3 of the Biggest Data Breaches of 2020 (So Far)
About halfway through every year, we post some of the most severe data breaches. These breaches are headline-grabbing.
We’ve intentionally drawn you into this article to educate you on the breaches, how they happened and to make sure you don’t make the same mistakes in your business.
It has to be pointed out before we go any further that cybersecurity breaches are happening at an alarming rate. The concept of a breach may seem abstract to you. Let me put this into plain English:
Everyday criminals are holding small businesses hostage in return for financial gain. If you are a local business owner, the chances are you know of another local company that has had a cybersecurity incident.
Don’t let the next one be you. Here’s the top 3:
1 – Marriott Suffers Another Credential-Based Breach
March 31st 2020, Marriot published an article. It states: “an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property.”
The actual figure was 5.2 million guest details had been stolen.
How did it happen
The attacker gained access to a wide range of customer data. This includes addresses, dates of birth, and gender.
Make sure you know where all your data is stored and what protection is in place. Who has ownership and who is responsible for controlling the access to this data? Do you have this mapped it? Start now.
2 – Antheus Tecnologia Biometric Data Breach
March 2020 saw a Brazilian biometric company get hacked.
76,600 fingerprints were exposed on an unsecured server.
The server did not store the actual scan but a binary data stream that allowed the hackers to recreate the fingerprints.
The worst part about this story is the fact that those fingerprints are now in the public domain. The individuals on the database may find themselves with problems in the future as biometrics become more widespread.
Encrypt data that may be on the edge of your network. If there’s a public-facing server, this should be regularly patched and updated to the latest security standards.
3 – LiveJournal Data Breach Comes Back to Haunt Users
Back in the early days of blogging, millions of people took to LiveJournal to air their secrets, form communities, and write reams of fanfic. In May, many of those users had an unpleasant shock when Bleeping Computer reported that hackers were passing around a database containing 26 million login credentials.
What Data Was Exposed
The database contains email addresses, usernames, and unencrypted passwords. Typically, this type of data would only have value as a tool to enable further credential stuffing attacks. However, blogging’s highly personal nature means that hackers can use private drafts and messages for blackmail.
Your old data practices can come back to haunt you. Storing plaintext passwords, as LiveJournal seems to have done, is a big no-no. They should have changed their policies to keep up with best practices.
The world has become a digital playground for cybercriminals. There are many vulnerabilities that you and your staff need to be aware of.
Contact us now for a security audit of your systems. Don’t let your business be the next local headline.
Please email [email protected] or call 1300 766 455.