Skip to main content

7 Top and Worst Data Breaches in 2022

Data breaches can lead to negative consequences for your company. Not only do they serve to compromise your sensitive information, but they serve as a precursor for further cyber attacks. During data breaches, hackers intend to uncover your sensitive, confidential, or protected data while evading the owner's knowledge of its exposure. The number of online data breaches experienced worldwide for the first two quarters of 2022 was recorded at 8.51 million, and these numbers are expected to grow over time.

That's not all, the expected cost of a data breach is on the rise. According to a report published by IBM, the data breach average cost increased from $4.24 million to $4.35 million in 2022. This is why cybersecurity experts emphasize the importance of a sound cybersecurity setup to protect yourself from malicious data breaches. There are steps you can take to avoid such breaches. However, before you can protect yourself, you need to study the types of data breaches you may face.

Here we'll be going over some of the top data breaches for this year, in no particular order. By reading them, you will have an idea of what to expect and what protective measures your company should have in place.

  1. Hacking in Russia/Ukraine
  2. Health Care Provider Data Theft
  3. Chinese Hackers Breach Telecoms
  4. The Extortion Spree of Lapsus$ Group
  5. Conti Cripples Costa Rica
  6. Hacks on Decentralized Finance Platforms
  7. Concealed Carry Permits in California

1. Hacking in Russia/Ukraine

Ever since Russia and Ukraine have sent troops for war to their borders, a digital war has sprung out between the two nations. A significant advance in this war was when the underground "hacktivists" Anonymous declared a cyberwar on Russia for invading Ukraine.

Some notable attacks Anonymous has since then carried out include hacking into databases and posting leaked information regarding Russian military members, the Russian Central Bank, leading Russian oil and gas companies, IT companies, law firms, and several other Russian organizations online. They claimed to have hacked over 2500 Russian and Belarusian sites and compromised countless data databases. During database breaches, many CIS files were erased altogether, whereas hundreds of folders were renamed as "putin_stop_this_war".

That's not all, a study published by cybersecurity company Surfshark found that Russia experienced the most data breaches in the first quarter of 2022, with more than 3.5 million users affected.

2. Health Care Provider Data Theft

The healthcare sector is one of the largely attacked sectors when it comes to data theft. At the forefront of healthcare data breaches is the Massachusetts-based Shields Health Care Group. In June 2022, they disclosed a healthcare cyberattack to HHS that was estimated to have impacted over 2 million individuals. The organization first detected suspicious activity on its network on March 28, 2022. They immediately launched an investigation to contain the incident. Reports revealed that the attackers managed to gain access to the Shield healthcare group network server from March 7 to March 21, 2022. During this period, attackers gained access to data including full names, social security numbers, individuals' health care diagnoses and information, patients' IDs, date of birth, addresses, etc.

Shields stated that they "took steps to secure their systems and conducted a thorough investigation to confirm the nature and scope of the activity". This data breach further impacted over 2 dozen facility partners including Tufts Medical Center, UMass Memorial, and other New England healthcare facilities. The takeaway here is how failing to rigorously update your cyber threat investigations allow malicious actors to remain undetected in your network. You should have a proactive approach to data security, and employ cyber threat hunting practices to remain ahead of such compromises.

3. Chinese Hackers Breach Telecoms

According to the US, Chinese-backed hackers breached major telecommunication firms by exploiting software flaws in routers and other networking hardware in June 2022. According to the advisory from the FBI and the US cybersecurity and infrastructure security agency, these cybersecurity officials tend to overlook these devices.

The US Federal agencies reported that the target of these hackers is major telecommunications companies. These actors hope to steal credentials and harvest sensitive data. Once the hacking group exploits vulnerabilities in unpatched SOHO routers or other networks, they use these devices as a part of their attack infrastructure to further breach more networks.

The advisory further explains that attackers stole credentials to access underlying SQL databases. Once accessed, they used SQL commands to exfiltrate data from critical servers. The report published by the Cybersecurity and Infrastructure Security Agency declined to mention specific telecommunication firms that were affected, but they did mention that this is not a zero-day exploit. The hackers are instead exploiting equipment that has not been patched or is vulnerable.

4. The Extortion Spree of Lapsus$ Group

The LAPSUS$ group is an international hacker group best known for its various cyber attacks against large tech companies. The goal of the group was to gain access to business networks through stolen credentials that allow data heft and further cyber attacks. By March 2022, the LAPSUS$ group had successfully gained enough traction for its high-profile victims including Microsoft, Okta, NVIDIA, Samsung, and others.

Unlike attackers that use ransomware attacks to hack into data and then have the victim pay a hefty sum to have it securely released, the LASUS$ group was more notoriously known as an extortionist group. They wouldn't refuse to give back access to the data, but instead threaten to publicly release the collected information.

The LAPSUS$ group primarily used social engineering techniques along with tactics such as sim-swapping, hacking employee personal accounts and even paying insiders for access to company internal networks. They were further pretty vocal about who they would target next, often announcing victims on their Telegram channel.

