The rate at which companies – large and small alike – are experiencing cybersecurity breaches is alarming. With recent high-profile attacks targeting healthcare, finance, retail, government, manufacturing, and energy, it’s clear that the threat landscape has evolved significantly over the past few years. 

According to projections, cybercrime is forecast to cost the global economy $10.5 trillion by 2025, reflecting a 15% increase year on year. Businesses have never been more vulnerable, and even large enterprises with substantial cybersecurity defenses can fall victim. For smaller businesses, lessons learned from these attacks can help you prepare your security strategy for any eventuality. 

This article discusses some of the most notable company data breaches from recent months, their causes, impacts, and what you should do to remain protected. 

Top 5 Recent High-Profile Company Data Breaches in 2022 

1. GiveSendGo Breach: February 2022

The recent hijacking of a Christian fundraising site, GiveSendGo, took place in response to the Ottawa truckers’ protests, and resulted in the personal details of those who donated to their funds being compromised.

The hackers redirected the fundraising site to a page that condemned the Freedom Convoy protests – a case of Distributed Denial of Service (DDoS) attack. They then published the personal information of the 90,000 donors who had contributed to the initiative via the GiveSendGo website.

This incident highlights how important it is to ensure your business uses secure payment methods and platforms. If not, your customer data could easily end up being compromised. Be sure that after your company experiences a data breach, you take the correct steps to resolve the cause of the breach.

2. Crypto.com Breach: January 2022

The blockchain model has long been regarded as one of the most secure forms of transaction processing. However, this hasn’t stopped hackers from trying to compromise crypto-based transactions. This is evident in the January 17, 2022 attack that targeted 483 users’ wallets on Crypto.com. 

As part of this hack, the perpetrators stole approximately $18 million worth of bitcoin and $15 million worth of Ethereum, plus other cryptocurrencies. This was primarily possible thanks to the hackers’ ability to bypass two-factor authentication and access users’ wallets. Another example of why using a password manager is so important.

Initially dismissing it as a mere ‘incident,’ Crypto.com later retracted their statement, confirming that money had been stolen and that affected users had been reimbursed. The company also stated that they had audited their systems and worked to improve their security posture.

Businesses must be aware of the risks associated with cryptocurrency theft. The best way to protect against this type of fraud is to ensure that all sensitive data is encrypted. 

3. FlexBooker Breach: December 2021

FlexBooker, an appointment scheduling service, was another high-profile victim of a massive data breach affecting roughly 3 million users just before the holidays. The threat actors unlawfully accessed sensitive data such as drivers’ licenses, photos, and other ID information, posting them on various hacker forums.

The group managed to compromise FlexBooker’s data by exploiting its AWS configuration. Once inside, they installed malware onto the servers, which allowed them to gain full control over the system. 

Perhaps unsurprisingly, various professionals, including lawyers, accountants, and consultants, left the platform after the incident, affecting the company into 2022.

4. Robinhood Breach: November 2021

On November 16, 2021, Robinhood announced that an attacker had breached its internal systems using social engineering. According to the firm, the intruder gained access to the email addresses of 5 million users, the full names of 2 million users, and other personally identifiable information. 

Once inside, the intruder demanded an unspecified ransom in exchange for not releasing any user details. Robinhood contacted local law enforcement agencies and worked with a security consultant to investigate the incident. The company also informed all affected customers about the breach and made the announcement public. 

Social engineering attacks can be very difficult to detect, especially spear-phishing or impersonation. Thus, companies must take extra precautions to protect their networks. 

5. Twitch Breach: October 2021

In October 2021, Twitch announced that an unknown actor had infiltrated its source code and compromised data sets, including creator payout data. The motive? The intruder claimed they wanted to foster competition in the streaming space and cause an upset with the leak. The leak contained three years of data about Twitch’s creator payouts, twitch.tv’s entire scope, clients’ source code, details on an unreleased Steam competitor, proprietary code, and more.

However, Twitch reassured its users that their password, login, credit card, and bank details were secure and that only a handful of users were impacted. The company further revealed that a server configuration error could have been responsible for the breach. Thus, it reconfigured all stream keys and closely monitored the situation. 

Companies with the Most Data Breaches in 2022

Some of the most high-profile company data breaches are notorious for their frequency as well as the damage caused. 

Facebook is one of the most popular websites in the world today. However, the company has faced numerous privacy issues over the years. Their most recent attack occurred in 2021, affecting 533 million users. Before that, Facebook was also hacked in 2018 and 2014, leaving 2.2 billion and 50 million people impacted, respectively. 

Yahoo is another infamous victim of back-to-back cybersecurity incidents. The company was hacked in 2013 and 2014, leaving 1 billion and 500 million people affected, respectively. Their most recent attack in 2017 impacted 32 million users. 

Other companies that have experienced repeat data breaches in the recent past include Amazon, Twitter, Microsoft, Uber, AOL, Dropbox, eBay, and more. But why do these companies experience repeat attacks? Here’s a quick overview of three common reasons:

• Old vulnerabilities: It’s not uncommon for a hacker to leave a secret window that they can use to access a company’s systems again after a successful first attempt. Failing to patch these vulnerabilities can lead to a second attack.

• Human error: Employees using weak passwords may expose a company’s systems to subsequent attacks. Other common human errors include employees clicking on malicious links and visiting phishing sites. Unless you perform follow-up security training following an initial breach, employees can repeat previous mistakes that leave your business vulnerable.

• Malware: Hackers use malicious software such as viruses, ransomware, Trojans, spyware, adware, etc., to steal confidential information from an organization’s network system. If a company fails to step up monitoring protocols after its first breach, there is nothing to stop repeat attacks from occurring.

Don’t Fall Victim to Company Data Breaches

It doesn’t matter if you’re a small business or a large corporation; every modern company is at heightened risk of cyber attack. To keep your data secure, you need a comprehensive cybersecurity solution. At Electric, we help businesses protect their most valuable asset from threat actors. Get in touch to learn more about our unified IT security at the device, application, and network levels.