Studies suggest that almost 22 billion data records were exposed in 2022 as a result of more than 4,000 publicly disclosed security breaches. As cybercrime becomes more sophisticated, software security is an increasingly pertinent issue for organizations, government departments and corporations. The number of people directly impacted by threats is rising year by year. As security teams prepare to take on new challenges in 2023, it’s interesting to look back at the most high-profile data breaches of 2022.
Image source: https://pixabay.com/photos/cyber-security-hacker-security-3194286/
Revolut
A data breach in September 2022 exposed the personal information of over 50,000 Revolut customers. A third-party actor hacked Revolut’s database, gaining access to sensitive information, including names, personal addresses, email addresses and some partial payment data. Revolute stressed that card details were not hacked and the government in Lithuania, where the financial app is based, confirmed that the company had taken robust action to protect customers from repeat attacks. Revolut launched in 2015 and now has more than 18 million users globally.
Shein
In 2022, discount fashion brand, Shein, which regularly advertises on search engines and social media platforms, was fined almost $2 million for a data breach, which occurred in 2018 and affected over 39 million customers. The parent company, Zoetop Business Co, failed to disclose full details of the incident, which left millions of customers vulnerable. Hackers accessed the Shein payment systems, exposing credit card details. The breach was discovered by credit card networks, which found the information for sale on hacking forms.
Twitter is one of the most popular social platforms and it hit the headlines repeatedly in 2022 as a result of Elon Musk’s controversial takeover. Sites that specialize in sharing news and updates about software and security, such as PostMogul help online users to stay safe, but even multinational businesses with cutting-edge systems are not immune to threats. In July, a hacker who referred to themselves as ‘the devil’ shared a post advertising data linked to more than 5 million Twitter users. Twitter later confirmed the breach, highlighting a security vulnerability identified in January 2022 as the cause.
Medibank
Medibank detected suspicious behavior on its internal systems in October 2022. The Australian healthcare and insurance company was then approached by a third party, which published customer data after Medibank’s repeated refusals to pay a ransom. Almost 10 million customers were affected by the breach, which involved hackers publishing ‘good’ and ‘naughty’ lists containing customer names. The naughty list included clients who had sought treatment for issues ranging from mental health disorders to HIV and substance abuse.
Millions of people use WhatsApp daily to connect with friends and family members. WhatsApp is supposed to be a safe, secure place to communicate but in November 2022, hackers advertised datasets online, which included personal information from users in the US, UK and Germany. The hacker claimed to have 487 million records for sale, which included up-to-date mobile phone numbers.
Optus
Australian telecoms giant Optus was held to ransom by hackers in September 2022. Third parties accessed databases, threatening to expose 11 million customers. After refusing to pay the ransom, the details were released online and Optus clients were also contacted by hackers, who demanded they pay a fee of $1,300 to prevent the sale of their data.
Cybersecurity is advancing all the time but so is cybercrime. Hackers have new ways to access data and their methods are increasingly sophisticated. High-profile data breaches in 2022 underline the importance of robust security measures and demonstrate that every company is at risk, even those with multi-million dollar security budgets.
