About halfway through every year, we post some of the most severe data breaches. These breaches are headline-grabbing.

We’ve intentionally drawn you into this article to educate you on the breaches, how they happened and to make sure you don’t make the same mistakes in your business.

Cybersecurity breaches are happening at an alarming rate. The concept of a data breach may seem abstract to you let me put this into plain English:

Every day criminals are holding small businesses hostage in return for financial gain. If you are a local business owner, the chances are you know of another local company that has had a cybersecurity incident.

Don’t let the next one be you. Here’s the top 3 from 2020

1:Marriott Suffers Another Credential-Based Data Breach

March 31st 2020, Marriot published an article stating: “an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property.”

The actual figure was 5.2 million.

How did it happen?

The attacker gained access to a wide range of customer data, including addresses, dates of birth and gender.

The lesson:

Make sure you know where your data is stored and what protection is in place. Who has ownership and who is responsible for controlling the access to this data? Do you have this mapped it? Start now.

2: Antheus Tecnologia Biometric Data

In March, Brazilian biometric company Antheus Tecnologia suffered a breach exposing 76,000 fingerprints from an unsecured server.

How Did it Happen?

The server did not store the actual scan but a binary data stream that allowed the hackers to recreate the fingerprints.

The worst part about this story is the fact that those fingerprints are now in the public domain and the individuals on the database may find themselves with problems in the future as biometrics become more widespread.

The lesson:

Encrypt data that may be on the edge of your network. Public-facing servers need to be regularly patched and updated to the latest security standards.

3: LiveJournal Credential Data

Back in the early days of blogging, millions of people took to LiveJournal to air their secrets, form communities, and write reams of fanfic. In May, Bleeping Computer reported that hackers were passing around a database containing 26 million login credentials.

How Did it Happen?

The database contains email addresses, user names, and unencrypted passwords.  This type of data would only have value as a tool and enable further credential stuffing attacks.

The Lesson

Your old data practices can come back to haunt you. Storing plaintext passwords, as LiveJournal seems to have done, is a big no-no, and they should have changed their policies to keep up with best practices.

The world has become a digital playground for cybercriminals. There are many vulnerabilities that you and your staff need to be aware of.

BreachWatch from Keeper keeps an eye on your accounts to see if you have been affected by a data breach.

Contact CyberBITS now for a security audit of your systems. Don’t let your business be the next local headline.