What we learned from the biggest data breaches of 2020 (Part 1)

.Data security breach examples may seem very similar from year to year. But 2020 presented us with some extreme example of what is at risk when data security is on the line. Here’s a look at just a few of the breaches from this past year, and what lessons can be learned from those events.  

Financial Data at Risk 

While it might seem like old news, January of 2020 saw a couple major data breaches that seemed to target financial data more than anything else. A malware infection of Travelex pulled services offline. The company itself and businesses using the platform to provide currency exchange services were all affected. Then, hackers went after IRS tax refunds. A US resident was jailed for using information leaked through data breaches. He used that information to file fraudulent tax returns worth $12 million. It wasn’t just the U.S. feeling the pain though. In February, the taxpayer identification numbers of 1.26 million Danish citizens were accidentally exposed. The UK tax office HMRC was branded ‘incompetent’ due to 11 serious data breaches impacting close to 24,000 people. The US barbeque restaurant chain, Dicky’s, suffered a point-of-sale attack between July 2019 and August 2020. Three million customers had their card details later posted online. In all cases, the impact to the individuals was significant, again highlighting the vulnerabilities directly linked to our financial data and what is at stake if they are left unprotected.  

Consumer Information Up for Grabs 

A hacker gained access to T-Mobile employee email accounts, compromising data belonging to customers and employees. The Marriott hotel chain suffered a cyberattack in which email accounts were infiltrated. 5.2 million hotel guests were impacted. EasyJet airline revealed a data breach exposing data belonging to nine million customers, including some financial records. A hacker put the records of 142 million MGM guests online for sale. The US retailer, Home Depot, agreed to a $17.5 million settlement after a PoS malware infection impacted millions of shoppers. Businesses risk losing customers at an alarming rate when they lose the trust of the consumer for not doing enough to keep their data safe.  

Corporate Espionage and IP Theft 

GE warned workers in February that an unauthorized individual was able to access information belonging to them due to security failures with supplier Canon Business Process Service. UC SF paid a $1.14 million ransom to hackers in order to save COVID-19 research. The energy provider EDP confirmed a Ragnar Locker ransomware incident occurred resulting in the theft of over 10TB in business records. Ransomware gang, Maze published data belonging to both LG and Xerox after failing to secure blackmail payments. The Chilean bank, BancoEstado, was forced to close down branches due to a ransomware attack. Italian police arrested suspects believed to have stolen up to 10GB in sensitive corporate and military data from the defense contractor Leonardo SpA.  

The world is learning to manage risk. But at the heart of every cyber attack is information collected in the pursuit of business growth. The need for the collection of this information is unlikely to go away anytime soon, but the strategies around how to keep that information protected need to evolve and quickly.  

For help making sure you are at the top of your data security game, connect with the team here at Happy Faces Records Management today.  

Leave a Reply

  • (will not be published)