The Top 10 Data Breaches in 2022

The digital age has ushered in various infrastructure and tools that have become an integral part of our lives. It has increased people’s connectivity with one another, given everyone instant access to information, and opened the entire world to automation that helps increase efficiency for businesses and individuals. However, the digital age also unlocked newer and more sophisticated ways of digital, or cyber, crime.

Let’s take a look at the top data breaches in 2022.

# 1 Pacific Government Vanuatu Cyber-attack 

Any country can be a target of cyber-attacks. Take the South Pacific Ocean country of Vanuatu, for example. The cyber-attack that happened to this nation was a serious incident that disrupted the normal functioning of the government and its services. In this case, the attack took down virtually all of the government’s digital networks, which had a significant impact on the country’s operations.

The specific details of the attack are not publicly known. However, it’s likely that the attackers used some form of malware or hacking technique to gain access to the government’s digital systems. Once they had access, they could have caused damage or steal sensitive information. It’s unclear who is responsible for the attack, but it could be the work of nation-state actors or cybercriminals. Regardless of who is behind the attack, it’s important for governments and organizations to take proactive measures to prevent such incidents from happening in the future.

#2 Medibank Data Leak 

Medibank is a healthcare and insurance company in Australia. Back in 2018, a data breach exposed the personal information of Medibank’s approximately 1.3 million Australian customers. In 2022, Medibank suffered another cyber-attack. This time it was a hacker who was able to steal information from Medibank’s 9.7 million past and present customers. The hacker attempted to negotiate with Medibank, holding the stolen data as hostage and demanding ransom. Medibank’s refused to cooperate. As a result, the hackers leaked all customer information to the world. 

A third-party vendor of Medibank caused the leak. They accidentally left an unsecured database of customer information online. The database contained a range of sensitive information, including names, addresses, dates of birth, and Medicare numbers, among other details. Medibank discovered the data breach in April 2018 and immediately took action to secure the database and notify affected customers. The company also worked with law enforcement authorities to investigate the incident.

#3 Digital Extortion Gang 

Digital extortion is a type of cybercrime where attackers use threats and intimidation to extort money or other forms of value from their victims. In recent years, there have been numerous incidents of digital extortion gangs (DEG) Targeting organizations and individuals around the world. One high-profile example is REvil. The group also goes by the name Sodinokibi.

REvil gained notoriety in 2019 and 2020 for launching a series of ransomware attacks against businesses and organizations. These included the law firm Grubman Shire Meiselas & Sacks and the meat processing company JBS, among others. In early 2022, another DEG by the name of Lapsus$ went on a hacking spree and victimized well-known companies like Nvidia, Samsung, and Ubisoft. 

Lapsus$ obtained sensitive project information and codes and threatened to leak them online unless their demands were met. The gang’s main tool was phishing, and they are so good at it that they continued to thrive and wreak havoc despite authorities catching some of their members in March and September 2022.

#4 Phishing for Big Fish 

Phishing attacks are a common type of cyber-attack where attackers use deceptive tactics, such as fake emails or websites, to trick individuals into revealing sensitive information, such as login credentials or financial information. Phishing attacks targeted a cloud communications platform called Twilio in the past. Cybercriminals commonly use these attacks to gain access to sensitive information. In 2022, a huge phishing campaign targeted users of Okta to receive SMS messages that contained phishing links to sites that imitated their company’s Okta authentication page. 

These unsuspecting users provided their credentials and 2-FA (two-factor authentication) codes. This allowed hackers access to the business, which was their main target. The phishing attack came to be known as 0ktapus, with the group responsible behind it being called by the same name and as “Scatter Swine” as well. Twilio, being the big company that it is, was a “big fish” for the malicious actors. Although the attack only affected 0.06 percent of Twilio’s clients, the breach included services like Signal, a secure messaging app; Authy, a two-factor authentication app, and Okta, an authentication firm. 

The breach allowed cyber-attackers to compromise two-factor authentication by exploiting automatic SMS messaging, one of Twilio’s services. The overall effect is the breach of user accounts of some of Twilio’s customers.

#5 Conti and Costa Rica 

Conti is a type of ransomware that first emerged in early 2020. It is responsible for a number of high-profile attacks on organizations around the world. Like other types of ransomware, Conti encrypts the victim’s files and demands payment in exchange for the decryption key. In November 2020, the Costa Rican government suffered a ransomware attack that disrupted the country’s immigration and driver’s license systems. While the government did not confirm the specific type of ransomware involved, media reports suggested that the attack may have been carried out by the Conti ransomware group. 

The attack reportedly affected at least 30 servers and caused significant disruptions to government services. The government initially stated that it would not negotiate with the attackers or pay the ransom. However, it’s unclear whether they eventually paid the ransom to obtain the decryption key and restore the affected systems. In 2022, the Costa Rican government fell victim to the Conti ransomware.

