It has been obvious in the recent years that data breaches became a serious risk for individuals, companies and institutions. In 2015, the cost of cybercrime to the world reached $3 trillion. Although companies are investing more and more to protect their systems, the value is increasing by several folds.
It is estimated that the value of ransomware damage alone is going to hit $11.5 billion in 2019. Damage from cybercrime is expected to continue increasing till reaching $6 trillion annually by 2021. These figures show the picture for the current situation in cybersecurity and they are based on thousands of cyber-attacks that take place annually.
Cyber-attacks are also affecting large multinational enterprises causing data breaches of billions of users' accounts. This is still happening in spite of the fact that around 20% of enterprises are spending more than $50 million annually on IT security.
Governments tend to digitize most of their information to cope with the massive growth of the digital world. The main purpose is surely to make people's lives easier by helping them access their information from anywhere. However, it is scary that billions of all people information are in a database. If a data breach happens, it may cause all kinds of problems. One of the famous systems that centralized the information of the country people is national ID database in India, known as Aadhaar.
Aadhaar contains information about 1.1 billion Indian citizen. This database contains various data about the citizens including their biometric data. It was claimed that there was a breach that could have affected all those users. Firstly, Unique Identification Authority of India (UIDAI) announced that all the data were secure and no data breach happened. However, Tribune News Service bought a service offered through WhatsApp from anonymous sellers refuting this announcement.
This service offers ID and password of any user for just 7$. You could also pay 4$ more to buy a software that facilitates the printing of the information. Once the information is gained, the buyer will get access to and control all the activities of the user. As mentioned previously, the database contains detailed information about the users including the fingerprints and their Iris identification.
Facebook and other social media websites became an integral part of people's daily life. This is somehow scary from the cybersecurity point of view. These websites save very detailed data about people including their photos, credit cards details, the places they visit, their preferences and much more. Although Facebook is currently investing billions in data security, data breaches on the website have not come to an end.
Facebook appeared again on the news headlines on September 25th 2018. This time Facebook faced a critical data breach when attackers were able to gain access to over 50 million accounts. They exploited a Facebook feature that gave them control over the accounts. This breach was the largest during the history of the company owing to the data that was accessed this time.
Mark Zuckerberg, founder and CEO of Facebook, admitted that "Facebook is not investing enough time in some of the downside uses of the tools". He also added that it would probably take a few years to fix data privacy issues.
It wasn’t a long ago when the scandal of Cambridge Analytica. This British company took advantage of users' information from 87 million Facebook accounts to influence US Presidential Elections. Currently, Zuckerberg is facing increasing pressure to step down as Facebook Chairman but Facebook is consistently refusing this.
A famous mobile app called MyFitnessPal that helps people track their daily diet and exercise got exposed to a huge data breach. Records of 150 million users were taken by the attackers. Fortunately, the critical information was stored separately. They weren’t affected. Apparently, there isn’t much danger from this attack. However, attackers may gain financial benefits from the data acquired.
Probably the data will be sold to companies who can use much of the information for their own business. Self-monitoring data gives valuable information for the new technologies appearing these days. For instance, wearable technology could easily reveal which direction they should go by using this data.
More dangerous data breach for another sports app happened when Strava app was attacked. This app tracks the distance cut by people during their exercises or daily life. It tracks the distance covered by the person including the starting point, end point and the road taken. Strava published a map which contains 1 billion users in a 2-year period.
This time it wasn’t an attack. The company itself published the map intentionally, most probably for marketing purposes. Revealing this data to the public affected military personnel who used the application as it compromised their location. Because of that, many military bases and undisclosed military facilities were easy to spot on this map revealed by Strava.
A major data breach happened to Exactis, which is a compiler and aggregator of business and consumer data storing the data of 3.5 billion users. The database which contains two terabytes of data became accessible publicly through a cyberattack.
The exact number of affected users is not known. However, it is believed that data of 340 million users were exposed. The database contains some sensitive information such as personal habits, addresses, phone numbers and the name of their children. This data; however, did not include any payment information.
Panera Bread Bakery was exposed to a data breach in April 2018. The company was warned by some security experts before the attack that their systems were vulnerable to cyber attacks. However, the company didn't really make any preventive measures.
A security expert followed the bug and the attack for eight months and released a report about the attack. Panera Bread website went offline after the report. The bakery said that the data of only 10,000 users were affected. However, it is believed that more than 37 million users were affected.