In the wake of evolving geopolitical dynamics, digital sovereignty and privacy have emerged as paramount concerns that data management technologies must address. According to the latest Thales Report for 2023, nearly half (47%) of the respondents noted a significant increase in both the volume and severity of data breaches and cyberattacks during the first half of 2023.
The repercussions of data breaches are far-reaching, impacting organizations across various industries, irrespective of their size or scale. Unfortunately, these breaches have resulted in substantial financial losses, amounting to millions of dollars for businesses worldwide.
Data breaches can be attributed to various factors, such as human error, third-party vulnerabilities, inadequate cybersecurity measures, among others. However, malicious actors often follow a common modus operandi. They typically begin with meticulous research on their targets, identifying vulnerabilities like outdated software, unpatched security systems, and employees susceptible to falling for phishing attempts. Shockingly, the average data breach can go undetected for approximately five to six months, giving attackers ample time to exploit the compromised environment.
Here are some notable global data breaches:
-
LetMeSpy (Poland) - A Polish phone tracking app named LetMeSpy reported a data breach where hackers gained unauthorized access to the app's servers and stole sensitive user data. The company disclosed the breach incident on its website on June 21, 2023. This breach affected victims in the United States, India, and parts of Africa.
Taiwan Semiconductor Manufacturing Company (Taiwan) - The LockBit ransomware group targeted Taiwan Semiconductor Manufacturing Company (TSMC), the world's largest contract chipmaker and a key supplier to Apple. TSMC clarified that the security breach traced back to one of its hardware suppliers, Kinmax Technologies. The perpetrators have demanded an unprecedented sum of $70 million, making it one of the largest ransomware demands in history.
-
Zellis, Siemens Energy, PwC, EY, and others (Global) - A series of data breaches occurred in various global corporations, affecting renowned companies like Siemens Energy, PricewaterhouseCoopers (PwC), Ernst and Young (EY), Health Service Ireland, and payroll provider Zellis. The cyberattack targeted the document transfer service MOVEit, resulting in a chain of data breaches. The group behind this attack, known as Cl0p, made a ransomware demand and subsequently posted all the stolen data on a Telegram channel.
The U.S. Department of Health and Human Services (United States) - The U.S. Department of Health and Human Services reported a data breach incident where attackers exploited a vulnerability in widely-used file-transfer software. The responsible Russian ransomware group, known for their supply chain hack of the software MOVEit, has also affected other government agencies, major pension funds, and private businesses.
-
National Health Service (United Kingdom) - NHS chiefs were alerted to a leak of an NHS patient data set, containing information on approximately 1.1 million patients from 200 hospitals. This breach resulted from a cyberattack on the University of Manchester (UoM), where the exposed data included sensitive identifiers such as NHS numbers and the first three letters of patients' postcodes.
-
Mondelez International (United States) - Bryan Cave Leighton Paisner LLP, the legal services provider for Mondelez International, experienced a security breach as threat actors infiltrated the law firm's defenses and maintained access to their systems for an extended period. Following the breach, Mondelez launched an extensive two-month investigation to determine the full extent of the impact, which affected more than 51,000 current and former staff members.
-
United Parcel Service (Canada) - UPS, a multinational shipping company, issued warnings to its Canadian customers regarding a potential security breach involving their personal information through its online package tracking tools. Speculations suggest that malicious actors gained access to compromised data, including names, phone numbers, postal codes, and details about recent orders.
-
ChatGPT (Global) - Dark web marketplaces indicate that between June 2022 and May 2023, over 100,000 OpenAI ChatGPT account credentials were compromised and subsequently traded on dark web platforms. Information stealers like Raccoon, Vidar, and RedLine were primarily responsible for this attack, which had significant impacts in India, the United States, Pakistan, and other countries in Central and South Asia.
Parting Thoughts
Data breach incidents serve as a stark reminder for organizations to implement robust cybersecurity measures. These incidents have become an urgent concern, prompting companies to prioritize safeguarding their sensitive data and protecting themselves from potential damages.
To assist companies in enhancing their vigilance, Rainmaker has introduced the Data Protection and Privacy (DPP) Toolkit. This toolkit is designed to streamline personal data management and ensure compliance with privacy regulations. It is a valuable resource that simplifies your compliance requirements. Don't miss the opportunity to grab your copy here: https://rainmaker.co.in/downloads
