What are the top data breaches of 2020?
Finally, after one of the longest years in living memory, 2020 came to a close. We now stand in the first days of 2021, albeit still reckoning with many of the challenges and crises from 2020. As is tradition with a new year, we must first take a look at the year prior to assess fully what happened.
Since we pride ourselves on our cybersecurity best practices and reporting, we decided to share our picks for the Top Data Breaches of 2020. What better way to do that than to compile our Breach of the Month videos into one location for easy perusal and research? These videos, presented by our own Jonathan Paula, represent the most damaging, devastating, or consequential breaches of the past year.
Please keep in mind that our Top Data Breaches of 2020 does not constitute a comprehensive list of all 2020 cyber-attacks or even all of the most dangerous. Instead, see this list as an insight into the mind of hackers. What are they hacking? Why? What can my business do to repel to deter them?
The Top Data Breaches of 2020
January 2020: 250 Million Exposed in Microsoft Leak
When did we know that 2020 would prove a challenging year? Obviously, no one can say for sure, but cybersecurity observers did notice the year starting with a fairly devastating blow. Microsoft discovered one of their databases remained completely open with no authentication, exposing millions of customers.
Open databases with no authentication protocols represent one of IT security teams’ worst nightmares. Unfortunately, this nightmare would repeat throughout 2020.
February 2020: Clearview AI’s Reputation-Damaging Leak
On the surface, this breach may not seem that bad. Clearview AI—a biometric and facial recognition startup—lost its entire client list to an unknown intruder. Also lost in the breach was the number of user accounts their customers set up, and the number of searches the customers conducted. But its inclusion in the Top Data Breaches of 2020 stems from who precisely were on those lists.
March 2020: Over Five Billion Records Lost
As we hinted at above, exposed and open databases cause sleepless nights in IT offices the world over. March 2020 added to this uneasiness with the discovery of an unprotected Elasticsearch database managed by a UK-based security company containing over 5 billion records. These records made up a “data breach database” of previously reported security incidents and thus included information such as hash types, leak dates, passwords, email addresses, email domains, and the leak sources. But the problem lies in the sheer number of exposed victims.
April 2020: Zoom’s Cybersecurity Issues
By April of 2020, the world had mostly realized the dangers posed by the novel coronavirus. As a result, many enterprises chose to let employees work from home and conduct meetings via Zoom. Unfortunately, this presented its own set of challenges. Between Zoombombing, accidental data exposures, and phishing attacks, Zoom had its hands full dealing with new customers far beyond what anyone could predict.
May 2020: easyJet Breached, 9 Million Travelers Exposed
easyJet suffered from a “highly sophisticated cyber-attack” which allowed hackers to access a corporate database containing email addresses and travel details. Millions could face increased phishing attacks, and thousands needed to deal with stolen financial information. Another blow to a successful business and to its customers inflicted by the unscrupulous.
June 2020: Personal Police Info Exposed in BlueLeaks
First reported by KrebsonSecurity, hundreds of thousands of potentially sensitive files from police departments across the U.S. The files span 24 years containing names, email and addresses, phone numbers, PDF documents, and a large number of text, video, and ZIP files. Financial data also ended up exposed. This breach enters our list of the Top Data Breaches of 2020 for all of the political implications this breach carries with it, given the profession of the victims. No one is truly safe from a cyber-attack.
July 2020: The High-Profile Twitter Account Hack
What did exactly happen to Twitter in July of 2020? Was it just a bitcoin mining operation that succeeded beyond the wildest dreams of its creators? Was it a proof-of-concept for a more devastating attack in the future? In either case, a social engineering attack led to the compromise of multiple high-profile Twitter accounts, which Twitter couldn’t fix immediately. This was one of the most visible breaches of the year and only raises more questions as we continue to move into the social media era.
August 2020: Carnival Cruise Lines
Here we find an example of how a single cyber-attack can exacerbate underlying issues facing a business. Carnival was already struggling due to decreased demand in the year of COVID-19, and this attack occurred after another cyber-attack earlier in the year. Every cyber-attack damages the reputation and customer loyalty of a brand, and a second one in the same year could seriously impact Carnival’s bottom line.
September 2020: Universal Health Services Attacked
Universal Health Services, one of the largest healthcare providers and hospital chains in the United States, began suffering from a ransomware attack sometime on September 27, 2020. It disrupted services enough it forced the rerouting of ambulances and record-keeping via pen and paper for days. All this occurred in the shadow of a serious spike in COVID-19, even though some hackers promised to leave healthcare organizations alone during the crisis.
Never expect honor from hackers is the lesson here.
October 2020: Barnes & Noble’s Nook Service Hacked
Barnes and Noble was unlucky enough to suffer two connected breaches at the same time. The first was a simple disruption attack on its Nook services, but the latter caused the loss of an unknown number of customers’ data. Hackers aren’t just brutes with codes; they can use subversive attacks, distraction tactics, and more to achieve their goals. This breach demonstrates that more than ever.
November 2020: Capcom Victimized by Ransomware Attack
This video sparked some debate among the experts at Solutions Review; Capcom was the most prominent ransomware victim over the month of November. However, multiple businesses and enterprises faced ransomware attacks in the wake of a cyber-threat wave. Ransomware for a brief moment looked like it might be supplanted as the king of all malware. It kept its throne in 2020, to all of our detriment.
December 2020: SolarWinds
Nothing else compares among Top Data Breaches in 2020 to the SolarWinds breach. If we were to pick a top breach of the Year, it would be this one. In fact, there is some conversation concerning whether this might end up being one of the worst breaches of all time.
You can learn more about how to protect your business in our SIEM Buyer’s Guide.
- More Expert Commentary and Coverage of the GetHealth Exposure - September 14, 2021
- GetHealth Platform Misconfiguration Exposes 61 Million Fitness-Tracking Records - September 13, 2021
- Panther Labs Releases State of SIEM 2021 Report - September 13, 2021