6 major cybersecurity
breaches in 2021
(and what you can learn from them)
Nebraska Medicine (Occurred Aug 2020, announced Feb 2021)
Network of major hospitals and clinics in Omaha, NE.
Outcomes
- ~219,000 patients health and personal records exposed
- System downtime
- HIPAA breach
How could it have been prevented
- Email filtering
- Employee security awareness training
- Enhanced network monitoring and endpoint protection
70% of cybercriminal activity now takes the form of credential phishing – the primary vector for malware – according to Microsoft’s Digital Defense Report 2020.
ParkMobile (Apr 2021)
The primary parking app for downtown Kansas City, MO.
Outcomes
- Critical customer data – contact information, license plates, and addresses – was leaked and sold on a dark web cybercrime site. Payment information was protected thanks to encryption.
- Hashed user passwords were obtained, but are protected by a one-way password hashing algorithm, bcrypt, making them difficult for hackers to crack.
- Leaks like this (and the recent LinkedIn breach) allow attackers to create more robust profiles, resulting in highly targeted and convincing cyber attacks.
How could it have been prevented
As this breach was due to a vulnerability in a third-party software integration, little could have been done to prevent it, except potentially:
- Vetting the security of suppliers
- Regular software patching
US supply chain attacks increased by 42% in the first quarter of 2021, according to the Identity Theft Resource Center (ITRC).
Experian (Apr 2021)
Online credit reporting platform
Outcomes
- An insecure Experian application programming interface (API) enabled anyone to access users' private credit scores by supplying their name, email and DOB.
- This information could be sold on dark web cybercrime forums, putting victims at greater risk of phishing and vishing attacks and fraud.
How could it have been prevented
- Keep APIs secure with authentication and access controls, encryption, and monitoring.
Gartner estimates by 2022, APIs will be the most common vector in attacks targeting enterprise application data.
Bailey & Galyen (Mar 2021)
Consumer law firm in Texas
Outcomes
- A malicious actor gained access to user information, including names, DOBs, driver’s license and social security numbers, representation, employment, payment information, and biometric data (medical history and health insurance information).
- This information could be used to commit credit fraud, identity theft, and phishing attacks.
How could it have been prevented
- Although the threat vector is unknown, or hasn’t been announced, the chance of attacks can be minimized by following robust cybersecurity protocols, such as the CIS Controls.
85% of breaches involve a human element, according to Verizon’s 2021 DBIR, highlighting the importance of employee security awareness training.
Volkswagen and Audi (Jun 2021)
Automotive manufacturer
Outcomes
- An electronic file left unsecured by their marketing vendor resulted in the data of over 3.3 million customers being leaked, including names, mailing addresses, email addresses, phone numbers, and vehicle purchases or inquiries.
- Leaked data could be used by bad actors to create more sophisticated attacks.
How could it have been prevented
- Vet vendors thoroughly to confirm they follow security best practices.
- Continually audit these relationships.
51% of organizations have been exposed to a data breach caused by a third-party, reports Ponemon Institute.
Kaseya (Jul 2021)
T management and security software company headquartered in Florida
Outcomes
- An SQL vulnerability allowed attackers to compromise Kaseya’s remote monitoring tool which is used by 1000s of MSPs. A malicious payload was injected into their clients’ systems, resulting in one of the biggest data breaches of all time.
- Attackers claimed to have encrypted more than a million systems and demanded a $70 million ransom to unlock the affected data.
- Up to 1,500 businesses and organizations around the world were impacted by the attack, including schools, hospitals, and a Swedish supermarket chain which had to shut down 800 stores and rebuild their systems from scratch.
- After 19 days, Kaseya received the key to unlock the victims’ data. It has not been disclosed whether they or the other victims paid a ransom, or if Kaseya obtained the key by other means.
How could it have been prevented
- Invest in a comprehensive backup and recovery solution so you can restore, rather than having to rebuild, your systems if access is lost
- Address security flaws in software, like weak encryption and passwords
- Follow cybersecurity best practices, like regular patching and end-user training
Precautions to take as an individual
- Be vigilant of phishing attacks – cyber criminals might utilize breached information to launch a more targeted attack.
- Always use strong, unique passwords, and activate multi-factor authentication (MFA) on all accounts.
- Use dark web monitoring to alert you of breached credentials, so you can act quickly to secure your accounts.
- Change your passwords if your credentials have been exposed.
- Consider credit monitoring and identity theft protection if your credit information, payment details, social security or driver’s license number have been compromised.
As these recent data breaches make clear, no organization is safe from the threat of cyberattacks, and bad actors are constantly seeking vulnerabilities to exploit. All businesses are advised to follow cybersecurity best practices, such as the CIS Controls. If you need help securing your organization, don’t hesitate to reach out to Umbrella’s cybersecurity experts. We will continue to keep our clients updated on the major cyber security breaches impacting our world.
Your FAQs answered
A data breach is a security incident where information is accessed by an unauthorized entity. Cyber criminals often seek out unsecured data or carry out attacks to obtain data, which they then utilize or sell for personal gain.
According to IT Governance, over 700 publicly disclosed security incidents had occurred by June 2021, involving close to 4 billion breached records. How often do breaches occur in a normal year? In 2020, Verizon reported 3,950 confirmed data breaches.
During the COVID-19 pandemic, there has been an alarming rise in cyber attacks, with criminals exploiting the uncertainty of the pandemic. The rapid shift to remote work and the rise of BYOD (bring your own device) have also created more opportunities for attackers.
With the explosion of social engineering attacks like phishing/ransomware, the most common weakness has become human error. More than ever, a well-trained and vigilant workforce will be an organization’s first and possibly best line of defense. Training on how to apply a zero-trust mindset to spot phishing emails is essential. Also important are strict endpoint and access controls, especially for BYOD and remote-work environments.