However, these breaches were not necessarily disruptive. For Microsoft, the data stolen "did not lead to elevation of risk", as was with Samsung. Many regarded their hacking behavior as reckless or erratic. It was their attack on Nvidia that brought them into the broader limelight. Soon after, many individuals who were reported to be members of the group were arrested, all of whom were teenagers. Months after the arrests, the group became inactive.

In the case of LAPSUS$, companies can protect themselves by reevaluating desk policies and working on social engineering awareness. They should further find and patch vulnerabilities in their systems that may lead to the exfiltration of sensitive data.

5. Conti Cripples Costa Rica

For the past few months, Costa Rica has been making headlines owing to the national state of emergency enacted by President Rodrigo Chaves Robles. He declared the state of national cybersecurity emergency following a ransomware attack by the Conti ransomware group. The attack targeted the public sector and government branches of the Costa Rica economy, bringing it to a standstill. Estimated costs to the economy are calculated at $38 million each day they were down.

The attacks first took place right after President Chaves took office. They targeted the Costa Rica Ministry of Finance, then followed by the Ministry of Labor and Social Security, The Ministry Of Science, Innovation, Technology and Telecommunications among others.

They claimed to possess over 670 GB of government data, which they threatened to release if not provided with $10 million from the Costa Rica government. The government refused, due to which Conti started leaking data it claims to have stolen from the Costa Rican agencies. Till day, Costa Rica continues to suffer the effects of these attacks and won't be recovering any sooner.

This attack uncovered how governments need to take proactive steps to remain secure from such ransomware attacks. Although such attacks are rarely fully prevented, especially if we consider the access and affiliations groups like Conti have, they can be mitigated. Adding robust cyber screening solutions, early detection and response is the best way to ensure business continuity in the face of attacks.

6. Hacks on Decentralized Finance Platforms

In the first three months of 2022 alone, hackers have stolen nearly $1.3 billion from crypto exchanges and platforms, the target primarily being decentralized finance platforms. According to Chainalysis, 97% of all crypto stolen in the first quarter of 2022 was from Defi protocols.

One of the most significant attacks on a decentralized finance platform was on Ronin. The Ronin Validator security breach led to $615.5 million in losses back on March 29, 2022. The hacker reportedly stole nearly 173,600 ETH and $25.5 million USDC from Ronin in 2 transactions alone.

According to an official report by the company, the hacker managed to get access to private keys to validator nodes. The hacker compromised a total of 5 validator nodes, the minimum needed to approve a transaction.

However, the first exploit can all be traced back to last year when Axie DAO gave access to Sky Mavis to sign off on transactions but never revoked this access. The hackers use this to get backdoor access to the network. Many now sum it up as a social engineering attack that led to the exploit. Very quickly, the Ronin bridge was shut down and all transactions were put to a halt. Now the developers have promised to increase the number of validator nodes to 21 and are working with law enforcement to recover all funds.

7. Concealed Carry Permits in California

In June-July 2022, the California Department of Justice (DOJ) reported a data breach that exposed the personal information of over 200,000 CCW (Concealed Carry Weapon) permit holders in the state. Information that was exposed included the names of individuals, their ages, addresses, CII numbers, and license types, particularly those who had applied for a CCW permit between 2011-2021.

The California DOJ then indicated it would be sending data breach notifications to all affected parties. Although no social security numbers or financial information was released, the data breach was still alarming. The agency further reported that the information was available on a publicly accessible spreadsheet for less than 24 hours until the website was shut down by the agency. They said some portion of the data may have been copied or posted online. They further opened an investigation to uncover how the exposure occurred and how to take appropriate measures to avoid such an exploit in the future.

Which Data Breach is the Worst?

Undoubtedly, the worst data breach we pinpoint here is the cyberattack on Costa Rica, which aimed to bring the entire country to a standstill as the president declared a state of emergency. In May 2022, Costa Rica came face to face with a crippling ransomware attack, soon after which the country's government agencies were disrupted for nearly a month. Processes that would be computed were shifted to pen and paper, trade came to a halt, and most online public services were rendered inaccessible. Many call it an outright declaration of war. What's more, these attacks are not expected to stop. They are expected to continue not only for the residents of Costa Rica but worldwide. The capability of cybercriminal groups such as Conti to take part in such large-scale ransomware attacks says a lot about the power they wield, even against governments.

What is the Most Recent Data Breach?

The most recent data breach (as of the time of writing this article) was reported by the cybersecurity company Group-IB in August 2022. They published a report explaining a months-long phishing campaign that had compromised at least 130 companies including Cloudflare, Doordash, and Mailchimp.

They outline the scheme the attacker follows as well. The attacker would target employees of companies and direct them to a phishing site by using text messages with phishing links. Once the victim enters corporate credentials on the phishing site, the attacks would use it to further gain access to the organization. He could then steal information, exfiltrate information, or make changes to data. Most of the companies these data breaches targeted were financial types, including crypto or investment companies. These indicate that the attackers were guided by a financial motive.

What is Data Breach?

A data breach as the name suggests is a type of cybersecurity incident in which information of the victim is stolen or extracted from the system without the knowledge of the system owner. It's important to note that data breaches are not tailored for any particular type of business or sector. It targets large and small businesses from all types of sectors.

Data stolen in this case may be sensitive information that may be damaging to your public image or confidential financial information such as credit card information or trade secrets, or matters of national security. For companies, it's not just their data that's on the line, but their customers may also fall victim to such data breaches.

There are many methods hackers use to gain access to your confidential information. They gain unauthorized access to your control systems, they exploit weak corporate security policies, they use malware/ransomware/phishing to steal data, and they may use a person on the inside to get the job done, the possibilities are limitless.

Seeing how unpredictable data breaches can be in their nature, we should take as many precautions as necessary to keep our data secure at all times.

How Does a Data Breach Happen?

Every passing day sees an increase in the prevalence of data breaches. To effectively defend ourselves against their attack, we must first comprehend how data breaches occur. Most data breaches include five fundamental steps:

  1. Initially, the hackers will conduct a target analysis. They will look into the type of hardware and software a company uses. They will further investigate the extent of cybersecurity measures the company has in place, how much of their budget is spent on cybersecurity, and so forth.

  2. In the next step, the hackers will probe the target company system for vulnerabilities they can exploit. To protect yourself from hackers, you should monitor your network for flaws before a hacker can uncover them

  3. The third phase will have the hackers taking action. The hackers will use exploit code to exploit the flaws. To combat such threats, companies need to take a proactive approach to their cybersecurity, actively seeking out threats before they can do damage to your network

  4. In the fourth phase, the hackers will deliver the payload. They may do so by using malware, ransomware, hijacking services, etc. The goal is to gain access to the company's internal accounts where they can access the data they hope to breach

  5. Finally, the hackers will be able to gain access to the data they wish to exploit. The data may be copied, removed, downloaded, or tampered with as the hacker may desire.

How to Protect Yourself From Data Breach?

Since data breaches can be incredibly unpredictable, you need to protect yourself using as many possible measures as you can. Here are some ways you can protect yourself from a data breach:

  • Educate/Train Employees: Start by educating your staff on how to recognize phishing scams or similar suspicious activity that may be preliminary to data breaches. A notable number of data breaches are simply due to negligence or ignorance on the part of employees.

  • Restrict access: You should make sure you compartmentalize your data. One department need not have access to the next department's records. Make sure access across the board is controlled and only allowed for limited needs.

  • Use a Firewall: Firewalls are considered the first line of defense when it comes to network security. Firewalls make sure only authorized, authentic traffic passes through your network and prohibits access for suspicious activity.

    Best Practice

    Zenarmor NGFW is an extremely effective, enterprise-grade content filtering engine that identifies and blocks advanced malware and other highly complex threats and data breaches.

  • Use Strong Passwords: Poor passwords lead to poor security. You should train your employees to keep stronger passwords and keep them stored securely with them. You should also use multiple-factor authentication when possible to further strengthen your security.

  • Control Computer Usage: Your company benefits from monitoring your insider behavior. This allows you to see what your employees are using their computers for, what files they access, and what data they send. This way, in the case of a data breach, you can quickly uncover if it was insider activity.

  • Improve General Security: Finally, you should improve your cybersecurity measures across all tiers. You should focus on firewalls, Virtual Private Networks(VPNs), threat hunting practices, traffic monitoring, etc. You should also make sure all your programs are regularly updated with the latest security updates.

How to Protect Yourself From Data Breach

Figure 1. How to Protect Yourself From Data Breach

Can a Firewall Protect You From Data Breach?

Yes. Firewalls protect you from data breaches. Firewall security measures are considered one of the most basic forms of cybersecurity organizations of all shapes and sizes should invest in. There are also many types of firewalls available that suit your unique individual needs. When it comes to data exfiltration of data breaches, in particular, you can use firewalls as a line of protection.

Firewalls can check incoming traffic along with outgoing traffic for suspicious activity. They will therefore be able to detect, for instance, if any sensitive data is being exported to an outside server. They protect your network by filtering out unauthorized access to your private data, to begin with. They are further known to be incredibly reliable when it comes to Advanced Persistent Threats (APTs), a type of cyber attack in which the attacker remains undetected for a long period to steal sensitive data.

Is Data Breach a Security Risk?

Yes. A data breach is considered one of the most significant security risks today. This is because of their general lack of consistency, anyone, anytime can be at risk of data breaches. From small-medium businesses to large enterprises and government agencies alike. If one partner is exploited, they can further put others at risk.

The type of data the hacker targets is also quite variable, it could be personal information, financial information, legal information, security information, etc. Moreover, the consequences for businesses that are a victim of data breaches increases with each passing day.

To keep yourself secure from data breaches, you need to keep protective measures in place. You should maintain control of data access, and have your data encrypted to control who can read it at all times. You can further limit data access entirely unless it is required. By taking proactive measures, you can protect your business from falling victim to high data breach costs in the future.