Apple-backed data breach report says 2.6 billion records leaked in 2 years

An Apple-commissioned data breach report found 2.6 billion records were stolen by hackers between 2021 and 2022.
The report by MIT Professor of Information Technology Stuart Madnick, published Thursday, said breaches were up by 20% in the first three quarters of 2023 compared with all of 2022.
Increasingly sophisticated ransomware attacks and attacks on third-party vendors are key factors in the increasing scope of data breaches, according to the report.
Cloud security was cited as being increasingly important, as 80% of breaches include data stored in the cloud.
The report compiles statistics and case studies from more than 200 sources to provide an overview of data breaches over the last two years.
Ransomware attacks increased by nearly 70% in the first nine months of 2023 compared with the same time period last year, the report noted.
Overall, more ransomware attacks were reported from January to September 2023 than in all of 2022.
Increasing organization and shifting strategies of attackers are reported as key contributors to the rising ransomware threat.
Ransomware gangs like LockBit, ALPHV/BlackCat and Clop often launch multiple attacks on the same victim using different variants and expand their reach by providing ransomware-as-service, Madnick noted.
The amount of personal information and sensitive records exposed on the internet is also amplified by ransomware gang activity as hackers shift strategy from ransoming encrypted records to threatening to leak them if ransom is not paid.
Security failures of third-party vendors widen attack surface.
Exploitation of vendors that provide software and services to multiple customers has been seen in some of the most extensive data breaches in 2023.
The report highlights how attackers take advantage of the weaker cybersecurity posture of small- or medium-sized companies to get to their larger-sized customers and do the greatest damage in a single attack.
The vast majority - 98% - of organizations have a relationship with a vendor that has been breached within the last two years, according to SecurityScorecard research cited in the report.
One major example of a third-party vendor breach is the MOVEit hack of May 2023, in which the ransomware group Clop exploited a vulnerability in the MOVEit file transfer software to access files from more than 2,300 organizations.
The breach has impacted more than 65 million individuals and cost more than $10 billion globally as of October 2023.
Millions of sensitive records, including medical records and financial information, have been leaked as a result.
In a press release accompanying the publishing of Madnick's report, Apple stressed the importance of encrypting data stored in the cloud to decrease the amount of readable data available to attackers.
Apple's Advanced Data Protection for iCloud, launched in December 2022, uses end-to-end encryption to protect 23 data categories - nine more than default iCloud settings.


This Cyber News was published on www.scmagazine.com. Publication date: Fri, 08 Dec 2023 00:44:05 +0000


Cyber News related to Apple-backed data breach report says 2.6 billion records leaked in 2 years

