2020 has been quite the year for many reasons including cybersecurity trends that either emerged from or were accelerated by the global pandemic. A major shift to working remotely led to an unprecedented increase in the amount of sensitive data being transmitted over less secure networks.
The biggest cybersecurity news in Q4 2020 was the hack of the U.S. government affecting numerous federal networks which including both the Treasury and Commerce Departments as well as the Department of Homeland Security and more. Early reports pinned the attack on a Russian intelligence agency and the infiltration included free access to the email systems of affected networks. Per the New York Times, the cyberattack on federal systems was one of the largest and most sophisticated attacks in the past five years.
Date: December 2020
What happened: Twitter ran afoul of the EU’s GDPR regulations and was fined 450,000 euros ($547,000) by Ireland’s Data Protection Commission for not promptly declaring and documenting a data breach dating back to January 2019. TechCrunch reported the move was noteworthy because it was the first cross-border GDPR decision from Ireland’s DPC, the lead EU supervisor for global tech companies. The watchdog has active probes of other tech giants including Facebook, Google, Apple, LinkedIn, WhatsApp, and others.
Medical files across multiple networks
Date: December 2020
What happened: Analysts with digital risk protection company CybelAngel investigated healthcare data standards for Network Attached Storage (NAS) and Digital Imaging and Communications in Medicine (DICOM) for six months and uncovered more than 45 million medical imaging files such as X-rays and CT scans freely accessible on unprotected servers. The exposed images included personal healthcare information openly available without encryption or password protection. The exposed data was found on 2,140 unprotected servers across 67 countries including the U.S., U.K., France, and Germany.
Date: November 2020
What happened: Spotify was forced to reset an unknown number of user passwords after private account information was exposed to some of its third-party business partners. The privacy issue was blamed on a software vulnerability dating back to early April, but not discovered until November 12. According to Spotify, affected users’ data might have included email addresses, passwords, preferred display name, date of birth, and gender. The streaming music platform filed a data breach notification with the California attorney general’s office but did not disclose the number of its over 320 million users impacted by the data breach.
Date: October 2020
What happened: VoIP vendor Broadvoice exposed 350 million records in an unprotected database cluster. At the beginning of October, a security researcher found 10 collections of data in Broadvoice’s Elasticsearch cluster with exposed records including caller names, phone numbers, locations, and transcriptions of voice mails. The voicemail data group included more than 2 million records and 200,000 transcriptions some including sensitive information such as personal medical and financial transactions.
Data breaches are always going to be a part of the business landscape. For example, just this year, ransomware and phishing attacks have increased by around 600% and continue to trend upward. Heading into 2021, businesses can meet the challenge of improving their cybersecurity postures by teaching and employing best security practices such as enforcing strong login credentials and multi-factor authentication across devices, conducting regular security audits, encrypting business data, and avoiding social engineering attacks.
To defend against data breaches, organizations should take proactive action and sign up for Keeper’s BreachWatch™ for business. BreachWatch is easy to set up and manage while offering enterprise-grade protection that scales with your business.