Data breaches occur when protected, sensitive or confidential information is exposed to individuals who aren’t authorized to access it. These costly security incidents stem from multiple causes, including physical theft, ransomware attacks, phishing campaigns, and trusting your cybersecurity to a one-trick, poor password.
While various data breaches are due to deliberate cyber-criminal activities, a study found that 88% of data breach-related incidents happened merely because of human error and poor data management.
With a history of over 11,000 data breach cases in the last 15 years, it’s a safe bet that most sensitive user information is at risk or has already been compromised at least once. But what can we learn from the most significant ones ever recorded? Let’s take a look at the top 4.
Wawa
Breach: 30M records
Based on the East Coast, the Wawa convenience store chain experienced a massive data breach in late January 2020. As a result, payment card details of more than 30 million clients ended up for sale online. his data dump was associated with a significant security breach that Wawa revealed in December 2019. The hack consists of malware that impacted the point-of-sale systems in all of their gas stations and 860 stores. This clever attack gathered card details from all of Wawa’s customers from the start of March until mid-December.
CheckPeople
Breach: 56M records
A database comprising information over 56 million U.S. citizens was disclosed online in January 2020. It reportedly belonged to CheckPeople.com, a people search site. The 22GB database was linked to a Chinese-based IP address, and it was initiated by a white-hat hacker who transmitted the info to The Register.
This massive database contained names, past and current addresses, phone numbers, email addresses, criminal records, and relatives’ names. Even though this information is accessible on CheckPeople.com, you can typically only unlock specific profiles by paying a separate fee. Since this data was exposed in a single location, malicious actors had endless opportunities to take advantage of the information that was made publicly available.
VIP Games
Breach: 23M records
Security researchers found that VIP Games, a gaming company, had suffered a massive data breach attackk on its ElasticSearch cloud server in January 2021. The 30GB database included 23 million records from more than 60,000 users. The disclosed information had a considerable amount of personally identifiable data, including social media accounts (Twitter, Facebook, Google), banned player information, in-game purchase details, usernames, IP addresses, hashed passwords, email addresses, and more.
Microsoft
Breach: 250M records
Information about this data leak was revealed right near the end of 2019. However, the actual incident dates back to 2005. Comparitech, in association with Bob Dienchenko, exposed five ElasticSearch servers that contained a similar set of 250 million records. The disclosed information was from Microsoft’s Customer Service and Support (CSS) team and had IP addresses, email addresses, case numbers, locations, and conversation logs, among other information.
The servers held information on over 250 million accounts that were accidentally exposed due to misconfigured Azure security rules.
Wrapping Up
You can take preemptive measures to minimize the chances of cyber attacks and their damage, which helps you avoid losing sensitive data. Focus on leveraging a digital anonymity tool like a VPN, setting up anti-virus software, creating strong passwords, enabling two-factor authentication, and more to help you beef up security.
And if you want to take your company’s data security to the next level by leveraging state-of-the art-encryption, reach out to DataLocker for a custom demo.