Worst Data Breaches of 2021 (what you need to know, and do)
Ransomware-related data breaches have doubled two years in a row. Identify theft and related fraud is rampant. Those are the takeaways from reports by the Identity Theft Resource Center and Spanning, a cloud security firm. Read on for details on some of the worst recent data breaches, what type of information was exposed, and what you need to know about protecting yourself in the age of vanishing privacy...
The Biggest Data Breaches of All Time
Spanning's recent webinar Lessons from Top Cybersecurity Incidents in 2021 gives details on some of the worst incidents from 2021. Topping the list was the May 2021 Colonial Pipeline cyber attack, in which Russian hackers targeted the firm's billing and internal business network, and disrupted East Coast gas supplies for a week. The company paid a $4.4 million ransom, which was later recovered by FBI.
CNA Financial was hacked that same month, exposing the names, personal identification and Social Security numbers of 75,000 employees, contractors and policyholders. The attack shut down the company's website and locked out adminstrators. CNA paid $40 million to the Russian cybercrime syndicate known as Evil Corp.
Brenntag North America, a subsidiary of the German chemical distributor, suffered a cyber attack last April in which 150 GB of data was stolen. The DarkSide hacker group (also based in Russia) demanded $7.5M in bitcoin to prevent the release of customer information which included accounting records, chemical formulas, and employee birthdates, driver’s license numbers, medical records, and social security numbers. The company paid a negotiated ransom of $4.4 million.
JBS, one of the biggest meat processing firms, was hacked in May by the Russian hacker gang REvil. (Are we seeing a pattern here?) Meat processing plants in the U.S. and Australia were temporarily shut down, resulting in supply chain issues. An $11 million ransom was paid.
Those are just a few of the high-profile cyber attacks of 2021. Spanning says that 91% of attacks like these are initiated via phishing campaigns, using tailored email templates that look exactly like the company's password reset emails. They recommend updating outdated software, enabling multifactor authentication, and training to help people recognize bogus emails.
Researchers at Spanning analyzed data from the Identity Theft Resource Center, the Federal Trade Commission, and news reports from the past 7 years. Their findings indicate that over that time period, social media companies such as Facebook and Yahoo have been the most vulnerable to data breaches resulting from hacking and accidental exposure of customer databases. But more recently, the Business and Healthcare sectors have had the most breaches.
Their list of the The Largest Data Breaches in U.S. Historyis ordered from smaller to the larger, with details on what specific types of personal data points were compromised. Some of most impactful attacks targeted First American Corporation (885 million records including bank account numbers, bank statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images); Marriott International (500 million records including customer name, mailing address, phone number, email, passport number, date of birth, gender); and Facebook (419 million phone numbers belonging to Facebook users).
Daniel Markuson, a digital privacy expert at NordVPN NordVPN, says that hackers do more than just hack — they also collect billions of consumer records from breaches and leaks and package them up for sale. “With so many breaches and leaks... it’s possible that your email address or other details ended up in the wrong hands,” says Markuson. To me, it seems more like probable than possible. But there are several online resources that can help you determine if any of your login credentials have been compromised.
What Should You Do?
The non-profit Identity Theft Resource Center offers some excellent tips on preventing and recovering from identity theft. Later in the first quarter of 2022, the ITRC will launch a free alert service where individuals can create a list of companies with which they do business. If an organization on the list is compromised, the subscriber will receive an email alert. ITRC also offers free support from knowledgeable advisors by by phone or live chat.
See also FOUR Free Credit Reports Online (have you checked yours?), [ALERT] Freeze Your Credit Files For Free and Try These TEN TIPS for Identity Theft Protection.
The Federal Trade Commission has tips on Limiting Unwanted Calls & Emails, Online Security, Protecting Kids Online, and Preventing Identity Theft. The FTC's Identity Theft Awareness Week runs from January 31 to February 4, featuring a series of free events focused on trending issues in identity theft.
You can check to see if your email address was leaked in a data breach by visiting Have I Been Pwned. Enter your email address and this site will tell you if it has been compromised at any time in the past. (The term "pwned" is geekspeak for "owned," or "defeated.")
NordPass is a free service that lets you anonymously measure the strength (hackability) of your password, and will tell you if your password was exposed to any known data breaches.
Now that the number of leaked records (usernames, passwords, phone numbers, social security numbers, credit card info, and other personal data) reaches into the billions, and new data breaches are announced like clockwork, how should you respond? My advice is to assume that at least some of your personal info HAS been compromised. Here's what I recommend:
* Change your passwords, and use a password manager to create strong passwords going forward.
* Use two-factor authentication to protect your online accounts (even if your password is stolen)
* Consider using disposable email addresses
* Keep tabs on your credit reports (see sidebar above)
Have you been affected by a data breach? What steps did you take as a result? Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 25 Jan 2022
|For Fun: Buy Bob a Snickers.|
Will This App Get Your Traffic Ticket Dismissed?
The Top Twenty
Geekly Update - 26 January 2022
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Worst Data Breaches of 2021 (what you need to know, and do) (Posted: 25 Jan 2022)
Copyright © 2005 - Bob Rankin - All Rights Reserved