For A few years agoTechCrunch has it. I looked again. the worst Hopefully — maybe — in the case of some serious data breaches and security incidents that can be handled badly. — Other big corporates will also avoid some of the same disasters last year. To no one's surprise, This year, a new class of companies has listed much of the same bad behavior.
23andMe blames users for its massive data breach.
Last year, genetic testing giant 23andMe suffered a data breach in which genetic and genealogical data of nearly 7 million users were accessed by hackers who brute-forced access to thousands of accounts to scrape data from millions more. 23andMe has belatedly rolled out multi-factor authentication, a security feature that helps prevent account hackers.
Just days into the new year, 23andMe took it. Shifting the blame. for the massive data theft to victims of which its users claim their accounts are not secure enough; Attorneys representing a group of hundreds of 23andMe users suing the company after the hack said the finger-pointing was “absurd.” The UK and Canadian authorities soon followed suit 23andMe announced a joint investigation into the data breach. last year
23andMe later in the year 40% of employees were laid off. As the embattled company faces an uncertain financial future— The company's big bank is its customers' genetic information..
It took Change Healthcare months to confirm that hackers stole most of America's health data.
Change Healthcare was a healthcare technology company until February, when a cyber attack forced the company to shut down its entire network. Immediate widespread outage Across the United States, much of the American health care system has come to a standstill. Owned by health insurer UnitedHealth Group, Change handles billing and insurance for thousands of healthcare providers and medical practices across the US, serving somewhere between one-third and one-half of all US healthcare transactions each year.
The company's handling of the hack resulting from the breach Basic user account together Lack of multi-factor authentication. — was criticized by Americans who couldn't get their medications refilled or admitted to the hospital. Health care providers have been devastated by cyberattacks, and lawmakers grilled the company's chief executive during a May congressional hearing about the hack. Transform healthcare. A $22 million ransom was paid to the hackers. — The Feds Only Help Cybercriminals Profit From Cyberattacks — Just Need To pony up a fresh ransom to ask Another thing A group of hackers to destroy stolen data.
In the end, After about seven months, It took until October — to reveal that more than 100 million people had their personal health information stolen in a cyber attack. that's right It will — by all accounts — take some time. The biggest healthcare data breach of the yearIf not,
The Synnovis hack disrupted UK healthcare services for months.
The NHS was disrupted for months after London-based pathology provider Synnovis was hit by a ransomware attack in June. The attack, claimed by the Qilin ransomware group, left patients in south-east London unable to get blood tests from their doctors for more than three months, canceling thousands of outpatient appointments and more than 1,700 operations.
Corrupt in the light. Experts The UK's leading trade union says it could have been prevented if two-factor authentication had existed. Unite was announced. Synnovis employees will go on strike for five days in December. Unite said the incident “had a shocking impact on staff who were forced to work long hours without access to essential computer systems for months while dealing with the attack.”
It is not yet known how many patients were affected by the incident. The Qilin ransomware group uses patient names, 400 gigabytes of sensitive data allegedly stolen from Synnovis, including health system identification numbers and blood test descriptions, has been leaked.
The Snowflake client hacks snowflakes into massive data breaches.
Cloud computing giant Snowflake AT&T; This year it found itself at the center of a series of mass hacks targeting its corporate clients such as Ticketmaster and Santander Bank. Who are the hackers? He was later charged with trespassing.The breach was made using login details stolen by malware found on employees' computers at companies that rely on Snowflake. Snowflake's lack of multi-factor security enabled hackers to break into large banks. Data stored by hundreds of Snowflake users Hold data for ransom.
Snowflake said for his part. About the small events at that timeBut it admitted that the breaches were caused by “a targeted campaign aimed at users with single-factor authentication.” Snowflake later released Factor-by-default to its customers in hopes of avoiding a repeat incident.
Ohio State A security researcher has been sued for falsely reporting a ransomware attack in Columbus.
Ohio State In response to a summer cyberattack in Columbus, Mayor Andrew Ginther moved to reassure concerned residents that the stolen city data was “either encrypted or corrupted” and useless to the hackers who stole it. At the same time, A security researcher found evidence of a ransomware crew tracking data breaches on the dark web for his work. In fact, residents' information was accessed. – At least half a million people — their Social Security numbers and driver's licenses, as well as arrest records; Includes information on juveniles and survivors of domestic violence. The researcher alerted journalists to a treasure trove of information.
The city is successful. An injunction was obtained. Resisting the researcher from sharing evidence of the breach was seen by the city as an attempt to silence the security researcher rather than address the breach. After the city His lawsuit was withdrawn..
Salt Typhoon hacked phone and internet service providers due to US backdoor laws.
30 years old The backdoor law came back. One of several China-backed hacking groups this year after hackers named Salt Typhoon. Laying the digital foundation for potential conflict with the United States. – Found on the networks of America's largest phone and Internet companies. Hackers make real-time phone calls; including accessing messages and communications metadata of senior US politicians and high-ranking officials; Presidential candidates.
Hackers reportedly broke into the wiretap systems of some companies required to build telcos after the 1994 law passed called CALEA. Now, thanks to continued access to those systems—and telecom data; Companies save Americans — the US government It is now recommended to US citizens. and elite Americans To use end-to-end encrypted messaging apps So no one, not even Chinese hackers, can access their secret communications.
Moneygram could not yet say how many people had their transaction data stolen in a data breach.
US money transfer giant MoneyGram, which has more than 50 million users, was attacked by hackers in September. the company Confirmed. The incident comes more than a week after customers experienced unexplained outages, revealing only an unspecified “cyber security issue.” Whether MoneyGram takes customer data It didn't say no, but according to the UK's data protection watchdog. told TechCrunch. It reportedly received a data breach report from the US-based company in late September, indicating that customer data had been stolen.
MoneyGram a week later The hackers admitted. A cyber attack swiped customer data, including social security numbers and government identification documents, and transaction information such as dates and amounts of each transaction. The company admitted that the hackers also stole criminal investigation information on a “limited number” of customers. MoneyGram has not said how many customers had their data stolen or how many customers were directly notified.
Hot Topic is staying mum after 57 million customers' records were spilled online.
together 57 million customers were affected.The October breach of US retail giant Hot Topic has gone down as one of the largest retail data breaches ever. However, despite the scale of the breach, Hot Topic has yet to publicly confirm the incident or alert customers or state attorney general offices about the data breach. The retailer also ignored TechCrunch's multiple requests for comment.
BREACH NOTICE SITE Am I Pwned?The stolen data includes their email addresses; physical addresses; phone numbers; purchases; including their gender and date of birth. The data includes the type of credit card; Partial credit card data is also included, including expiration dates and the last four digits of the card number.