How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
2 months ago Aws.amazon.com
Apple-backed data breach report says 2.6 billion records leaked in 2 years - An Apple-commissioned data breach report found 2.6 billion records were stolen by hackers between 2021 and 2022. The report by MIT Professor of Information Technology Stuart Madnick, published Thursday, said breaches were up by 20% in the first three ...
11 months ago Scmagazine.com
Electronic Frontier Foundation - We're not just talking about the ballot box, but the everyday power we all have to demand government agencies make their records and data available to public scrutiny. At every level of government in the United States, there are laws that empower the ...
8 months ago Eff.org
Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
11 months ago Securityboulevard.com
Apple: 2.5B Records Exposed, Marking Staggering Surge in Data Breaches - An Apple-commissioned report this week has highlighted once again why analysts have long recommended the use of end-to-end encryption to protect sensitive data against theft and misuse. The report is based on an independent study of publicly reported ...
11 months ago Darkreading.com
Data Breach Response: A Step-by-Step Guide - In today's interconnected world, organizations must be prepared to respond swiftly and effectively in the face of a data breach. To navigate these challenges, a well-defined and comprehensive data breach response plan is essential. Let's explore the ...
9 months ago Securityzap.com
Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds - Joe Sullivan arrived at his sentencing hearing on May 4 this year, prepared to go to jail had the judge not gone with a parole board's recommendation of probation. A federal jury convicted the former Uber CISO months earlier on two charges of fraud ...
1 year ago Darkreading.com
Data Breaches in US Schools Exposed 37.6M Records - Since 2005, educational institutions in the United States have experienced 3713 data breaches, impacting over 37.6m records. According to new data by Comparitech, 2023 marked a record year, with 954 breaches recorded - a dramatic rise from 139 in ...
6 months ago Infosecurity-magazine.com
AT&T says leaked data of 70 million people is not from its systems - AT&T says a massive trove of data impacting 71 million people did not originate from its systems after a hacker leaked it on a cybercrime forum and claimed it was stolen in a 2021 breach of the company. While BleepingComputer has not been able to ...
8 months ago Bleepingcomputer.com
Mr. Cooper breach affects more than 14.6M - Mr. Cooper, a major U.S. mortgage servicer, says an October data breach affected nearly 14.7 million people, including all its current and former customers. Mr. Cooper provided a data breach notification to the Office of the Maine Attorney General ...
11 months ago Packetstormsecurity.com
DNA testing: What happens if your genetic data is hacked? - The personal information of millions of people who sent swabs of their DNA to consumer testing services have been leaked in high profile hacks in recent years, leading to questions about how secure that genetic data is. In autumn 2023, a hacker ...
9 months ago Packetstormsecurity.com
Credentials are Still King: Leaked Credentials, Data Breaches and Dark Web Markets - Infostealers infect computers, steal all of the credentials saved in the browser along with active session cookies and other data, then export it back to command and control infrastructure before, in some cases, self-terminating. This article will ...
10 months ago Bleepingcomputer.com
Okta says data leaked on hacking forum not from its systems - Okta denies that its company data was leaked after a threat actor shared files allegedly stolen during an October 2023 cyberattack on a hacker forum. Okta is a San Fransisco-based cloud identity and access management solutions provider whose Single ...
8 months ago Bleepingcomputer.com
Alleged ShinyHunters Hacker Pleads Not Guilty After US Extradition - The ShinyHunters group is known for some of the largest data breaches in 2021-2022, in which the personal data of hundreds of millions of users was leaked on the now-seized Raidforums. In July 2022, HackRead.com reported on Sebastian Raoult, an ...
1 year ago Hackread.com
Europol confirms web portal breach, says no operational data stolen - Europol, the European Union's law enforcement agency, confirmed that its Europol Platform for Experts portal was breached and is now investigating the incident after a threat actor claimed they stole For Official Use Only documents containing ...
6 months ago Bleepingcomputer.com
Welltok data breach exposes data of 8.5 million US patients - Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack. Welltok works with health service ...
1 year ago Bleepingcomputer.com
D-Link confirms data breach after employee phishing attack - Taiwanese networking equipment manufacturer D-Link confirmed a data breach linked to information stolen from its network and put up for sale on BreachForums earlier this month. The attacker claims to have stolen source code for D-Link's D-View ...
1 year ago Bleepingcomputer.com
Largest non-bank lender in Australia warns of a data breach - Firstmac Limited is warning customers that it suffered a data breach a day after the new Embargo cyber-extortion group leaked over 500GB of data allegedly stolen from the firm. Firstmac is a significant player in Australia's financial services ...
6 months ago Bleepingcomputer.com
How Can Data Breach Be A Trouble For Your Industry? - To navigate an era of cyber risks, this unsettling reality necessitates a renewed focus on data integrity protection and digital asset protection. In this blog, we will discuss a data breach in the Hospitality industry. Some of the companies like MGM ...
10 months ago Securityboulevard.com
Goto Customers Backup Data Breach: Protect Your Business and Handle Data Breach Risks - A data breach at Goto customers exposed their backup data to malicious actors, leading to a data breach that impacted those customers. Businesses need to be aware of the risks associated with data breaches and how to protect their organisations from ...
1 year ago Securityaffairs.com
AvidXchange Notifies Consumers of Data Breach Following Period of Unauthorized Access - On October 13, 2023, AvidXchange, Inc. filed a notice of data breach with the Attorney General of Massachusetts after discovering that a recent cybersecurity event resulted in an unauthorized party being able to access the company's IT network. In ...
1 year ago Jdsupra.com
Law Firms and Legal Departments Get Singled Out For Cyberattacks - Cyberattackers are doubling down on their attacks against law firms and corporate legal departments, moving beyond their historical activity of hacking and leaking secrets to targeting the sector with financial attacks, such as ransomware and ...
1 year ago Darkreading.com
Apple blocked $7 billion in fraudulent App Store purchases in 4 years - Apple's antifraud technology has blocked more than $7 billion in potentially fraudulent transactions in four years, the company states in its latest annual fraud prevention analysis. From 2020 through 2023, the company also detected more than 14 ...
6 months ago Bleepingcomputer.com
PennyMac Files Notice of Data Breach That Leaked Thousands of SSNs - On October 19, 2023, PennyMac Loan Services LLC filed a notice of data breach with the Attorney General of Texas after discovering that unauthorized actors were able to access information that had been entrusted to the company. In this notice, ...
1 year ago Jdsupra.com
Europol confirms web portal breach, says no operational data stolen - Europol, the European Union's law enforcement agency, confirmed that its Europol Platform for Experts portal was breached and is now investigating the incident after a threat actor claimed they stole For Official Use Only documents containing ...
6 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)