Cybercriminals regularly engage in data breaches to steal companies’ information, which is why it’s so important that organizations have a comprehensive information security policy.
The problem is getting worse. Surveys show that US companies experienced 1,108 data breaches in 2020, but 1,291 as of September 2021.
If your company doesn’t have effective cybersecurity plans in place, it may experience a severe data breach such as the ones highlighted below.
Colonial Pipeline
Gas pumps in the eastern United States were taken offline in early 2021 when a ransomware attack on a petroleum company damaged the supply chain.
Colonial Pipeline provides almost 50% of the gasoline on the East Coast, but it was hacked by DarkSide, a well-known hacking group. It’s estimated the criminals stole up to 100 gigabytes of company data. The group warned it would release this information online if it didn’t pay a ransom.
The company eventually paid $2.3 million in Bitcoin to get past the crisis. Meanwhile, millions of consumers faced high fuel prices and shortages for more than a week.
Perhaps if Colonial Pipeline’s IT team had more effective information security and compliance policies in place, this crisis could have been averted.
The private data associated with 700 million LinkedIn users were put up for sale on the dark web in 2021. Hackers stole the data by exploiting the API and then scraped the private data.
The captured data included email addresses, phone numbers, full names, usernames, professional and personal experience, and more.
LinkedIn, however, claimed this wasn’t a data breach, and no member information was stolen.
T-Mobile
T-Mobile reported in August 2021 that a data breach in the United States led to more than 40 million customers having their data stolen. The company said a sophisticated cyber attack led to the disaster.
T-Mobile said that personal data was stolen but no financial information was stolen.
When criminals were caught trying to sell T-Mobile user data online, people found out about this serious data breach.
20/20 Eye Care Network
This company found that critical data was removed from its cloud-based servers operated by Amazon Web Services this year. All this vital data was deleted by the hackers.
It’s believed the crooks may have had access to Social Security numbers, names, addresses, dates of birth, and health insurance data for most of the company’s health plan members.
After discovering the breach, 20/20 reported that it investigated the problem and alerted all affected members. It has since provided additional employee training to prevent a breach from happening again.
Twitch
Amazon owns this streaming service, and it suffered a massive data breach in 2021. The company claimed a human error that was made when working on a server created a vulnerability that allowed about five billion private records to be leaked.
This was an embarrassing failure for Twitch, and it took several weeks for the Amazon property to clean up the mess.
Kroger
Consumers may not first think of Kroger as the most likely target for stealing healthcare data, but this happened in February 2021. A data breach at Kroger’s third-party cloud company gave them unfettered access to the grocery giant’s HR and pharmacy records.
The company said only about 1% of customers had their data stolen. But it contained critical consumer information, such as phone numbers, names, addresses, Social Security numbers, and prescription information.
About 1.5 million consumer records were stolen.
The above serious data breaches clarify how much financial and reputational damage can occur when these problems happen. That’s the reason it’s so crucial that companies devise a robust cybersecurity strategy to thwart hackers before the worst happens.