High Profile Data Breach Update – No Company is Safe

The need for adequate cybersecurity is at an all-time high. A constant threat of attack looms over businesses of all sizes and in all sectors. No organization is immune from cyberthreats in the modern working world. Those threats come in such forms as data breaches, ransomware, phishing, or a lack of preparedness. Criminals are constantly developing new tactics to infiltrate established defenses, and this has created a cat-and-mouse game with often severe real-world consequences.

In short, no company is safe from a cyberattack. A look at some recent high profile data breaches reveals this glaring reality. If your organization doesn’t already have defenses and planning in place, immediate action now can help you stay a step ahead of threat actors. Preparation is critical. It’s not a matter of if, but when, a cyberattack will occur.

Facebook/LinkedIn

Let’s start by looking at a relatively recent data breach that is of note due to its the huge number of people potentially affected. Two of the most commonly used social media platforms saw severe data breaches in 2021, affecting hundreds of millions of people around the world.

The personal information of 533 million Facebook users was exposed this Spring. PII including, names, phone numbers, birth dates, and email addresses was posted in an established hacker forum where anyone could access the data for free. This breach initially took place in 2019 when a weakness in Facebook’s cyber defense was exposed. The security issue was supposedly resolved shortly after, but the compromised data floated around until recently being exposed. Facebook is a Fortune 50 company, showing that even the upper echelons of the corporate world can get hit hard.

LinkedIn was victim to a similar breach. This instance also involved over 500 million user profiles and their associated personal information. Some of these were placed up for sale on the Dark Web by hackers for a whopping $2 for each record – allowing easy access and showing how brazen cybercriminals can be. Microsoft, another Fortune 50 company, owns LinkedIn.

Audi/Volkswagen

The North American branch of this German firm Volkswagen Group recently experienced a data breach impacting over 3 million customers. Audi and Volkswagen dealerships in the US, alongside a handful of authorized dealerships, were the primary target. Nearly all of the compromised information involved Audi customers.

In addition to basic PII like full names, mailing addresses, and phone numbers, more valuable information was also accessed. Nearly 100,000 customers had their Social Security numbers, dates of birth, and driver’s license numbers exposed. Volkswagen is offering credit monitoring and protection assistance, but with such valuable information already out there, victims and consumers are obviously unhappy.

Intuit TurboTax

Intuit, the company that owns the popular TurboTax software, recently informed customers that their financial and personal information had been compromised after a series of account takeover attacks. What makes this one worth noting is that this isn’t the first time that TurboTax has experienced a data breach – it’s the fourth widescale breach reported by Intuit.

Account takeover attacks use data sourced from a different breach to gain access to user profiles and accounts. In this instance, cybercriminals used passwords and usernames from an outside source to access TurboTax accounts. This attack highlights the importance of using different complex passwords while also demonstrating that repeated attacks on a business are common. Intuit is offering free credit reporting from Experian (as they have done following the previous incidents), but this after-the-fact assistance doesn’t provide much genuine help to victims.

McDonald’s

The massive corporate burger chain was hit with a cyberattack in June. McDonald’s reported that it had experienced a data breach affecting its operations in the US, South Korea, and Taiwan. This attack seemed to target employee information, and there was no breach of customer information. The company told the affected employees that the stolen data was not sensitive in nature. Still, it directed them to be on the lookout for direct attempts to steal their PII as a result.

Health Care Sector

Showing that threat actors have no boundaries when it comes to their victims, cyberattacks on various health care sector organizations have been on the rise. One case involved MultiCare Health System in Washington State. A ransomware attack targeting this non-profit health care provider affected some 200,000 patients. PII, including Social Security numbers, bank accounts, and dates of birth, was exposed.

Another health care sector data breach took place in March and affected over 100,000 patients of the Cancer Treatment Centers of America. The breach occurred through a compromised email account that ultimately led to the exposure of PII for these patients. Bad actors do not need a large opening to strike, and a single email profile produced a six-figure victim count. CTCA did not notify victims for nearly two months after the breach took place.

Experian

Experian is supposed to monitor consumer credit but a recent data leak exposed millions of credit scores. A commonly used application tool was the source of this breach and gave out credit reports to anyone with access to basic PII. While this wasn’t a direct exposure of consumer information, the faulty application programming interface at the source of the problem potentially provides cybercriminals with your credit score. When combined with PII gained from other breaches, this information could lead to different types of financial fraud such as mortgage and loan fraud.

Final Thoughts

The data breaches mentioned here represent only a fraction of the cases that have already occurred in 2021. These breaches can and do happen to organizations of all sizes across all industries. A breach of any size can have a substantial impact on your business’s normal operations and reputation. While there is no way to fully prevent a cyberattack, having adequate defenses in place can limit the risk for your company and its customers. Planning for the inevitable event of a data breach is the first step toward effective cybersecurity measures.

LibertyID is the leader in identity theft restoration, having restored the identities of tens of thousands of individuals without fail. If you retain personal information on your customers, now is the time to get data breach planning and a response program in place with our LibertyID for Small Business data breach preparation program. With LibertyID Enterprise you can now add value to existing products, services, or relationships by covering your customers, employees, or members with LibertyID’s fully managed identity theft restoration service – at a fraction of our retail price – with no enrollment and no file sharing. We have no direct communication with your group members – until they need us.

Call us now for a no obligation proposal at 844-44-LIBERTY (844) 445-4237