Posted on December 2, 2022 at 5:20 PM
Biggest security and data breaches in 2022
The year 2022 is almost over, as we are now entering December. It was another year featuring a variety of good and bad, which is the case regardless of what world we are talking about — the real one or the online one.
While the real world has seen economic difficulties, geopolitical tensions, and similar issues, things have not been so calm in the online sphere either. Unfortunately, cyberattacks, security and data breaches, and similar incidents are still very common. Wherever there is money or valuable information that can be stolen — you can be sure that bad actors will try to find their way in. Sometimes, they might do so just to cause a bit of chaos, with no apparent benefit to them.
Of course, security experts have been trying to combat this for years, and while cybersecurity defenses have grown a lot, especially in the last few years — data breaches in Q1 2022 have increased by 14% compared to the previous year, according to the findings of Identity Theft Resource Center (ITRC). In turn, 2021 has seen a 68% increase in breaches compared to 2020, while 2020 has seen a 23% increase compared to the record, which was set in 2017.
In other words, the number and severity of breaches has been on the rise for years, and the trend continued throughout 2022. With that said, and since we are now approaching the end of the year, we wanted to take a look back and see some of the biggest security breaches that took place throughout the year, just to take note of how expensive and damaging they can be.
1. January 2022
One of the biggest and most notable data breaches took place almost as soon as the year had started — on January 6th, 2022. On this day, a website tracking data breaches, HaveIBeenPwned.com, revealed that 3.7 million accounts were breached in the past month alone. The target of the breach was Flexbooker, which confirmed the breach, stating that the attackers managed to steal customer names, phone numbers, addresses, and even partial credit card data.
One interesting detail is that HaveIBeenPwned already had around 69% of stolen addresses in its database, which indicates that the majority of the stolen data was already stolen in previous incidents.
Another incident in January 2022 involved the data contained within the Red Cross database. According to reports, over 515,000 people were affected and were considered “extremely vulnerable.” Some of the affected individuals were people fleeing from active warzones, and their data was suddenly in the hands of the hackers, who could choose to do anything they wanted with it.
Reports of the incidents revealed that at least 60 Red Cross and Red Crescent societies were robbed of data, with locations all over the world affected. The data was not stolen from Red Cross directly but from a 3rd party company that the organization used for storing information.
One of the biggest and most notable incidents this year came after Crypto.com was attacked on January 17th. The incident was all over the headlines, noting that the attackers managed to breach the platform’s security and lift funds from 483 accounts. In total, the hacker managed to steal around $30 million in crypto. In order to prevent panic, Crypto.com originally suggested that customer funds were not affected, although the figures emerged quickly after that.
2. February 2022
As we entered February, the situation became even more dire, with multiple new major data breaches. One of the biggest ones at the time was the attack on the Marquard & Bahls supply chain, which had catastrophic consequences, destabilizing the IT infrastructure of the German energy giant. The incident resulted in the closure of over 200 gas stations across the country, with companies like Shell becoming unable to supply customers.
The investigation has shown that the attack was most likely conducted by a group known as the BlackHat Gang, which is a Russian hacking team that hit oil pipelines before this incident. With the climate crisis and the war in Ukraine, which started around this time, this incident massively contributed to the energy volatility, thus pushing the world into an oil crisis that is still ongoing at this time.
The supply chain breach was far from being the only security incident in February, as the month has also seen a hit on GiveSendGo. This was believed to be a political gesture by a hacker who claimed that they hacked a number of far-right social networks. GiveSendGo itself is a Christian fundraising website that is particularly favored by Canadian truckers.
These are the same people who drove across the nation to protest in the so-called Freedom Convoy, which opposed strict COVID-19 rules at the time. After breaching the website, the hacker redirected the site to a different page that condemned the protests. After doing this, the hacker published the personal information of more than 90,000 people who donated to GiveSendGo and the Freedom Convoy movement.
Another major incident that took place in February concerned News Corp, which only then admitted to having server breaches two years earlier, in February 2020. The company claimed that no user data was stolen and that its everyday work was neither damaged nor interrupted.
But, the company did find evidence of emails stolen from its journalists. And, despite the fact that it has been over two years since the incident took place — it never identified the attackers. Even so, News Corp claimed that espionage was at the root of the attack.
3. March 2022
Following these and several other attacks in February, the US Department of Education revealed suffering a data breach in March 2022. The report said that 820,000 students in New York saw their data stolen. The original breach took place in January 2022, and the incident was researched until it was finally unveiled in March, two months later.
The investigation revealed that the attackers managed to access demographic data, economic profiles, and academic information, with Chancellor David Banks claiming that the company called Illuminate Education is to be blamed for the incident.
Even Microsoft, one of the largest tech giants in the US, suffered a hacking attack in March this year. The company was targeted by a group called Lapsus$, which posted a screenshot on Telegram that suggests that they managed to breach the company’s defenses. Along the way, the group compromised a number of Microsoft’s products, including Cortana, Bing, and more.
