The Biggest Data Breaches Of 2022

There’s been a high rise in global data breaches for several years, and 2022 has been littered with information thefts. This year, they’ve affected companies and organisations of all shapes, sizes, and sectors, costing US businesses millions in damages.

Here’s an overview of the data breaches that made headlines in 2022!

January

• Red Cross

In January, data of over 515,000 people (some fleeing from war zones) had been seized via a cyberattack. The data was lifted from over 60 Red Cross societies globally via a third-party company that the organisation uses to store data.

February 

• NVIDIA

In February, Nvidia revealed that it was investigating a possible cyberattack, which was confirmed in early March. The infamous hacking group Lapsus$ leaked information pertinent to more than 71,000 employees.

March 

• Microsoft

​​On March 20, 2022, Lapsus$ targeted Microsoft. 

The group posted a screenshot on Telegram indicating they had hacked Microsoft and compromised several other products. By March 22, Microsoft announced that it had stopped the hacking attempt, and only one account was compromised. Microsoft also said that no customer data had been stolen.

• Apple and Meta

In late March, Apple and Meta were outwitted by hackers pretending to be law enforcement officials. The big techs provided the threat actors with customers’ personal information in mid-2021. Some of the hackers were assumed to be Lapsus$ members. 

April

• Cash App

Cash App admitted that a former employee had breached the servers in April. The hack involved sensitive financial as well as personal information of the customers. As a result, the company contacted over eight million customers to inform them about the incident.

May 

• Costa Rican Government

The Conti ransomware gang hacked the Costa Rican government—which was forced to declare a state of emergency. Conti members stole highly valuable data and demanded $20 million in payment to not leak it. Nearly 90% of this data—amounting to around 670GB—was posted to a leak site on May 20.

• SuperVPN, GeckoVPN, and ChatVPN

The breach led to the information of 21 million users being leaked on the dark web. Full names, usernames, country names, billing details, email addresses, and randomly generated password strings were among the information available.

June

• OpenSea

NFT marketplace OpenSea suffered a data breach after a Customer.io employee misused their employee access to share Opensea users’ email addresses with an unauthorised external party. As a result, the company stated that anyone with an email account shared with OpenSea should “assume they are affected”.

July

• Twitter

Twitter suffered a data breach of 5.4 million accounts after threat actors built a database of phone numbers and email addresses. The data of accounts, including celebrities, companies and random users, is now sold on a hacker forum for $30,000. 

August 

• Plex

A data breach into the media server app ‘Plex’ resulted in encrypted customer data being compromised by millions. The vulnerability was addressed and secured, but Plex still encourages users to reset their passwords and enable multi-factor authentication.

September

• Uber

In mid-September, Uber discovered they were hacked after the hacker announced in the company’s Slack organisation, “I am a hacker, and Uber has suffered a data breach”. This caused the company to shut down its internal messaging service and engineering systems to get to the root of the incident.

• Microsoft

Microsoft recently confirmed that a misconfigured system had exposed the data of thousands of customers. The breach might have affected over 65,000 entities across 111 countries. 

October

• Tata Power

On October 14, Tata Power disclosed that a cyberattack had hit its Information Technology infrastructure, and some of its systems were affected. However, in a Bombay Stock Exchange filing, the Mumbai-headquartered company said all critical operational systems were functioning and had “taken steps to retrieve and restore its systems”.