The 3 Largest Data Breaches of 2022 (So Far) + What We Can Learn From Them

The largest hacks of 2022 so far have spared no industry – from financial services to multinational tech companies and even humanitarian organizations. With another 4 months left in the year, there are surely more hacks to come. It’s important to understand how these events took place, why, and to learn how to protect against them from reoccurring.

Let’s take a look at the largest data breaches of 2022:

1. Cyberattack on ICRC (Red Cross)

January 2022 started off with a bang with headlines screaming “Breaking news: Red Cross Hacked!” circulating online. The reason? On January 18th, un-named hackers breached the International Committee of the Red Cross (ICRC) servers – which hosted the personal information of more than 515,000 vulnerable people globally. The attackers stole data related to the Red Cross’ “Restoring Family Links Program” which hosts the information of those separated from families due to conflict, migration, war and disaster, and missing persons and their families.

“An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure,” Robert Mardini, the ICRC’s director-general, said in a statement.

The ICRC informed families and individuals who were affected by the breach via phone calls, hotlines, public announcements, and letters. In some cases, teams were required to travel to remote communities to inform people in person.

Thankfully, the systems have since been restored and the Red Cross has continued its work in reconnecting separated families from across the world.

What can we learn from this?

The ICRC stated the hackers were able to enter their network and gain access to the system by exploiting an unpatched critical vulnerability. The vulnerability allows cyber attackers to compromise administrator credentials, and exfiltrate registry hives and Active Directory files by disguising themselves as legitimate users and/or administrators.

Although the ICRC has a multi-level cyber defence system, the humanitarian organization did recognize the failure to apply a critical patch prior to the attack resulting in this unfortunate event.

This data breach serves as an example to ensure organizations have an updated cybersecurity risk management plan that ensures critical vulnerabilities are consistently monitored and prioritized for patch deployment.

2. Cash App Data Breach

Unlike the ICRC breach, the hacker in this case is known. In fact, Cash App is well-acquainted with their attacker seeing as it was an ex-employee.

In April 2022, the popular mobile payment company, Cash App, fell victim to a significant data breach affecting approximately 8.2 million current and former users.  On Monday, April 4th, Finetech giant, Block, the financial services company behind Cash App filed a report with the U.S. Securities and Exchange Commission in response to customer data from their Investment Services being compromised.

Although important personally identifiable information such as DOB, SSN and addresses were not stolen, the hacker did download reports containing customers’ full names, portfolio values, stock trading information and brokerage account numbers- which are unique ID numbers associated with Cash App Investing customers’ stock activity.

The company is currently conducting an internal investigation and continues to notify the 8.2 million users who were affected, in addition to making remediation plans.

What can we learn from this?

The cyberattacker behind this data breach was an ex-employee. The hacker had access to the now compromised reports because it was part of their past job responsibilities. However, after termination, it is unclear why access to these reports was not revoked.

Unfortunately, insider threats are not uncommon. In fact, insider threats have increased by 44% in the past two years. The impact on an organization, as seen in this event, can be significant. So what can we learn? It is important to completely cut-off employees’ access to data once terminated from your organization. Cutting off access can prevent the success of malicious attempts at data theft. In addition, using the Principle of Least Privilege (PoLP) restricts users’ access rights to job-specific data, and on a need-to-know basis. This limits the likelihood of ill-intentioned employees being able to access sensitive and confidential information.

3. Lapsus$ Group’s Extortion Rampage

The first few months of 2022 did not hold back. A cybercriminal gang, Lapsus$, managed to breach some of the largest tech companies in the world – including Samsung, Ubisoft, and most recently, Microsoft Bing.

In March 2022, the group posted a torrent file online containing partial source code from Microsoft Bing, Bing Maps and Cortana. The source code was derived from Microsoft’s network after Lapsus$ performed a SIM Swap Attack – gaining control of an employee’s phone number and device to pass multi-factor authentication (MFA). Once in the network, the cybercriminals were able to access credentials necessary for retrieving source code in Gitlab and Azure DevOps.

Luckily, it appears only one employee’s information was breached and no personally identifiable information of customers or organization members was stolen. However, the ability to hack a multinational tech company with complex cybersecurity leaves a feeling of unease for many.

What can we learn from this?

Investigators believe the group uses various methods to gain initial access to an organization, including compromising users’ identities and accounts and recruiting employees at targeted organizations. Microsoft’s cybersecurity team immediately engaged to remediate the breach and prevent further activity which was an important factor in the prevention of more compromised information.

As an organization, quick-decision making can mean the difference between a preventable or catastrophic hack. It is important to invest in a cybersecurity team to address all cybersecurity-related incidents. Additionally, organizations need to add a supplementary level of protection to all confidential information. Many governments and enterprises use secure solutions such as TitanFile to send and receive confidential information online and protect against cyber threats. Employee credentials are protected with 2FA and all information is automatically encrypted.

Conclusion

Cybercriminal activity shows no signs of stopping soon. It’s important to protect yourself, your organization, and your clients from falling victim to a data breach. By learning from the events of this year, you can hopefully bring new knowledge into your planning and/or updating cybersecurity efforts to protect confidential information online.