Despite their best efforts, cybersecurity can be a major cause for concern for all kinds of businesses and organizations. Even with a full team of cybersecurity professionals, data breaches can occur, and many of the worst data breaches of 2022 have been quite devastating. Let’s take a look at some of the worst ones so far.
We want to emphasize that data breaches can happen to anyone, not just high-profile businesses. You’ll need to invest not just in protecting your business, but also in training your staff. If you want some help with this, you can contact NDYNAMICS for any and all concerns with your cybersecurity.
January 2022
Crypto.com
January 17 saw the cryptocurrency market become the target of a hacking attack. In this particular attack, 480 users’ cryptocurrency wallets on Crypto.com were targeted, with the hackers making off with $18 million in Bitcoin and $15 million in Ethereum and other currencies. The hackers managed to bypass the two-factor authentication to gain access to these wallets.
Tourisme Montreal
A hacking group called Karakurt targeted Montreal’s tourism agency. This hacking group became known all over the world for its extortion tactics, stealing data and demanding payment, threatening to release the data if the victim didn’t pay up. Over 60 million people were affected by this prolonged six-month attack.
Bernalillo County, New Mexico
Bernalillo County became the victim of a ransomware attack that forced the county office to close during the first week of January. This attack prevented employees from accessing local databases, which in turn kept them from doing their jobs. As a result, the county implemented cybersecurity policies and invested $2 million in revamping their computing infrastructure.
Ukraine
Before Russia invaded Ukraine, the latter was targeted by a cyberattack threatening the Ukrainian government that they should “be afraid and wait for the worst.” This attack brought down the Ministry of Foreign Affairs and other agency databases, and Ukrainian citizens were directed to the nation’s social media channels until the issue was taken care of.
February 2022
GiveSendGo
A Christian fundraising website called GiveSendGo became the target of a politically motivated data breach. The hackers redirected visitors to the Canadian Freedom Convoy protestors, all while posting the personal information of the 90,000 donors to the Freedom Convoy on the website.
Oiltanking Deutschland GmbH & Co.
A major supplier of fuel for Germany, Oiltanking Deutschland GmbH & Co., was forced to declare “force majeure” and scale back operations following a cyberattack. This declaration resulted in them being absolved of their contractual obligations for a limited time. This incident is estimated to cause the company over $4.5 billion in ransomware demands, downtime, and other costs.
Wormhole
A blockchain company called Wormhole had about $324 million in cryptocurrency stolen by hackers, resulting in a loss of 120,000 wETH (wrapped Ethereum). The company went offline to handle maintenance with a loss of millions of dollars. The company even put out a bug bounty of $10 million to learn more about the cause of the hack.
Washington State
Over 250,000 Washington residents had their personal data exposed as a result of the Washington State Department of Licensing database breach. They had to momentarily shut down their POLARIS system thanks to the breach. Some of the data stolen included personal and financial information for any vocation in Washington that needed a license.
San Francisco 49ers
The NFL team became the target of a ransomware attack, resulting in hackers making off with some of the team’s financial data. The hacking group responsible, BlackByte, gave the 49ers enough of a shock to restructure their entire cybersecurity strategy (but not before paying the ransom).
Ukraine
In the moments leading up to the Russian assault on Ukraine, websites for the Ukrainian army, the defense ministry, and most of their major banks were brought down.
OpenSea
In a heist involving hundreds of NFTs and $1.7 million, users on the peer-to-peer networks of OpenSea were tricked into signing a malicious payload that authorized free gifts of NFTs back to the hacker.
March 2020
Viasat
Millions of broadband subscribers in eastern Europe lost access to their Internet networks as a result of a major cyberattack against Viasat. The company confirmed that it was indeed a cyberattack that brought down these connections—a DDoS attack, specifically.
Samsung
A hacking collective called Lapsus$ managed to steal 190GB of proprietary information from Samsung. The hacking group also teased the hack on social media claiming that they had “confidential Samsung source code.”
At Least Six US States
A cyber attacking group, called APT41, sponsored by the Chinese government took over the computing infrastructures of at least six U.S. states. This breach was a supposed espionage mission carried out by some of the most wanted cybercriminals out there.
Ubisoft
Ubisoft, a France-based video game developer, had its operations disrupted for several days following a cyberattack. Although no personal information was stolen, it became clear later on that Lapsus$ were the culprits behind the attack.
Israel
The Israeli government had their websites taken offline for over an hour thanks to a cyberattack. It was so bad that the National Cyber Directorate declared a state of emergency. It is thought that it was a state-sponsored DDoS attack.
Jefferson Dental and Orthodontics
Jefferson Dental and Orthodontics became the target of a data breach that affected over a million Texans. Hackers stole Social Security numbers, driver's license numbers, health information, and financial data.
Microsoft
Lapsus$ struck again when it leaked the source code for Microsoft’s Bing search engine and Cortana personal assistant. All it took was compromising a single account. Microsoft was able to shut down the operation before more was stolen.
ELTA
The National Postal Service for Greece was hit by a ransomware attack. Even though the hack was caught early on, operations were brought to a halt. Over 1,400 physical locations were affected, and operations had to be shut down for some time.
Axie Infinity
A cryptocurrency startup tied to Axie Infinity became the target of hackers, resulting in a loss of $540 million. Hackers gained access through the game and emptied users’ crypto accounts, something which became the second largest cryptocurrency theft thus far.
These attacks were the result of various threat methods and actors, proving that your organization cannot overlook anything security-related. NDYNAMICS can protect your business and help you implement better security practices and solutions. To learn more, reach out to us at 408-927-8700.