2021 Was Not Fun for Those Who Suffered a Data Breach
Although 2021 brought about many positive changes and more of a return to normalcy, it did not bring fun times for the many organizations who suffered from costly data breaches.
With the numbers, costs, and impacts of a data breach on the rise, it’s important to do what you can to protect your sensitive data from a breach.
The Cost of a Data Breach
According to Ponemon Institute’s Cost of Data Breach Report 2021, the average cost of a data breach increased by nearly 10 percent year-over-year – making it the largest single year cost increase in the last seven years – rising from $3.86 million to $4.24 million.
And unfortunately, while it might be great for many people individually, remote work absolutely played a factor in causing data breaches for organizations. Remote work was to blame for a $1.07 million dollar cost difference in the average total cost of a data breach in situations where remote work was a factor, compared to situations where it wasn’t.
According to the report, healthcare organizations experienced the highest average cost of a data breach for 11 years in a row and jumped from an average cost of $7.23 million to $9.23 million, a 29.5 percent increase.
The report also concluded that customer Personally Identifiable Information (PII) was the type of data most often lost or stolen in breaches at 44 percent and has the highest cost per record at $180. The overall average cost per lost or stolen record sits at $161.
Related Reading: The Top 10 Healthcare Data Breaches of 2020
The Most Common Initial Attack Vectors
According to the Cost of a Data Breach Report 2021, the most common initial attack vector in 2021 was compromised credentials, responsible for 20 percent of breaches.
Following behind, phishing came in second at 17 percent, and cloud misconfiguration came in third at 15 percent. Business email compromise was responsible for just four percent of breaches but had the highest average total cost at $5.01 million. The second costliest initial attack vector was phishing at $4.65 million, followed by malicious insiders at $4.61 million, social engineering at $4.47 million, and compromised credentials at $4.37 million.
Watch the Webinar: How to Prevent Data Breaches with GoAnywhere
2021’s Biggest Data Breaches
The organizations that reported the largest data breaches in 2021 were as follows:
(Note: The estimate of liability uses the $180 per record cost in cases where PII was the target. This was identified by the Ponemon Institute’s Cost of a Data Breach Report 2021).
1. Cybersecurity Analytics Firm – 5 billion Individuals
A massive database of more than five billion records, collected from previous data incidents, was exposed on the web without any password or any other form of authentication required to access it.
The database was exposed for four days and contained 5,085,132,102 records; however, the firm responded rapidly and prevented any potential exposure. All or some of the data included passwords, name, email addresses, and data source.
Estimated liability: $915,323,778,360.
2. Online Job Platform – 700 million Individuals
This online job platform’s experienced a massive data leak in 2021 when the personal data of 700 million users was for sale online. Although the data did not include login credentials or financial information, the data appeared to be recent, with samples from 2020 and 2021.
The data included covered personal information that could be used to assume someone’s identity including full names, phone numbers, physical addresses, email addresses, geolocation records, and more.
Estimated liability: $126,000,000,000.
Related Reading: How a Data Security Breach Puts Your Organization at Risk
3. Online Social Platform – 553 million Individuals
A leaked database belonging to an online social platform containing 553 million accounts was discovered in 2021. The data included the personal information of users from 106 countries and included more than 32 million records on users in the United States, 11 million records on users in the U.K., and 6 million records on users in India.
The personal data included users' phone numbers, full names, locations, email addresses, and biological information.
Estimated liability: $99,540,000,000.
4. Ride and Delivery Company – 400 million Individuals
Researchers discovered this ride and delivery company publicly exposed all its production server information without proper password protection or encryption. Therefore, allowing access to more than 200GB of sensitive data containing more than 400 records.
The data contained full names, locations, and other personal information that hackers or other malicious actors could use to cause financial and reputational harm.
Estimated liability: $72,000,000,000.
5. Cross-Border Social Media Management Company – 318 million Individuals
This cross-border social media management company contained scrapped profiles of more than 214 million social media users obtained from several large and very popular social media outlets.
The database had more than 408GB of data and more than 318 million records of user profiles. Researchers determined full names, country of residence, place of work, subscriber data, contact information, and direct links to profiles were exposed in the data leak.
Estimated liability: $57,240,000,000.
6. Brazilian Database – 223 million Individuals
In January of 2021, the biggest personal data breach in Brazilian history was discovered. The databases included names, unique tax identifiers, addresses, phone numbers, facial images, email addresses, credit score, salary, and more.
Additionally, the data also contained the personal data of several million deceased individuals and 104 million vehicle records. The data was offered for free on a Darknet forum.
Estimated liability: $40,140,000,000.
Related Reading: New Tech and New Hacks: How Are Cyber Risks Changing?
7. Adult Site – 200 million Individuals
A database containing 200 million records belonging to an adult site was discovered in 2021. The database included 65 million user records containing email addresses, IP addresses, and more.
A separate database was also discovered containing 421,000 records for the platform including usernames, studio IDs, and more. Information on at least 134 million transactions was exposed and at least 719,000 chat messages were also leaked.
Estimated liability: $36,000,000,000.
Related Reading: Top Data Breaches of 2020: How You Can Minimize Your Risks
8. Business and Social Messaging Application – 150 million Individuals
A business and social messaging application suffered a large data breach when 150 million of its user records were exposed to the internet and then destroyed by a cyberattack involving a bot.
Personal data leaked online included full names, IP addresses, email addresses, and more.
Estimated liability: $27,000,000,000.
9. Thailand Visitors – 106+ million Individuals
In August 2021 an unsecured database that contained the personal information of millions of Thailand visitors was discovered.
The unprotected database dated back 10 years and contained the personal information of more than 106 million international travelers including full name, gender, passport number, residency status, and more. The incident was acknowledged, and the data was secured the following dat.
Estimated liability: $19,080,000,000.
10. Global Phone Supplier – 100+ million Individuals
In May of 2021, security researchers discovered the personal data of more than 100 million users of a global phone supplier was exposed due to several misconfigurations of cloud services.
Researchers discovered that data was unprotected in real-time databases used by 23 apps where anyone could access sensitive and personal information, including names, email addresses, dates of birth, phone numbers, payment information, and more.
Estimated liability: $18,000,000,000.
Related Reading: I’ve Just Been Breached, Now What?
How GoAnywhere Can Help Organizations Avoid a Data Breach
The software is easy to implement, requires no programming experience to use, and automates and audits the exchange of information with trading partners and internal systems. It encrypts data in motion and at rest to protect files from unauthorized use and potential data breaches.
Prevention is the best approach to keeping customer data from being exposed in a data breach. To avoid future incidents, it’s a good idea to take a thorough look at the cybersecurity practices that are currently being implemented throughout your organization.
If there are any gaps, strengthen your cybersecurity strategy by:
- Ensuring employees are educated on security concerns and email best practices
- Patching your systems and hardware frequently to avoid vulnerabilities
- Restricting access to only the individuals that need it
- Implement a Data Loss Prevention tool
- Implementing strong encryption protocols to protect PII
- Keeping detailed audit logs for all file transfer activities and workflow processes
- Following data retention laws and not keeping data any longer than needed
- Creating a data breach and incident response plan
The Numbers to Back it Up
Implementing strong security practices, analytics, and incident response (IR) preparedness can have a huge impact on cost savings in the chance that a data breach does happen.
According to the Cost of a Data Breach Report 2021:
- $5.71 million – This number expresses the average total cost of a data breach at organizations with no IR capabilities (IR team and IR plan testing) in 2021.
- $2.46 million – This number expresses the average total cost gap between IR capabilities vs. no IR capabilities in 2021, representing a 54.9 percent difference.