According to research from Risk Based Security, the total number of breaches was up 33% over last year. That’s a whopping 5,183 data breaches for a total of 7.9 billion exposed records and in November, the research firm called 2019 the “worst year on record” for breaches…
Not having real time view of your dynamic attack surface and the risks it is introducing, leaves an organization in the dark and serves as a low hanging fruit for attackers to use this exposed information to fuel their malicious attacks. Shadow IT, 3rd Party Vendor Risks, Cloud-based storage companies like AWS- Amazon Web Services, ElasticSearch surfaced multiple times.
2019 Top Breaches & Analysis :
Marriott faced a fine of $124 million proposed by UK regulators under the EU’s new privacy rules. Before being discovered, the breach persisted for 4 years, dated back to 2014 but was not discovered until November 2018. Marriott said the long-running breach exposed such information as names, email addresses, phone numbers, passport numbers, encrypted payment card information and more. The breach appears to have begun with a 2014 network hack of Starwood Hotels & Resorts Worldwide, which Marriott acquired in September 2016.
$230m fine was proposed as penalty to British Airways from the Information Commissioner’s Office for the data breach that is believed to have affected thousands of their customers between April and June 2018. The breach was disclosed in September.
(NASA Hacked) On 21 June, 2019 major news channels disclosed a major hack on NASA. Hackers were able to gain unauthorized access using Raspberry Pi and stole ‘Mars Mission Data’ and breached ‘NASA’s satellite dish network’. This happened around April 2018 and went unnoticed for for almost a year. It is advisable to do an attack surface analysis for an organization to have a know-how of all the access and assets
$700m was to be paid by credit score agency Equifax as part of a settlement for data breach in 2017. The breach is known to expose data of at least 147 million people. It is FTC’s largest data-breach settlement, much above the uber penalty of $148m.
Capital One data breach affected over 106 million people, 140,000 Social Security numbers, 80,000 bank account numbers,1,000,000 Social Insurance Numbers … The breach had taken place about 4 months back however it took some time before the breach was realised, in-fact it took an external tip for Capital One to realise something had happened. The legal case built was quite interesting. It resulted in the loss of names, addresses, postal codes, phone numbers, email addresses, dates of birth, self-reported incomes, credit scores, credit limits, balances, payment history and contact records from 2005 to 2019
….Read Detailed Analysis
This year July, facebook settled for a $5billion worth settlement with US Federal Trade Commission for its privacy failures in Cambridge Analytica case. Recently, they have disclosed a group of developers around 100 had access to additional information of people in groups. Malicious apps have leaked personal data of facebook and twitter users to third party (source – watchdog Cert). “It has been reported that personal data of Facebook and Twitter users were improperly accessed by a pair of malicious SDKs used in certain third-party apps,” Cert-in said in the advisory note on November 27.
….Read Detailed Analysis