7F Glass Tower C Palanca

Legazpi Village, Makati

Call Us

(+63) 2 8564 0626

The Top 10 Data Breaches in 2022

The digital age has ushered in various infrastructure and tools that have become an integral part of our lives. It has increased people’s connectivity with one another, given everyone instant access to information, and opened the entire world to automation that helps increase efficiency for businesses and individuals. However, the digital age also unlocked newer and more sophisticated ways of digital, or cyber, crime.

Let’s take a look at the top data breaches in 2022.

# 1 Pacific Government Vanuatu Cyber-attack 

Any country can be a target of cyber-attacks. Take the South Pacific Ocean country of Vanuatu, for example. The cyber-attack that happened to this nation was a serious incident that disrupted the normal functioning of the government and its services. In this case, the attack took down virtually all of the government’s digital networks, which had a significant impact on the country’s operations.

The specific details of the attack are not publicly known, but it’s likely that the attackers used some form of malware or hacking technique to gain access to the government’s digital systems. Once they had access, they could have caused damage or steal sensitive information. It’s unclear who is responsible for the attack, but it could be the work of nation-state actors or cybercriminals. Regardless of who is behind the attack, it’s important for governments and organizations to take proactive measures to prevent such incidents from happening in the future.

#2 Medibank Data Leak 

Medibank is a healthcare and insurance company in Australia. In 2022, Medibank suffered another cyber-attack, this time in the hands of a hacker who was able to steal information from Medibank’s 9.7 million past and present customers. The hacker attempted to negotiate with Medibank, holding the stolen data as hostage and demanding ransom.Medibank refused to cooperate resulting in customer information being leaked to the world. Back in 2018, the personal information of its approximately 1.3 million Australian customers was exposed in a data breach. 

The data leak was caused by a third-party vendor of Medibank, who accidentally left an unsecured database of customer information online. The database contained a range of sensitive information, including names, addresses, dates of birth, and Medicare numbers, among other details. Medibank discovered the data breach in April 2018 and immediately took action to secure the database and notify affected customers. The company also worked with law enforcement authorities to investigate the incident.

#3 Digital Extortion Gang 

Digital extortion is a type of cybercrime where attackers use threats and intimidation to extort money or other forms of value from their victims. In recent years, there have been numerous incidents of digital extortion gangs (DEG) Targeting organizations and individuals around the world. One high-profile example of a digital extortion gang is the group known as REvil, also known as Sodinokibi.

REvil gained notoriety in 2019 and 2020 for launching a series of ransomware attacks against businesses and organizations, including the law firm Grubman Shire Meiselas & Sacks and the meat processing company JBS, among others. In early 2022, another DEG by the name of Lapsus$ went on a hacking spree and victimized well-known companies like Nvidia, Samsung, and Ubisoft. 

Lapsus$ was able to obtain sensitive project information and codes and threatened to leak them online unless their demands were met.The gang’s main tool was phishing, and they are so good at it that they continued to thrive and wreak havoc despite authorities catching some of their members in March and September 2022.

#4 Phishing for Big Fish 

Phishing attacks are a common type of cyber-attack where attackers use deceptive tactics, such as fake emails or websites, to trick individuals into revealing sensitive information, such as login credentials or financial information. Twilio, a cloud communications platform has been targeted by phishing attacks in the past, as phishing attacks are a common tactic used by cybercriminals to gain access to sensitive information.In 2022, a huge phishing campaign targeted users of Okta to receive SMS messages that contained phishing links to sites that imitated their company’s Okta authentication page. 

These unsuspecting users provided their credentials and 2-FA (two-factor authentication) codes, allowing hackers access to the business, which was their main target. The phishing attack came to be known as 0ktapus, with the group responsible behind it being called by the same name and as “Scatter Swine” as well. Twilio, being the big company that it is, was a “big fish” for the malicious actors.Although the attack only affected 0.06 percent of Twilio’s clients, the breach included services like Signal, a secure messaging app; Authy, a two-factor authentication app, and Okta, an authentication firm. 

The breach allowed cyber-attackers to compromise two-factor authentication by exploiting automatic SMS messaging, one of Twilio’s services. The overall effect is the breach of user accounts of some of Twilio’s customers.

#5 Conti and Costa Rica 

Conti is a type of ransomware that first emerged in early 2020 and has since been responsible for a number of high-profile attacks on organizations around the world. Like other types of ransomware, Conti encrypts the victim’s files and demands payment in exchange for the decryption key. In November 2020, the Costa Rican government reported that it had suffered a ransomware attack that disrupted the country’s immigration and driver’s license systems.While the government did not confirm the specific type of ransomware involved, media reports suggested that the attack may have been carried out by the Conti ransomware group. 

The attack reportedly affected at least 30 servers and caused significant disruptions to government services. The government initially stated that it would not negotiate with the attackers or pay the ransom, but it’s unclear whether the ransom was eventually paid to obtain the decryption key and restore the affected systems. In 2022, the Costa Rican government fell victim to the Conti ransomware.

