According to the Identify Theft Research Center, hackers target hospitals, banks, manufacturing, and utilities. According to first-quarter statistics, phishing and ransomware assaults cause most data breaches. For example, malware, credential stuffing, and unprotected cloud tools cause breaches. 154 of 404 first-quarter incident reports did not explain the cause of a breach, the center said.
1. Cash App Investing LLC
Companies advise employees to avoid hacks and other catastrophes. For example, what happens when an ex-employee hacks? Cash App Investing’s cyber-debacle was 2022’s most significant data leak. According to CNN, 8 million Cash App Investing clients may have leaked personal data when a former employee obtained internal files without permission. In addition, the former employee received reports with customers’ complete names and brokerage account numbers related to stock activity on the site.
2. Beetle Eye
Beetle Eye, an online platform that aids marketers with email marketing campaigns, faced a significant breach reportedly caused by a misconfigured AWS S3 Bucket left without encryption. Beetle Eye, situated in Sarasota, Fla., apparently left its Amazon S3 bucket unsecured, exposing 7 million people’s private data.
3. FlexBooker
FlexBooker, which sells online appointment booking software businesses install on their websites, found a data breach in January. FlexBooker stated its “system data storage was also accessed and downloaded” as part of the attack, according to ZDNet. For example, the Columbus, Ohio-based company’s AWS servers were hijacked in late 2021. ZDNet reports that credit card information was taken.
4. Elephant Insurance Services LLC
Elephant Insurance Services in Henrico, Va., disclosed a cyber issue in May that may have affected millions of clients seeking insurance. Elephant Insurance began investigating after identifying “strange network activity” and found that an intruder may have accessed names, driver’s license numbers, and birth dates.
5. Lakeview Loan Servicing
Lakeview Loan Servicing in Coral Gables, Fla., is facing various lawsuits after a breach that affected millions. The incident occurred from October 27 to December 7, 2021, and sensitive consumer data was stolen. January’s breach was announced in March. National Mortgage Professional reports that a lawsuit claims some stolen data is for sale on the “dark web.”
6. Horizon Actuarial Services LLC
Horizon Actuarial, which offers technical and actuarial consulting services for numerous union benefit plans in the U.S., was attacked with ransomware late last year after two systems were accessed without permission. The group allegedly stole names, birthdates, Social Security numbers, and health plan information, Horizon said. Horizon Actuarial agreed with and paid the group to destroy and not distribute the stolen data.
7. Shields Health Care Group
Another hospital. In June, Quincy, Mass.-based Shields Health Care Group revealed a data security compromise affecting 2 million people at dozens of area healthcare facilities. Shields Health Care Group said it was informed in March of “strange activity that may have constituted data compromise” An unknown actor accessed various Shields systems between March 7 to March 21, 2022, the company claimed. The research found that the strange actor acquired data during such time. Shields said there was no proof the names, Social Security numbers, and insurance information were used to perpetrate identity fraud or theft.
8. Texas Department Of Insurance
State and local governments are another hacker favorite. For example, the Texas Department of Insurance may have been the perpetrator of the incident. TDI reported a web application security problem in March. TDI stated programming code permitted internet access to a secured application area.
9. Flagstar Bank
Another favorite hacking target: Flagstar Bank of Troy, Mich., disclosed a massive breach in June that affected 1.54 million people. After a forensic examination and manual document check, the bank learned on June 2, 2022, that personal information was accessed from its network. The bank had another data breach, and TechCrunch reported in January 2021 that Flagstar was hacked by Accellion.
10. Baptist Medical Center (San Antonio, Texas)
Hackers targeted a healthcare institution in the Baptist Medical Center in San Antonio, Texas, that experienced a severe breach in late June. The event is one of the most significant breaches monitored by the U.S. Department of Health and Human Services, which tracks healthcare breaches nationwide. The April breach involved sensitive patient data.
