Nov 3, 2022
The Top Data Breaches of 2022 so far
Read More
Organizations are more vulnerable than ever. With the ever-evolving cyber threat landscape and the evolution of emerging technologies, like artificial intelligence (AI), threat actors are becoming more sophisticated. The surge in cybersecurity breaches is a growing concern for companies of all sizes. It’s clear, no industry is safe with the notable attacks across many different industries, it’s clear that threat actors have no bounds.
Cybercrime is anticipated to inflict a $10.5 trillion hit on the global economy by 2025. Even with robust cybersecurity defenses, organizations of all sizes remain vulnerable and continue to fall victim to costly breaches. According to Omdia Research and The State of Security for Finance, 42% of respondents reported having at least one breach with a total cost of $1 million, and 20% of respondents reported having one breach with a total cost of $5 million.
Now more than ever, it’s extremely important to choose security technologies that can proactively mitigate and respond to attacks before it’s too late. Unfortunately, this year has been another year of successful cybersecurity attacks, leaks, and breaches. Let’s dive into some of the breaches that occurred this year so far.
February 2023
U.S. Marshals Service
On February 17, 2023, the U.S. Marshals Service faced a significant breach, with hackers infiltrating data from a computer system. The information included a wealth of personal details about both investigative targets and agency employees, raising concerns about the extent and implications of the breach.
Government agencies and the federal justice system continue to be prime targets for cybercriminals. This vulnerability stems from the sensitive nature of information stored on their systems and the severe consequences associated with cyberattacks and data breaches. To prevent these risks, it’s crucial for organizations to maintain a vigilant stance in refining and implementing robust cybersecurity strategies.
Learn more from Nick Tausek, Swimlane’s Lead Security Automation Architect.
March 2023
DC Health
On March 6, 2023, a data breach at DC Health Link, the health insurance marketplace based in Washington, D.C., raised major concerns for the company and security issues for those who were impacted. Allegedly, the breach has affected members and staff of the US House of Representatives. Although it’s unclear, IntelBroker claimed to have data on 170,000 individuals, and was reportedly selling it on a cybercriminal forum.
Learn more from Nick Tausek, Swimlane’s Lead Security Automation Architect.
June 2023
MOVEit
As of May 31, 2023, the State of Maine discovered a software vulnerability in MOVEit, a third-party file transfer tool owned by Progress Software and utilized globally by numerous entities for data exchange. Exploited by hackers, this vulnerability enabled unauthorized access and file downloads from specific agencies in the State of Maine. The Russian ransomware group Clop claimed responsibility for the attack on June 6th.
Learn more about this from Nick Tausek, Swimlane’s Lead Security Automation Architect.
September 2023
MGM Grand
In September of 2023, MGM Resorts International fell victim to a cyberattack, prompting a shutdown of all of its systems. This projected to result in a $100 million impact on their third-quarter results. MGM Resorts anticipated incurring less than $10 million as a one-time cost related to the incident in the quarter ending on September 30.
Even with their substantial investments in technologies, adherence to regulatory frameworks, and robust cybersecurity protections, the MGM Resorts cyber attack serves as a prime example that vulnerability persists across all industries and organizations of any size.
Learn more from Nick Tausek, Swimlane’s Lead Security Automation Architect.
October 2023
23andMe Data Breach
Biotech firm 23andMe experienced a data breach involving a credential-stuffing attack, compromising customer accounts and exposing genetic data. Stolen information included names, emails, birth dates, and details related to users’ genetic ancestry. Hackers reportedly targeted data specifically linked to individuals of Ashkenazi Jewish and Chinese descent. Even more, the same hacker who leaked one million genetic profiles from 23andMe in early October returned and recently dumped over four million files, including the DNA Relatives feature that allows for connections between relations to be made.
Learn more from Nick Tausek, Swimlane’s Lead Security Automation Architect.
November 2023
Boeing
On November 1, 2023, Boeing reported a cyber incident affecting various parts of their operations. The LockBit ransomware group initially claimed responsibility, stating they had stolen a significant amount of sensitive data. This particular hacking group, typically deploys ransomware on a victim organization’s system to lock it up, as well as steal sensitive data for extortion.
December 2023
Norton Healthcare
Norton Healthcare, a non-profit healthcare system based in Kentucky, confirmed this month that it experienced a data breach earlier this year. During a ransomware attack in May, hackers gained unauthorized access to the personal data of millions. Norton Healthcare shared that around 2.5 million people, including patients, employees, and dependents, were impacted. This compromised sensitive information including Social Security numbers, health and insurance details, medical IDs, financial account numbers, driver’s licenses, government IDs, and digital signatures.
The broader conversation surrounding this highlights a concerning trend: healthcare organizations are increasingly becoming primary targets and experiencing breaches at an unprecedented rate.
Kyivstar
On December 12, 2023, Kyivstar, the largest mobile network operator in Ukraine, suffered a significant cyberattack causing disruptions in over 25 million mobile subscribers and over 1 million home internet customers. The CEO of Kyivstar said he believes the incident was caused by the ongoing conflict with Russia. This detrimental attack is one of the most significant cyber events in Ukraine to date.
Learn more from Nick Tausek, Swimlane’s Lead Security Automation Architect.
Prevent Breaches with AI Enabled Low-Code Automation
In many cases, the vulnerability that hackers and threat actors exploit, stems from a lack of automation. To fortify defenses against cyber breaches, leaks, or attacks, organizations must prioritize investing in cutting-edge security technologies. Automation plays a crucial role in enhancing data protection and safeguarding the overall integrity of the organization.
The global spending on security breaches has become outrageous. Today, the average cost of a data breach has surged nearly 30% to $4.45 million per breach. And companies in the U.S. spend an average of $9.48 million per breach, according to a 2023 report.
Security automation platforms, like Swimlane Turbine, serve as a vital piece to the puzzle. Low-code automation can enhance your operational flexibility and help identify cracks within your systems before hackers do. Although it’s undeniable that preventing all data breaches is a challenging task, companies can substantially mitigate their risk by incorporating AI enabled low-code security automation into their security systems.
Get Your Buyer’s Guide for Security Automation
Cut through the complexity and frustration of SOAR and security automation solutions. This guide analyzes the wide range of security automation platforms available today, so you can find the best solution for your team.
