The year isn’t over yet, but there have already been multiple significant data breaches. While 2020 has been an unusually extreme year on many fronts, its cybercrime rate is indicative of a larger trend. Data breaches were a relevant threat before the pandemic and will continue to be so after it.
According to a 2020 study, 82.6% of U.S. organizations have experienced a successful cyberattack in the past year. The same study showed that hackers breached 82.3% of U.K.-based organizations in the same timeframe. These are distressing figures, but statistics from other countries in the same report range even higher, with 93.9% of Mexico-based organizations experiencing a breach as well as 85.7% of Italian and 83.3% of Chinese organizations.
These threats can affect companies of any size or type, so businesses need to be aware of them. Learning from others’ mistakes or misfortune can help you improve your own cybersecurity.
With that in mind, here are the five most significant data breaches of 2020 so far.
1. Marriott International
On March 31, Marriott revealed that hackers accessed 5.2 million guests’ personally identifiable information (PII). Hackers used the login credentials of two employees to access a third-party guest services app. From there, they could’ve seen sensitive information like names, addresses and phone numbers.
Third-party vendors can present a considerable risk if businesses aren’t careful about verifying their security measures. In this case, though, the breach was a matter of user behavior, not the app itself. If Marriott controlled employee permissions more or used multifactor authentication (MFA), it could have avoided it.
In April, a cybersecurity firm found more than 500,000 Zoom passwords for sale on the dark web. Cybercriminals got these passwords by credential stuffing, where attackers use leaked information from other data breaches. Since people often reuse passwords, one leak can lead to further incidents, like it did here.
Your information could leak without you knowing it, and this kind of situation happens often. If you use the same login credentials for multiple sites, a breach in one could compromise all your accounts. You generate as many as 40 data points when you visit any website, so minimizing the leak’s damage is crucial.
3. Fifth Third Bank
Data breaches don’t have to be big to be substantial, as is the case with Fifth Third Bank. In February, a group of employees shared at least 100 customers’ PII with sources outside the bank. That data could have led to criminals accessing people’s bank accounts, causing potential financial ruin.
While this breach is relatively small, it could have been disastrous if it hadn’t been caught it when it was. This incident highlights the need for insider threat protection since the breach came from employees. Any company, especially one that deals with PII, needs to take insider threats seriously.
Zoom wasn’t the only company to fall victim to a credential stuffing attack this year. It has exposed more than 300,000 Nintendo Switch accounts since April. Before the attack, Nintendo allowed users to log into new accounts with their credentials from an older system, creating this vulnerability.
While this approach was convenient, the older login systems weren’t as secure. As a result, hackers could get login credentials from the outdated service and use them to access the new one. Businesses that want to avoid similar situations should think about the vulnerabilities that come with supporting legacy systems.
In a more unusual breach, hackers swindled Twitter users out of more than $100,000 by impersonating celebrities. Attackers spear-phished Twitter employees to gain access to their tools. With insider access, they took control of celebrities’ accounts and tricked users into sending them Bitcoin.
This incident proves that no matter how tech-centric a company is, it’s still vulnerable to human error. If you want to stay safe from all threats, you have to know how to spot a phishing attempt. Something as seemingly innocent as an email can lead to hundreds of thousands of dollars in damage.
What You Can Learn From These Breaches
It’s clear from these examples that no one is immune to data breaches. These attacks didn’t just affect companies, but the lives and finances of their customers as well. If businesses want to avoid financial damage and tarnished reputations, they need to take cybersecurity seriously.
Credential stuffing seems to be an increasingly popular method for cybercriminals. You can avoid falling victim to these attacks by using different passwords for all your accounts. Other password management practices, like using multifactor authentication, can help prevent incidents like the Marriott attack.
In light of the Twitter and Fifth Third breaches, companies may want to rethink employee training and controls. If you deal with a lot of sensitive customer information, consider adopting a zero-trust approach and limit employee access. No matter your business, providing thorough training for employees to avoid things like phishing is crucial.
Cybersecurity Is More Important Than Ever
Many things have come to a halt in 2020, but cybercrime isn’t one of them. These five instances are just a small sampling of the data breaches that have taken place this year. Protecting your information and that of your customers has never been more critical.
Cybercrime will likely keep rising as the world becomes more digital. That shouldn’t stop companies from adopting new technology, but adoption should come with care. Cybersecurity is now an essential part of running a business.