With New Year celebrations fading in the background, we draw our attention to the grim developments surrounding Data Breaches of January 2020. This roundup comes as a prelude to the worrisome state of affairs around Cyber Security. The frequency and quantum of data breaches in 2020 is already touching alarming levels.
In this post, we will briefly recap some of the notable data breaches that came to light only in the first month of this year. Most of these breaches are highly significant in one way or the other and raise serious questions on how sensitized we really are as a whole to the emerging cyber security paradigm.
- Data Security Breaches and Some Intriguing Stats of 2019
- Cloud Security Breaches of 2019 and the Way Forward
- 250 Million Records Exposed in Microsoft Data Breach
- 12 Security Questions to Ask From Your Cloud Solution Provider
Data Regulation Fines in EU Touch £114 Million
Europe certainly took a lead in data protection by enacting the strong General Data Protection Regulation (GDPR)that became effective from May of 2018. A whopping 161,000 reports of data breach have been recorded by European authorities so far, accompanied by total fines to the tune of £114 MN.
Top EU Countries by Fine Value
[table id=18 /]
Top EU Countries by Violations
[table id=19 /]
Microsoft Data Breach Exposes 250 Million Records
One of the biggest tech companies, Microsoft was also involved in a data breach where record of nearly 250 million customers remained up for grabs over the internet. The record comprised of email conversations between the company’s support staff and customers that spanned over the past 14 years.
Microsoft claims that personal information from most of these records was redacted by automated tools. However, the company admitted that some personal info such as IP and email addresses etc. could not be identified by the automated tools and slipped past.
The tech giant has vowed to contact all the affected customers and intimate them about the exact nature of their personal data that may have been subject to misuse. The root cause of exposure of these records was identified as misconfigured security rules, caused by a change in the security group of the database network.
Vulnerable Broadcom Chips Expose 200 MN Modems
The middleware installed on its chips by US semiconductor producer Broadcom had a major security vulnerability. Using this weakness, hackers could gain access to modems that used these chips. The issue became famous as “Cable Haunt”. Broadcom reacted to the issue by releasing a firmware fix to patch the vulnerability.
Nearly 200 million modems were estimated to be exposed due to this vulnerability. Despite patching the issue, there is no clarity on how many of the vulnerable modems had already been hacked before plugging this loophole. The sheer quantum of this vulnerability is of epic proportions.
General Electric Healthcare System Vulnerable
When a security research firm analyzed the security of General Electric (GE) healthcare devices, it highlighted six vulnerabilities. This weakness could allow hackers to remotely tamper with these machines in a way that sensitive patient information could be altered.
Some of the most critical physiological variables such as temperature, blood pressure, heart rate and even personal info could be accessed and altered. This was such a sensitive vulnerability that could even alter the course of a patient’s treatment.
iPhone of Amazon CEO Hacked
Although this is an isolated incident, it is still quite significant due to the person involved. It all started when Jeff Bezos received a video message from Saudi Crown Prince Mohammed bin Salman (MBS) over Whatsapp. When the video was played, it unleased a small code that implanted malware on his personal iPhone.
The forensic analysis of the smartphone revealed that once the malware was installed over the iPhone of Amazon CEO, it gave hackers access to his entire phone. The mere fact that the affected person was Jeff Bezos qualifies this as a notable cyber security breach.
The wide array and sheer scale of some of the above cyber security breaches further ignites the debate around how exposed and vulnerable we are. Cyber criminals are swiftly gaining the skill set to identify, orchestrate and unleash highly potent cyber-attacks.
What’s even more worrisome is that most of these vulnerabilities were not identified directly by the parties involved, despite belonging to the tech industry in one way or the other. The identification of any vulnerability by a third party leaves a huge area of uncertainty around the interim period the issue remained hidden.
A major takeaway from most of the above cited data breaches or exposure incidents is the ever growing importance of independent third party cyber security audits. Given the recent pattern of how certain vulnerabilities came to light, such independent audits should be mandated by the law on a periodic basis.
Today, we live in a very hostile cyberspace in which threats are growing ever more stealthy and deadly. Even the most aware internet users can fall prey to present day cyber security threats. What’s important is that internet users remain ever more vigilant for the slightest trace of any vulnerability or security anomaly.