2020 Top Breaches: Part I

Each week Cyber Security Hub offers an Incident of the Week for consideration by the community. Initially the incidents centered around misconfiguration, credential stuffing, password exposure, phishing, unauthorized access, malware and ransomware.

If you can truly remember what life was like pre-pandemic in Q1, 2020- you're in the minority. Our lives have all changed. And the cyber security discipline is completely different. We have gone from an evolving debate about on-prem in Q1, 2020 to everyone fortifying the "perimeter of one" in Q1, 2021.

Q1, 2020 showcased business-as-prehistoric-usual featuring the benefit of openness in the face of a significant breach and ransomware attacks picking up steam. Although it might seem less recent, Microsoft Misconfiguration happened in January. The quarter also featured stolen PII from the UN and a focus on dynamic and continuous security assessment in the face of multiple payment card data findings. Finally the election year activity around government agencies came into focus.

Here is how the Incident of the Week played out each week of Q1, 2020 here on the Cyber Security Hub:

January

• Zynga Security Breach Affects 170 Million User Accounts
  • Mobile game developer Zynga disclosed unauthorized access to 170 million user records. With personal data at stake, an openness and level of transparency is needed by businesses when communicating with customers, users and personnel. This Incident Of The Week article shares how to avoid complacency.

• Ransomware Hits Currency Dealer Travelex
  • A New Year’s Eve ransomware attack on currency dealer and forex services provider Travelex impacted customers and financial partners. The cyber-attack is the latest along with the City of New Orleans and New York’s Albany International Airport.

• Misconfigured Servers Result In 250 Million Microsoft Customer Support Records Exposed
  • A misconfiguration applied to five Elasticsearch database servers in December 2019 led to the exposure of 250 million customer support records for software maker Microsoft. How should less sophisticated organizations manage cloud and application server configurations?

February

• Leak Discloses UN Data Breach From 2019
  • Hackers broke into dozens of United Nations (UN) servers in July of last year, and UN officials kept quiet about it. The worst part? PII was stolen and employees were kept in the dark. Cyber Security Hub delves into the cyber challenge for non-profit and non-governmental organizations (NGOs).

• Wawa Customer Payment Card Data Found on Dark Web
  • Convenience and fuel retail chain Wawa disclosed a data incident in December 2019. Now, payment card information for 30 million customers has been found for sale online. We discuss how a malware attack creates a different set of risks for a company compared to an exposed database discovery.
• Quaker Steak & Lube Alerts Customers To Payment Card Incident
  • Several independently owned restaurants in the Quaker Steak & Lube chain announced their retail point-of-sale terminals were remotely accessed and infected with malware that captured customer payment card data. Cyber Security Hub explains the scope and cause of this data breach.

• Security Researcher Uncovers 440 Million Records From Estée Lauder
  • A security researcher discovered an exposed database containing 440 million records belonging to beauty manufacturer Estée Lauder. The data for an education platform was publicly accessible. In this Incident Of The Week, we look at the value of dynamic and continuous security assessment.

March

• Carnival Cruise Lines Hit By Cyber-Attack
  • A Carnival cruise ship was subject to a cyber-attack in May of 2019. Though several months have passed, the effects are still lingering. This Incident Of The Week looks at how the cruise line responded and steps enterprises can take to improve their security posture.

• Defense Electronics Manufacturer CPI Succumbs To Ransomware Demands
  • Electronics manufacturer Communications & Power Industries (CPI) was victimized by having its data encrypted and held ransom. Some of its customers include the US Department of Defense and the DoD’s DARPA. The company paid the $500,000 ransom and is still working to restore systems.

• Virgin Media Exposes Data of 900,000 People
  • The company attributed the hacking to a member of staff who had “incorrectly configured” the database, and promised it's building a specific online service which will allow individuals to find out if they have been affected by the breach, and what information could have been visible.

• Health and Human Services Hit with Security Breach
  • On March 15th, the HHS's network security system detected a sharp increase in activity. Over several hours, hackers tried to overload the department's servers with millions of requests. The hackers weren't able to steal any data, but that didn't seem to be the point of the attack.