The number of data breach incidents is increasing day by day. Many big organizations suffered data breaches in July-Sept (2022), which tells us that no organization can claim that they are 100% data-breach proof. Attackers are constantly improving their traits and tactics to get into the security systems of organizations, challenging the security teams of the victim organizations. In this article, let’s talk about some prominent data breaches that happened in the US and India in the middle of 2022.
United States
In the United States, several companies suffered data breaches such as LastPass, Plex, DoorDash, Cisco, etc. As the US is the headquarters of all major companies operating worldwide, attackers focus more on it, resulting in more data breaches and costing millions of dollars in damages. While we discuss some important data breaches that took place recently, read data breaches in 2022 to explore more.
Samsung
Samsung is a popular mobile phone manufacturer. In July 2022, Samsung suffered a data breach but came to know about the breach in September 2022. The data breach has exposed personal data of numerous Samsung users.
According to the latest updates, Samsung notified that its users’ personal data was exposed but it had not disclosed the exact number of users whose data was leaked. The report says that the exposed personal information of Samsung users may include their names, contacts, date of birth, demographic information and product registration details. While the investigation is under progress, Samsung suggested its users to be aware of phishing attempt they may face due to this breach.
LastPass
LastPass is a password management app that stores users’ passwords. In the last month, LastPass detected a security incident in its development environment. A compromised developer account was used to access its development environment. This incident was officially reported by LastPass itself via its Blog.
It is estimated that around 24 million users use LastPass for storing passwords whose data is at risk. It assured that appropriate containment and mitigation measures were implemented after investigating the incident in detail. LastPass officially reported that no customer data or password was leaked.
Plex
Plex is a famous media server app that has millions of users. In August 2022, it suffered a data breach that involved the leakage of encrypted personal data of its users. Emails, passwords, and usernames of customers were part of the exposed personal data. Plex’s reputation was adversely affected after this data breach.
The data breach was a result of a security vulnerability which was later fixed by Plex. As a safe practice, Plex requested all of its customers to change their passwords to ensure no negligence.
DoorDash
DoorDash is one of the most famous food ordering companies in America. In August 2022, it reported a data breach where its vendor was used as an attack vector. Employees of the vendors broke into the DoorDash platform and stole the personal information of its customers.
The third-party vendor was targeted by a sophisticated phishing campaign which resulted in the hacking of the vendor systems. This data breach exposed the phone numbers, addresses, names, and payment details of its customers. After the discovery of the incident, it revoked the access of that vendor completely. However, DoorDash reported in its official statement that no personal information was accessed.
Cisco
Cisco is among the top technology companies famous for its quality products and services. In August 2022, Cisco became the victim of a data breach that resulted in data leakage. Cisco’s network was hacked and data was stolen by attackers.
This breach came to light when the stolen data was published on the dark web. According to the official statement issued by Cisco, the stolen data was not that much important or sensitive and the attackers used it to just build their credibility as proficient hackers.
Twilio
Twilio, a famous messaging platform, recently became the victim of a data breach. This incident happened in August 2022. Twilio employees were tricked into providing the credentials, which led the attackers to get into Twilio’s network. Hackers used social engineering techniques to get the credentials of the employees.
Using these credentials, the hackers accessed the internal systems of Twilio. According to the company’s statement, data of only125 customers was accessed by the hackers and no other sensitive information was accessed or leaked.
India
In India, most data breach victims were popular organizations like Policybazaar, Vodafone-Idea, etc. The estimated average cost of a data breach in India so far in the current year is ₹6100. When compared to 2021, this is 3.3% more (it was ₹5900 in 2021). The sectors that top the list are the industrial sector (with ₹9024), service sector (with ₹7085), and IT sector (with ₹6900). Get more insights about data breaches here.
Policybazaar
Policybazaar is the largest online broker that sells insurance and other financial products in India. In the middle of July, CyberX9, a cybersecurity research firm, reported that Policybazaar was hit by a data breach that exposed the personal details of lakhs of its customers.
Personal details here refer to PAN numbers, Adhaar card details, phone numbers, and addresses. According to the CyberX9 report, the cause of this breach was some vulnerabilities in Policybazaar’s security systems that exposed the data. After a week of identifying this breach, Policybazaar issued an official statement saying that it had fixed the vulnerabilities and no important customer data was leaked.
Vodafone-Idea
Vodafone-Idea is one of the major telecom providers in India. At the end of August, CyberX9 reported a security vulnerability in the systems of Vodafone-Idea. It is estimated that this vulnerability had exposed the confidential and sensitive data of more than 30 crore users.
As per the report, the data exposed in this breach includes customer names, call logs, location details, contact numbers, SMS records, etc. The security firm reported that Vodafone-Idea did not fix the vulnerability even after getting notified. However, Vodafone-Idea has denied any breach and informed that no data was exposed. Moreover, the telecom provider further alleged that the report is false and had no facts.
Cleartrip
Cleartrip needs no introduction as it is a well-known travel booking company. In July, Cleartrip suffered a data breach. This breach was a result of a security anomaly that allowed hackers to get into the systems of Cleartrip. As a result, the personal information of numerous users was accessed and stolen.
Cleartrip confirmed the breach after the hackers posted the stolen data on an invite-only forum on the dark web. According to the official statement of Cisco, some insignificant details of users were leaked but no sensitive information was compromised.
Wrapping up
Most data breaches are a result of common mistakes that happen due to a lack of sufficient security and/or negligence. Not being aware of advanced phishing attacks also contributes to data breaches. The key to avoiding data breaches is knowing how to protect against phishing, fixing vulnerabilities and applying patches on time, and understanding the factors that cause data breaches.