Top Data Breaches In The Past Year
2019 was a big year for cybercriminals. In the first half of the year alone, there were 3,813 breaches, according to the latest data breach statistics. That might not sound like much, but these breaches exposed over 4.1 billion records.
That’s a sobering statistic. What’s even worse, though, is that the 4.1 billion records represent a growth of 52% over the same period in 2018. Cybercriminals are making a killing and it cost us $3.92 million dollars in 2019. And that’s only the attacks that we know about. How many have yet to be discovered?
How Could a Breach Go Undetected?
Take the First American Financial Corp. Ltd leak for example. The leak was discovered last year when a real estate developer tipped off the cybersecurity journalist Brian Krebs. The developer got in touch with Krebs after First American ignored his warning that their data was exposed.
Krebs investigated the matter and found that the company had been negligent. The company provided clients with a URL that they could use to view their insurance information online. The problem was that by just editing one number in the URL, they could access other people’s information as well.
Of more concern was that some of the data online went back 18 years. That’s why so many records were exposed.
Technically, this was a leak rather than a breach. The records weren’t exposed by some clever hack, but through company negligence. The effects, however, are pretty much the same. This negligence goes back at least 18 years.
If not for the developer’s and Kreb’s actions, the leak might never have come to the light. How many more instances like this might we come across? That’s hard to say. Companies might opt to be tight-lipped about breaches to shield their reputation or they might not realize that they’ve been breached.
What Happens to All of the Information Stolen?
It’s easy to understand why hackers want to steal information from a bank or large company. Financial information is gold online and it makes sense to pilfer it. That said, all information can have value.
Your Email Address and Password
Say, for example, that you subscribe to an online newsletter. You’re not buying anything, so you feel safe. What could a hacker possibly do with your email address and password? The answer depends on how you set up your passwords.
If you’re like most people, you’ll figure out a secure password and use it across all the sites you register with. A hacker might not be able to hack your bankers, but they might be able to hack the blog that you get the newsletter from.
They’ll then create bots that will try combinations on several different sites. These bots can be set to run automatically and indefinitely. Should the bot gain access to a site, it will send an alert to the hacker.
This is known as credential stuffing and can be lucrative for the hacker.
Your Personal Details
Details like your full name, address, and government identity number are often used for identity theft. The hacker then sets up various credit facilities in your name. With these attacks, you’ll only know something is wrong when the debt collector comes knocking.
Stolen identities are used for more than just credit applications. Criminals may use your details if arrested or questioned by police. Identities are also often sold to illegal immigrants. All types of identity theft can potentially cause you problems.
Your Credit Card Information
Credit card information enables hackers to make purchases online. The fraud may be caught quite quickly, but they can do a fair amount of damage in the meantime.
Hackers Use or Sell the Information
A hacker can choose to use the information themselves, or make a quick profit by selling it. They could opt to do both. They might sell the information on the dark web or an underground hacker network. They might even opt to bundle it and sell it to marketing companies.
Cybercrime is big business. The true cost of a breach can be hard to determine. How do you factor in costs relating to recovery plans, reputational damage, and so on? The truth is that we’ve probably only scratched the surface when it comes to the true extent of cybercrime.