As cyber security events escalate, data breach cases are rising. Statistics show that over 90% of data breaches are caused by cyberattacks. An increase in data breaches was recorded in the first quarter of 2022 compared to the first quarter of 2021.

The number of victims was reduced by 50% compared to Q1 2021 and by 41% compared to Q4 2021, despite the rise in breaches. However, according to the Identity Theft Research Center, the number of reported breaches increased by 14%, reaching 404 in Q1 2022.

Ransomware payments have increased by 71% since last year. Average settlements are now close to $1 million. The most significant corporate data breaches of 2022 are highlighted below.

1) Medibank Breach

On October 25, 2022, a breach was disclosed by Medibank, a major health insurer. Data from over 4 million clients was compromised. According to the company, names, addresses, dates of birth, and insurance card numbers were accessed. A threat was issued by the hacker to release the stolen data within 24 hours if demands were not met. Nearly 500,000 health claims were also confirmed to have been improperly accessed.

n the end, the ransom was refused by Medibank. As a result, patient data was published on the dark web by the attackers. Compensation was promised by Medibank to individuals impacted by the breach. The cost of the cyberattack to the company was estimated at $25M to $35M. An investigation was conducted, and network monitoring was increased. The hacker was eventually found to be gone.

2) Microsoft Data Breach

On March 20, 2022, a breach was claimed by the hacking group Lapsus$. A screenshot was posted on their Telegram channel as proof of the attack. The screenshot, taken from Microsoft’s Azure DevOps collaboration tool, showed that Bing, Cortana, and other projects were impacted.

Microsoft was among the many victims of the Lapsus$ group. Over 37GB of data was allegedly stolen from Microsoft’s Azure DevOps Server, including source code for Bing, Bing Maps, and Cortana.

A torrent containing source code for over 250 Microsoft-owned projects in a 9GB bundle was later released. The breach was acknowledged by Microsoft, which confirmed that no customer data had been compromised.

3) Cash App Data Breach

Block, the parent company of the popular U.S. fintech application Cash App, confirmed that 8.2 million customer records were stolen. The exposed data included customer names, brokerage account numbers, portfolio values, and stock trading activity.

Block did not disclose the exact number of users affected. However, CNN reported in April that over 8 million Cash App Investing customers may have had their data exposed. The leak occurred when a former employee accessed internal records without authorization.

Reports indicated that full names and brokerage account numbers—used to identify customers’ stock activity on the platform—were included in the stolen data.

4) Uber Data Breach

In mid-September, Uber discovered it had been hacked. The breach became known when a message was posted in Uber’s Slack group stating, “I am a hacker and Uber has experienced a data breach,” followed by emojis.

As a result, Uber’s internal messaging and engineering systems were shut down to investigate the incident.

Several of Uber’s databases, including those with messaging information, were found to be vulnerable. Law enforcement informed Uber that an employee’s account had been compromised.

In a statement on September 17, Uber reported finding “no evidence that the incident involved access to sensitive user data (like trip history).” The breach was later linked to the Lapsus$ group, known for targeting companies such as Nvidia, Samsung, and Microsoft.

5) Rockstar Data Breach

On September 18, approximately 50 minutes of Grand Theft Auto 6 gameplay footage was stolen from Rockstar Games. The hacker, known as “teapotuberhacker,” reportedly gained access to the company’s Slack and downloaded the videos.

In a statement posted on Twitter, Rockstar confirmed the leak. The breach was believed to have occurred through social engineering after a hacker gained access to an employee’s Slack account. The attacker also claimed responsibility for Uber’s September 2022 breach.

6) Nvidia Data Breach

On February 23, 2022, Nvidia confirmed a data leak following a suspected ransomware attack. The hacking group Lapsus$ claimed responsibility and released 20GB of data. Nvidia was given a deadline of March 4 to pay the ransom.

According to Lapsus$, around 1 terabyte of Nvidia’s “most closely guarded secrets” was stolen. The group threatened to release the data if its demands were not met. Lapsus$ gained significant attention in early 2022 after a series of high-profile attacks, beginning with Nvidia.

7) Plex Data Breach

In August, Plex, a widely used media server app, experienced a data breach. The incident exposed encrypted user information, including usernames, emails, and passwords.

Access to the personal information of millions can damage a brand’s reputation for years. According to an email from Plex, hackers accessed usernames, email addresses, and passwords of about 20 million users. Plex confirmed that no credit card, payment details, or other personal account data were compromised.

8) ICRC Data Breach

On January 18, 2022, systems of the International Committee of the Red Cross (ICRC) were breached by unidentified hackers. The attack compromised the personal data of more than 515,000 vulnerable individuals worldwide.

 

ata from the Red Cross’ “Restoring Family Links Program” was stolen by attackers. The program stores information on people separated from their families due to conflict, migration, war, disaster, and other crises.

Personal data from at least 60 Red Cross and Red Crescent National Societies worldwide was compromised. The exposed information included names, locations, and contact details of over 515,000 individuals. Those affected included missing persons, detainees, and people relying on the Red Cross and Red Crescent Movement due to armed conflict, natural disasters, or migration.

9) Credit Suisse Data Breach

At Credit Suisse, one of the world’s largest banks, account details of about 18,000 customers were exposed. These clients collectively held assets worth around $100 billion. The data was leaked to the German newspaper Süddeutsche Zeitung by a whistleblower based in Switzerland.

Over 18,000 foreign clients, including a number of well-known heads of state and business leaders, dishonest politicians, alleged war criminals, and people smugglers, had their accounts and hidden money exposed by the leak.

10) Twitter Breach

On July 21, 2022, a hacker made the personal information of 5.4 million Twitter users available for purchase (for just $30,000). The attacker had taken advantage of a known flaw that was initially discovered in January. Although Twitter had addressed this vulnerability, the hostile actor was faster in this case. Twitter has not had a fantastic year in 2022. do same for this

In August, accusations against the social media company became public when its former security chief spoke out. The 200-page complaint filed with the SEC criticized Twitter for “egregious faults, negligence, intentional ignorance, and risks to national security and democracy.” Data breaches are now more frequent and costly than ever. Major corporations, including Uber, Facebook, Twitter, and even government agencies, have suffered breaches in recent years.

These attacks exposed personal data and caused millions in damages. In 2022, malware (22%) and phishing (20%) remained leading causes of cyberattacks. Despite advancements in technology, hackers still rely on proven attack methods like human error, unauthorized access, social engineering, and ransomware. Everyone must understand how to defend against security breaches and evolving threats.

At Computer Support Professionals, our support agreements are customized to meet each client’s needs. Our packages are competitively priced, and we deliver every project as promised.