The pressure of the pandemic has intensified the rise of cyber-attacks as organizations grapple with the issue of securing remote workplaces while conducting their businesses with efficiency. Which means remote workers are harder to secure while they share sensitive and crucial data on a regular basis exposing them to significant security risks. There is a rise in security breaches as cyber criminals grow more sophisticated and use social engineering, ransomware, malware and phishing to conduct these attacks. Here is a quick look at some of the scariest data breaches of 2022, so far.
1. Cash App Investing LLC
Number of individuals impacted: 8.2 million
A former employee of Cash App Investing launched the hack earlier this year – and it has turned out to be the largest data breach and cyber-debacle in 2022 so far.
As CNN reported in April: “More than 8 million Cash App Investing customers may have had personal data compromised after a former employee downloaded internal reports without permission, parent company Block Inc revealed. … Information in the reports accessed by the former employee included customers’ full names and brokerage account number, which is the personal identification number associated with a customers’ stock activity on the platform.”
2. Beetle Eye
Number of individuals impacted: 7 million
Beetle Eye, an online tool that helps marketers with their email marketing campaigns, experienced a major breach apparently caused by a misconfigured AWS S3 Bucket that was left without any encryption, according to a report at Data Breach Today.
Researchers at Website Planet first discovered the breach at the Sarasota, Fl.-based Beetle Eye, exposing sensitive data belonging to an estimated 7 million people.
3. FlexBooker
Number of individuals impacted: 3.75 million
In January 2022, FlexBooker, a cloud-based appointment management solution, revealed it had discovered a data breach that ultimately impacted more than three million people.
According to ZDNet, the Columbus, Ohio-based company said that some of its customer database had been breached after its AWS servers were compromised in late 2021 and that FlexBooker said its “system data storage was also accessed and downloaded” as part of the attack. The information obtained included partial credit card data, ZDNet reports.
4. Elephant Insurance Services LLC
Number of individuals impacted: 2.76 million
In May 22, Henrico, Va.-based Elephant Insurance Services reported that it had experienced a data breach and that it may have compromised the Personal Identifiable Information (PII) of customers seeking insurance policies.
After detecting “unusual activity on its network,” Elephant Insurance said it launched an immediate probe and determined that an intruder may have had access to information that included names, driver’s license numbers and dates of birth of people.
5. Lakeview Loan Servicing
Number of individuals impacted: 2.57 million
Florida-based Lakeview Loan Servicing LLC, the fourth largest loan-servicing company in the US had a data breach that reportedly affected more than 2.5 million consumers.
The breach, which led to the theft of highly sensitive customer information, occurred from October 27 through Dec. 7, 2021. The breach was discovered in January and publicly announced in March 2022. According to one lawsuit, some of the stolen data has been listed for sale on the “dark web,” according to a report at National Mortgage Professional.
Sources:
https://www.crn.com/news/security/the-10-biggest-data-breaches-of-2022-so-far-
https://nationalmortgageprofessional.com/news/lakeview-loan-servicing-faces-multiple-lawsuits-over-data-breach
https://www.classaction.org/news/class-action-elephant-apparent-insurance-company-data-breach-exposed-info-of-more-than-2.7-million-consumers#:~:text=Elephant%20Insurance%20Company%20and%20subsidiary,reportedly%20exposed%20to%20unauthorized%20access.