As we begin to emerge out of the pandemic, we can take a sigh of relief when it comes to the constant stresses that have been on us related to our health (though we should still continue many of the health practices, of course). It would be nice if we could say the same for the world of cyber attacks, but this year is no different to any other — 2021 has already seen a slew of data breaches just as any other year. While data breaches impact companies of any size every day, below, we will take a look at some of the biggest data breaches of note so far in 2021.
Ubiquiti IoT – January
Ubiquiti, Inc. is one of the biggest suppliers of IoT devices out there. In early January of this year, the company alerted its customers of a third-party-caused data beach. A malicious actor accessed the databases for this site through a third-party cloud provider used to support their device operations. The guidance from the company to customers is what many customers have had to tell their customers and employees to do once hit by a data breach: update your login info and utilize multi-factor authentication to further protect your data. The exact number of impacted individuals is not known.
T-Mobile – February
On February 26th, 2021, T-Mobile customers were hit with a SIM swap attack which is an attack used by scammers to take control of victim’s phone numbers through social engineering campaigns. This allows the cybercriminals to access customer phone numbers, receiving messages and calls intended for the victim. This is a scary attack because it negates the benefits seen in multi-factor authentication — usually, the second factor of authentication besides the password is a text or call to the user’s cell phone. With the attackers intercepting these messages and others, they are able to log into the victim’s various accounts including social media and, a bit more worryingly, their bank accounts. They could then steal this money or use the account info for further malicious plans including going as far as to change account passwords so the legitimate user can no longer access what is truly their own account. The breach exposed personally identifiable information including victim names, addresses, email addresses, account numbers, social security numbers (SSNs), account personal identification numbers (PIN), account security questions and answers, date of birth, plan information, and the number of lines subscribed to their accounts. The exact number of impacted individuals is not known.
Cancer Treatment Centers of America – March
One month after the T-Mobile breach, The Cancer Treatment Centers of America alerted many of its patients that a compromised internal email account led to personally identifiable information (PII), including patient medical information, being accessed by an unknown third-party. Other PII exposed in this breach included patient names, health insurance information, medical record numbers, and CTCA account numbers. This breach affected nearly 105,000 patients.
LinkedIn – April
The LinkedIn data breach of April was one of the bigger ones of this year so far — it was found that the Dark Web contained two million records stolen from over 500 million LinkedIn user profiles which were listed for sale. The LinkedIn account users’ data was stolen in a way called scrapping which occurs when someone imports information from the website to a database and then uses it for their own personal gain. LinkedIn account IDs, email addresses, phone numbers, gender, LinkedIn profile links, connected social media profile links, professional titles, and other work-related personal data was exposed in this breach. As mentioned above, the number of impacted individuals is more than 500 million users.
Volkswagen & Audi – May
Volkswagen and Audi saw 3.3 million of their customers’ personal information exposed by a third-party marketing services supplier. The personal data made visible in this attack includes customer names, mailing addresses, email addresses, and phone numbers. It is not known if this information also included vehicle purchase information, but it could possibly include such things. 3.3 million customers of Volkswagen and Audi were affected in this breach.
Wegman’s Food Markets – June
Earlier this week, the U.S. supermarket chain, Wegmans Food Markets, told customers that, following a misconfiguration of two of their cloud-based data breaches, information for customers was exposed. The error made customer information available to the company publicly accessible online. The information exposed by Wegman’s included customer names, addresses, phone numbers, birth dates, Shoppers Club numbers, email addresses, and hashed passwords to Wegmans.com accounts. It is not believed that the financial information of customers was put at risk in this breach. The exact number of impacted individuals is not known.