Despite the hackers’ claims that they managed to retrieve certain materials from the company, Microsoft published on March 22nd that only one account was compromised and that they reacted quickly to stop the attack. Customer data was not stolen, according to the company. As for Lapsus$, this attack came after other successful exploits, including attacks on Samsung, Nvidia, and several other firms.
The crypto industry was hit again with the attack on Ronin’s Axie Infinity game. According to reports, the attackers were targeting the company between November 2021 and March 2022. At the time, Axie Infinity was still one of the biggest, if not THE biggest crypto game, using NFTs and metaverse technology to allow players to purchase, train, upgrade, and battle using in-game creatures known as Axies.
The game quickly rose to popularity after its original launch, and it wasn’t long before the firm had to reduce its security protocols in order for its system to handle the growing audience. Hackers used the opportunity to make their move, and they stole $625 million from the system. Following the incident, Ronin’s parent company joined up with the authorities to try to identify the attackers and recover the funds, while the incident served as an example of what can happen if crypto projects decide to sacrifice security in order to onboard more users.
4. April 2022
About a month later, in April 2022, Cash App also admitted to having its servers breached. According to the company’s filing with the US SEC, this was the work of a former employee who clearly had significant access and who knew the system inside and out. During the attack, the hacker seemingly stole customer names, account numbers, stock trading information, portfolio values, as well as other sensitive information.
Over 8 million customers were contacted in the aftermath of the attack, and the company apologized for the incident, explaining what happened. Fortunately, the attacker did not steal any account credentials, so the accounts remained in their true owners’ possession. However, the attacker did steal a “limited amount of identifiable information,” as the company put it.
5. May 2022
As weeks passed, the attacks returned in greater numbers. Several revelations were made, including data breaches of several VPNs (SuperVPN, GeckoVPN, and ChatVPN), as well as attacks on the Alameda Health System and the Texas Department of Transportation. However, none were as massive as the attack on the National Registration Department of Malaysia.
A group of attackers supposedly stole 22.5 million Malaysians’ personal details after hacking myIDENTITI API, which is a database that allows the government and its agencies to access information about the country’s citizens. The hackers requested $10,000 in Bitcoin in order to return the stolen information.
At the same time, Costa Rica has also seen one of the most high-profile cyberattacks of 2022. In fact, the country was pushed to a point where it had to declare a state of emergency after being hacked by the Conti ransomware gang. The gang breached the government systems, stole extremely valuable data, and demanded $20 million in order to return it. If their demands were not met, they threatened to leak the stolen data, of which they held 670 GB. 90% of it was posted on a leak site, which happened only 3 days later, on May 20th.
6. June 2022
June was filled with major attacks, including the attack on the world’s largest NFT marketplace, OpenSea. The platform lost $1.7 million in NFTs to phishers in February, only to suffer another data breach in June. It said that the reason for the breach was the fact that an employee of the firm’s email delivery vendor, Customer.io, misused their access to the marketplace’s systems. They downloaded and shared email addresses of OpenSea users, and anyone who had an account on OpenSea should consider themselves infected.
In another incident, Shields Health Care Group reported that it also suffered a breach that affected 2 million people across the US. The attackers stole extremely sensitive data, such as Social Security numbers, Patient IDs, home addresses, as well as data about medical treatments.
Another healthcare-related security breach involved Choice Health Insurance company. Due to human error, the company was robbed of 600MB of data involving over 2.1 million files labeled as “Agents” and “Contacts.”
Data was also listed from two other health organizations — Baptist Medical Center and Resolute Health Hospital. Hackers have once again stolen Social Security numbers, insurance information, and even patients’ full names.
7. July 2022
The attacks continued strongly in July, with the earliest target being the Marriott Hotel group, which suffered a major hit in the past. In July, it confirmed its second high-profile data breach, which actually took place in June, when a group of hackers managed to gain access to its systems after tricking an employee. The group then claimed to be in possession of 20 GB of data stolen from a Maryland-based Marriott server.
Only about a week after that, Deakin University of Australia confirmed that it suffered a cyberattack that saw the theft of personal information belonging to 46,980 students. The attack even included the results of an exam that students had shortly before the hit. The hackers did not waste any time, and nearly 10,000 students started receiving scam texts following the breach.
Another series of attacks on medical institutions took place in July when Infinity Rehab and Avamere Health Services both got hit. Infinity Rehab found that the attackers stole data belonging to 183,254 patients, while Avamere informed the Department of Health and Human Services that it was robbed of data belonging to over 197,730 patients. The same breach affected another 18,165 patients, according to Washington’s MultiCare.
Other major incidents included the attack on a travel booking company Cleartrip, which was robbed of data that was then posted on the dark web; an attack of Neopets by a hacker known as TarTaX, which stole information of about 69 million users, as well as the Twitter data breach, affecting 5.4 million accounts. This last attack resulted in the theft of phone numbers and email addresses, and it was possible thanks to a vulnerability that the Twitter team patched in January, so the attack likely took place at least six months before it was revealed.
