Despite advancements in cybersecurity tools and strategies, data breaches continue to pose significant online threats. Even global companies with robust security systems are not immune to these attacks. Here, we highlight the ten most severe data breaches that occurred in 2022.
Crypto.com Theft
In January, hackers bypassed Crypto.com’s 2-factor authentication, gaining access to approximately $18 million in Bitcoin and $15 million in Ethereum.
Red Cross Data Breaches
Also in January, online attackers breached the Red Cross database, specifically targeting their Restoring Family Links Program. Information of individuals and families separated by war and missing persons was stolen. The Red Cross swiftly responded by taking their servers offline.
Ronin Crypto Theft
Exploiting lax security protocols in the Axie Infinity game, hackers stole $625 million worth of cryptocurrency.
Microsoft Data Breaches
In March, the hacking group known as Lapsus$ managed to infiltrate Microsoft’s strong defenses, potentially compromising several of the IT giant’s products. Microsoft quickly mitigated the attack, assuring that no client information was taken.
Cash App Data Breach
In April, a disgruntled former employee targeted the payment company Cash App, stealing reports containing names, portfolio values, and brokerage account numbers from over 8 million clients.
Student Loan Data Breaches
Nelnet Servicing, a student loan service provider, experienced a data breach in June, exposing confidential information from over 2.5 million accounts, including names, contact details, and social security numbers. The breach went undetected for approximately one month.
Twitter Data Breach
In July, a hacker sold data from over 5.4 million Twitter accounts on a hacking forum, demanding $30,000 in exchange for the stolen data.
Medibank Data Breach
In October, a malicious party stole data for 9.7 million past and current customers of the Australian insurance and healthcare company Medibank. Despite the company’s refusal to meet the hacker’s demands, the stolen files were eventually released online in separate batches.
Credit Card Information Leak
In October, detailed information from over 1.2 million active credit card accounts, including expiration dates ranging from 2023 to 2026, was posted for free on the BidenCash carding marketplace, accessible on the dark web.
Shein Data Breaches
A third-party breach in October exposed payment information for 39 million Shein customers, with the stolen data being sold on a hackers’ forum. Shein was subsequently fined $1.9 million for failing to disclose a previous 2018 data breach.
These examples highlight that even multimillion-dollar companies are susceptible to data breaches. No organization can afford to be complacent. Regularly reassessing cybersecurity strategies and keeping them up to date is essential to stay ahead of evolving threats.
If you suspect a breach or think your defenses are impenetrable, it’s crucial to reconsider your security measures. Cyberattacks spare no one, and maintaining robust cybersecurity is an ongoing process that requires continuous evaluation and adaptation to protect against emerging threats.
