Data breach cases are increasing as cyber security incidents rise. According to statistics, more than 90% of data breaches are caused by cyber-attacks. However, data breaches hit an all-time high in 2021. Data breaches increased in the first quarter of 2022 compared to the first quarter of 2021. Despite the increase in data breaches, the number of victims decreased by 50% compared to the first quarter of 2021 and 41% compared to the fourth quarter of 2021.
The notable data breach events for the first half of 2022 are as follows.
1. ICRC Data Breach
The International Committee of the Red Cross (ICRC) announced earlier this year that there had been a data breach.
The breach was discovered when the security company in charge of the ICRC systems noticed an anomaly in the ICRC servers containing information about the global Red Cross and Red Crescent Movement‘s Restoring Family Links services. Further investigation revealed that the attackers were inside these systems and had access to the data on them. It was discovered that attackers could gain access to the ICRC network and its systems by exploiting an unpatched critical vulnerability.
Personal data from at least 60 Red Cross and Red Crescent National Societies worldwide were compromised, including the names, locations, and contact information of over 515,000 people. Those affected are missing persons and their families, detainees, and others who receive services from the Red Cross and Red Crescent Movement because of armed conflict, natural disasters, or migration.
The attack is considered a targeted attack on the ICRC, as the attackers create code designed to be executed only on the respective ICRC servers. It was unclear who was behind the attack or why it was carried out. The attackers were not asked for a ransom.
Consequently, the ICRC was forced to shut down computer systems that support the Restoring Family Links program, which aims to reunite family members separated by conflict, disaster, or immigration. Aside from this conflict, the potential risks that the people and families whom the Red Cross and Red Crescent network is attempting to protect and assist may face due to the misuse of their data is disturbing.
2. Civicom Data Breach
Civicom, a New York-based provider of audio, online video conferencing, and market analysis services, exposed eight terabytes of highly confidential and sensitive customer information to the public in February, which led to a significant data breach.
Civicom’s misconfigured folders in Amazon’s cloud storage service, Amazon S3 (Amazon Simple Storage Service), exposed eight terabytes of records containing more than 100,000 files. Thousands of hours of video and audio recordings of private meetings and conversations, written transcripts of full names, and photos of employees’ meeting videos remained accessible to all customers without any password or security verification.
3. Credit Suisse Data Breach
Account information for about 18,000 customers valued at $100 billion was exposed at Credit Suisse, one of the world’s largest banks.
A Swiss-based Credit Suisse bank whistleblower released data to the German newspaper Süddeutsche Zeitung. The leak disclosed information about the accounts and hidden wealth of over 18,000 foreign clients, including many famous heads of state and business executives, corrupt politicians, accused war criminals, and human smugglers.
4. New York City Department of Education Breach
The New York City Department of Education recently revealed that a malicious actor gained unauthorized access to the personal information of 820,000 current and former students registered in the New York City Public School System (NYCPSS).
The breach occurred in the Skedula and PupilPath software, which tracks grades and attendance. Both platforms are owned by California-based Illuminate Education company. It was stated that the breach happened because some data was left unprotected despite the company’s declaration that it would encrypt all data. Students’ names, birthdays, gender, ethnicity, mother tongue, special education status, socioeconomic status, and academic information have been compromised. The use of both platforms was stopped.
5. Nvidia Data Breach
The Lapsus$ gang drew widespread attention in the first months of this year with attacks on various technology giants. The Nvidia attack was the first of these massive attacks, which they launched one after the other in a short period.
Lapsus$ released 1TB of data from NVIDIA systems. It was stated that 250 GB of these were connected to hardware and that details of several future NVIDIA graphics card models were also gathered. In response to the leaked data, Lapsus$ requested that NVIDIA entirely open-source its GPU drivers and remove all restrictions on cryptocurrency miners.
6. Microsoft Data Breach
Microsoft was a large-scale victim of the Lapsus$ group. The Lapsus$ gang claimed to have attacked Microsoft’s Azure DevOps Server and seized more than 37GB of data, including source code for Bing, Bing Maps, and Cortana services. It also uploaded a torrent for a 9GB bundle containing the source code for over 250 Microsoft-owned projects. Microsoft stated that no customer data was affected while confirming the incident.
7. Attack on a South African Credit Bureau
Credit company TransUnion South Africa suffered a data breach, and Brazil-based group N4aughtysec took responsibility.
TransUnion admitted the ransomware attack and indicated it had affected 3 million South African consumers and 600,000 businesses.
According to the group, they hold more than 4 TB of data that belongs to TransUnion customers. These data include personal consumer data such as name, identity number, date of birth, address, employer’s identity, spouse information, passport number, credit or insurance score; also businesses data such as company registration number, business credit scores, industry sector classification code, etc. The attackers requested a ransom of $15 million in exchange for this information.
8. Attacks on Russia
Since Russian troops crossed Ukraine’s borders at the end of February, a digital war has been going alongside the war. Ukraine has organized a volunteer IT Army since the beginning of the war to defend and fight Russian websites and organizations that want to attack Ukraine and take its services offline. Ukraine’s digital government has likewise battled with disinformation.
At the beginning of the conflict, the hacker group Anonymous declared a “cyber war” against the Russian government and claimed responsibility for attacks on Russian websites. As a result of this activity, a considerable amount of information concerning Russian-related businesses and government institutions has been published.
Since late February, activists with the Distributed Denial of Secrets (DDoSecrets) group have published more than 700 gigabytes of material and more than 3 million Russian official emails and documents.
Furthermore, personal information such as names, birthdays, and passport numbers of 1,600 Russian soldiers who served in the Russia-Ukraine war was made accessible. According to another claim, Ukraine’s intelligence services brought online the identities and contact information of 620 Russian agents registered in the Moscow office of the country’s leading security agency.
9. Conti Attack on Costa Rica’s Sovereignty
Cyberattacks have repeatedly targeted Costa Rican government institutions. Rodrigo Chavez, the country’s president, blamed the Conti gang for the attacks on their administrative systems. At least 28 institutions were targeted, and various databases and websites were taken offline. These attacks also interrupted healthcare services in rural areas.
The Conti group publicly revealed at least 600GB of governmental material and threatened to “overthrow” the country’s new government. Conti requested $20 million for a decryption key to unlock the systems.
Chaves declared the country in a state of emergency. The attacks also significantly impacted the country’s overseas trade activities.
10. Conti Leaks
Conti, a ransomware gang that has been active in recent years, has had a taste of its own medicine and became the target of the act of releasing information.
Conti stated that they support Russia following Russia’s invasion of Ukraine. Following the statements, a Conti Ransomware group member, believed to be a Ukrainian supporter, began leaking Jabber instant messages belonging to the Conti group via the @ContiLeaks Twitter account. Over 60,000 chat conversations, source code, and corporate papers were leaked, exposing a wealth of information about Conti’s targeted victims.
For two days, ContiLeaks revealed chat and forum conversations dating back several years, documents shared within the organization, and source codes. Details such as previously unseen victims, private data breach URLs, bitcoin addresses, and discussions regarding their operations were revealed in these posts. The leak revealed that Conti operates like a corporate company with 62 core team members and dozens of “freelancers” who come and go regularly.
Data breaches are more than just financial attacks. It can be part of a conventional war or threaten a charity’s repository or government sovereignty. Data breaches are becoming more strategic as a result of these new motivations. As a consequence, improving data security is crucial for the safety of any institution, organization, or end-user.