8. August 2022
August saw even more breaches, although a significant portion of them was non-critical, either involving small numbers of affected users or instances where hackers stole encrypted data, which is believed to still be safe. However, there were several major incidents, including a breach of DoorDash, which came as a result of a phishing campaign. The delivery service said that an unauthorized party accessed data involving the names, email addresses, phone numbers, and delivery addresses of numerous customers. Some users of the service even had their partial payment card information accessed and likely stolen.
An even bigger concern was an attack targeting LastPass, a leading password manager. The company disclosed that it was compromised in August, but that customer data was not at risk, as the unauthorized party accessed its service in its development environment.
The last big incident in August came when Nelnet Servicing announced that 2.5 million users who took out student loans had had their data exposed to threat actors. The company’s systems were originally accessed by the hackers in June, and they remained within the network for over a month until late July.
9. September 2022
September of this year was, by far, the month with the greatest number of hacking incidents. The first one happened on September 2nd when Samsung announced that they became a victim of a cybersecurity incident. According to the company, the breach happened in July, and they learned that some of the users’ personal data was impacted in August. The data included names, demographics, contact information, birth dates, and product registration information. The company then proceeded to contact the affected individuals.
On the very next day, there were rumors that TikTok was also breached, which actually started on Twitter. One Twitter user claimed that their internal backend source code was stolen, but after security experts inspected the code, they decided that the evidence was inconclusive. TikTok’s spokesperson said that the firm’s security team has investigated the matter and found that the presented code is not related to TikTok’s backend source code.
A few days later, on September 7th, North Face admitted that 200,000 of its accounts had been compromised in a credential stuffing attack. The accounts included names, purchase histories, shipping and billing addresses, phone numbers, genders, and more. However, no credit card information was stored on the site, so this data should still be unaffected.
Uber is another major company that saw its systems breached this September, reporting that its engineering and coms systems have been taken offline, as the company started investigating the “total compromise,” as one research referred to the incident.
The next victim in September ended up being a gaming firm Rockstar Games, the developer of titles such as the Grand Theft Auto series. The attackers stole and then leaked footage supposedly related to the testing of the next installation of the GTA series — Grand Theft Auto VI. The hacker also said that they had the game’s source code and that they were willing to sell it. The same hacker claimed that they were responsible for the previously mentioned attack on Uber.
Another concerning attack involved Revolut, a payment service that saw an unauthorized 3rd party accessing the personal information of tens of thousands of its clients. Around 50,150 customers are believed to have been impacted.
The last incident in September is also the largest, as it impacted the Australian telecoms company Optus. The firm, which has 9.7 million subscribers, stated that there was a massive data breach during which the attackers stole the names, birth dates, phone numbers, and email addresses of an unknown number of users. A group of customers also had their home addresses stolen, and the attackers even accessed documents such as passport numbers and driving licenses.
10. October 2022
While there were slightly fewer attacks in October, there are still numerous impactful incidents worth mentioning, such as the attack on LAUSD — the Los Angeles Unified School District. The attackers were identified as Vice Society, a Russian-speaking group that stole and leaked 500GB of information from the LAUSD after the district failed to pay an unspecified ransom.
Only days later, Meta (formerly Facebook) said that it identified over 400 malicious apps for Android and iOS that targeted online users in order to steal their Facebook login credentials.
129,000 users were also affected in the attack on Singtel, the parent company of Optus. Apart from the users, 23 businesses were also affected during this breach.
Similar major breaches that affected large numbers of users include attacks on Toyota (300,000 affected customers), MyDeal (2.2 million customers), Vinomofo (500,000 users), and Medibank (4 million users). Most of the affected companies are based in Australia, which seems to have been the focal point of hackers throughout October.
11. November 2022
With the end of October and the start of November, the attackers seemingly eased their attempts at breaching the security systems of every company they could find. However, there were still 2 significant breaches in November.
The first one hit Dropbox on November 1st when the company fell victim to a phishing attack, supposedly having 130 GitHub repositories copied and API credentials were stolen. Dropbox later stated that no one’s content, passwords, or payment information were accessed and that the issue was resolved quickly.
The second incident involved AirAsia Group, which supposedly suffered a ransomware attack conducted by Daixin Team. The threat group stated that it obtained the personal data of 5 million passengers and all of the company’s employees, including names, birth dates, native countries, locations, and answers to security questions.
Conclusion
So far, 2022 has had a staggering number of high-profile security breaches, and there is still a full month before the year is over. But, despite the security researchers’ best efforts to provide new and improved safety measures, the creativity of hackers still continues to lead to new breaches. With the growth in the number of incidents seemingly still on the rise, even more data breaches could take place throughout December 2022, as well as next year.