The perpetrators behind this cyber-attack demanded $20 million in exchange for the stolen valuable data from various government systems. Costa Rica had to issue a state of emergency. A few weeks later, the perpetrators leaked 670 GB of government data, roughly 90% of the data that was stolen.

#6 Twitter Data Breach 

There was a data breach on Twitter affecting 5.4 million accounts including phone numbers and email addresses. According to multiple reports, they collected the data in December 2021 using a Twitter API vulnerability uncovered in the bug bounty program, which allowed users to submit phone numbers and email addresses to the API to use the associated Twitter to get ID. 

Using this ID, cyber criminals could then obtain public account information to create a user record containing both private and public information. On November 23, 2022, Chad Loder, a Los Angeles-based cybersecurity expert, tweeted a warning on the social network Twitter about a data breach believed to have affected “millions” in the US and EU. Loder said the data breach happened “no earlier than 2021” and “it has not yet been reported”.

Twitter previously confirmed a data breach affecting millions of user accounts in July 2022, as discussed in point seven of this article. But Loder said it “couldn’t” be the same breach it reported unless the company “lied” about the breach in July. According to Loder, the November breach data is “not the same data” as the July breach data because it is in a “completely different format” and has “different numbers of people affected.” Loder said he believes the hack was due to malicious actors exploiting the same vulnerability as the hack reported in July.

#7 Russian hack on Ukraine 

For years, Russia plagued Ukraine with brutal digital attacks, causing power outages, data theft and destruction, election meddling, and the proliferation of destructive malware that wreaks havoc on national networks. But since February’s invasion of Ukraine, times have changed for some of Russia’s biggest and most dangerous military hackers.Clever, long-term campaigns and inventive hacks have largely given way to rigorous and controlled clips showing rapid-fire attacks on Ukrainian institutions, reconnaissance, and widespread network destruction — followed by repeated hits, both through a new breach and the maintenance of an old gateway.

The Russian approach on the physical battlefield and in cyberspace appears to be the same: one of the most vicious bombing raids that can and will inflict as much pain as possible on the Ukrainian government and its citizens. However, Ukraine was not passive during the war. After the invasion, the country raised a volunteer “IT army”. Along with other entities around the world, they carried out DDoS attacks, destructive hacking attacks, and privacy breaches against Russian organizations and services.

#8 Credit Card Exposure 

Card marketplaces are shady websites where users exchange stolen credit card information for financial fraud. This usually involves large sums of money. On October 12, 2022, the BidenCash card marketplace released the details of 1.2 million credit cards for free. The accessible files on the site contained information about credit cards expiring in 2023-2026. They also had other data necessary to conduct online transactions.

BidenCash had leaked thousands of credit card details to promote the site back in June 2022. With the card market forced to introduce new URLs three months later in September after a series of DDoS attacks, some cybersecurity experts have hinted that this new disclosure could be another publicity stunt.

#9 Student Loan Data Breach 

 A data breach at Nelnet Servicing, a student loan company, in June 2022 left over 2.5 million users’ sensitive information, email addresses, phone numbers, and social security numbers fully accessible to an unknown third party. The malicious attacker took advantage of the breach from June to July 22, 2022. Nelnet Servicing notified the United States Department of  Education and Law Enforcement after discovering the breach.

#10 SHEIN’s $1.9 Million Fine 

In October 2022, Zoetop Business Company, owner of fashion brands SHEIN and ROMWE, was fined $1.9 million by the state of New York for failing to disclose a data breach that affected 39 million customers. 

A cybersecurity incident in July 2018 involved a malicious third party gaining unauthorized access to SHEIN payment systems. According to a statement released by the New York City Attorney’s Office, the payment processor of SHEIN contacted the brand and announced that it “was contacted by a major credit card chain and card-issuing bank, each with information suggesting that “Zoetop’s systems were infiltrated, and card details were stolen.” 

The discovery came after a credit card network found SHEIN customers’ payment details for sale on a hacking forum.

Key Takeaway

Preventing a data breach starts with good infrastructure and data security precautions. Properly securing and monitoring AI systems is essential. They should have robust authentication processes in place to ensure that only authorized users can access them. Implemented and regularly monitoring access controls will ensure only those with the right credentials can access the data. Strong encryption of data is also essential to protect it and reduce the risk of unauthorized access.

AI systems designs should prioritize data privacy security. Regular monitoring and auditing should occur to detect any potential issues and reduce the risk of data breaches. Regularly testing AI systems will ensure that they are working as intended. Vulnerabilities within the system cannot be overlooked. Third-party vendors should also be thoroughly vetted before being granted access to a company’s data, and the security of the vendor should be closely monitored.

About IPV Network

Since 2016, IPV Network has been a trusted partner of leading enterprises in the Philippines. It brings the best-of-breed cybersecurity solutions. IPV network helps businesses identify, protect, detect, respond, and recover from cyber threats. Email us at [email protected] or call (02) 8564 0626 to get your FREE cybersecurity posture assessment!