Data Breach 2022

Top 10 Data Breaches So Far in 2022

By Dr. Rey LeClerc Sveinsson, ERMProtect

Unfortunately, cyberattacks and data breaches are still a big business, despite substantial increases in cybersecurity defenses around the globe. Data breaches in the first quarter were up 14 percent over a year ago, according to the Identity Theft Resource Center (ITRC). The latest increase comes on the heels of 2021’s 68 percent increase in breaches over 2020, which beat the previous record, set in 2017, by 23 percent.

Below are some of the Top 10 breaches and cyberattacks in 2022 - so far. They are not in any particular order, but you should read on if you want to find out how significant an attack can be and what to do to avoid the same issues.

1. Crypto Theft

The attack took place on January 17th and targeted nearly 500 people’s cryptocurrency wallets. In this case, hackers stole approximately $18 million worth of Bitcoin and $15 million worth of Ethereum, plus other cryptocurrencies. This was primarily possible thanks to the hackers’ ability to bypass two-factor authentication and access users’ wallets. This is another example of why using a password manager is so important.

Initially dismissing the attack as an ‘incident,’ later retracted its statement, confirming that money had been stolen and that affected users had been reimbursed. The company also announced that it had audited systems and improved the organization’s security posture. Businesses must be aware of the risks associated with cryptocurrency theft. The best way to protect against this type of fraud is to ensure that all sensitive data is encrypted.

2. Microsoft Data Breach

On March 20th, 2022, Microsoft was targeted by a hacking group called Lapsus$. The group posted a screenshot on Telegram indicating they had hacked Microsoft, and in the process, compromised Cortana, Bing, and several other products. The hackers retrieved some material from Microsoft, but by March 22nd Microsoft announced it had quickly stopped the hacking attempt and only one account was compromised. Microsoft also said that no customer data had been stolen. In this case, Microsoft benefitted from the publicity it received for its effective security response. The Lapsus$ group had previously targeted Nvidia, Samsung and plenty of other companies, so Microsoft’s security team was ready.

3. News Corp Server Breach

In February 2022, News Corp admitted server breaches way back to February 2020. News Corp asserted that no customer data was stolen during the breach, and that the company’s everyday work wasn’t hindered. However, News Corp uncovered evidence that emails were stolen from its journalists. The thieves have not been identified, but News Corp has said that espionage is at the root of this attack.

4. Red Cross Data Breach

In January 2022, hackers carried out an attack on servers hosting the personal information of more than 500,000 people receiving services from the Red Cross and Red Crescent Movement. The hacked servers contained data related to the organization’s Restoring Family Links services, which works to reconnect people separated by war, migration, and violence. The Red Cross took servers offline to stop this suspected attack by a nation state, although no culprit has definitively been identified.

5. Ronin Crypto Theft

This blockchain gaming platform that relies on cryptocurrency was targeted between November 2021 and March 2022. Ronin’s Axie Infinity game enables players to earn digital currency and non-fungible tokens (NFTs), a financial security consisting of digital data stored in a blockchain. As the game increased in popularity, the firm dialed back security protocols so its servers could handle a growing audience. That let more players in, but also criminals who stole $625 million in cryptocurrency. Ronin’s parent company is working with authorities to identify the culprits and recover funds, but it’s a lesson that any business can learn: never compromise your security standards.

6. FlexBooker Data Breach

At the end of 2021 and the start of 2022, appointment management business FlexBooker was hit by a vast attack that affected about three million users. Confidential data including ID information, drivers’ licenses, and passwords was stolen and then offered for sale on popular hacking message boards. A hacking group called Uawrongteam managed to compromise FlexBooker’s data by exploiting its AWS configuration. Once inside, they installed malware onto the servers, which allowed them to gain full control over the system. Many clients left the platform after the incident, affecting the company financially.

