The 2021 threat landscape was the fastest-growing, most complex it’s ever been. The average cost of a data breach increased from USD 3.86 million to USD 4.24 million – making it the highest average total cost in the 17 years of IBM’s Cost of a Data Breach Report. Costs were significantly lower for organizations with a more mature security posture and higher for organizations that were less skilled in areas such as security AI and automation.
The longer it took to identify and contain, the more costly the breach. Those that took longer than 200 days to identify and contain cost on average of $4.87 million, compared to $3.61 million for breaches that took less than 200 days. It took an average of 287 days.
In this article, we will explore the costliest and most impactful data breaches and record leaks of 2021.
January – Socialarks – 214 million
Due to an unsecured database, Socialarks, a cross-border social media management company, leaked the PII of more than 214 million social media users. Socialark’s database consists of more than 40GB of data and 318 million records. In this breach alone, 11,651,162 Instagram user profiles, 66,117,839 LinkedIn user profiles, and 81,551,567 Facebook user profiles were exposed. A further 55,300,000 Facebook profiles were deleted within a few hours after the server and vulnerability were discovered.
The full extent of the potential damage is unknown. From the data examined, the PII leaks would allow anyone to piece together the victims’ full names, subscriber data, country of residence, place of work, position, phone numbers and other contact information.
February – Kroger via Accellion – 1.5 million
A breach at third-party cloud provider Accellion opened the door for hackers, giving them access to Kroger’s Human Resources data and pharmacy records. The company claims only 1% of its customers were affected, but the breached records included PII of 1.5 million people such as names, phone numbers, home addresses, dates of birth, prescriptions, and health insurance information.
March – ParkMobile – 21 Million
In March, a sales thread of ParkMobile data was discovered on a Russian-language crime forum. The starting price for the data was set at a hefty $125,000. ParkMobile discovered the vulnerability linked to a third-party software they use and immediately launched an investigation. The information accessed included license plate numbers, email addresses, phone numbers, vehicle nicknames, encrypted passwords, and some mailing addresses. ParkMobile assured users that they do not collect Social Security numbers, driver’s license numbers, or dates of birth. It was also confirmed that no credit card information was accessed.
April – Facebook – 553 million
Security researcher Alon Gal discovered a leaked database in a low-level hacking forum on April 3. The exposed data included the PII of over 533 million Facebook users from 106 countries. The leak exposed phone numbers, Facebook IDs, full names, locations, birthdates, bios, and email addresses.
Learn how to keep up with the changing cybersecurity ecosystem at scale. Access our digital transformation report.
May – Android – 100 million
In May, security researchers discovered the PII of more than 100 million Android users exposed due to several misconfigurations of cloud services. Unprotected in real-time databases used by 23 apps, the downloads ranged from 10,000 to 10 million and included internal developer resources. Names, email addresses, dates of birth, chat messages, location, gender, passwords, photos, payment information, phone numbers and push notifications were exposed. Of the 23 apps analyzed, a dozen had 10 million+ installations on Google Play, many having real-time databases unprotected and exposing sensitive user information.
June – LinkedIn – 700 million
On June 22, a user on a famous hacker site announced the sale of data from 700 million LinkedIn accounts. One million email addresses, full names, phone numbers, addresses, and geolocations were in a sample shared by the user. This was LinkedIn’s second data security breach incident this year. In April 2021, around 500 million user data was stolen from the platform, which included publicly visible profile data.
July – Practicefirst – 1.2 million
Practice management vendor Professional Business Systems, doing business as Practicefirst, announced that a ransomware attack had potentially exposed the PII of patients and employees. A malicious hacker attempted to deploy ransomware and successfully copied files from Practicefirst’s system containing birth dates, names, addresses, Social Security numbers, email addresses, tax identification numbers, diagnoses, lab results, medication information, and employee usernames and passwords. The information was later deleted.
This was the 11th consecutive year that healthcare had the highest industry cost of a breach. The average total cost of a healthcare data breach rose 29.5%, from an average total cost of $7.13 million in 2020 to $9.23 million in 2021. More than 40 million patient records have been compromised this past year. As 2021 comes to a close and holidays approach, bad actors are unlikely to stop targeting the healthcare sector with ransomware attacks and exploitation attempts.
August – T-Mobile – 100 million
T-Mobile confirmed it was hit in a data breach after a threat actor on an underground forum claimed to have obtained data of more than 100 million people from T-Mobile’s servers. The data included Social Security information, physical addresses and IMEI (International Mobile Equipment Identity) numbers that uniquely identify individual mobile devices.
September – Multiple National Governments
September was a particularly bad month for cyberattacks against the public sector and government security teams. In the last year, the public sector saw a 78.7% increase in average total cost, from $1.08 million in 2020 to $1.93 million in 2021. Cyberattacks against national governments in September included:
- A breach of the French visa application website exposed PII from visa applicants – including names, nationalities, passport numbers, and email addresses.
- The South African Department of Justice and Constitutional Development fell victim to a ransomware attack, disrupting service and delaying payments.
- The New Zealand national postal system website, in addition to other government services and banks in the country, was taken offline.
October – Twitch – 5 billion
A server configuration change led to an unknown hacker leaking 128GB of Twitch’s data on October 6, including the entirety of the company’s source code. Experts warned that Twitch streamers needed to take immediate actions to protect their bank accounts and themselves from a potential wave of attacks by opportunistic cybercriminals. The unknown hacker behind the attack claimed it was because Twitch’s community is “a disgusting toxic cesspool, so to foster more disruption and competition in the online video streaming space, we have completely pwned them, and in part one, are releasing the source code from almost 6,000 internal Git repositories.”
November – Stripchat – 200 million
Adult-only website Stripchat experienced a breach of their database containing 200 million records. Among the exposed were 65 million user records containing email addresses, IP addresses, the number of tips given to models, a timestamp of when the account was created, and the last payment activity. Another database with 421,000 records of the platform’s models was exposed – including usernames, gender, studio IDs, tip menus and prices, live status, and the model’s “strip score.” The exposure could be a digital and physical threat for both Stripchat viewers and models.
Source: Volodymyr Diachenko, Head of Security Research at Comparitech
December – Volvo Cars – Research & Development Leak
On November 30, Volvo Cars became aware of an entry on the dark web portal managed by hacking group Snatch. On December 10, Volvo confirmed the security breach and the theft of research and development (R&D) data. The file repositories had been illegally accessed and published, listing Volvo Cars as one of its victims, along with sample files they stole from Volvo’s network as proof of their claims. Investigations so far confirm that the company’s R&D property had been stolen during the intrusion and Volvo said: “there may be an impact on the company’s operation.”
Better Security in 2022
Data breaches have been on a consistent rise year after year. Security teams need to implement a more robust strategy in order to detect data breaches and investigate further should one occur. Data breaches will continue to rise and become more complex in nature, but there’s still time to take control in 2022.
Expand your security posture and better defend your organization’s public attack surface with Media Sonar Web Intelligence and Investigation platform.