The number of data breaches in 2021 has surpassed the total number in 2020 by 17%. So, 2021 can be seen as a record-breaking year for data breaches. It is always better to prevent data breaches by preparing in advance since some consequences of these incidents are irreversible. In this blog post, we aim to provide with you the most recent 8 data breaches that happened in 2021.
Table of Contents
Cryptocurrency exchange BitMart was hacked in December 2021 and hackers had withdrawn about $150 million in assets. But, blockchain security company PeckShield stated that the loss was actually around $200 million, with about $100 million in various cryptocurrencies coming from the Ethereum blockchain.
In an official statement, BitMart said that it did complete an initial security check and discovered the impacted assets. The company said the security breach was essentially caused by a stolen private key, which impacted 2 of its “hot wallets” (a form of digital storage), but other assets remained unharmed. Crypto hot wallets, unlike cold wallets (a physical device), are connected to the internet which makes them more convenient to use but also less secure.
What makes the BitMart data breach devastating is that it is the 6th largest cryptocurrency heist of all time by the amount of funds lost. Crypto exchange hacks are quite commonplace. Because exchanges are a honeypot for hackers due to the great potential payoff for any effective exploit.
The Japanese tech manufacturing giant Panasonic confirmed that its network was accessed illegitimately in November 2021. After finding out the illegitimate access, the company immediately reported the incident to the relevant authorities and applied security countermeasures. As the result of an internal investigation, it was discovered that some data on a file server had been accessed during the intrusion.
While details about what information was obtained weren’t revealed by Panasonic, Japanese media outlet NHK said that information about the company’s technology, business partners, and personal information of employees was stored on the server.
Luxury department store chain Neiman Marcus disclosed a data breach in September 2021 impacting 4.6 million customers. The store chain said it had informed law enforcement authorities about the breach, which it said happened in May 2020. As a result of the breach, over 3 million payment and virtual gift cards were impacted, more than 85% of which were expired.
Data that are stolen by the criminals varied from customer to customer, however, the company said it included fields like names, contact information, payment card numbers (without CVV numbers), online account usernames and passwords, and online account recovery questions and answers. This is the second major data breach Neiman Marcus has suffered after hackers stole payment card details for over 1 million customers back in 2013.
Cryptocurrency platform Poly Network was hit by a major attack in august 2021, with the alleged hacker draining over $610 million in crypto. In fact, this is the largest crypto-related hack to date. The network said that it had seen the return of their cryptocurrencies, however with the hacker’s identity yet to be identified.
A China-based blockchain security firm, BlockSec, said in an attack analysis report that the hack may be caused by the leak of a private key that was used to sign the cross-chain message. It was also added that another potential reason is a likely bug during Poly’s signing process that may have been “abused” to sign the message.
The safety of blockchain technology has been in question for the past several years, particularly with the continuing trend in ransomware attackers instructing organizations to pay in digital currency. The Poly Network incident illustrates how nascent cross-chain protocols are especially vulnerable to cyberattacks.
Business-to-business marketing firm OneMoreLead was storing tens of millions of records in an unsecured database, exposing at least 63 million people to fraud, identify theft, and phishing campaigns in April 2021.
The database had 126 million records (34 GB in size) and contained names, job titles, email addresses, physical addresses, phone numbers, IP addresses, and employer names. Thankfully, it doesn’t appear that hackers or bad actors actually found the unsecured database but had they, it could have been a huge problem for millions of users.
The database also contained numerous .gov and New York Police Department email addresses. Considering the complete list of 63 million people, there were potentially many more sensitive email addresses. This is a massive problem since the private data from members of the government is a goldmine for criminal hackers, particularly if a foreign government supports them.
Cybersecurity firm Cognyte failed to secure its database exposing over 5 billion records comprise of previous data breaches in May 2021. An unprotected database without password protection, like the one that belonged to Cognyte, allows unbounded access to anyone anywhere online. The irony is that the database used to cross-check that personal information with known breaches was itself exposed. The information included names, passwords, email addresses, and the original source of the leak.
Researchers immediately informed Cognyte and the company secured its database in June. It is unknown whether hackers used the leaked data in the short time it appeared on search engines. Yet, the company said not all its leaked data contained passwords, but the company couldn’t calculate the percentage that did.
Cox Media Group
Cox Media Group, an American broadcasting, publishing, and digital media services company, stated that it has suffered a ransomware assault in June 2021, which knocked off live TV and radio broadcast feeds. The company immediately took down systems offline after the attack was discovered and reported the incident to the FBI.
Cox Media Group found proof that the intruders harvested personal info stored on the breached systems. While they also tried to exfiltrate this data outside of the company’s network, there is no evidence that they succeeded in their endeavor. Also, the company didn’t discover any indication of identity theft, fraud, or financial losses impacting possibly affected people.
The media company didn’t pay a ransom or provide any funds to the threat actor as a result of this incident. The tactic of deploying ransomware on the networks of big companies is a tactic that was first observed used by Iranian hackers in 2016. Their method of targeting large companies is known today as “big-game hunting”.
In March 2021, more than 21 million ParkMobile customers’ private data were found on a hacking forum. ParkMobile is a popular cashless parking app in North America, which helps users find parking and pay for its fees.
The company stated that no credit card information was accessed and no data related to a user’s parking transaction history was accessed. It was added that encrypted passwords were obtained, but not the encryption keys required to read them. The company said they protect user passwords by encrypting them with advanced hashing and salting technologies.
ParkMobile doesn’t collect driver’s license numbers, social security numbers, or birthdays, and attackers didn’t steal any credit card information or parking history.
Become a better cybersecurity professional
Data breaches and hacking have been in the news a lot lately, and that trend is on the rise, with cyber incidents taking center stage. Many organizations now realize that the reactive approach isn’t effective, and are shifting to a more proactive approach like providing cyber security training for employees.
If you’re looking to equip yourself with a comprehensive understanding of how to protect systems, applications, and data from cyberattacks and minimize damage to assets and people, check out our Cyber Security Specialist course with Federal Diploma. See all of our courses here.