The biggest data breaches and leaks of 2022

More than 4,100 publicly disclosed data breaches occurred in 2022 equating to approximately 22 billion records being exposed. Cyber security publication Security Magazine reported that the figures for 2022 are expected to exceed this figure by as much as five percent.

In this article, we reveal which data breaches and leaks and the phishing, malware and cyber attacks ranked among our top ten most-read cyber security news stories of 2022.

Read on to hear about data breaches at Revolut, Twitter, Uber and Rockstar, and let us know if you were impacted by any of the incidents covered in the comment section below. 

10. Revolut data breach exposes information for more than 50,000 customers

The personal information for more than 50,000 users of fintech start-up Revolut was accessed during a data breach that took place on September 11, 2022. The breach involved a third-party gaining access to Revolut’s database and the personal information of 50,150 users. 

The data accessed included names, home and email addresses, and partial payment card information, although Revolut has stated that card details were masked.  
The Lithuanian government said that Revolut had taken “prompt action to eliminate the attacker's access to the company's customer data and stop the incident” once it was discovered.

Learn more about public response to the breach in this September post.

9. SHEIN fined US$1.9mn over data breach affecting 39 million customers

In October, Zoetop Business Company, the firm that owns fast fashion brands SHEIN and ROMWE, was fined US$1.9mn by the state of New York after failing to disclose a data breach which affected 39 million customers. 

The cyber security incident which took place in July 2018 saw a malicious third party gain unauthorized access to SHEIN’s payment systems. According to a statement issued by the state of New York’s Attorney General’s office, SHEIN’s payment processor contacted the brand and disclosed that it had been “contacted by a large credit card network and a credit card issuing bank, each of which had information indicating that [Zoetop’s] system[s] have been infiltrated and card data stolen”. 

The discovery was made after the credit card network found SHEIN customers’ payment details for sale on a hacking forum.

Read more about SHEIN’s mishandling of the breach in this October post.

8. Student loan data breach leaks 2.5 million social security numbers

A data breach on student loan servicer Nelnet Servicing caused the confidential information of more than 2.5 million users to be leaked in June 2022.  

It was concluded by the investigation on August 17, 2022, that due to a vulnerability in its system, student loan account registration information including names, home and email addresses, phone numbers and social security numbers, were accessible to an unknown third party from June until July 22, 2022.  

Following this discovery, Nelnet Servicing notified the US Department of Education and law enforcement.

Learn more about the response to the data breach in this August post.

7. Twitter confirms data from 5.4 million accounts was stolen

In July 2022, a hacker that went by the alias ‘devil’ posted on hacking forum BreachForums that they had the data of 5.4 million Twitter accounts for sale.

The stolen data included email addresses and phone numbers from “celebrities, companies, randoms, OGs”. ‘OGs’ refers to Twitter handles that are either short, comprising of one or two letters, or a word that is desirable as a screen name, for example, a first name with no misspelling, numbers or punctuation. The hacker ’devil’ said they would not be accepting offers “lower than [$30,000]” for the database. 

The data breach was the result of a vulnerability on Twitter that was discovered in January 2022.

Learn more about the vulnerability that led to the data breach here.

6. Hacker allegedly hits both Uber and Rockstar

Between September 15–19, 2022, a hacker allegedly hit both rideshare company Uber and video game company Rockstar.

On September 15, Uber’s internal servers were accessed following after a contractor’s device was infected with malware and their login details were sold on the dark web. The hacker accessed several other employee accounts, which then gave them access to a number of internal tools. The hacker then posted a message to a company-wide Slack channel and reconfigured Uber’s Open DNS to display a graphic image to employees on some internal sites.

The hack into Rockstar Games, developer of the Grand Theft Auto (GTA) game series, was discovered on September 19, 2022. A user called teapotuberhacker posted on Grand Theft Auto game series fan site GTAForums: “Here are 90 footage/clips from GTA 6. It’s possible I could leak more data soon, GTA 5 and 6 source code and assets, GTA 6 testing build.” 

In the post’s comments, the hacker claimed they had “downloaded [the gameplay videos] from Slack” via hacking into channel used for communicating about the game.

Rockstar Games made a statement via Twitter that said the company had suffered a “network intrusion” which had allowed an unauthorized third party to "illegally access and download confidential information form [its] systems”, including the leaked GTA 6 footage. 

