This month in data breaches: August edition

Data breaches are no longer the rarity that they once were. In fact, each day, 30,000 websites are hacked globally. It’s an epidemic that continues to affect organisations of all sizes, but the smaller breaches rarely make the news.

Indeed, attacks are now so frequent that it can be hard to keep up with them. That’s why we’ve launched a monthly blog series looking at the most significant breaches of the last 30 days and sharing what your team can learn from them.

So, join us below as we share the most significant breaches reported in the media in August 2022.

LastPass

In an ironic opening to our round-up, it appears that the widely used password manager, LastPass, was caught in a security breach.

LastPass reported the attacks “took portions of source code and some proprietary LastPass technical information.” The company assured customers that this took place in its development environment, that no customer details were at risk, and that no passwords were taken.

Nevertheless, users are understandably concerned that a company that takes pride in providing tools to secure personal and corporate information cannot secure its intellectual property. It highlights that unique, secure passwords for each service are the only genuinely secure password protection method.

Check out our Perfect Passwords course to learn more about how you can protect your organisation’s passwords.

Plex

Streaming media platform Plex sent out an email to its customers notifying them of a security breach that may have compromised account information, including usernames, email addresses, and passwords.

The email stated, “Yesterday, we discovered suspicious activity on one of our databases. We immediately began an investigation and it does appear that a third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords.”

This breach serves as yet another reminder to enable two-factor authentication if you haven't already. Furthermore, you should use a password manager, either free or paid, to easily manage unique, difficult-to-guess passwords and 2FA codes across all of your apps, services, and websites.

DESFA

DESFA, Greece's largest natural gas distributor, confirmed a limited scope data breach and IT system outage due to a ransomware-based cyberattack. DESFA explained that hackers attempted to infiltrate its network but were foiled by the IT team's quick response.

However, some files and data were accessed and possibly "leaked," indicating a network intrusion, albeit a minor one.

If the victimised organisation does not meet their demands, the ransomware actors threaten to publish all files associated with the file tree. This attack comes at a difficult time for European gas suppliers, as most countries abruptly reduced their reliance on Russian natural gas, which inevitably caused problems.

Ransomware attacks have become a common theme for businesses, locking down their data and demanding cash for their release. With the vast majority of attacks occurring through malware-infected phishing emails, training your team on phishing awareness is of vital importance.

Cisco

Networking giant, Cisco Talos confirmed a network breach after it was discovered that an employee's credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim's browser was being synchronised, wrote Cisco Talos in a detailed description of the attack.

In response to the attack, Cisco Talos themselves wrote, “Threat actors commonly use social engineering techniques to compromise targets, and despite the frequency of such attacks, organisations continue to face challenges mitigating those threats. User education is paramount in thwarting such attacks, including making sure employees know the legitimate ways that support personnel will contact users so that employees can identify fraudulent attempts to obtain sensitive information.”

Equipping your employees with vital cybersecurity awareness knowledge is no longer a tick box solution but an imperative skill to keep your organisation alive. Explore our range of training solutions that will actually engage your employees, so you don’t need to worry about when your next data breach will be.