The remarkable rise seen in social engineering and internet sophistication makes us feel that employees training to secure data and information is as important as any other form of technical development. Today, companies and individuals need to be more alert than ever before besides encouraging employees to adapt to novel ideas since they are the gatekeepers for corporate data. Critical information and accounts must be kept safe and be protected with multiple-factor authentication systems. 2021 is yet another year full of whirlwind of swindles and fraudulent activities where Data breaches and cyber-attacks have become common. FactsnFigure.com bring to you a list of the worst data breaches and cyber attacks that took place in 2021 so far.
Facebook, LinkedIn and Instagram
January 11: A Social media management firm belonging to China, Socialarks suffered a cyber-attack causing data leakage because of an unsecured database. The negligence in security systems exposed the account details along with Personal Identifiable Information of more than 214 million social media users of Facebook, LinkedIn and Instagram. Although the exposed information belonging to the three accounts varied but they all included personal information of the users including phone numbers, names, profile links, profile description, Messenger Ids, LinkedIn profile link, address, social media login Ids, job profile, company name, website link and many more.
January 11: One of the conservative social media applications named Parler scraped its data which came into the hands of a hacker. The information about the data breach came into the limelight after Amazon Web Series removed the hacked platform from its servers. The leaked information was no less than 70TB which included 99.9% messages, posts and video chats comprising EXIF data i.e., metadata of location and time. Parler Verified Citizen’s and users name who updated their accounts by uploading personal identities such as government-issued cards or driving licence and were exposed in the cyber-attack.
January 11: Yet another cyber fraud that took place on the 11th January took place in one of the biggest IoT, Internet of Things technology firm named Ubiquiti.Inc. After the company got the knowledge about the data breach that was caused because of unauthorized access to the firm’s database, they altered their customers with the help of third-party cloud providers. Customers were also made aware of the cyber attack through personalised emails and were asked for changing passwords along with multifactor authentication. It is assumed that the data exposed contained various undisclosed account numbers of customers, their salted passwords, email addresses and phone numbers.
January 12: One of the cybercrimes that took place in 2021 January compromised a certificate that was used for authenticating Mimecast’s Sync and Recover, Internal Email Protect and Continuity Monitor related products to access Microsoft 365. Mimecast is a service provider that deals with cloud-based management programs to secure Microsoft 365 account services. The company declared that around 10% of its customer’s data have been compromised in the data breach but a new certificate has been issued and reinstalled.
January 20: A free-online photo-editing app named Pixlr database was leaked by a hacker. Around 1.9 million users’ records were risked in the incident. They were stolen and the cyberattack on 123RF exposed more than 83 million user’s identity. The data leaked and stolen included addresses, user names, email address, user’s country, hashed pictures besides other sensitive information’s.
January 24: MeetMindful.com is a dating platform that was hacked by a famous hacker. User’s personal information and account details that were posted for free in the forum were hacked by the hacker in the data breach. More than 2.28 million user’s data were leaked which included birth dates, names, addresses, location details, marital status, Facebook Authentication tokens, social media user ids and Bcrypt-hashed account passwords.
January 26: A free gaming platform named VIPGames fall into the trap of hackers due to which more than 23 million records accessed in 66,000 desktops and mobiles were exposed because of cloud misconfiguration. All the leaked information included emails, user names, Facebook, Twitter and Google ids along with players data who were banned from using the gaming platform.
Florida Water supply
February 8: One of the severe data breaches that took place in February 2021 compromised the health of thousands of people due to water contamination. The hackers attacked the computer system of Florida’s water facility which treats water for 15000 people living near Tampa. The water supply system software was hacked through which the hackers increased the level of additives. Accordingly, sodium hydroxide or lye amount was increased and distributed in the water supply. This chemical is usually utilised in a very small amount to control acidity levels in the water, however, using them in high amount can prove dangerous for human health.
January 22: One of the famous men’s clothing retailer named Bonobos became the victim of a cyber-attack in which critical data belonging to the firm was stolen. One of the hacker’s downloaded Bonobos backup cloud data. This exposed the order information of more than 7 million customers which included customer’s phone number, name, addresses and account information. Around 1.8 million registered customer’s data personal information was leaked while 3.5 million customers credit card details were hacked.
February 10: Another malware attack of February 2021 paved the way for hackers to get access and copy files comprising the medical and personal information of more than 2 million patients of Nebraska Medicine. The health network reported that individuals whose information were risked included names, birth dates, health insurance data, medical record numbers, laboratory results, diagnosis information, physician notes and social security numbers among many others.
February 18: DMV or the California Department of Motor Vehicle reported about a cyber attack that made them suffer data leakage. The information was sent to all the drivers to make them alert about the incident in which Automatic Funds Transfer Service was hit by a ransomware attacker. The information leaked comprised personal information of the drivers who were attached to DMV for the last 20 months. All of them has either registered their new vehicle or made changes to the existing such as license plate numbers and identification numbers of their vehicles.
February 20: Accellion, a cloud solutions firm suffered a third-party data breach that allowed hackers to have access and steal human resource-related data along with pharmacy records belonging to the supermarket named Kroger. The data breach disclosed cloud that comprised email address, email, home address, phone numbers, social security number and birthdate along with health insurance, medical history and prescriptions.
Oxford University Lab
February 25: The hackers broke into Oxford University’s Lab Biochemical Systems that was studying COVID-19. Oxford University is considered as the top biology labs in the world where some of the renowned professors were researching how COVID-19 can be encountered. All their initial findings and related data were hacked in the data breach. The leaked information included biochemical samples and other medicinal records researched by the University researchers. The investigation about the cyberattack is now been taken care of by the British Intelligence Agency.
February 26: many customers of T-Mobile were affected because of the SIM swap attack. Also known as SIM hijacking, the scammers or the hackers took complete control of and switched the phone numbers with the SIM cards they used for personal social engineering. Due to the access to the phone numbers, the hackers got calls and messages that further allowed them to log into the hijacked customer’s profile, bank details and other information to steal money and change critical passwords. By locking out the victims from their accounts, the hackers used two-factor authentication. The cyberattack exposed various customers information such as email, names, addresses, account detail, personal identification numbers, birth dates and many more.
March 3: Cyber Attackers have targeted not one but four security issues in Microsoft Exchange Server email software. The hackers used software bugs within the Exchange servers to get access to the email account of more than 30,000 firms all over the United States including local government, cities, towns and small businesses. The data breach gave the hackers access to the remote control of affected systems that allowed the loss of potential data. Microsoft realised the security breach from the patches in their system and urged their customers to apply for an update as soon as possible.