In cyber security, no end-of-the-year list is complete without the most notable data breaches of the year. We’ve collected a few of the most notable breaches where the cause of the breach was revealed to be e-mail traffic.
A data breach through e-mail happens for example when someone sends an e-mail with private data to the wrong person, or if someone is sent the wrong files with sensitive data. But more and more we see that a successful phishing, ransomware or malware attacks through e-mail is the initial cause of a data breach.
Companies more open about breaches, but closed to the cause
A thing we noticed this year is that companies are being more open about being breached. A good thing, but we also noticed that they tend to keep the cause of the breach more to themselves. It’s generally referred to as a ‘hack’, no matter the cause.
Your organization suffered a data breach, now how to resolve that and inform all involved?
There are several possible reasons for that. One of them is that they can be held accountable, with fines and lawsuits just around the corner. But it can also be that they don’t want to let everyone know what the cause was to prevent further breaches. And maybe the main cause of the breach isn’t even taken away yet, so they want to keep it on the down low before others abuse a weakness.
Twilio has the biggest
We’re starting the list of with the biggest data breach of 2022, Twilio. Twilio provides tools used by, among others, Airbnb, Twitter, Facebook and Uber. The cause of the breach was a phishing email which ended up getting the log-in credentials of several employees. After that, the attackers gained access to a host of internal systems which contained customer data.
The wrong Signal
The fallout of the Twilio hack led to a very sensitive hack at Signal, the secure messaging app. The attack exposed phone numbers and SMS codes for about 1,900 people. That made it possible for hackers to register other devices to the account and potentially access messages.
Both Twilio and Mailchimp hacks show one hack can have a huge fallout and even lead to more data breaches.
Omnicell suffers from a case of ransomware
A ransomware attack exposed the private information of over 128,000 clients of Healthcare company Omnicell. The nasty detail about this attack is that it included a lot of private data, like credit card info, financial status, social security numbers and health insurance details.
Mailchimp goes bananas
Several Mailchimp employees fell for a sophisticated phishing attempt and they company credentials were compromised. The culprits managed to get access to 102 user accounts. They then proceeded to use these accounts to send out phishing emails to their mailing lists. Because for the recipients, the emails came from a trusted source, they were also exposed. No data has been made public (yet) of the fallout of this breach.
Municipality is too open with wrong attachment
A Dutch Municipality had a sensitive leak in December. During Corona, entrepreneurs could apply for financial support from the government. At the end of 2022 final calculations were done, and some people had to pay back some or all of the support. Three entrepreneurs wanted a more detailed calculation to determine if all was handled correctly for them.
When your e-mail security isn't on point, odds are your own people are more likely to cause a data breach than a hacker.
They were all supposed to get a PDF with their personal case. But that attachment sent was an Excel file with ‘hidden’ tables containing all social security numbers.
Start of 2023 with a positive bang!
These 5 examples are just a few of the numerous data breaches that happened in 2022. And as far as malicious actors are concerned, they will probably try just as hard to steal or access data in 2023.
With SmartLockr you can prevent data breaches like the above. With automatic e-mail security, both the e-mail and the attachments are checked before being sent out. And did you make a mistake after all? Then you can even retrieve the email before the recipient opened it!
Want to know more and start off 2023 with a positive bang? Why not book a demo with one of our security advisors and see how you can improve your security.