Come August many hard-working Americans look to get away from the office, or home office in the age of COVID-19, for an end-of-summer vacation. Hackers, on the other hand, rarely take a holiday as recent data breaches show.
On Aug. 21 alone, news spread of data breaches on a popular banking app; a widely-used free photo and graphic design website; and a company that provides donor software management across the country for nonprofits.
Data breaches are a financial drain on American businesses, with IBM’s annual “Cost of a Data Breach Report” released this summer, putting the cost of an average data breach to a company at $3.86 million. On the high end, mega data breaches where over 50 million records are illegally accessed, the cost can rise to $392 million.
Attackers use Employee Credentials and Misconfigured Clouds
The “2020 Cost of a Data Breach Report” found that stolen or compromised employee credentials and cloud misconfigurations were the most common entry point for hackers, accounting for 40 percent of data breaches.
The report, sponsored by IBM Security, and based on 3,200 interviews by the Ponemon Institute with security professionals at organizations that suffered data breaches in the past year, also found that:
- Attackers used previously exposed passwords and emails in one in five of the data breaches
- Companies using fully deployed security automation technologies cut the costs of data breaches by more than half, $2.45 million vs. $6.03 million
- Hackers exploited third-party vulnerabilities, such as unpatched security flaws in enterprise software, with average data breach via this method costing $4.5 million.
“At a time when businesses are expanding their digital footprint at an accelerated pace and security industry’s talent shortage persists, teams are overwhelmed securing more devices, systems and data,” commented Wendi Whitmore, VP of IBM X-Force Threat Intelligence.
Data Breaches Take no Holiday in August
Data breaches were reported on Aug. 21 from a food bank in North Carolina to law enforcement in South Dakota to users of a popular banking app and a free photo and graphic design website.
Among the malicious attacks:
- Freepik, a website for free photos and design graphics, disclosed a data breach impacting 8.3 million users. A hacker used an SQL injection to go gain access to databases with user information. Usernames and passwords were obtained.
- Food Bank of Central & Eastern North Carolinas told donors that they were a victim of a ransomware attack against donor management software company Blackbaud, that affected nonprofits around the country. Hackers accessed names, titles, spouse’s names, date of birth, and contact details like mailing address, phone number and email in the data breach On the same day, the YWCA of Nashville & Middle Tennessee was also reporting the same data breach. Earlier, other nonprofits, such as the higher education UNC System, said they were also victims of the attack.
- Popular banking app Dave suffered a data breach that affects 7.5 million users. According to Bleeping Computer, the data was stolen from Waydev, a former service provider for Dave users and included names, passwords, emails, and phone numbers. ShinyHunter, a hacking collective, has been blamed for the data breach.
If any solace can be taken, these recent data breaches are not close to the all-time biggest attacks on record. To make that list, you have to have at least 100 million records affected with the all-time record held by Yahoo’s 2013 attack that compromised 3 billion user records.
With a 100 percent fiber infrastructure and cutting-edge technology, PS LIGHTWAVE has proven cyber security policies and a track record protecting sensitive data. Contact us today to learn more about high-speed connectivity to your business.
PS LIGHTWAVE provides high-speed, fiber Internet for public and private commercial entities in the Greater Houston and surrounding areas.
Through our high-quality infrastructure, innovative technology and expert, locally based support, we deliver not only the best in connectivity and reliability but in scalability and redundancy. We invite you to learn more about our services, our history and our dedicated team.