So far, 2022 has been a bumper year for hackers, with record-breaking ransom requests and successful social engineering attacks levied against some of the world’s biggest businesses. The average cost of a data breach was up 13% from 2020, sitting at an incredible $4.4 million. And it seems this dark industry is only going to grow as we forge deeper into the roaring 20s.
Hold onto your enterprise disaster recovery plan because we’re about to dive into five of the worst data breaches to go down in 2022.
1. Microsoft (USA)
In March 2022, Microsoft was targeted by the infamous Lapsus$ hacking group. By infiltrating the software giant, the group was able to also gain access to Bing, Cortana, and other products under the Microsoft banner. The breach was revealed via a post on the encrypted messaging service Telegram. Lapsus$ also hit Nvidia, Samsung, Okta, and other high-profile companies and government agencies in 2022.
2. Panasonic (Canada)
The Canadian arm of Japanese tech giant Panasonic confirmed it had experienced a data breach in February 2022. The Conti Ransomware-as-a-Service (RaaS) group took responsibility for the attack, which they say earned them around 2.8 gigabytes of data. This data reportedly included accounting spreadsheets, internal files, and HR documents. Though Panasonic didn’t give up details of the attack, a spokesperson did reveal to TechCrunch that they were “working diligently to restore operations,” suggesting that it may have involved ransomware.
3. Marquard & Bahls (Germany)
Large German energy and chemical company Marquard & Bahls was targeted in early 2022. The news broke in February as more than 200 gas stations across the country had to be closed due to the attack. The BlackHat gang is believed to be responsible, and they targeted Marquard & Bahls circuitously via a weakness in their supply chain.
Supply chain attacks are devilishly difficult to prepare for since they don’t directly involve your company’s security measures. Rather, hackers seek to gain access to your system via trusted suppliers or customers who have some form of access. For example, in 2021, the IT management software company Kaseya was hacked, and the perpetrators then sent a malicious update to its customers. Once downloaded, this update installed ransomware on a victim’s device.
4. Multiple schools (UK)
One of the more sinister attacks of 2022 was carried out against a number of schools in Britain. A crime syndicate known as Vice Society is believed to have been behind the attack. The hackers were able to download the sensitive data of thousands of British school children, threatening to publish it all online if their ransom demands weren’t met. Unfortunately, much of the information was indeed leaked, including sensitive details about vulnerable children.
5. Optus (Australia)
While many of the biggest hacks of 2022 went down in the US, Australia has had more than its fair share. Indeed, the country went through its biggest data breach of all time, with major phone carrier Optus having the dubious honor of being the victim.
In September 2022, a rogue (and possibly inexperienced) hacker was able to gain access to sensitive customer data, including passports and other forms of ID. Millions of Australians were affected, including past customers whose records were still on file. Shockingly, the data was easily obtained via an unprotected API endpoint.
Unfortunately, the title of “worst data breach in the country” likely won’t be held for too long. With new breaches coming to light every month, it’s important for modern businesses to learn from the mistakes made by others and batten down their digital hatches.