Most of the Organizations are eager to leverage cloud computing resources with the intent of leaving on-prem behind. However, the hurry to move towards cloud infrastructure adoption means that security measures may not receive ample attention.
Data breach is a security violation where confidential, sensitive and guarded data gets stolen, viewed, edited or shared without permissions, sometimes even unintentionally through data leak or spill. Data breach can happen to anyone – from individuals to large-scale enterprises as well as Governments.
Let us have a look at some of the major data breaches that occurred in recent times –
- Marriott Data Breach – 5.2 Billion Data
Marriot, a primary hospitality leader experienced an alarming data breach on March 31st, 2020, that impacted over 5.2 million of their guests’ data who were using the hotel’s loyalty application. The cybersecurity breach exposed personal information such as name, birthdates, address and telephone numbers.
Hackers obtained the credentials of two employees at one of the Marriott properties and used them to siphon data for roughly a month before being discovered. Marriott later supported all the loyalty guests by setting up a website to address their grievances and concerns.
Data breach at Marriott could have been avoided by implementing multi-factor authentication for employees attempting to access sensitive data. The presence of hackers could have been detected early on if their IAM system had monitored for suspicious behavior.
2. Live Journal Data Breach – 26 Million Credentials
A database containing 26 million login credentials with information on usernames, emails, and plaintext passwords were compromised leading to additional personal information being shared, at Live Journal. Online user data had been leaked and sold on the dark web.
3. Magellan Health – 365,000 Patient Data
In April 2020, Magellan Health , a Fortune 500 health company, fell victim to Ransomware attack leading to a major data breach. According to investigations, the attack was fully planned by hackers, where they first hacked the employee login information and then posing as a Magellan client, the hackers gained access to one of the corporate servers to carry out the phishing attack.
Included in the breached data were employees’ personal information, employee IDs, sensitive patient details such as W-2 information, Social Security numbers and Taxpayer IDs.
To prevent any such similar incident from occurring in the future, Magellan Health have implemented additional security protocols designed to protect their network, email environment, systems, and data.
4. UBER Data Breach – 57 Million Users Data
Uber Technologies, the ride sharing company has disclosed that it suffered a major data breach in which around 57 million of their data was hacked and stolen. Personal information of their customers and drivers including their driving license numbers were compromised.
As per a statement provided by Uber, two people who didn’t work for the company, accessed the data on a third-party cloud-based service that Uber uses. Uber however announced that there is no concrete evidence on the hackers getting access to any other type of sensitive information like location, credit card numbers, bank account numbers, social security numbers, or birth dates.
In most of the data breach cases, organizations suffer mainly due to lack of several foundational security controls. Another major cause being remote access and privileged accounts, which are the top two targets for attackers coupled with threat vectors that need appropriate security practices in place.
Autonomous multi-governance platforms like CloudEnsure provide useful strategies to prevent and protect data breaches. A few tactics include –
- Multifactor Authentication
- Least Privilege
- Threat Assessment
- Cloud Security Monitoring
- Security Control
With CloudEnsure, you can be sure that you get the support you need.