A data breach refers to the act of releasing private/confidential information, intentionally or unintentionally to an untrusted environment. Data breach is also called a data leak, information leakage and also data spill.

The reason behind this malicious act can be personal gain, organized crime or even a political cause.

Some of the common data breaches aim at compromising Personal Health Information (PHI), Personal Identifiable Information (PII), trade secrets or intellectual property.

How do they do it

Data breaches can occur unintentionally but majority of the cybercrimes are performed intentionally and they target a particular person or an organization for their benefit. Targeted cyber-attacks are mainly carried out in four ways. They include:

• Exploiting the vulnerability of a system

Softwares that are not up to date create loop holes for the attackers to sneak into the targets network/PC and plant the malware, thus gaining the access to the person’s data.

• Weak passwords

Weak and insecure passwords are easier to guess and if the attacker has developed a connection with the target, then guessing the password was a piece of cake for the hacker. This is the reason why it is advised to keep strong and unique passwords.

• Drive-by downloads

There are occasions where a virus can be downloaded to your system unintentionally. This may occur when the host unknowingly visits an infected webpage. Drive-by downloads takes the advantage of application, browser or operating system that is out of date and have security failure issues.

• Targeted malware attacks

Malware is mostly delivered to the target through phishing emails. Once the email is opened, the malware spreads throughout the system revealing the user credentials of the target. Avoid opening mails sent from unknowing sources. Doing so can infect your computer with malware. Hackers can trick people to make them believe that it is from a trusted source.

Recent data breaches that brought about severe damage

Landry’s

On January 2, 2020, Conglomerate Landry’s restaurant reported a malware attack that aimed at leaking customer’s payment card data. After 2015 attack, this was the recent breach faced by Landry’s. The theft revealed sensitive data expiration dates, debit card numbers, card holder names and verification codes.

Peekaboo Moments

On January 14, 2020, Peekaboo moments, an application where parents post images and videos of their children was exposed with an unsecured database on an elastic search server. The exposed data included email addresses, geographical location data, device data and the links to the photos and videos. There has been 1 million subscribers for the app since 2012.

Hanna Andersson

Hanna Anderson, a children clothing store faced a cyber-attack on January 20, 2020 where the transaction information were exposed. This attack is considered as the last string of Magecart attacks where attackers install malicious malware in Point of Sale systems (POS) to steal credit card information.

Customers who made online purchases from September 16, 2019 to November 11, 2019 disclosed to have lost the information concerning names, billing address, shipping address, CVV codes, payment card numbers and expiration dates.

Later these informations were found in Dark web with a “for sale” tag.

Microsoft

Due to some technical reasons, Microsoft exposed customer records of 280 million users. Unprotected web was then found to be the main reason for this contravention.

This incident disclosed the email addresses and IP addresses of the users.

Microsoft guarantees that the database did not contain any other personal information.

Marijuana Dispensaries

On January 23, 2020 the point of sale system of the marijuana dispensaries across the US exposed personal data or more than 85,000 medical patients and the users that left the database unchecked. The data revealed date of birth, emails, phone numbers, transaction history, photographs of scanned government and employee IDs.

Estee Lauder

On February 2020, Estee Launder, a makeup company was under the attack of the hackers that compromised 440 million customer records. Sensitive informations including payment transactions were not severely impacted. The attacker gained access of the email addresses, IP addresses, storage information, pathways and ports.

Fifth Third Bank

Fifth third bank, a renewed financial institution faced an attack from a former employee. The incident happened on February 11, 2020. This financial institution had 1,150 branches across 10 states. The hacker jacketed phone numbers, driver’s license information, address and bank account numbers of the customers. Till date, the bank did not reveal the exact number of customers affected by this breach.

Health Share of Oregon

On February 13, 2020, a laptop theft was reported from GridWorks IC, a third party vendor of Health share of Oregon. This incident disclosed sensitive data’s like names, addresses, phone numbers, date of birth, social security numbers and medical ID numbers.