoard of valuable information.
5. Ransomware: during this malicious attack, the system denies access to the files and shows a notification that system has been hacked it is something similar to kidnapping or holding human hostage by using strong encryptions, cybercriminals demands some handsome prince from the victim to restore the access, crucial the information high the prices. Payment methods and steps are mentioned in the description key.

These attacks are increasing by leaps and bounds which results in billions of losses for any organization or company.

15 biggest data breaches in recent history, 

1. Adobe: On October 13 reported by a security blogger brian kerbs, Hackers cracked into the networks of abode and attained unauthorized access to sensitive data of nearly 3 million encrypted customer credit card records, plus login data for an undetermined number of user accounts, their numbers, and much more information. Later that month Adobe system inc. upped the estimate of 2.9 million to a gigantic 38 million active users. Security journalist curbs and security expert Alex holden perceived a stolen source of 40GB which includes 150 million usernames and hashed passwords after the research of one week abode get to know that consumer’s name, id, password, debit, and credit card information is also exposed and the whole world knew  Due to their common mistakes like encrypting every single person’s password with the same key, deploy an insecure encryption method i.e. ECB mode and the most pathetic mistake was not encrypting the password hints. But later on, in August 2015 as a legal fee abode paid $1.1 million and $1million to the customer to settle the claim of disclosing users’ personal information.

1. Adult Friend Finder: In October 2016, Up to 412.2 million logins on the “sex and swingers” hook-up site Adult Friend Finder have been leaked consequences of poor security practices. Data was sensitive as it is obvious from the name of the services the site provides. The leak covers 20 years of sign-in together with 15 million deleted accounts. The stolen data included name, email address, passwords, extramarital affairs, date of visits. SHA-1 hashing algorithms try to protect passwords but 99% of them had been cracked. Numerous screenshots were taken by hackers from the site revolved around in many circles.
2. Canva: 26 May 2019 around 139 users accounts impacted by the cyberattack done by the hacker GnosticPlayers later on 11 Jan 2020 it was found that the attack left its repercussions on 4 million accounts. Disclosed data includes profile database, encrypted password, payment data, card details, access to the OAuth login tokens. When the hack was ongoing, Canva detected that and immediately closed their data breach server, toot sweet the hacker accepted his transgression. After this attack Canvas notified its users to reset their passwords and OAuth tokens.
3. Dubsmash: Dubsmash had 162 million accounts. It was a video messaging app that paved the way to musical.ly or tik tok. The views and audience on this app were skyrocketing up to 1 billion views on a video per month that’s crazy. In February 2019 information including username, passwords, email address, PBKDF2, and several other personal pieces of information were stolen and put up for sale on dream market dark web market consequences were passwords were changed and goodwill of the company was grievously affected.
4. eBay: late Feb and early March, a data breach exposed account list of 145 users including their name, email address, encrypted password, residential address, phone number, date of birth, no financial information included PayPal information is also safe as they are stored on different networks. As a precaution, eBay notified its users to change passwords straight away. After investigating for a few weeks Ebay divulged the breach in early May. The company was lambasted.

some similar data breaches which are considered to be the biggest in recent history

1. Equifax
2. Heartland Payment Systems 
3. LinkedIn
4. Marriott International
5. My Fitness Pal
6. MySpace
7. NetEase
8. Sina Weibo
9. Yahoo
10. Zynga

List of data breaches of 2021

1. Ubiquiti Inc.; Jan 11
2. Parler; Jan 11
3. Facebook, Instagram, and LinkedIn; Jan 11
4. Mimecast; on Jan 12
5. Pixlr; Jan 20
6. MeetMindful; Jan 24
7. Bonobos; Jan 22
8. VIPGames; Jan 26
9. U.S. Cellular; Jan 28
10. Compilation of Many Breaches (COMB); Feb 2
11. Nebraska Medicine; Feb 10
12. T-Mobile; Feb 26
13. Microsoft Exchange; March 3
14. SITA; March 4
15. MultiCare; March 9
16. California State Controller’s Office (SCO); March 23
17. Hobby Lobby; March 23
18. Cancer Treatment Centers of America; March 26
19. ClubHouse; April 10
20. ParkMobile; April 12
21. GEICO; April 19
22. Reverb; April 24
23. Experian; April 26

There are long lists, which are quite disturbing. These attacks may have resulted in a treacherous situation, with a loss of millions of people and millions of dollars.

DANGER OF DATA BREACH

Data breaches have occurred hundreds of times per year in the last few years. They’ve compromised the data of billions of service customers, both online and offline. And as a consequence, the organizations facing these breaches have suffered losses worth tens of millions — and consumers are facing a rising tide of data breaches and identity theft too!!     

We know most of the companies or organizations we deal with have elaborate security programs to cushion privacy but cybercriminals are not gonna stop !! They will try harder and due to vulnerabilities in the software, these criminals can infiltrate and steal data that will affect millions of people.

According to Security Magazine, there are over 2,200 attacks each day which breaks down to nearly 1 cyberattack every 39 seconds and that’s huge. Once these cybercriminals have access to any individual’s personal information they can drain bank accounts it may also result in allowing someone else to use a credit card by your name.

Sometimes, in some cases, data breaches can result in blackmail and it can become a matter of life and death. Cybercriminals not only target organizations but can attack individuals too. The average duration of cyberattacks and attack recovery, especially ransomware, has increased by around 50% in 2020. An estimated 74% of phishing attacks involve credential compromise. More than 80% of the information available on the Dark Web can harm businesses. Day by day the number of attacks is skyrocketing and strict laws are the need of the hour.