Directive Blogs
Let’s Take a Look at the Data Breaches So Far in 2021
By now, everyone knows that businesses can be defined on how they approach cybersecurity. Unfortunately, even if your business makes a comprehensive effort to protect your network and data from data breaches, all it takes is one seemingly minor vulnerability to be exploited to make things really hard on your business. Let’s take a look at the major data breaches that have happened since the calendar turned to 2021.
January
For the first ten days of the new year, there weren’t any major breaches, but on the 11th:
1/11/21
Ubiquity Inc. - One of the largest vendors working in the Internet of Things space, had their database accessed by unauthorized entities through their third-party cloud provider. Possible exposed items include customer names, email addresses, hashed passwords, addresses and phone numbers.
Parler - The former social media news app, Parler, after being removed from Amazon servers got some more bad news. It had its data scraped by a hacker and resulted in 70 terabytes of information leaked. This included almost every post to the platform, person-to-person messages, and video data. All of Parler’s Verified Citizens, users that have verified their identities with their driver’s license information were exposed.
Facebook, Instagram, and LinkedIn - A Chinese social media management organization called Socialarks suffered a data leak that exposed the PII (Personally Identifiable Information) of at least 214 million social media users from Facebook, Instagram, and LinkedIn. User’s names, phone numbers, email addresses, profile pictures, and more were exposed in the leak.
1/12/21
Mimecast - Cloud cybersecurity company Mimecast had their tools hacked, exposing around ten percent of their customers who currently utilize the Microsoft Office 365 email platform.
1/20/21
Pixlr - The free photo-editing application had the user records of 1.9 million of their users compromised. Data that was leaked included email addresses, usernames, hashed passwords, and other sensitive information.
1/22/21
Bonobos - Seven million customers of men’s clothing retailer Bonobos had their customer data stolen and posted on a hacker forum. Some of the data exposed included addresses, phone numbers, account information, and even partial credit card information.
1/24/21
MeetMindful - MeetMindful is a dating platform that was hacked and had 2.28 million registered users’ personal information posted for free on hacker forums. The data that was exposed includes names, email addresses, location, dating preferences, birth dates, IP addresses and more.
1/26/21
VIPGames - The free gaming platform, VIPGames.com had 23 million records leaked for more than 66,000 users. The cause was explained as a cloud misconfiguration. Leaked user records include usernames, emails, IP addresses, hashed passwords, and the status of user accounts.
1/28/21
U.S. Cellular - After a targeting phishing attack of U.S. Cellular employees, hackers were able to gain access to the company’s CRM that contained almost five million user profiles. U.S. Cellular is the fourth largest wireless carrier in the U.S. and admitted to only having 276 users be victims of the social engineering attempt. Records that were compromised included names, addresses, PINs, cell phone numbers, plan information, and more.
February
2/2/21
COMB - Standing for a “Compilation of Many Breaches”, a database containing more than 3.2 billion unique pairs of cleartext emails and passwords that belonged to past leaks of Netflix, LinkedIn, Bitcoin, Yahoo, and more was discovered available online. In the searchable database, hackers were given access to account credentials, access to 200 million Gmail addresses, and 450 million Yahoo email addresses.
2/10/21
Nebraska Medicine - In the first major medical organizational breach of 2021, Nebraska Medicine was inundated by malware allowing a hacker to access and copy the medical records of over 219,000 patients. Information copied included names, addresses, dates of birth, medical record numbers, health insurance information, lab results, imaging, diagnosis, and more.
2/18/21
California DMV - The California Department of Motor Vehicles was hit with a data breach after one of their contracted companies, Automatic Funds Transfer Services, was hit with a ransomware attack. Information stolen included any CDMV information from the past 20 months including names, addresses, license information, and more.
2/20/21
Kroger - A hack of a third-party cloud provider, Accellion, allowed hackers to steal HR data and other sensitive information from supermarket company, Kroger. Some of the records that were disclosed include names, email addresses, home addresses, phone numbers, Social Security numbers, and health insurance information for pharmacy customers.
2/26/21
T-Mobile - An undisclosed number of T-Mobile customers were affected by hackers using SIM-swapping, a social engineering attack that allows hackers to gain control over a user’s smartphone. This allows them to steal money from their accounts, change passwords to hijack accounts, and even lock users out of their own devices.
March
3/3/21
Microsoft Exchange - A vulnerability found in Microsoft Exchange Server email software allowed hackers to gain access to the email of 30,000 organizations from across the U.S. This allowed hackers to gain complete control over affected systems, allowing for data theft and positioned them well for further compromise. Microsoft has since patched the vulnerability.
3/9/21
MultiCare - A ransomware attack exposed the personal and medical information of over 200,000 patients. The attack provided access to names, policy numbers, Social Security numbers, dates of birth, bank accounts, and more.
Millions of people every year are victims of some type of cyberattack. To keep your organization from dealing with this type of problem, contact the experts at Directive today at 607.433.2200 to help come up with a strategy.