What do U-Haul, Marriott and Optus all have in common? Data breaches
You can hear it before you see it.
Thunder claps violently, shaking you…
Out the window, you see dark, ominous clouds building over the western suburbs.
It’s always the way that the heavens open up as you head home.
All day you’ve been putting off updating your password.
You know you need to do it today. Otherwise, you’ll have IT on your back, forcing you to change the next time you log in. And it’s just painful if you have to do it remotely tomorrow from home.
But in a hurry to get to the lift and down to Southern Cross, you think of something quick and promise you’ll be more creative later.
You type in your pet’s name, followed by random numbers.
Hit save and close your screen, dashing the door.
And just like that, you’ve exposed your business to hackers.
Every month, cybercriminals breach about 4,800 websites using a form of jacking code. In the last few months of 2022, Australia experienced two significant and damaging cyber attacks exposing millions of customers’ data.
That’s why many internet browsers, like Microsoft Edge and Google Chrome, have invested in adding breached password notifications.
Worryingly, there are signs internationally that the time of the breach and notifying the public can be lengthy. You give the hackers a headstart on sharing and selling your personal information, including passwords.
For example, a popular online store, CafePress, experienced its own data breach in February 2019. That breach exposed data, including millions of names and addresses, security questions, and unencrypted social security numbers.
But it was over 6 months before customers were informed of the data breach. The US Federal Trade Commission (FTC) recently took action against CafePress due to poor security practices.
Whilst the Australian Government has stepped up regulation and obligations, it’s still possible your data has been compromised, and you don’t know.
Or worst, the company or business holding the data is unaware.
So, let’s look at recent examples to see what action you can take if you are exposed to a data breach or cyber attack.
Recent global cyber attacks impacting millions
Optus hacking exposes millions of customers’ data
Optus became the victim of Australia’s most significant cyber attack in September 2022, disclosing current and former customers’ personal information. In the attack, hackers demanded $AUD 1 million ransom, or they would leave over 11 million customer records.
3.8 million Medibank Private members’ data vulnerable in attack
Around a month later, in November 2022, Medibank Private also fell victim to a cyber attack on its health insurance members. The cyber attack potentially impacted 3.8 million members and was executed after a cyber crook stole login credentials and sold them to a separate Russian hacker.
Microsoft customer data breach
On 19 October 2022, Microsoft confirmed a customer data breach, blaming a misconfigured server. The breach exposed specific business transaction data, and its impact impacted more than 65,000 entities worldwide.
USA rental company U-Haul data compromised
Around 2.2 million people were affected by a cyber attack in August 2022 against the car rental company U-Haul. Impacted clients have entered into rental contracts between 5 November 2021 and 5 April 2022. The breach exposed names, driver’s licenses, and state identification numbers.
2.5 Million records revealed in a student loan breach
Cybercriminals attacked United States’ student loan providers, EdFinancial and the Oklahoma Student Loan Authority (OSLA) in July 2022.
The personal information exposed included:
- Social security numbers (Medicare)
- Email addresses
- Home addresses
- Phone numbers.
The breach compromised the data of over 2.5 million student loan recipients.
69 million Neopets users were impacted
Now, you wouldn’t believe a website about virtual pets like Neopets would be a target for a cyber attack. But in July 2022, An estimated 69 million accounts may have their data exposed, including their email addresses and passwords. It was later discovered that the stolen Neopet database and source copy were selling online for $USD 95,500.
Marriott hotel employee caused guest data leak
The international hotel chain, Marriott, suffered another breach in July 2022, blaming a single unsecured employee computer. The data leak exposed around 300-400 guests, including their credit card numbers and other confidential information. Media reports indicate that this is not an isolated incident for Marriott, and they have shown a pattern of poor cybersecurity. For example, in the last 4 years, it has suffered 3 separate data breaches.
Hackers gain access to 2 million Shield Health Care Group records
In March of 2022, US-based Shield Health Care Group uncovered a data breach. Shield Health found that hackers breached up to 2 million customer records. This includes medical records, social security numbers (Medicare) and other sensitive personal data.
6 months after, Flagstar Bank realised it had a data breach
Alarmingly, it took US bank Flagstar to realise it suffered a breach 6 months earlier in December 2021. The data breach was significant for the bank impacting over 1.5 million customers and exposing personal details, including their social security numbers (Medicare).
Block took 4 months to tell its 8.2 million customers they had been hacked
Block, formerly known as Square, is a very popular payment processing platform. But when they suffered a data breach just before Christmas in 2021, they announced it publicly in April 2022. A former employee accessed over 8 million customer names and brokerage account numbers.
Crypto.com breach lands over $30m windfall for hackers
In January 2022, over 483 users had their Crypto.com wallets breached. The cyber crooks were able to breach multi-factor authentication (MFA) and stole about $18 million in bitcoin and $15 million in Ethereum and other cryptocurrencies.
Is your Melbourne business at risk?
How secure are your passwords? There are many effortless solutions to secure your IT networks and passwords.
Contact us to review your existing cybersecurity protocol and help you protect against future threats.
About the author
Yener is the founder and Managing Director of Intuitive IT. Prior to running his own business Yener worked for a number of corporate organisations where he gained invaluable experience and skills, as well as an understanding of how IT can complement and improve business outcomes.