A data breach can affect the reputation of a business and incur a lot of costly damage.
Data breaches can involve leakage of financial information such as credit card or bank details, personally identifiable information (PII), personal health information (PHI), intellectual property or any other sensitive information that ends up with an individual unauthorised to gain access to it.
The personal data of millions of users get leaked every year as a result of data breaches, and it remains to be one of the major security concerns for large corporations and smaller businesses.
According to a study conducted by the Ponemon Institute, the average total cost for a company as a result of a data breach is $3.86 million.
Failure to take proper measures to fix security issues can cause serious damage.
In today’s article, we’ll have a closer look at 2 of the biggest data breaches of 2020.
Tetrad Data Breach
Security researchers at UpGuard were able to discover a publicly exposed cloud database from marketing analysis company Tetrad that included personal data and behavioural profiles of about 120 million Americans.
The collection of data sets provided detailed information about Americans based on where they live, what they buy, how much they spend, how long their commute is and their opinions on a range of topics.
The data was publicly available on the internet because of a misconfigured Amazon S3 bucket and it contained about 747 GB of data. The data appeared to derive from Tetrad’s clients which included companies ranging across retail, real estate, healthcare, banking & finance, hospitality and more.
Even though Tetrad revoked public access within a week upon UpGuard’s notification, it is still largely unknown how long it was exposed for and whether anyone else got hold of the data.
Sina Weibo Data Breach
Weibo, China’s microblogging alternative to Twitter, was hit with one of the biggest data breaches of 2020 that impacted around 538 million users. The personal details of the users were available for sale on the dark web for as low as $250.
It contained personal details including real names, site usernames, gender and location. It also included the phone numbers of about 172 million users.
The hack is believed to have happened during mid-2019 but it didn’t appear for sale on the dark web until March 2020. It’s a huge relief that the hack did not leak any passwords or payment information.
While Weibo has acknowledged the breach and further investigations were ordered by the authorities, unclear responses from the company have led to questions if more information was exposed as part of the breach.
A more detailed blog covering 3 more breaches and how you can find out if your personal or work accounts have been compromised in a data breach is published at: https://beaglesecurity.com/blog/article/5-biggest-data-breaches-of-2020.html
Top comments (2)
Thanks Abey, interesting stuff. Is there an article or links recommended for surveying the larger security breaches from the past decade, 2010-20? I'm particularly interested in the scope of the exposure in North America where I'm from, as well as a general impression globally.
Thanks, Jim! I think this article by CNBC is a great read about the 10 biggest data breaches of the decade.
I couldn't find anything that covers the data in North America specifically. There's a Statista report that specifies the number of breaches and records exposed from 2005-2020 in the US. But unfortunately, it's gated.
Wikipedia has a list of data breaches, and I think it is the closest to what you're looking for. There's work to filter the data out though.