Ordinarily, roundup style articles like this one would come at the end of the year.
However, such is the lucrative nature of cybercrime that cyberattacks and data breaches are becoming increasingly frequent. It can feel like barely a day goes by when there isn’t news of another significant cyberattack or breach, especially with groups like the notorious Lapsus$ increasing their activity.
Let’s look at five of the most significant cyberattacks and data breaches we’ve seen so far in 2022, at not even a third of the way through the year!
1. Red Cross
Charities are a common target for hackers for several reasons. As well as holding a significant volume of sensitive data, charities, by nature, will have details of individuals and families who are among the most sensitive in society. Unfortunately, these individuals are often the easiest target for scams ranging from identity fraud to things like phishing.
In early 2022, a cyberattack on the Red Cross saw the sensitive details of more than 515,000 “highly vulnerable” people compromised. All those affected were part of the Red Cross’s Restoring Family Links program, which aims to reunite families separated due to conflict, migration, or natural disasters.
In January, a hack of Crypto.com, one of the world’s most widely used cryptocurrency platforms, saw cryptocurrency stolen from approximately 400 users’ crypto wallets. While blockchain itself is supposed to be secure, the hackers quickly got access to these wallets by getting around Crypto.com’s two-factor authentication protocols.
The hackers responsible stole over $18 million worth of Bitcoin and $15 million worth of Ethereum from users. The platform subsequently reimbursed these sums.
Microsoft is one of the most targeted companies in the world for cyberattacks.
The year started with revelations that the cybercrime group Malstroke had been able to exploit a vulnerability in its digital signature verification.
Later, in March, Lapsus$, which had already targeted Vodafone, Samsung, Okta, Ubisoft, and various other companies and organisations in a prolific start to the year, compromised Microsoft’s Cortana and Bing products. Thankfully, Microsoft shut down the hack quickly and confirmed that no consumer data was ever at risk.
4. Cash App
Even where companies have robust cybersecurity practices to prevent threat actors from compromising their and their customers’ data, they can remain vulnerable to current or former employees with an axe to grind.
That was the case with Cash App’s data breach, which happened when an ex-employee accessed 8.2 million customer records. It is unknown to what extent these customers were affected, but Cash App nevertheless contacted all 8.2 million people to inform them their data had been compromised.
While the incident didn’t come to light until Cash App owners Block made a filing with the United States Securities and Exchange Commission in early April, it is thought the employee accessed the data back on 10th December 2021.
5. Marquard & Bahls
In the cybersecurity space, the run-up to Russia’s invasion of Ukraine was dominated by warnings of a looming increase in cyberattacks of Russian origin.
While there has been little such activity reported from a UK perspective, a February cyberattack on Marquard & Bahls, a Germany-based energy giant, led to the closure of more than 200 petrol stations across the country. The attack, which destabilised Marquard & Bahls’ IT systems, was attributed by experts to the Russian BlackHat gang, a group notorious for cyberattacks on oil pipelines.
If you’re affected by a cyberattack and data breach, you could be entitled to compensation
If a business or another organisation that you trusted to look after your data fails to do so, you could be entitled compensation.
If your privacy has been compromised following a cybersecurity incident that could have been avoided, contact us now for a free, no-obligation review of your potential case.