Just halfway through the year, we’re already seeing that 2021 is a major year for data breaches. Between politically motivated hacks to disruptive attacks on supply chains, cybersecurity is no longer a topic just for IT professionals. Ransomware is now a household word, and nearly everyone has been affected by a data breach in one way or another.
From Parler to Colonial Pipeline, these are the biggest data breaches and data security attacks of 2021 so far.
Ransom Paid: $2.3 million in Bitcoin
Pumps in the eastern U.S. screeched to a halt earlier this year after a ransomware attack on a major fuel provider disrupted the petroleum supply chain. Colonial Pipeline, which carries 45% of the East Coast’s supply of petroleum, diesel and jet fuel, was compromised by a hacking organization called DarkSide. The group stole nearly 100 gigabytes of data, threatening to release it to the internet unless a ransom was paid. As a result, U.S. gas prices rose some six cents per gallon, and many gas stations faced shortages fueled by panic buying and supply disruptions.
Facebook, Instagram and LinkedIn via Socialarks
Records Breached: 214 million
Tens of millions of Facebook, Instagram and LinkedIn profiles have been exposed by a company you’ve probably never heard of: Socialarks. Due to an unsecured database, the quickly growing Chinese social media management company leaked personally identifiable information (PII) of some 214 million social media users, some of whom were major influencers and celebrities. The PII leaks would allow anyone to piece together the victims’ full names, subscriber data, country of residence, phone numbers and other contact information.
Records Breached: 7 million
In January of 2021, notorious hacker ShinyHunters struck again, this time at men’s clothing retailer Bonobos. The cybercriminal made away with the PII of over 7 million shoppers, which included their addresses, phone numbers, and account information, plus 3.5 million partial credit card numbers. The stolen data was discovered in a forum for hackers, given away for free.
Kroger via Accellion
Records Breached: 1,474,284
It’s not often we think of grocery stores as targets for a healthcare hack, but that’s exactly what happened to supermarket mogul Kroger. In February of 2021, a breach at third-party cloud provider Accellion opened the door for hackers, giving them unfettered access to Kroger’s Human Resources data and pharmacy records. Although the company claims only 1% of its customers were affected, the breached records included sensitive information such as names, phone numbers, home addresses, dates of birth, Social Security numbers, prescriptions and health insurance information.
Records Breached: Unknown
Right-wing social media app Parler suffered one of 2021’s biggest data breaches, with over 70 terabytes of data scraped by a self-proclaimed hacktivist shortly before Amazon Web Services pulled its hosting from the site. This massive data breach exposed 99% of the app’s posts, messages, and video data, including EXIF metadata listing posters’ locations, dates and times. Included in the leaked information were the driver’s licenses and government issued photo IDs or Parler’s Verified Citizens, as well as information users believed they had deleted. However, this “hack” was legal, as scraping is not a criminal offense. Rather, Parler’s flawed API allowed for anyone to download the information from their WordPress website.
Records Breached: 200,000
Ever heard of SIM hijacking? If you’re a T-Mobile customer, odds are you have. Earlier this year, scammers successfully executed a SIM swap attack on T-Mobile users, using social engineering to take control of customers’ phone numbers and switch them over to a SIM card owned by the hackers. Why swap SIM cards? Access to phone numbers allows cyber thieves to intercept phone calls and text messages, a common method for two-factor authentication. Hackers also gained access to customers’ names, addresses, Social Security numbers, PINs and security questions and answers, creating a cybersecurity nightmare.
Volkswagen & Audi
Records Breached: 3.3 million
An unnamed marketing services company is responsible for the breach of 3.3 million Volkswagen and Audi customers and prospects in Canada and the U.S., thanks to data left unsecured. The vulnerable data, collected between the years of 2014 and 2019, was accessed by an unauthorized party in March. The sensitivity of the information varied from make and models of vehicles that had been purchased or inquired about, to a smaller number of breached Social Security numbers, tax IDs, loan numbers and driver’s license numbers.
Devalue Your Data with PCI P2PE and ShieldConex®
The best way to keep your customers’ data safe from cybercriminals? Ensuring sensitive information never traverses your system – whether that is payments, Personally Identifiable Information (PII), or Protected Health Information (PHI). Our security suite includes PCI-validated point-to-point encryption (P2PE) for contactless face-to-face, call center, mobile and unattended point-of-sale payments, and our ShieldConex® data security platform for the encrypted tokenization of PII, PHI and payment data entered online.
Don’t become a data security statistic. Get in touch with a Bluefin representative today.