Below, weve compiled a list of significant, recent data breaches (and a couple of important data leaks) that have taken place since January 1, 2022, dated to the day they were first reported in the media. Information relating to 18,000 Credit Suisse accounts was handed over to German publication Sddeutsche Zeitung, and showed the Swiss company had a number of high-profile criminals on their books. Did you receive an email from "google-noreply@google.com" with the subject line "Notice of Class Action Settlement re Google Plus - Your Rights May Be Affected"? Brooks mentioned the Internet of Things (IoT) as an area to watch for growing cybersecurity risks. A threat actor that goes by the name of IntelBroker posted some of the leaked data on the infamous hacking forum Breached. Updated 21 March 2022 to add affidavit . Fishpig Data breach: Ecommerce software developer Fishpig, which over 200,000 websites currently use, has informed customers that a distribution server breach has allowed threat actors to backdoor a number of customer systems. This is the very first step to take, and you don't . June 22, 2022. He is a Technology Evangelist, Corporate Executive, Speaker, Writer, Government Relations, and Marketing Executive. Optus Data Breach Extortion Attempt:A man from Sydney has been served a Community Correction Order and 100 hours of community service for leveraging data from a recent Optus data breach to blackmail the company's customers. MailChimp claims that a threat actor was able to gain access to its systems through a social engineering attack, and was then able to access data attached to 133 MailChimp accounts. 50,150 customers have reportedly been impacted. The information included files from big restaurant clients, promo codes, payment reports, and API keys. Upon investigation, we discovered that a limited number of Slack employee tokens were stolen and misused to gain access to our externally hosted GitHub repository. The tool, for instance, likely pulls from a number of recent major online breaches, such as . North Face Data Breach: roughly 200,000 North Face accounts have been compromised in a credential stuffing attack on the company's website. The widely-covered T-mobile data breach that occurred last year, for instance, cost the company $350 million in 2022 and that's just in customer pay outs. We are quite used to seeing automated exploits of applications and perhaps that is how the attackers initially gained access to our system lead developer Ben Tideswell said of the incident. Information accessed could have included customers' date of birth, driver's license, passport numbers, and even medical information, they added. Ireland Set to Notify 20,000 More Health Data Breach Victims. OpenSea Data Breach: NFT marketplace OpenSea that lost $1.7 million of NFTs in February to phishers suffered a data breach after an employee of Customer.io, the companys email delivery vendor, misused their employee access to download and share email addresses provided by OpenSea users with an unauthorized external party. The company has agreed to a global settlement with the Federal Trade Commission, the Consumer Financial Protection Bureau, and 50 U.S. states and territories. Tech to Replace Hundreds of Jobs in Global Citigroup Layoffs, White House: Burden of Cybersecurity Should Be on Providers, Twitter Layoffs: Hardcore Musk Loyalists Axed in Surprise Cull, The Latest Victims of Tech Layoffs? We did not find any earlier records of data breaches involving Google. Cisco Data Breach: Multi-national technology conglomerate Cisco confirmed that the Yanluowang ransomware gang had breached its corporate network after the group published data stolen during the breach online. Some of the compromised data seemed to be incredibly outdated, while other credentials appeared current. Optus Data Breach: Australian telecoms company Optus which has 9.7 million subscribers has suffered a massive data breach. There will be huge security impacts in the coming year from the move to work from home (WFH) fueled by COVID-19. Guru Baran. Google issued the warning on its official Chrome blog, revealing that Chrome on Windows, macOS and Linux is vulnerable to a new 'zero-day' hack (CVE-2022-1096). More growth in the security industry. He has been researching and writing about technology, politics, and society in print and online publications since graduating with a Philosophy degree from the University of Bristol five years ago. Dropbox data breach:Dropbox has fallen victim to a phishing attack, with 130 Github repositories copied and API credentials stolen after credentials were unwittingly handed over to the threat actor via a fake CricleCI login page. At present, Reddit has no evidence to suggest that any of your non-public data has been accessed, or that Reddits information has been published or distributed online.. The Australian government has said Optus should pay for new passports for those who entrusted Optus with their data, and Prime Minister Antony Albanese has already suggested it may lead to better national laws, after a decade of inaction, to manage the immense amount of data collected by companies about Australians and clear consequences for when they do not manage it well.. While many data breaches and leaks have plagued the internet in the past, this one is exceptional in the sheer size of it. In 2022, 14% of Cloud Data Breach were due to Vulnerability Exploitation. In a statement, Rockstar said: We recently suffered a network intrusion in which an unauthorized third party illegally accessed and downloaded confidential information from our systems, including early development footage for the next Grand Theft Auto.. The