Discover who orchestrated the hack and what happened to them in this September post.

5. 9.7 million peoples’ information stolen in Medibank data leak

On October 13, 2022, Australian healthcare and insurance provider Medibank detected some “unusual activity” on its internal systems. The company was then contacted on October 17 by the malicious party, who aimed to “negotiate with the [healthcare] company regarding their alleged removal of customer data”. However, Medibank publicly refused to bend to the hacker’s demands.

Medibank revealed the true extent of the hack on November 7, announcing that the malicious actor had gained unauthorized access to and stole the data for 9.7 million past and present customers. The information included confidential and personally identifying information on medical procedures including codes associated with diagnosis and procedures given.

Following Medibank’s continued refusal to pay a ransom, the hacker released files containing customer data called "good-list" and "naughty-list" on November 9, 2022.

The so-called “naughty-list” reportedly included details on those who had sought medical treatment for HIV, drug addiction or alcohol abuse or for mental health issues like eating disorders. 

On November 10, they posted a file labelled “abortions” to a site backed by Russian ransomware group REvil, which apparently contained information on procedures that policyholders have claimed on, including miscarriages, terminations and ectopic pregnancies.

Find a full timeline of the Medibank data leak in this November post.

4. Hacker attempts to sell data of 500 million WhatsApp users on dark web

On November 16, 2022, a hacker posted a dataset to BreachForums containing what they claimed to be up-to-date personal information of 487 million WhatsApp users from 84 countries.  

In the post, the alleged hacker said those who bought the datasets would receive “very recent mobile numbers” of WhatsApp users. According to the bad actor, among the 487 million records are the details for 32 million US users, 11 million UK users and six million German users. 

The hacker did not explain how such a large amount of user data had been collected, saying only that they had “used their strategy” to obtain it.

Learn more about the data breach in this November post.

3. Personal and medical data for 11 million people accessed in Optus data breach  

Australian telecommunication company Optus suffered a devastating data breach on September 22, 2022 that has led to the details of 11 million customers being accessed. 

The information accessed included customers’ names, dates of birth, phone numbers, email and home addresses, driver’s license and/or passport numbers and Medicare ID numbers. 

Files containing this confidential information were posted on a hacking forum after Optus refused to pay a ransom demanded by the hacker. Victims of the breach also said that they were contacted by the supposed hacker demanding they pay AU$2,000 (US$1,300) or their data would be sold to other malicious parties.

Find out more about how the Optus data breach occurred in this September post.

2. More than 1.2 million credit card numbers leaked on hacking forum

Carding marketplaces are dark web sites where users trade stolen credit card details for financial fraud, usually involving large sums of money. On October 12, 2022, carding marketplace BidenCash released the details of 1.2 million credit cards for free. 

A file posted on the site contained the information on credit cards expiring between 2023 and 2026, in addition to other details needed to make online transactions.

BidenCash had previously leaked the details of thousands of credit cards in June 2022 as a way to promote the site. As the carding marketplace had been forced to launch new URLs three months later in September after suffering a series of DDoS attacks, some cyber security experts suggested this new release of details could be another attempt at advertising.  

Discover how BidenCash gained access to 1.2 million credit card details in our October coverage.

1. Twitter accused of covering up data breach that affects millions

On November 23, 2022, Los Angeles-based cyber security expert Chad Loder tweeted a warning about a data breach at social media site Twitter that had allegedly affected “millions” across the US and EU. Loder claimed the data breach occurred “no earlier than 2021” and “has not been reported before”. Twitter had previously confirmed a data breach that affected millions of user accounts in July 2022, as seen in point seven of this article. 

Loder stated, however, that this “cannot” be the same breach as the one they reported on unless the company “lied” about the July breach. According to Loder, the data from the November breach is “not the same data” as that seen in the July breach, as it is in a “completely different format” and has “different affected accounts”. Loder said they believed that the breach occurred due to malicious actors exploiting the same vulnerability as the hack reported in July.

Learn more about the data breach and those impacted in this November post.

To explore more most-read cyber security news articles from Cyber Security Hub, click here to discover the top 10 cyber security threats and attacks of 2022.

Which data breach had the biggest impact on you? Let us know in the comments.