The Log4j vulnerability has demonstrated the importance of supply chain security. In this blog post we consider the best course of action that companies can take to protect their software supply chain.
Another day, another data breach. With more than five thousand data breaches and over seven billion records exposed, 2019 was the worst year on record for breach activity. According to research from Risk Based Security, the number of data breaches within just the first nine months of 2019 increased 33% since last year. Retailers, medical providers, and public entities experienced the most data breaches due to misconfigured databases, unsecure endpoints, and the accidental exposure of sensitive data on the Internet.
Let’s take a look at some of the worst data breaches of 2019:
Facebook Failed to Protect Personal Data
In March, an internal investigation at Facebook found that hundreds of millions of account passwords were being stored in plain text. Unfortunately, this wasn’t the only security lapse for the social network. Just one month later, Facebook data containing more than 540 million records was exposed online in a public database. The data, which included personal details such as names and Facebook IDs, was an easy target for cybercriminals as it resided on Amazon cloud servers without any protection.
First American Financial Corporation Under Fire
First American Financial Corp. was under fire for exposing 885 million customer records that included bank account information, Social Security numbers, images of drivers' licenses, and mortgage records. The real estate title insurance company was storing sensitive documents from 2003 to 2019 on a website that could be easily accessed by anyone who had the correct URL. While the impact of the exposure is still being investigated, recent scams regarding escrow fraud could be related to this breach.
American Medical Collection Association Forced to File Bankruptcy
Approximately 20 million patients had their data exposed when medical bill collector American Medical Collection Association (AMCA) was hacked. Multiple class-action lawsuits were filed against AMCA and its contracting clients over the breach of patients' payment data, Social Security numbers, medical information, birth dates, phone numbers, and addresses. Ironically, the debt collector was forced to file for bankruptcy protection in the aftermath of the disastrous data breach.
Capital One Data Stolen by Hacker
In July, Capital One fell victim to a data breach that exposed data from more than 100 million U.S. citizens and 6 million Canadian residents. About 140,000 U.S. Social Security numbers, one million Canadian social insurance numbers, and 80,000 bank account numbers were stolen by a hacker. This will reportedly cost Capital One $100 million to $150 million as it continues to investigate the data breach.
Encryption is Key to Protecting Data
According to Juniper Research, the cost of data breaches will rise from $3 trillion each year to over $5 trillion in 2024, an average annual growth of 11%. This will primarily be driven by increasing fines and penalties as regulations tighten.
As cybercriminals show no signs of slowing down, organizations must do their part to protect confidential information and customer privacy by implementing the proper security measures. Encryption technology, commonly used by enterprise virtual private networking (VPN) software, is the only reliable way to protect sensitive data such as credit card details, home addresses, and Social Security numbers.
Since encrypted data is encoded, it can only be accessed with the correct key, usually using symmetric- or public-key encryption. Data treated this way is impossible to decipher, effectively rendering it unintelligible to cybercriminals.
With a VPN in place, communications are encrypted while in transmit and at rest. This guarantees that customers’ personal information can be stored securely within both internal databases and cloud applications.
Interested in learning how VPN software can protect your organization from a data breach? Contact us here.