vulnerability that facilitated the breach was known by Twitter at the turn of the year and had been patched by January 13, 2022, so data theft must have happened within that short window. These apps were listed on the Google Play Store and Apple's App Store and disguised as photo editors, games, VPN services, business apps, and other utilities to trick people into downloading them, the Tech giant said. Google Fi doesn't own its own cellular network infrastructure. LAUSD Data Breach: Russian-speaking hacking group Vice Society has leaked 500GB of information from The Los Angeles Unified School District (LAUSD) after the US's second-largest school district failed to pay an unspecified ransom by October 4th. SevenRooms Data Breach: Threat actors on a hacking forum posted details of over 400GB of sensitive data stolen from the CRM platform's servers. The DPC must be compelled to act now. And the number of overall data breach victims in 2022 is nevertheless expected to be below 2021 numbers. Samsung Data Breach: Samsung announced that they'd fallen victim to a cybersecurity incident when an unauthorized party gained access to their systems in July. Crypto.com Data Breach: On January 20, 2022, Crypto.com made the headlines after a data breach led to funds being lifted from 483 accounts. And yes, the email is legitimate (they likely found you via Google's internal records). Marshals Service investigating ransomware . The breach was first discovered on March 28, 2022, and information such as Social Security numbers, Patient IDs, home addresses, and information about medical treatments was stolen. The breach is thought to have been caused through social engineering, with the hacker gaining access to an employee's Slack account. Im seeing stories that Google released a big patch to shore up vulnerabilities in Chrome (https://www.forbes.com/sites/daveywinder/2022/04/30/warning-massive-new-security-update-for-32-billion-google-chrome-users-confirmed/?sh=7c35656841a7) but no articles talking about a specific data breach. Texas Department of Insurance Data Leak: The state agency confirmed on March 24 that it had become aware of a data security event in January 2022, which had been ongoing for around three years. In a lawsuit, Google was accused of collecting internet browsing activity on users who were making use of private browsing modes, also called incognito browsing. The case will see Uber's former chief security officer, Joe Sullivan, stand trial for the breach the first instance of an executive being brought to the dock for charges related to a data breach. Google-led internet giants behind 'biggest data breach ever recorded' The Irish Council for Civil Liberties (ICCL) on Monday revealed that Google and other internet giants are processing and passing . According to one estimate, 5.9 billion accounts were targeted in data breaches last year. The company was fined $148 million in 2018 the biggest data-breach fine in history at the time for violation of . DoorDash Data Breach:We recently became aware that a third-party vendor was the target of a sophisticated phishing campaign and that certain personal information maintained by DoorDash was affected, DoorDash said in a blog post. Speaking to talkRADIO on Monday the CEO of International Corporate Protection Group warned Gmail - which has more than 1.5 billion global users - may have been sabotaged by hackers. SuperVPN, GeckoVPN, and ChatVPN Data Breach: A breach involving a number of widely used VPN companies led to 21 million users having their information leaked on the dark web, Full names, usernames, country names, billing details, email addresses, and randomly generated passwords strings were among the information available. Imad is a senior reporter covering Google and internet culture. This is entirely 3D generated image. The proposed class for the lawsuit could including millions of users, essentially covering anyone who used the incognito mode since June 1, 2016. Get more delivered to your inbox just like it. Want CNET to notify you of price drops and the latest stories? This company worth $44 billion has been pwned by the furry hackers uwu., Although Atlassian initially blamed software company office coordination platform Envoy for the breach, the company later reneged on this, revealing that the hacking group had managed to obtain an Atlassian employees credentials that had been mistakenly posted in a public repository by the employee., Reddit Data Breach:Reddit has confirmed that the social media company suffered a data breach on February 5. Uber employees found out their systems had been breached after the hacker broke into a staff member's slack account and sent out messages confirming they'd successfully compromised their network. You may opt-out by. THATS RIGHT FOLKS, SiegedSec is here to announce we have hacked the software company Atlassian, the hacking group said in a message that was posted along with the data. The main issue involved data collected by viewers using YouTube Kids, a section of YouTube dedicated to child-friendly programming. By. In related news, former AWS employee Paige Thompson was convicted in June 2022 for her role in the 2019 Capital One breach. In this case, the app was listed on the Google Play Store. GovCon Expert Chuck Brooks Highlights Importance of Protecting Critical Infrastructure; Supply Chains in 2022, GovCon Expert Chuck Brooks Highlights Importance of Protecting Critical Infrastructure; Supply Chains in 2022 (executivegov.com). 2023 CNET, a Red Ventures company. Global Thought Leader in Cybersecurity and Emerging Tech, The concept of innovative information technology, Futuristic city VR wire frame with group of.