7. GiveSendGo Political Data Breach

In February 2022, GiveSendGo was breached as a political gesture by a hacker who claims credit for hacking far-right social networks. GiveSendGo is a Christian fundraising site favored by Canadian truckers who drove across the country to protest against COVID rules – the so-called Freedom Convoy. The hacker redirected the fundraising site to a page that condemned the Freedom Convoy protests – a case of a Distributed Denial of Service (DDoS) attack. The hacker then published the personal information of the 90,000 donors who had contributed to the Freedom Convoy via the GiveSendGo website. It is a clear lesson that companies need top-notch security to ward off political attacks – because not all breaches are driven by financial gain.

8. Cash App Data Breach

In April 2022, Cash App acknowledged that a former employee had breached its servers. The hacker clearly had a significant axe to grind with the business. The hack involved customer names, stock trading information, account numbers and portfolio values, alongside loads of other sensitive financial information. The company contacted more than eight million customers to tell them about the incident. Luckily, no account credentials were stolen in the attack, and the hacker only stole a limited amount of identifiable information.

9. Marquard & Bahls Supply Chain Breach

In February 2022, this German energy giant was attacked and saw its IT infrastructure destabilized, causing the closure of more than 200 gas stations across Germany. This was clearly a case of supply chain attack, with companies such as Shell struggling to supply customers. Experts say the attack looks like it came from the hacker group BlackHat gang – a Russian group that has attacked oil pipelines in the past. With energy volatility an increasingly relevant topic given the climate crisis and the war in Ukraine, expect to see more attacks that hit oil businesses and other energy organizations.

10. PressReader Data Breach

In March 2022, an attack halted PressReader’s publication of numerous top news titles from the world’s largest online distributor of newspapers and magazines – from big names like the New York Times to local papers and outlets. PressReader hasn’t said if any ransomware was involved in the attack, but the incident immediately followed the company’s announcement that it would give users in Ukraine free access to news articles. PressReader was able to quickly restore its full publishing capability, but the three-day attack stopped people from accessing more than 7,000 news sources.

How To Prevent a Data Breach

Common reasons for these data breaches and lessons to learn:

  • Old vulnerabilities - It is common for a hacker to leave a secret window they can use to access a company’s systems again after a successful first attempt. Failing to patch vulnerabilities from the first attack can lead to a second one.
  • Human error - Employees using weak passwords may expose a company’s systems to subsequent attacks. Other common human errors include employees clicking on malicious links and visiting phishing sites. Unless organizations perform security training following an initial breach, employees can repeat previous mistakes that leave businesses vulnerable.
  • Malware - Hackers use malicious software such as viruses, ransomware, Trojans, spyware, adware, etc., to steal confidential information from an organization’s network system. If a company fails to step up monitoring protocols after its first breach, there is nothing to stop repeat attacks from occurring.

ERMProtect Can Help

If a breach occurs, our digital forensic experts investigate to find the root cause, stop the damage, and recommend steps to improve security. Click here to speak with an Incident Response Expert or contact us at 305-447-6750 or at [email protected].

Get a curated briefing of the week's biggest cyber news every Friday.

Stop Phishing Attacks with ERMProtect's Security Awareness Training

Turn your employees into a human firewall with our innovative Security Awareness Training.

Our e-learning modules take the boring out of security training.

Intelligence and Insights

NIST Cybersecurity Framework

Complete Guide to the NIST Cybersecurity Framework 2.0

In this comprehensive guide, we explain in simple terms every aspect of complying with the NIST Cybersecurity Framework 2.0 …
Musings From a Pen Tester’s Diary

Musings From a Penetration Tester’s Diary – Part 2

We asked Akash to take a trip down memory lane and discuss some of his more interesting intrusion cases. This is Part 2 of “Musings from Pen Tester’s Diary.” …
Musings From a Pen Tester’s Diary

Musings From a Penetration Tester’s Diary – Part 1

Ever want to peek inside the mind of an ethical hacker? Akash Desai, our Director of IT Consulting for 18 years, is sharing his diary of experiences “hacking” banks, factories, fire departments, airports, etc …