2020 into 2021 has been an unprecedented couple of years for data breaches in the United States. In light of the COVID-19 pandemic and an increased focus on remote working multiple attacks have been made against critical infrastructure from state sponsored and independent cyber criminals groups looking to cripple the U.S.' security posture. This is a list of the largest and most detrimental data breaches of 2020-2021.
SolarWinds is a U.S. based technology firm that had been breached in early 2020 through the installation of malicious code onto the companies system. The hackers were able to inject code into a software called "Orion" used by 33,000 of Solarwinds customers that when updated provided those criminals with a foothold. While Solarwinds was breached in early 2020 it wasn't until December of that year that it was actually revealed and brought to the companies attention. Some of the clients impacted by the Solarwinds breach include: Microsoft, Cisco, Intel, and other private, high profile companies. However, the breach didn't stop there. Multiple government agencies like the Pentagon, Department of Homeland Security, and The Department of Energy were also infected. It was believed to be a Russian, state sponsored attack that resulted in criminals gaining access to multiple, high ranking government email accounts. This would've been used for espionage purposes that went undiscovered for 9 months.
Russian cyber criminal group REvil attacked Kaseya, an IT solution provider for MSPs and other organizations, on July 2nd 2021. Kaseya identified a potential cyber threat against their system that grew into a large scale ransomware attack 2 days later on July 4th. Due to the nature of the attack Kaseya wasn't the only company impacted the breach. Around 60 of Kaseya's customers were infected during the attack including the clients of Kaseya's customers. This resulted in an estimated 1,500 businesses being impacted in some way. Once they had infected enough systems REvil began to demand upwards of $70 million for a encryption key that would remove the malware for all systems.
On May 7, 2021 the Colonial Pipeline was hit with a large scale ransomware attack that completely shut down operations for several days. Colonial provides approximately 45% of all fuel consumed on the East Coast. With such a large scale shut down thousands of stations were left without gas and even more individuals were left wondering how they were to go about their daily lives. The cyber group that orchestrated the attack was known as Darkside, a ransomware-as-a-service model, that provides the actual malware to an affiliate and then splits the profits. While it is unknown as to how Darkside was able to get into Colonial's system, it was most likely through a phishing email or website that successfully tricked an employee into providing a foothold. This just further presses the importance of security awareness training.
In June of 2021 LinkedIn was hacked revealing upwards of 700 million LinkedIn users private data. This accounts for roughly 93% of LinkedIn's user base. The information revealed includes such things as: names, phone numbers, addresses, and other social media accounts. Despite this information LinkedIn denies that the leak came from them and states that all this information could've been scrapped and found through various other outlets. You can learn more about the breach here.
In April of 2021 Facebook was breached by an unknown low level user that resulted in roughly 553 million profiles' data being leaked to the public. The data was published on a low level hacking forum that included the names. locations, birth dates, and email addresses of million of Facebook users. Facebook claimed that the breach was due to a vulnerability believed to be patched back in 2019.
Twitch, a popular video game streaming site, was breached in October of 2021. The breach resulted in loss of a multitude of private data for streamers and Twitch as a company. The leak included information regarding the income of multiple of Twitch's top streamers as well as vital Twitch security tools and the entirety of the mobile, desktop, and consoles client source code. Twitch did assure users that no private or personal data was lost for the millions of individuals tuning in everyday, despite Twitch itself taking a large hit.
In February of 2021 Kroger made it known that they were impacted by a data breach in December of 2020 through a file transfer vendor known as Accellion. Kroger had used Accellion as a third-party "secure" file transfer protocol. However, hackers were able to gain access to Kroger through a vulnerability in Accellion's system. This resulted in a small amount of customer information being stolen. Kroger claims that only 2% of their customers were impacted in the breach and that the only data stolen was HR data and some basic pharmacy and clinic information. You can read Kroger's response to the incident on their website.
Due to the COVID-19 pandemic most businesses were forced to resume their work from home rather than in the office. Because of this companies began utilizing video conferencing applications like Zoom to conduct business virtually and safely. Cyber criminals decided to take advantage of this by targeting Zoom in April of 2020 at its peak usage. Cyber criminals were able to obtain upwards of 5000,000 users passwords and login credentials to sell on the dark web.
A select few accounts on Twitter were breached in June of 2021 by an individual living in Spain. While not as wide spread as other data breaches on this list, this individual was able to get into the accounts of some of the largest people in the world. Among these accounts were U.S. President Joe Biden, Elon Musk, and Kanye West. Once in control of the accounts this hacker tweeted out a message seeking to lure others into a Bitcoin scam. Once caught, the hacker was sentenced to 3 years in juvenile prison.
The Marriott Hotel company was hit with a cyber attack in early January of 2020, however this is not their first rodeo. In 2018 Marriott was hit by one of the largest cyber attacks with roughly 500 million individuals falling victim. 16 months later they were hit again this time putting 5.2 million guests at risk to lose private data. Leaked data included guests' names, birth dates, email addresses, phone numbers, and other personal information.
Data breaches are only going to continue to increase in volume and scope as the years go on. Make sure your organization is prepared in the event of a cyber attack. It is no longer a matter of if, but when!
CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. CorpInfoTech can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.