As cyber security events escalate, data breach cases also rise. According to statistics, more than 90% of data breaches are the result of cyberattacks. As Comparing the first quarter of 2022 to the first quarter of 2021, data breaches increased. 

The number of victims fell by 50% compared to the first quarter of 2021 and by 41% compared to the fourth quarter of 2021, despite an increase in data breaches. The bad news is that, according to statistics from the Identify Theft Research Center, the actual number of reported breach occurrences grew by 14%, to 404, during the first quarter of 2022 compared to the same period in 2021, according to data from the Identify Theft Research Center. 

Additionally, the average ransomware payment has climbed by 71 percent since last year, and average settlements are now close to $1 million. The most significant corporate data breaches of 2022 are covered in this article. 

1) Medibank Breach: 

On October 25, 2022, MediBank, a health insurer, disclosed that over 4 million of their clients’ data had been compromised. According to the Australian health insurer, the name, address, date of birth, and even the insurance card numbers might have been accessed. If their demands were not met, the hacker threatened to disclose the material in less than 24 hours. Nearly 500,000 health claims had also been improperly accessed, according to Medibank, which they confirmed.  

In the end, Medibank declined to pay the ransom, which led the attackers to publish patient data on the dark web. MediBank stated that it would provide compensation to people who were harmed as a result of their private information being obtained in order to set things right. Between $25M and $35M is the projected cost of this cyberattack to the business. After conducting an investigation and increasing network monitoring, they discovered the hacker was gone. 

2) Microsoft Data Breach: 

The hacking collective Lapsus$ said that they had infiltrated Microsoft via a screenshot that was sent to their Telegram channel on March 20, 2022.  The screenshot, which was obtained in the Microsoft collaboration tool Azure DevOps, showed that Bing, Cortana, and other projects had been affected by the intrusion.  

Microsoft was one of the Lapsus$ group’s many victims.  More than 37GB of data, including the source code for the Bing, Bing Maps, and Cortana services, were allegedly taken by the Lapsus$ gang when they allegedly targeted Microsoft’s Azure DevOps Server.  

Additionally, a torrent containing the source code for more than 250 Microsoft-owned projects in a 9GB bundle was published.  Microsoft acknowledged the problem but insisted that no consumer data was impacted. 

3) Cash App Data Breach: 

Block, the parent company of the well-known US fintech mobile application Cash App, said that 8.2 million customer records had been stolen. The leak included customers’ names, brokerage account numbers, and other data, such as portfolio value and stock trading activity. 

Block has not provided information on the actual number of users affected, but as CNN reported in April, “More than 8 million Cash App Investing customers may have had personal data leaked after a former employee obtained internal records without permission.” 

Customers’ full names and brokerage account numbers—the personal identification number connected to a customer’s stock activity on the platform—were included in the reports that the former employee had access to. 

4) Uber Data Breach: 

Midway through September, one of the biggest corporations in the world, Uber, learned that they had been hacked after the hacker posted in the company’s Slack group, “I am a hacker and Uber has experienced a data breach,” followed by a number of emojis. The business had to do this in order to take down its internal messaging system and engineering systems and investigate the event. 

A number of the company’s databases, including those containing messaging information, were reported to be vulnerable. When Uber contacted the police, they learned that a worker’s account had been hijacked. 

In a statement released September 17th, Uber said they had found “no evidence that the incident involved access to sensitive user data (like trip history).” Uber has linked this breach to the Lapsus$ group, which has compromised companies such as Nvidia, Samsung, and Microsoft. 

5) Rockstar Data Breach: 

Grand Theft Auto 6, a future video game developed by Rockstar Games, had around 50 minutes of footage stolen on September 18 by a hacker going by the name “teapotuberhacker.” They reportedly obtained the footage by gaining access to the business’ Slack, where they then downloaded the videos. 

In a statement posted to Twitter, Rockstar acknowledged the leak. The breach is thought to have happened as a result of social engineering, with the hacker getting into a worker’s Slack account. The hacker also asserts responsibility for the previous September 2022 Uber attack.

6) Nvidia Data Breach

Gaming Chipmaker Nvidia confirmed a data leak after a suspected ransomware attack hit the company on February 23, 2022. After the hacking organization Lapsus$ admitted responsibility for the attack and released 20 GB of data, Nvidia was given until March 4 to pay the ransom. 

According to Lapsus$, it took around 1 terabyte of Nvidia’s “most closely guarded secrets” and threatened to release the information if the chipmaker disobeyed its demands. The Lapsus$ gang’s attacks on a number of IT titans drew a lot of attention in the first few months of this year. The first of these significant attacks, which they launched one after the other quickly, was the Nvidia attack. 

7) Plex Data Breach: 

Millions of people use the media server app Plex, which suffered a data breach in August that exposed sensitive encrypted information about its users, including passwords, usernames, and emails. 

Access to the personal information of millions of people can harm a brand’s reputation for years to come. An email from Plex claims that hackers had access to the usernames, email addresses, and passwords of about 20 million users. Plex clarified that no credit card and payment information, personal account information or other data was compromised in the incident. 

8) ICRC Data Breach: 

From this year forward on January 18, unidentified hackers broke into the systems of the International Committee of the Red Cross (ICRC), which housed the personal data of more than 515,000 internationally vulnerable individuals.

 

Data from the Red Cross’ “Restoring Family Links Program,” which houses information on people who have been separated from their families due to conflict, migration, war, disaster, and missing persons and their families, was stolen by the attackers. 

Personal data from at least 60 Red Cross and Red Crescent National Societies worldwide were compromised, including the names, locations, and contact information of over 515,000 people. Those affected are missing persons and their families, detainees, and others who receive services from the Red Cross and Red Crescent Movement because of armed conflict, natural disasters, or migration. 

9) Credit Suisse Data Breach: 

At Credit Suisse, one of the biggest banks in the world, account information for around 18,000 customers with a combined worth of $100 billion was made public. Information was sent to the German newspaper Süddeutsche Zeitung by a Credit Suisse bank whistleblower headquartered in Switzerland.  

Over 18,000 foreign clients, including a number of well-known heads of state and business leaders, dishonest politicians, alleged war criminals, and people smugglers, had their accounts and hidden money exposed by the leak. 

10) Twitter Breach: 

On July 21, 2022, a hacker made the personal information of 5.4 million Twitter users available for purchase (for just $30,000). The attacker had taken advantage of a known flaw that was initially discovered in January. Although Twitter had addressed this vulnerability, the hostile actor was faster in this case. Twitter has not had a fantastic year in 2022. 

Accusations against the social media business were made public by the former security chief in August. Twitter is criticized for having “egregious faults, negligence, intentional ignorance, and risks to national security and democracy” in the 200-page complaint submitted to the SEC. Data breaches are more common and expensive than ever, but they don’t have to be. 

Some of the largest corporations in the world have experienced data breaches during the past several years. These intrusions cost millions of dollars and revealed personal data, affecting companies like Uber and Facebook as well as Twitter and governmental organizations. Malware (22%) and phishing (20%) will remain the main causes of cyberattacks in 2022.  

Even as more sophisticated technologies are developed, hackers continue to use the most reliable and cost-effective attack vectors around the world: human error, illegal access, social engineering, and ransomware. We must all be aware of how to protect ourselves from security breaches and other threats as a result. 

With Computer Support Professionals Support agreement can be custom designed based on the client’s requirement. Our package prices are comparatively cheaper. And we deliver our projects as per promises we make to our clients.