One would definitely celebrate if they’d hear that the number of victims per data breach incident is lower than 2021. But considering that the actual number of cybercrimes increased by 14% compared to the same period last year, we cannot find it good news. The Identity Theft Research Centre revealed that the average payment for ransomware attacks increased by 71% compared to 2021, and the average payout is around $1 million. Even if it’s sad to admit it, the truth is that we’re one step forward and two steps back to dealing with data breaches and their consequences. The same study states that financial service providers, healthcare organisations, utilities, and manufacturers are the main targets of cybercriminals.
It also reports that ransomware attacks and phishing are the most common types of data breaches in 2022. Other kinds of breaches implied using unsecured cloud tools, malware, and credential stuffing methods. Also, a large number of data breach incidents do not specify a cause.
If you want to keep up with the latest data security news, you’re in the right place because we rounded up the most well-known cyber attacks and data breaches of 2022.
1. Crypto.com
Everyone knows that investing in cryptocurrencies is a popular business nowadays, so there’s no surprise that cybercriminals targeted a website like Crypto.com. The platform was the victim of a severe breach at the beginning of the year, when around 500 wallets were accessed.
Even if the blockchain is considered one of the most secure transaction methods, the hackers used a pretty simple method to breach it. They circumvented the website’s two-factor authentication and stole from the clients $15 million Ethereum and $18 million Bitcoin.
In the beginning, the crypto platform denied the theft, but it later clarified that it was the victim of a breach and reimbursed its clients.
2. Microsoft
Not even a giant like Microsoft is a stranger to data breaches. In March, the company fell victim to Lapsus$, a hacking collective that took great pride in sharing with the world that they managed to hack Microsoft. Lapsus$ shared on Telegram a screenshot to prove they hacked the tech giant and compromised popular products like Bing and Cortana. They caused some buzz in the market and made off with some material from the company, but two days later, they announced that they’d stop their hacking efforts. Microsoft made a statement to assure the public that no customer data had been stolen during the breach, and its security team had no issues dealing with Lapsus$. However, the hacking collective is known for targeting tech giants, as it previously attacked companies like Samsung and Nvidia.
3. News Corp
Everyone has heard about News Corp at least once in their life, as it’s one of the most well-known news organisations worldwide. It surprises no one that cybercriminals have targeted it since forever and made several attempts to breach it. In February this year, the company admitted that it experienced multiple server breaches in February 2020. However, the news organisation also assured the public that no customer information was stolen during the breach and that the company’s daily activities remained unaffected by the events. In case clients’ data would have been stolen, they would have been entitled to ask compensation.
Data breach victims from the UK, for example, can make a compensation claim for the ones that failed to protect their data to be held responsible. They can work with solicitors specialising in data breach compensation in the UK to help them during the process and ensure they get fair compensation for their damage.
News Corp also shared with the public the fact that emails were stolen from their journalists, but unfortunately, the cybercriminals behind the attack haven’t been identified. The company believes it was an espionage target considering its servers hold highly sensitive data.
4. Red Cross
It’s hard to believe that someone wants to attack the Red Cross, but it looks like cybercriminals don’t shy away from transforming anyone into a target. In January 2022, hackers attacked a Red Cross third-party contractor and compromised half a million records, including information classified as highly vulnerable. An accident evaluation revealed that the cybercriminals stole sensitive data from thousands of people, and many of the victims are listed as vulnerable or missing. The organisation had to take its servers offline for a period to stop the attack and try to identify its source.
5. PressReader
Everyone knows that PressReader is the largest online distributor of magazines and newspapers globally and has the impression that it guards its information and servers using high-end methods. But it looks like hackers could breach even their systems. In March this year, an attack halted numerous top news titles. The publication didn’t share if ransomware was involved in the cyberattack, but it happened immediately after PressReader stated that it’d offer users in Ukraine free access. Some believe it was a political attack. The publication restored its publishing capability fast, but for three days, its users failed to access around 7,000 news sources.
6. Ronin
Ronin is a blockchain gaming platform that uses cryptocurrencies, and only a handful of hackers would be able to hack its systems, considering the level of security associated with the blockchain technology. It looks like a group of forward-thinking cybercriminals targeted the company between November 2021 and March 2022 and stole cryptocurrency from players. Axie Infinity, one of the games available on Ronin allows users to earn NFTs and cryptocurrencies, and its soaring popularity made the company dial back a couple of security protocols so the servers could host more players. The tweak enabled Ronin to welcome more players but also made it easier for criminals to access its systems and steal $600 million of cryptocurrencies. The gaming platform collaborates with the authorities to identify the hackers behind the attack and recover the funds. But until they manage to do it, they learned a valuable lesson for all companies, never compromise the security standards.