Image Alt

5 Biggest Data Breaches of 2021

data breaches

5 Biggest Data Breaches of 2021

In 2021, data breaches dominated the news. According to data from the ITRC, 2021 saw a 17% increase in data breaches compared to those reported in 2020.

The number of data breaches in the third quarter of 2021 was 446, less than those reported in the second quarter (491). However, the number of victims in the third quarter was 40 million higher than in the first and second quarters combined. This sudden spike in the number of victims is attributed to a series of unsecured cloud databases.

As you work on data security in 2022, it’s important to also look back at the data breaches of 2021. We’ve highlighted the five biggest data breaches of 2021 below. 

ClearVoice Research Data Exposure 

In April 2021, ClearVoice Surveys, a market research company, became a victim of a hacking incident. A 2015 database backup containing sensitive information was offered to the public for purchase. The compromised database had complete profile information of the participating survey respondents, including email addresses, physical and IP addresses, dates of birth, gender, passwords, etc. 

The bad actors distributed the sensitive data on a popular hacking forum. However, ClearVoice managed to locate and secure the backup file, eliminating further exposure. The number of individuals affected by the ClearVoice cloud data breach was nearly 15.7 million. After the incident, the research firm forced a password reset for all the affected members. It also implemented other security measures to reinforce data privacy and security.

The ParkMobile Breach 

ParkMobile, one of the largest and most popular parking apps in the US, suffered a data breach in March 2021 due to vulnerabilities in third-party software the company uses. The hack, which affected nearly 21 million people, exposed telephone numbers, email addresses, and license plate numbers. However, the hackers failed to get hold of location data, user passwords, and credit card information.

They discovered the data breach after a New York-based cybersecurity firm found a post on a Russian hacking forum detailing the data the invaders were selling to the highest bidder. 

According to ParkMobile, the company uses advanced password encryption techniques, making it difficult for the invaders to view the password files. The company also noted that it doesn’t collect driver’s license numbers, social security numbers, and dates of birth.

The Unknown Marketing Database Breach 

On July 26, 2021, Amazon Web Services found out about a mysterious website it was hosting that exposed the personal information of approximately 35 million people. The website didn’t have a password and displayed names, home addresses, contact information, shopping habits, and wealth demographics of residents within the Los Angeles, Metro Chicago, and San Diego regions.

Comparitech, a cloud, and cybersecurity company headquartered in Maidstone, Kent, discovered the database on June 26 but could not identify the database’s owner. According to the company, the information could be used for targeted scams & spam campaigns, and phishing attacks. The site was live, and the data was accessible to anyone with an internet connection.

T-Mobile Data Breach 

After learning of a massive data breach that exposed sensitive information of approximately 47.8 million users, T-Mobile confirmed the hacking incident. It exposed personal information, such as names, social security numbers, government IDs, and driver’s licenses. Other information accessed by the hackers included T-Mobile prepaid PINs, dates of birth, phone numbers, and addresses.

After confirming the incident on August 17, the company said the invaders leveraged specialized tools & capabilities and some knowledge of technical systems to compromise the testing environments. Most probably, the hackers used brute force attacks to gain entry into the IT servers. 

To make up for their mess, T-Mobile promised two years of identity protection services to the affected persons. The carrier also activated accounting takeover protection for postpaid customers and recommended customers to enable T-Mobile’s free scam-blocking protection via the Scam Shield feature.

OneMoreLead Data Breach

In April 2021, a cybersecurity firm vpnMentor discovered an unsecured database containing sensitive data of over 63 million US citizens. 

The 34 GB size database had names, workplace information, employer details, phone, and email addresses. These data exposed several people to potential fraud, phishing attacks, and identity theft.

According to vpnMentor, OneMoreLead, the marketing firm that claimed the ownership of the leaked data, was started in April 2020. And by extrapolation, it’s a relatively small company that couldn’t have possibly acquired that much data within a short period. The vpnMentor’s team concluded that the company acquired the data from another firm or from the 2020 Leadhunter leak.

Reports from vpnMentor confirmed that the data was published on April 10, 2021, but was discovered on April 16, 2021. The team contacted AWS, which hosted the database on April 20, and the site was down on April 21.

Protecting Your Sensitive Data from Digital Invaders 

The 2021 data breaches have proved to the world how severe data leaks can become. These data leaks are costly and stressful, as they may involve lengthy class-action lawsuits and regulatory penalties.

From technology attacks due to insecure devices or open software vulnerabilities to brute force and phishing attacks from advanced cybercriminals, every company, large or small, should prioritize data privacy and security. 

However, before securing your sensitive databases and systems, it’s necessary first to understand the most common causes of data leaks. That way, you can put together your tools and resources and begin working on your cybersecurity strategy.

When it comes to protecting company data, you need to invest in the right cybersecurity tools, software, and talent. Where possible, go for a comprehensive cybersecurity tool with integrated governance, risk, and compliance capabilities. That way, you’ll manage all risks from one place for better and enhanced visibility.

Post a Comment