12 Massive Data Breaches in 2022 That Could Have Been Avoided

December 20, 2022
Cayley Wetzig, Head of Marketing Communications

We’ve come a long way on the technology front, with the IoT gadgets permeating every aspect of our lives. Despite all these advancements, cybercrime continues to pose a huge threat to the world’s population. The number of data breaches in 2022 increased in the first quarter of 2022 compared to 2021, with cyber attacks accounting for 92% of all breaches.

Looking at the stats, the second quarter of this year alone saw about 52 million data breaches. IBM recently disclosed that the average cost of a single data breach to a company is a startling $4.35 million. The healthcare business was also the most severely affected by data breaches, with a single occurrence costing over $10 million. As we close out 2022, here are the top 12 data breaches that could have been avoided.

2022 Avoidable Data Breaches

1. Crypto.com Crypto Theft

The hack occurred on January 17, 2022 and targeted approximately 500 cryptocurrency wallets. Cybercriminals took around $18 million worth of Bitcoin, $15 million worth of Ethereum and more cryptocurrencies. This was made feasible by the hackers’ ability to circumvent two-factor authentication and gain access to users’ wallets. This is another reason why password managers are important.

Crypto.com initially dismissed the hack as an “incident” but later amended its statement, stating that funds had been stolen and affected victims had been refunded. The corporation also disclosed that it has reviewed the systems and enhanced its security posture.

Due to the rise in cryptocurrencies, it’s more important than ever to protect against data breaches. Therefore, the most effective method of protection against this fraud is encrypting all sensitive data.

2. Microsoft Data Breach

On March 20, 2022, a hacker organization known as Lapsus$ targeted Microsoft. The group uploaded a screenshot on Telegram showing that they had hacked Microsoft, compromising Cortana, Bing and other products. While the hackers successfully acquired some data from Microsoft, the company reported on March 22 that it had promptly halted the hacking attempt and that only one account had been breached.

Microsoft also stated that no customer information was compromised in this data breach. It gained visibility and popularity thanks to its swift and thorough response to the security breach. Since the Lapsus$ organization had previously attacked Nvidia, Samsung and many others, Microsoft’s security team was well prepared.

3. News Corp Server Breach

In February 2022, News Corporation acknowledged server intrusions dating back to February 2020. First, News Corp affirmed that no customer information was compromised and that normal operation were unaffected. Next, News Corp found proof that its journalists’ emails were hacked. Finally, over the course of the events, News Corp stated that espionage was at the heart of this attack, although the perpetrators remain unknown.

4. Red Cross Data Breach

In this data breach, on January 2022, hackers attacked servers containing the personal information of more than half a million individuals receiving services from the Red Cross and Red Crescent Movement. The compromised servers had information relevant to the organization’s Restoring Family Links services, which seek to reunite individuals separated by conflict, migration and violence.

As a result of the data breach, the Red Cross pulled systems offline to thwart this suspected nation-state attack, but the perpetrator is yet to be identified.

5. Ronin Crypto Theft

This blockchain-based gaming platform that uses cryptocurrencies was targeted between November 2021 and March 2022. Players of Ronin’s Axie Infinity game can gain non-fungible tokens (NFTs), a type of financial security made out of digital data stored in a blockchain and a digital currency.

As the game’s popularity grew, the company scaled back its security standards so that its servers could accommodate a larger audience.

Consequently, this allowed more participants but also thieves to steal $625 million in cryptocurrencies. The parent company of Ronin is collaborating with authorities to locate the perpetrators and retrieve the stolen funds. Still, any firm can learn from this incident: never compromise your security standards.

6. FlexBooker Data Breach

At the end of 2021 and the beginning of 2022, the appointment management company FlexBooker was the target of a massive data breach that affected around three million customers.

The data, which included ID information, driver’s licenses and passwords, was then put up for sale on popular hacking discussion boards. By compromising FlexBooker’s AWS settings, Uawrongteam was able to breach the company’s data. Once inside, they installed malicious software on the servers, which gave them complete control of the system.

Unfortunately, after the incident, many users abandoned the platform, negatively impacting the firm’s performance. You can try the top 10 AWS trainings here to prevent vulnerabilities in your code.

7. GiveSendGo Political Data Breach

A hacker who claims credit for infiltrating far-right social networks compromised GiveSendGo as a political statement in February 2022.

GiveSendGo is a Christian fundraising website favored by Canadian truckers who participated in the so-called Freedom Convoy to protest COVID regulations. A Distributed Denial of Service (DDoS) attack occurred when the hacker switched the fundraising website to a page that denounced the Freedom Convoy protests. The hacker then released the personal information of 90,000 donors who had contributed to the Freedom Convoy through the GiveSendGo website.

