Breaches galore as cybersecurity threat actors keep upping their game

Data breaches are becoming a different level as cybersecurity threat actors keep upping their game, and there seems to be no end in sight. Especially, when big tech slips up, it becomes rather worrying.

In March, tech giant Microsoft confirmed that when Russian cyber spies broke into its executives’ email accounts, they stole source code and gained access to internal systems. Microsoft’s statement revealed in a new 8-K filing that Russian-nexus adversary Cozy Bear is still in their environment from the attack made public.

Read more: The critical role of Vulnerability Assessment & Penetration Testing (VAPT) in cybersecurity

In India, in March, Rakuten India Enterprise Pvt. Ltd., had to issue an urgent warning to the public regarding a fraudulent scheme carried out under the guise of an entity named “R-ole.” The company uncovered unauthorized activities where its brand and leadership identities are being exploited in a scam soliciting personal funds under deceitful pretenses. This scam is mainly spreading through messaging platforms such as Telegram and WhatsApp. It involves over 17,000 subscribers and bogus invitations for an office tour that does not exist, planned from April 1st to 3rd.

Fake documents such as the “Activity Flow Sheet,” which outlines the supposed activities planned during this office tour, and invitations using Rakuten India’s office address still continue to circulate. Rakuten India urges the public to remain vigilant and report any suspicious events related to the scam known as “R-ole”, to the concerned police authorities. Rakuten India takes this matter extremely seriously and is taking firm action to combat the unauthorized use of its brand as part of fraudulent, criminal activity. Rakuten India asserts in the strongest terms that it never solicits financial contributions or personal banking details for any purpose. Rakuten India hopes that by highlighting these developments, unsuspecting individuals will not be duped by the scam.

Upon the discovery of individuals being duped into an ostensible “R-OLE Business Plan” that falsely claims a partnership with Rakuten India and other reputed brands, Rakuten India lodged a First Information Report (FIR) with the Cyber Crime Police.

The US has been feeling the heat of breaches too. According to data removal service organization Incogni analysis, since 2020, there have been 2,213 breaches with 152.1M affected individuals, corresponding to almost half of the American population. Almost a third of Americans might have had their Social Security number stolen, 94.5M people had their SSN breached, which is 28.34% of the US population. A quarter of Americans might have had their treatment information revealed, 79.6M people had this data point breached, 23.89% of the US population. California saw the highest number of healthcare breaches since 2020, at 221.

According to the analysis, names were exposed in the highest number of healthcare profiles—126.5 million. Addresses were the second-most breached data point, included in 106 million breached profiles (the equivalent of 31.82% of the US population), while Social Security information was the third-most common, included in 94.5 million breached profiles (28.35%). Birth dates ranked fourth, affecting 93.7 million profiles (28.12%), and treatment information was the fifth-most exposed, impacting 79.5 million profiles (23.85).

Healthcare providers were the most frequently targeted, with 1,572 breaches (71% of all reported healthcare data breaches) exposing 87.6 million healthcare profiles. The biggest data breach occurred at 20/20 Eye Care Network, where a cyberattack exposed over 4.1 million individuals’ names, addresses, Social Security numbers, and health insurance and claims information.

The most common cause was hacking and IT incidents, accounting for 1,622 breaches and affecting 136.8 million healthcare profiles. Network server breaches (50% of all cases) led to fewer medical information exposures than electronic medical records breaches (4.4% of all cases).

“The transition to electronic health systems has undoubtedly brought numerous benefits to the healthcare sector, but it has also introduced significant risks. The exposure of sensitive health information can have devastating consequences for individuals, as their data might be further used by data brokers or even criminals” — Darius Belejevas, head of data protection service Incogni

Darius Belejevas, head of data protection service Incogni, says, “The transition to electronic health systems has undoubtedly brought numerous benefits to the healthcare sector, but it has also introduced significant risks. The exposure of sensitive health information can have devastating consequences for individuals, as their data might be further used by data brokers or even criminals. As breaches continue to compromise patient privacy, they also put patients’ safety at risk and erode their trust in the healthcare system. Moreover, they can lead to identity theft, medical fraud, and other forms of exploitation. Despite the financial and reputational damages healthcare organizations face after breaches, many still fail to secure data adequately.”

Read more: AI the two-way sword in cybersecurity: It endangers & rescues in an unforeseen threat landscape

Cybersecurity remains a critical concern as threat actors continuously evolve. High-profile breaches, such as those involving Microsoft and Rakuten India, highlight the persistent vulnerability of even the largest organizations. The widespread impact of data breaches, particularly in the healthcare sector, underscores the need for robust protection measures. With millions of individuals’ sensitive information compromised, the urgency for improved cybersecurity and stricter privacy regulations is clear.

Ensuring the protection of personal data not only safeguards privacy but also maintains trust in digital systems. As breaches continue to rise, proactive measures and strong partnerships with data providers are essential to mitigate risks and enhance security.