A Data Breach is no Day at the Beach

Without trying to be alarmist, the plain fact is: Cyber criminals never sleep, and they keep Cybersecurity pros up as well. Crooks are constantly on prowl looking for new victims and new attack strategies. About 4,800 websites a month are breached by cybercriminals using Formjacking code. The companies that fall prey to a breach can take months to notify the victims. Look at this list of recent data breaches to see if you may have been impacted.

We often hear of a social media company or a large hotel chain exposing customer data through a breach, or even worse: infidelity. Remember back in 2015 when ‘Ashley Madison’ a website for extramarital affairs, was breached? That probably had a LOT of people reaching for the Xanax.

2023 saw 8,214,886,660 records breached:
Last September, more than 3.8 billion records were exposed after digital protection firm DarkBeam left an interface containing the exposed records unprotected.
Real Estate Wealth Network was breached in December to the tune of 1.5 billion records.
X (Twitter) was breached in January 2023 with 220 million records exposed.
And more…

Has your name, email, login credentials, or Social Security Number (SSN) been exposed?

Browsers like Chrome and Edge have added breached password notifications for good reason. Data breaches happen all the time and can have devastating and costly consequences. Hackers can steal identities, compromise bank accounts, and inflict many other forms of damage.

You may not even know when hackers have breached your Personal Identifiable Information (PII) and passwords since the time from breach to notification of the breach can be fairly long. One example is the February 2019 data breach of CafePress, a popular online retailer that prints personalized items.

The CafePress breach exposed millions of names and addresses, security questions, and more. Hackers also stole social security numbers that weren’t encrypted.

Even though that incident occurred in February, many consumers weren’t notified until late summer that year. The FTC took action against the company in June of 2022 due to its careless security practices.

What does that mean for you? That your personal or business information can be in free-fall through the internet for months or even years without you knowing that you have been compromised. Unless you happen to look at the right website, you may not even realize it. Breached password features in browsers are very helpful for this. But what happens if you have other PII beyond a password that has been exposed and is now for sale on the Dark Web?

Knowledge will help you protect yourself. Check the recent breaches below. Do you have any PII on those sites? If you have interacted with any of these companies, you’ll want to take steps to protect yourself from the fallout.

Other Recent Breaches with Lasting Impact

As you can see, the breaches listed below are a bit older and smaller than the massive breaches last year, signifying how much worse the problem has become.

The EdFinancial / Oklahoma Student Loan Authority (OSLA) Breach

Did you get a student loan from EdFinancial and the OSLA? If so, you could be in trouble. Over 2.5 million student loan records were exposed. These organizations notified impacted individuals by letter in July 2022.

The personal information at risk included:

• Social security numbers
• Email addresses
• Home addresses
• Phone numbers.

Microsoft Breach

Microsoft announced a breach that exposed customer data on October 19, 2022. They blamed it on a misconfigured server, but that breach exposed certain business transaction data, believed to have affected more than 65,000 entities worldwide. Microsoft should have an advanced IT Services Department to rival the best in the world, so what does tell you about standard internal IT Support Departments or outsourced Managed IT Services? The problem is: website operations are a specialized entity and not in the domain of most Managed Services Providers.

U-Haul Data Breach

Large rental firm U-Haul is a household name. It suffered a major data breach which exposed millions of customers’ data. It notified clients in August of 2022 of a compromise of some rental contracts. The contacts in question were between November 5, 2021, and April 5, 2022.

The breach exposed names, driver’s license numbers, and state identification numbers. It affected over 2.2 million individuals that rented vehicles from the company.

Neopets Breach

Why would anybody expect a cute site like Neopets to be a cybersecurity risk? Yet it was the victim of a massive data breach exposing 69 million accounts. Users of the platform got a rude awakening due to the breach of the service. and those 69 million accounts may have had emails and passwords leaked.

The full stolen Neopets database and copy of the source code were being offered for sale for about $94,500.

Marriott Breach

Hotel giant Marriott suffered yet another data breach in July 2022. One unsecured employee computer caused the data leak of 300-400 individuals. This data included credit card numbers and other confidential information.

Even though this breach was fairly small, it put a spotlight on the company’s pattern of poor cybersecurity and a laissez-faire attitude towards making necessary security improvements. Within the last five years, Marriott has suffered three separate breaches. That’s enough to want to pay in cash or use a pre-paid card if you stay there.

You could also set up a secondary checking account into which you transfer only the amount of funds needed for events like vacations, which is a wise move for a few good reasons, such as online purchases. Then you register only that debit card data with the services used. If breached, simply close the account.

Shield Health Care Group Breach

In March of 2022, Massachusetts-based Shield Health Care Group detected a breach that exposed up to 2 million records, including medical records, social security numbers, and other sensitive personal data.

Flagstar Bank Breach

In December of 2021, Flagstar Bank suffered a breach, but it wasn’t until 6 months later that it identified the individuals affected. And the impact was huge as it included exposed social security numbers. The hack impacted about 1.5 million customers.

Block Breach

Block, formerly known as Square, is a popular payment processing platform. It announced in April of 2022 that it had been breached the previous December. A former employee accessed customer names and brokerage account numbers. Some accounts also had other stock trading information accessed.

About 8.2 million current and former customers had their data exposed.

Crypto.com Breach

Cryptocurrency is hot and getting hotter, but it’s a dicey realm to fool around with – consider the massive FTX failure and alleged fraud. It is also very susceptible to cyberattacks. In January 2022, over 483 users  had their Crypto.com wallets hacked and the payout was worth over $30 million dollars:

These particular hackers defeated two-factor authentication, which is usually quite effective, although the crooks seem sophisticated enough to have possibly defeated Multi-Fact-Authentication (MFA), which uses at least three levels of authentication, as well. They stole about $18 million in bitcoin and $15 million in Ethereum and other cryptocurrencies.

No matter the size of the breached companies above, it shows us that anything and anyone can be hacked. These companies will most likely continue to survive the damages, but their reputations have taken a huge hit.