Mishandled Data Breaches in 2022 • TechCrunch

Data breaches can lead to data lossIt can be extremely damaging for companies of all sizes. However, it is how they react to the incident which can cause the most serious damage. We have seen some great examples of how companies respond to such incidents. ShouldResponse to Data Breaches over the Past Year – Disclaimer Red CrossAnd the pardonFor its transparency – 2022 was an entire year of lessons in how to not react to data breaches.

Here’s a look at the worst data breaches of this year.

nvidia

Chip giant Nvidia confirmed that it is looking into the “infamous” chip.electronic accidentHe confirmed that it was February in a statement. Data extortion has occurred. TechCrunch pressed the company for more details about the incident. TechCrunch was not able to get any information from them. TechCrunch was also not able to get any details about how the hack was done, what data was stolen or how many employees or customers were affected.

While Nvidia did not speak out, the Lapsus$ criminal gang claimed to have stolen 1 terabyte worth of information. This included “top secret” data, private source codes, and other sensitive data. According to the data breach monitoring site I’ve been pwnedHackers stole the credentials for more than 71,000 Nvidia employees. This includes email addresses and Windows passwords.

DoorDash

TechCrunch received a request from DoorDash to provide an exclusive report about the August issue. Data breach that exposed DoorDash customers’ personal data. It was unusual for us to be informed of a breach before it was made public. It was also strange for the company not to answer almost every question we asked about the news it wanted to make public.

TechCrunch received confirmation from the food delivery giant that attackers had accessed names, email addresses, delivery addresses, phone numbers, and partial payment card information of a smaller number of DoorDash users. It also stated that hackers gained access to data for DoorDash delivery drivers and Dashers.

But DoorDash declined to tell TechCrunch how many users were affected by the incident — or even how many users they currently have. DoorDash claimed the breach was caused in part by a third party seller, but TechCrunch did not ask for the name of the seller and did not specify when it learned it had been hacked.

Samsung

Samsung worked long hours before the July Fourth holiday. Quietly decreased significantlyeIts American systems had been hacked weeks before and that Hackers stole customers’ personal informationn. Samsung also confirmed that unspecified “demographic data” was available in the naked hack notice. This likely includes exact geolocation data of customers as well as browsing data from Samsung smart TVs and phones.

Samsung has not said anything about the hack since the end of the year. Instead of writing a blog post listing which or how many customers were affected by the hack, Samsung used the time leading up to the disclosure to create and promote a new mandatory privacy policy. On the same day the breach was disclosedeSamsung will be able to use customers’ exact geographic location in advertising and marketing

This was Samsung’s priority, evidently.

Revolution

September startup Revolut Fintech has been confirmedIt was the subject a highly targeted cyberattack. TechCrunch stated at the time, that an “unauthorized party” had gained access the details of a small fraction (0.16%), of customers “for short periods of time.”

But, RevolutionIt will not give exact numbers. According to the company’s website, it has nearly 20,000,000 customers. A 0.16% breach would equal approximately 32,000 customers. Revolut disclosed the breach to the company, and it said that 50,150 customers were affected, including 20,687 European Economic Area customers and 379 Lithuanian citizens.

The company declined to give details on the types of data accessed. In a message sent out to affected customers, Revolut stated that no card details or PINs were accessed. Revolut’s data breach disclosure indicates that hackers have likely accessed partial payment data for the card, as well as customers’ names and addresses.

A leading provider of NHS services

Advanced, an IT provider for the UK NHS, confirmed in October that hackers had stolen data from its systems. During the August ransomware attack. The accident resulted in the loss of many services, including Adastra’s patient management system (which helps non-emergency call handlers dispatch an ambulance and help doctors access patient records) and Carenotes, which mental healthcare trusts use to collect patient information.

Advanced shared with TechCrunch information about the incident responders — Microsoft, Mandiant — that they had been identified LockBit 3.0The malware used in the attack was not disclosed by the company. Although the company acknowledged that some data relating to more then a dozen NHS trusts had “copied and pulled”, it refused to give details about how many patients were affected or what data was stolen.

The applicant claimed that there was “no evidence” that the data in question was located outside of our control, and “the potential harm to individuals is low.” TechCrunch reached Out to Advanced chief operating officers Simon Short. He declined to answer TechCrunch’s questions about whether patient data had been compromised or whether Advanced had technical means such as logs to detect it.

twilio

Twilio, the US messaging giant, confirmed in October that it had reached A The second breachCybercriminals gained access to customer information via this hack. The hack was reported by the same “0ktapusThe August hacker attack on Twilio was buried in an updated incident report that provided few details about the hack’s nature and impact on customers.

Laurel Ramsey, Twilio’s spokeswoman, declined to confirm the number affected by the June breach of its network or to share a copy the notice it claims it sent to the affected customers. Ramzy also refused the question of why Twilio took four months to disclose the incident.

Rackspace

Cloud computing for enterprise giant Rackspace has been hit by a ransomware attackOn December 2, thousands of customers around world lost access to their data. This included archived email and contacts as well as calendar items. Rackspace has come under fire for its inaction regarding the incident and data recovery efforts.

Rackspace posted Dec. 6 its first update. It stated that it had not yet determined “what data, if any,” and that it would notify customers if sensitive information was affected. Customers are not yet aware if their sensitive data has been stolen at the moment, as we reach December’s end.

LastPass

Last, but not least: LastPass, a password-management company in trouble, was confirmed by hackers three days before Christmas Her keys were stolenMvaults of encrypted customers passwords weeks ahead of time. The hack is dangerous in that it affects 33 million LastPass customers, whose encrypted password vaults can only be as secure as the master passwords used to lock them.

LastPass’s handling the breach received swift reprimands from security professionals and harsh criticism from the security community. There is no action for customers to takee. However, this is based on A An analyzed read of its data breach noticeeLastPass discovered that customers’ encrypted password vaults may have been stolen as soon as November. The company confirmed that its cloud storage was accessed with a set of employee storage keys stolen in August during an earlier breach. It should be canceled.

LastPass is directly responsible for the breach. However its handling of the situation was shockingly poor. Will the company survive? Could. LastPass’s outrageous handlings of the data breach have cemented its reputation.