No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home GRC Vendor News

Top 5 Highest-Profile Data Breaches in 2020 (So Far)

by Corporate Compliance Insights
October 29, 2020
in GRC Vendor News
data breach text on cyber background

Cybercriminals are coming for corporate wallets

October 29, 2020 – Cybercriminals are currently exploiting the COVID-19 pandemic to carry out highly advanced cyberattacks, irregardless of industry or company size. During the first six months of 2020, several Fortune 500 businesses became victims of major data breaches, after which hackers were able to sell account credentials and sensitive data, as well as confidential and financial records of these organizations.

Here are the five highest-profile data breaches so far in 2020.

1. Zoom Credentials Hack

In the first week of April 2020, more than 500,000 stolen Zoom passwords were reported to be available for sale on the dark web, concerning many of the millions of brand-new users of the application. Some of the credentials were given away for free, while others were sold for as little as a penny each. The credentials each contained the username, password, registered email address, host key, and personal meeting URL. Such data gives a malicious actor access not just to the account, but to the contents of any meetings it might have either hosted or been a part of. So, in terms of the leaked private or confidential information, the total number of impacted users is probably far greater than the number of accounts for sale.

2. Twitter Phishing Attack

On July 15,  a tweet was shared on a number of high-profile accounts, including Barack Obama’s, Joe Biden’s, Bill Gates’s, and Elon Musk’s. “I’m giving back to the community. All bitcoin sent to the address below will be sent back doubled! If you send $1000, I will send back $2000. Only doing this for 30 minutes.” The tweet reached more than 350 million people and resulted in the recovery of $121,000 (£86,800) bitcoin in stolen “donations” within hours.

As Twitter announced later, “This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems.”

The company described it as a case of “social engineering”, where a hacker uses psychological manipulation to trick someone into giving away their login credentials or other sensitive information.

3. Marriott Social Engineering Attack

In March 2020, the Marriott Hotel Group suffered a huge data breach, which compromised the records of 5.2 million hotel guests.

Hackers were able to siphon off the data of 5.2 million guests by hacking the user credentials belonging to just two members of Marriott’s staff. This attack highlights the importance of company employees using multi-factor authentication and the potentially huge penalties for failing to do so.

“Zero Standing Privileges could also be used as part of a company’s defense strategy in such cases. This means that a user is granted access privilege only for a particular task and only for a time needed to complete it. Afterwards, the privilege is rescinded. If the user’s credentials get compromised, even an insider perpetrator will not have immediate access to the business’s data and systems,” comments NordVPN Teams Chief Technology Officer Juta Gurinaviciute.

4. Nintendo Credential Stuffing Attack

In April 2020, the online gaming pioneer Nintendo suffered a major data breach, when more than 160,000 user accounts were compromised in a single attack. Hackers initiated a credential stuffing attack and later used the online accounts to buy digital products through the Nintendo network.

Such attacks are common in the gaming and media sector, with Disney, Spotify, and the streaming giant Netflix all falling victim to similar attacks over the past year.

After the attack, Nintendo stopped allowing users to log in using their Nintendo Network ID (NNID). The company also recommended that users secure their data by using two-factor authentication mechanisms.

5. easyJet Credential Theft

The UK-based low-cost airline easyJet announced that cybercriminals had stolen data records of 9 million customers. With Europe’s strict GDPR rules, companies that breach data protection regulations could be in for some eye-watering penalties. The law firm PGMBM filed a class action lawsuit on behalf of the affected easyJet customers for $23 billion (£18bn).

In addition to the 9 million easyJet customers who had their personal details compromised, 2,200 also had their credit card details exposed, compounding the potential damage.

While easyJet promptly reported the matter to the Information Commissioner’s Office and other regulatory authorities, critics have claimed that the low-cost airline was slow to inform its customers about the breach, with some customers not finding out about it for up to 4 months after the events.

Corporate Security Challenges

According to IBM’s 2020 Cost of a Data Breach Report, stolen or compromised credentials and cloud misconfigurations are the most common causes of malicious breaches.

“With over 8.5 billion records exposed in 2019, and attackers using previously exposed emails and passwords in one out of five breaches, businesses should rethink their security strategy and consider the adoption of a zero-trust approach – reexamining how they authenticate users and the extent of access users are granted,” comments Juta Gurinaviciute, Chief Technology Officer at NordVPN Teams.

Similarly, companies’ struggle with security complexity – a top breach cost factor – is likely contributing to cloud misconfigurations becoming a growing security challenge. The same report also revealed that attackers used cloud misconfigurations to breach networks nearly 20% of the time, increasing breach costs by more than half a million dollars to $4.41 million on average. This was also mentioned as the third most expensive initial infection vector.

Companies and their employees have been thrust into a remote working environment rather suddenly, with many organizations’ remote networking capabilities still not as shielded as their on-premise IT infrastructures. This rapid shift has left many unsecured gaps that malicious actors are looking to exploit for financial gain — or to simply disrupt usual operations. The priority now is to secure endpoints and implement stronger authentication protocols for the cloud and other off-premise networks.

“Security teams have to develop strong policies to respond to the security challenges the world is facing, but their work doesn’t end there. They need to effectively communicate those policies to entire workforces and train employees on how to respond to them. Without a security awareness program, risk management strategies can become less effective, and we continue seeing the damaging effects this can have,” concludes the NordVPN Teams expert.

About NordVPN Teams

NordVPN Teams is a cloud-based VPN for business from the world’s most advanced VPN service provider, NordVPN. NordVPN Teams has a full range of features to ensure convenience and powerful digital protection for organizations of all sizes, freelancers, and remote teams. NordVPN Teams offers advanced 256-bit encryption, secure remote access, malware blocking, two-factor authentication, unsecured traffic prevention, automatic connection on Wi-Fi networks, and 24/7 customer support. NordVPN Teams is available on all major platforms. For more information: nordvpnteams.com


Tags: CybercrimeData Breach
Previous Post

Meeting the Compliance Challenges of Remote Work

Next Post

Intermediary Contracts: Enforceable Commitments to Ethics

Corporate Compliance Insights

Corporate Compliance Insights

Corporate Compliance Insights

Related Posts

data breach

Sobering Reality: Drizly Order Indicates Officers May Face Personal Liability for Data Breaches

by Baker Donelson
February 1, 2023

The FTC says Drizly’s CEO James Cory Rellas was alerted to a potential security loophole two years before a data...

cisa website

What Can Your Organization Learn From the New CISA Strategic Plan?

by FTI Consulting
January 11, 2023

Cyber threats against organizations of all sizes are only rising as scammers and fraudsters become more and more sophisticated. Kyung...

checklist

5 Tips to Gain Compliance on Your Compliance Training

by Stu Sjouwerman
October 12, 2022

We know that compliance doesn’t necessarily equal security and that training employees is vital to preventing cyber attacks. But a...

data spillage

Instead of Crying Over Spilled Data, Shore up Your Governance Practices

by Rich Hale
October 12, 2022

The reputational damage and compliance failures that result from a data spillage incident are well-known, and as the volume of...

Next Post
contract in foreground with businesspeople in background

Intermediary Contracts: Enforceable Commitments to Ethics

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT