Breaches of 2022

Data breaches and cyber attacks occur all the time. In 2022 we saw more take place than ever. It’s huge business for hackers. They want your data and raiding big corporations can lead to getting lots of information. Sometimes your data is held in companies you may not remember ever being involved with. When the hackers get in there, they get your data, then they sell it on the dark web, or they may splice it together with data about you they got from somewhere else and sell a complete profile to scammers who use the information to target you.

So, data breaches matter and they can affect you. Here are ten of the biggest from 2022.

1. Microsoft

In March, Microsoft was attacked by a hacking group that has previously gone after other big companies including Nvidia and Samsung. The hackers stole some data from Microsoft, but within a couple of days the company said that it had stopped the attack and that no customer data had been stolen - this time.

2. Twitter

In November, a data breach was reported that suggested Twitter suffered a data attack impacting millions of its users around the world. This was in addition to an earlier breach the company suffered that it reported in July, also affecting millions of other user accounts.

3. Optus

Australian telco Optus was targeted in a devastating data breach in September that led to details of customers’ names, dates of birth, phone numbers, email and home addresses, driver’s licence and/or passport numbers and Medicare ID numbers being exposed. This level of breach raised serious risks of widespread identity theft.

The hackers tried to get a ransom from the company, and posted the confidential data on a hacking forum when Optus refused to pay. Also, individual victims of the breach reported that they were contacted by the supposed hacker demanding they pay AU$2,000 (£1,100) or their data would be sold to other malicious parties.

4. Red Cross

In January, hackers attacked servers hosting the personal data of over half a million people receiving services from the Red Cross and Red Crescent Movement. It is suspected that the attack came from a malicious nation state, although not identified publicly. The majority of people affected in the attack are either missing or in hiding. The Red Cross took servers offline to stop the attack. No culprit has been identified.

5. Crypto.com

Also in January, hackers accessed individual crypto currency wallets and stole £15 million worth of Bitcoin and £12 million of Ethereum. The hackers managed to get past two-factor authentication. Although at first Crypto.com dismissed the attack as ‘an incident’, they later announced that they had reviewed systems and changed how they handled security. Individuals who lost money were reimbursed by the company - this time.

6. Uber

In September, a hacker announced on Uber’s internal Slack messaging system that the company had been hacked. It turned out that the hacker had got in through a compromised employee account, but several big databases were compromised. In December in another hack, 70,000 employee accounts were compromised.

7. FlexBooker

Early in the year, appointment management business FlexBooker suffered a hack that affected around three million of its users. Confidential data including ID information, driving licence data and passwords was stolen by the hackers. The hackers got into FlexBooker’s servers and installed malware to control the firm’s systems. The data was then offered for sale on certain hacking message boards, and FlexBooker has lost a large number of users as a result.

8. Facebook

Facebook revealed that it had discovered over 400 fraudulent Android and iOS apps that steal users’ login information. According to Meta, one million people may have had their login information taken. The apps often appear as something else, for example masquerading as picture editors, mobile games, or fitness monitors. With login credentials in the hands of hackers and scammers, they could acquire full access to a person’s account and do things like message their friends or access confidential information.

In another huge data leak at Facebook, users’ phone numbers, locations, and birthdates for which the parent company, Meta, was fined $276 million (£227 million).

9. Royal Mail

In November Royal Mail temporarily suspended its Click and Drop website due to a data breach. The security incident gave users access to other customers’ information.

The data breach was discovered after users warned Royal Mail that they are having access issues on Click and Drop and couldn't see orders placed on the website.

The company later announced that some users could see other peoples’ orders and described the incident as an “IT issue” or “a technical problem”.

10. Marriott

The Marriott Group has suffered a number of data breaches. Once again in June, hackers claimed to have stolen over 20GB of sensitive data including guests’ credit card information. The hackers described tricking an employee into giving them access to their computer.

How can I protect my data?

The best way to protect your data from being stolen is to make sure you get it deleted from any company that doesn’t need it. If your data isn’t in a company database when it gets hacked, the hackers can’t get it. The easiest way to find out which companies have your data and to get it deleted is with Rightly Protect. It’s quick, simple and free.