Since not all data breaches are motivated by monetary gain, it is evident that corporations require top-tier security to thwart political assaults.

8. Cash App Data Breach

In April 2022, Cash App admitted that a former employee had compromised their systems. The data breach involved customer names, stock trading information, account numbers, and portfolio values, amongst other sensitive financial information. The business contacted over eight million clients to inform them of the incident.

Fortunately, no account credentials were obtained during the attempt, and the hacker acquired just a small amount of identifiable data.

Read here how to prevent Insider Threats.

9. Marquard & Bahls Supply Chain Breach

This German energy company was attacked and its IT system was destabilized in February 2022, resulting in the closure of over 200 gas stations in the country. This was a clear case of an attack on the supply chain, as corporations such as Shell struggled to serve customers. Experts believe the attack originated from the Russian cyber group BlackHat gang, which has previously targeted oil pipelines.

More attacks on oil companies and other energy organizations can be expected as energy volatility becomes a more pressing issue in the wake of the climate crisis and the conflict in Ukraine.

Read here to learn how to help prevent Supply Chain attacks.

10. PressReader Data Breach

In March 2022, a cyberattack interrupted PressReader’s publication of prominent news titles from the world’s largest online distributor of newspapers and magazines, including the New York Times and local newspapers and outlets. PressReader has not stated whether ransomware was involved in the attack, although the event occurred soon after the firm announced that users in Ukraine would have free access to news items.

PressReader swiftly restored its complete publishing capabilities, but the three-day attack prevented users from reading over 7,000 news sources.

11. Optus Data Breach

Optus, Australia’s largest telecommunications provider, acknowledged a huge cyber attack that exposed the personal information of its 10 million subscribers, or around 40% of the country’s total population. The announcement was made in September 2022.

According to Optus, the compromised data contained the phone numbers, residential addresses, names, driver’s license numbers and passport numbers of current and former clients.

The attacker sought a $1 million ransom and published online samples of client database information. While Optus claimed this was a “sophisticated” attack, the hacker stated that they used freely available software to execute the system breach.

According to the Australian government, the data breach places over 2.8 million Australians at high risk for identity theft and fraud.

12. Credit Suisse Data Leak

Credit Suisse, a major private bank, had its internal systems breached, resulting in the disclosure of confidential customer information. The data breach disclosed approximately 30,000 customer accounts belonging to infamous war criminals, human traffickers, corrupt officials and state officials.

These accounts are valued at approximately $100 billion, making this one of the largest data breaches of 2022. An anonymous whistleblower from Credit Suisse revealed the information to the German newspaper Süddeutsche Zeitung, expressing outrage at Swiss financial secrecy restrictions.

A significant public outcry ensued against Credit Suisse for failing to complete the required client due diligence. The bank, however, refuted all claims regarding its business practices.

Conclusion

The frequency of data breaches is alarming, as they potentially expose highly sensitive information. With that being said, the most prevalent causes of data breaches are malicious employees, malware, phishing and software vulnerabilities.

Businesses need to invest more in newer security measures and creative methods to combat cyber threats. AI and automation are key to ensuring early identification and mitigating the severity and cost of crisis management.

ThriveDX assists IT leaders with planning, designing and implementing enterprise-level technological solutions. We can help you secure your vital infrastructure and sensitive data through strategic risk evaluations and implementing cost-effective, secure, managed IT and cloud solutions.

Incidents like the ones mentioned above can be avoided with the help of ThriveDX’s innovative training platform, which tailors its users’ education to their specific tasks. We do not believe in a one-size-fits-all approach. Talk to one of our cyber specialists today to find out how our no-nonsense strategy can significantly reduce the risk of attack.

Protect Your Organization from Phishing

Article

9 Most Important Cybersecurity Tips for Your Employees

Organizations are inundated with cybersecurity tips- but what are the most important ones you

Article

8 Mobile Cybersecurity Threats You Should Take Seriously

Between 80 to 90% of mobile apps contain a security vulnerability. Learn about the

Article

Zoom Cybersecurity and Privacy Strategies

Zoom's growth during and after Covid expedited working in remote areas. However, video conferencing

Article

8 Surprising Reasons Hackers Target Schools

Hackers target schools for a number of reasons. To steal research data, learn trade secrets

Your Trusted Source for Cyber Education

Sign up for ThriveDX's quarterly newsletter to receive information on the latest cybersecurity trends, expert takes, security news, and free resources.