Major Cyber Attacks on Business in 2018
How well is your business protected from malicious cyber activity?
Editor’s note: This article does not include the recent Marriott data breach, which compromised the data of up to 500 million people.
As 2018 is drawing to a close, the reported number of data breaches keeps mounting. The first half of the year was especially troubling. As reported by Wired, and based on Identity Theft Resource Center’s (ITRC) 2017 Data Breach Industry Summary report, the number of records compromised in just the first two quarters of 2018 has surpassed the total of breached records in all of 2017.
While in 2018 there weren’t as many global ransomware attacks and major government leaks as those that plagued 2017, the number and nature of cyber attacks still shows that critical infrastructure security is fragile, corporate security is lacking, and weaponized hackers, backed by their respective countries, are getting bolder globally.
Between 2014 and the first quarter of 2018, the number of significant data breaches in the U.S., by industry, totaled:
- Business: 301
- Medical/Healthcare: 181
- Banking/Credit/Financial: 84
- Government/Military: 49
- Educational: 45
Here’s a roundup of the major cyber attacks on business to date, along with the number of records compromised and some other related stats, plus this year’s major trends in cyber breaches. This list is not comprehensive in the sense that not all significant data breaches made the list, and the number of reported compromised records is probably higher overall, so the full scope and range of these attacks won’t probably be known until next year.
Three Troubling Trends
U.S. security researchers, along with government and private sectors, have sounded an alarm regarding certain data breaches and digital security attacks happening in 2017, but these trends have escalated in 2018, forcing the government to publicly acknowledge the evidence, and the industries involved to grapple with finding solutions:
- State-sponsored hacking. With Russia being the worst offender, the high-profile hacking coming from outside the U.S. continues with such incidents as last year’s NotPetya ransomware attacks, to the grid hacking which compromised U.S. power companies. Another powerful Russian hacking campaign involved spreading malware known as VPNFilter. This type of malware was used to create a massive botnet by coordinating infected devices, as well as spying on them directly. As of last May, it was reported that more than 500,000 routers were affected worldwide, resulting in data theft, spam campaigns, and other harmful network manipulation.
- Increased data exposures. A type of data breach, data exposure differs nevertheless from the data breach in that data is vulnerable to access by anyone on the open internet because of the way it’s stored and protected. Examples include improper access authentication, a misconfigured database, improper file and access data storage in the cloud (like passwords). Data exposures are harder to spot than the more-blatant breaches, and their causes are more difficult to pinpoint.
- Intellectual property theft. Last March, nine hackers based in Iran were indicted by the Department of Justice for allegedly attacking — via “spearphishing” — 144 U.S. universities, 176 universities in other countries, the United Nations, plus several U.S. government agencies, and almost 50 private companies. An estimated 31 terabytes of data was stolen, worth $3 billion in intellectual property.
The Cost of Malicious Cyber Activity
Costs associated with cybercrime can be staggering, especially for companies that haven’t taken the measures to protect themselves. The projected damage is estimated to reach $6 trillion annually by 2021, while the U.S. government estimated the total cost to the economy to be between $57 billion and $109 billion in 2016.
- The average cost of a malware attack on a company is estimated at $2.4 million.
- The most expensive component of a cyber attack is information loss (43 percent).
- Ransomware damage costs were over $5 billion in 2017, a 15-fold increase since 2015.
The cost of lost business is also a big factor. Per Ponemon Institute’s 2017 Cost of Data Breach Study, the most expensive estimated data breaches associated with stolen records are in the U.S. ($225 per person) and Canada ($190 per person). The average cost of data breach for companies with over 50,000 compromised records is $6.3 million, while the average cost of lost business in the U.S. is $4.13 million per company. This figure includes such factors as reputation loss and customer turnover.
Major Cyber Attacks in 2018
Aadhaar (India); 1.1 billion records breached, with individual data stolen through a service offered by anonymous sellers over WhatsApp.
Exactis; 340 million records breached. Florida-based marketing and data aggregation firm exposed its database of two terabytes of personal information for hundreds of millions of Americans and businesses on a publicly accessible server.
Under Armour; 150 million records breached. A breach of data via unauthorized access to MyFitnessPal, a platform which tracks users’ diet and exercise, exposed individuals’ usernames, email addresses and hashed passwords.
MyHeritage; 92 million records breached. The online genealogy platform exposed the users’ email addresses and hashed passwords.
Facebook; 87 million records breached (rough estimate). The social media giant was rocked by scandal back in March, when it was revealed that a political data firm called Cambridge Analytica collected the personal information of Facebook users via an app that scraped personal information. Cambridge Analytica copped up to compromising about 30 million records, but Facebook’s estimate was much higher. Then again, in June, another app, named Nametests.com, was blamed for compromising the records of over 120 million users.
Panera Bread; 37 million records breached via Panerabread.com leaking customers’ records.
Ticketfly; 27 million records breached. The concert and sporting-event ticketing website’s directory was breached and the site taken down for about a week, apparently accompanied by a ransom request.
Sacramento Bee; 19.5 million records breached. The daily newspaper suffered an attack from an anonymous hacker who hijacked two databases containing contact information and California voter registration data. The company refused to pay ransom and deleted the databases.
PumpUp; 6 million records breached. The fitness app PumpUp had an improperly secured server, giving access to sensitive customer data including photos, messages, and even credit card data.
Saks Fifth Avenue and Lord & Taylor; 5 million records breached. A major hacking syndicate was at some point offering five million stolen credit and debit cards up for sale, which were traced to these luxury department stores, owned by Hudson Bay.
To learn how to increase your company’s cybersecurity and data protection, contact the experts at CyberReef Solutions today. A delay in improving your company’s security could cost millions.