Despite huge strides in cybersecurity, data breaches are still an issue. In fact, the number of data breaches in the first quarter of 2022 was higher than in 2021, and in the second quarter 2022 alone there were nearly 52 million data breaches reported. The industry hit hardest by data breaches was the healthcare industry, with just a single incident typically costing more than $10 million.
The year’s not over yet, but here are some of the major data breaches of 2022.
The latest data breach headlines involve Twitter. A massive Twitter data breach reported in July is apparently worse than initially reported and involves personal data belonging to 5.4 million people. According to Bleeping Computer Sunday, the data stolen includes private email addresses, phone numbers and scraped data. The scraped data includes Twitter ID, name, screen name verified status, location, URL, description, follower count, account creation date, friends count, favorites count, statuses count and profile image URLs.
South Korean consumer electronics giant Samsung reported two significant breaches this year. In early 2022, Samsung fell victim to the Lapsus$ cybergang, which boasted to have stolen 190 Gb of data from the tech giant. The stolen information included source code related to Galaxy devices and over 6,000 secret keys, such as private keys, login data, and AWS, GitHub, and Google keys. In July 2022, Samsung fell victim to a cyberattack that resulted in the compromise of personal information of U.S. customers. Samsung has not released information regarding how many individuals were impacted by the data breach.
In January, Crypto.com, one of the biggest and best known cryptocurrency exchanges in the world and known for being backed by superstar actor Matt Damon, reported that 483 of its users were hit in a hack, leading to unauthorized withdrawals of bitcoin and Ether worth $35 million.
A cyberattack on Red Cross compromised sensitive data on more than 515,000 vulnerable people. During the investigation into the extent of the attack, which targeted a contractor in Switzerland that was storing the data, the Red Cross has been forced to temporarily halt a program that reunites families torn apart by violence, migration or other tragedies. The cyber attack appears to have been the work of an undisclosed nation-state actor.
Hackers broke into the internal systems of one of the world’s biggest private banks, Credit Suisse, exposing sensitive customer data. The data breach exposed as many as 30,000 customer accounts, which belonged to high-profile war criminals, human traffickers, corrupt leaders, and state heads. Estimates value these accounts at over $100 billion, placing this among the biggest 2022 data breaches. An anonymous whistleblower leaked the data to German newspaper Süddeutsche Zeitung, expressing anger at Swiss banking secrecy laws.
NYC Department of Education
A third-party vendor working with The New York City Department of Education exposed data of at least 820,000 public school students. The software company, Illuminate Education, which provides popular grading, attendance and messaging platforms, is widely used by public schools in NYC. Demographic data, academic information and economic profiles were accessed by the hackers.
A data breach in the spring involving sensitive information for more than 8 million users of stock trading app Cash App was linked to a disgruntled former employee. The Fintech giant, formerly known as Square, confirmed that the breach involved a former employee who downloaded reports from Cash App that included information on U.S. customers. Block said the reports the former employee accessed did not feature personally identifiable information such as usernames or passwords, Social Security numbers, dates of birth, payment card information, addresses and bank account details.
Uber’s organization-wide security breach was announced in September. A social engineering attack against one of Uber’s contractors resulted in multiple compromised systems within. Led by an affiliate to the Lapsus$ hacking group, the attacker was eventually able to gain admin access and take over many of Uber’s internal tools: AWS, Google Drive, Slack, SentinelOne and more. While this attack didn’t expose Uber users’ information, the infamous 2016 breach exposed approximately 57 million users, including approximately 600,000 drivers’ license numbers.