The perpetrators behind this cyber-attack demanded $20 million in exchange for the stolen valuable data from various government systems. Costa Rica had to issue a state of emergency. 670GB of government data, roughly 90% of the data that was stolen, were leaked online a few weeks later.

#6 Twitter Data Breach 

There was a data breach on Twitter affecting 5.4 million accounts including phone numbers and email addresses. According to multiple reports, the data was collected in December 2021 using a Twitter API vulnerability uncovered in the bug bounty program, which allowed users to submit phone numbers and email addresses to the API to use the associated Twitter to get ID. 

Using this ID, cyber criminals could then obtain public account information to create a user record containing both private and public information.On November 23, 2022, Chad Loder, a Los Angeles-based cybersecurity expert, tweeted a warning on the social network Twitter about a data breach believed to have affected “millions” in the US and EU. Loder said the data breach happened “no earlier than 2021. ” and ” it has not yet been reported”.

Twitter previously confirmed a data breach affecting millions of user accounts in July 2022, as discussed in point seven of this article. But Loder said it “couldn’t” be the same breach it reported unless the company “lied” about the breach in July. According to Loder, the November breach data is “not the same data” as the July breach data because it is in a “completely different format” and has “different numbers of people affected.” Loder said he believes the hack was due to malicious actors exploiting the same vulnerability as the hack reported in July.

#7 Russian hack on Ukraine 

For years, Russia has plagued Ukraine with brutal digital attacks, causing power outages, data theft and destruction, election meddling, and the proliferation of destructive malware that wreaks havoc on national networks. But since February’s invasion of Ukraine, times have changed for some of Russia’s biggest and most dangerous military hackers.Clever, long-term campaigns and inventive hacks have largely given way to rigorous and controlled clips showing rapid-fire attacks on Ukrainian institutions, reconnaissance, and widespread network destruction — followed by repeated hits, both through a new breach and the maintenance of an old gateway.

The Russian approach on the physical battlefield and in cyberspace appears to be the same: one of the most vicious bombing raids that can and will inflict as much pain as possible on the Ukrainian government and its citizens. However, Ukraine was not passive during the war. After the invasion, the country raised a volunteer “IT army” and,
along with other entities around the world, carried out DDoS attacks, destructive hacking attacks, and privacy breaches against Russian organizations and services.

#8 Credit Card Exposure 

Card marketplaces are shady websites where users exchange stolen credit card information for financial fraud, usually involving large sums of money. On October 12, 2022, the BidenCash card marketplace released the details of 1.2 million credit cards for free. The file that can be accessed on the site contained information about credit cards expiring in 2023-2026 as well as other data necessary to conduct online transactions.

BidenCash had leaked thousands of credit card details to promote the site back in June 2022. With the card market forced to introduce new URLs three months later in September after a series of DDoS attacks, some cybersecurity experts have hinted that this new disclosure could be another publicity stunt.

#9 Student Loan Data Breach 

 A data breach at Nelnet Servicing, a student loan company, in June 2022 left over 2.5 million users’ sensitive information, email addresses, phone numbers, and social security numbers fully accessible to an unknown third party. The malicious attacker took advantage of the breach from June to July 22, 2022. Nelnet Servicing notified the United States Department of  Education and Law Enforcement after discovering the breach.

#10 SHEIN’s $1.9 Million Fine 

In October 2022, Zoetop Business Company, owner of fashion brands SHEIN and ROMWE, was fined $1.9 million by the state of New York for failing to disclose a data breach that affected 39 million customers. 

A cybersecurity incident in July 2018 involved a malicious third party gaining unauthorized access to SHEIN payment systems.According to a statement released by the New York City Attorney’s Office, the payment processor of SHEIN contacted the brand and announced that it “was contacted by a major credit card chain and card-issuing bank, each with information suggesting that “Zoetop’s systems were infiltrated, and card details were stolen.” 

The discovery was made after a credit card network found SHEIN customers’ payment details for sale on a hacking forum.


Key Takeaway

Preventing a data breach starts with good infrastructure and data security precautions. Ensuring that AI systems are properly secured and monitored is essential. AI systems should have robust authentication processes in place to ensure that only authorized users can access them. Access controls should also be implemented and regularly monitored to ensure that data is only accessed by those with the right credentials. Strong encryption of data is also essential to protect it and reduce the risk of unauthorized access.

AI systems should be designed with data privacy as a priority, and it should also be regularly monitored and audited to detect any potential issues and reduce the risk of data breaches. AI systems should also be tested regularly to ensure that they are working as intended and that there are no overlooked vulnerabilities. Third-party vendors should also be thoroughly vetted before being granted access to a company’s data, and the security of the vendor should be closely monitored.

About IPV Network

Since 2016, IPV Network has been a trusted partner of leading enterprises in the Philippines. It brings the best-of-breed cybersecurity solutions. IPV network helps businesses identify, protect, detect, respond, and recover from cyber threats. Email us at [email protected] or call (02) 8564 0626 to get your FREE cybersecurity posture assessment!




Submit a Comment

Your email address will not be published. Required fields are marked *