Data breaches are a common phenomenon in the world of data and can pose serious threat to organizations. When a data breach occurs, a company’s reputation is at risk, and fines from legal authorities may be imposed. The costs of such breaches can be enormous. According to IBM’s Cost of a Data Breach Report, issued in conjunction with the Ponemon Institute, in 2021 the average cost of a data breach reached $4.24 million per incident, in healthcare it was $7.13 million. Let us walk you through the biggest data breaches of 2021.

#1 The mother of all breaches

Number of records leaked: 26 billion

This is the most massive data breach recorded to date, a stark reminder of the escalating threats in data security. According to the diligent research conducted by Security Discovery and CyberNews, the sheer scale of this breach is staggering, with an estimated 12 terabytes of data leaked from companies like Weibo, MySpace, Twitter, Deezer, Linkedin, and many other companies and organizations. While some of the information appears to be from previous breaches, the unsettling revelation is that this dataset contains both exposed and novel data, intensifying the potential risks. It is crucial to note that the compromised information goes beyond mere credentials, encompassing highly sensitive data.

This massive incident underscores the critical importance of fortifying data loss prevention (DLP) solutions and implementing robust security measures to safeguard not only credentials but also the broader spectrum of confidential information.

Types of data exposed: 

  • User data
  • Email addresses
  • Passwords
  • More details are still under investigation

#2 Twitch

Number of records leaked: 5 billion

The Amazon-owned streaming service experienced a data breach in October. There was an error in a Twitch server configuration change that resulted in access to 100GB of data by a malicious third party and data leak.

An investigation was launched immediately, the company fixed the configuration and secured the systems. This leak was caused by a human error, hence an insider threat.

Types of data exposed: 

  • User data
  • Client list
  • Twitch's source code
  • Security tools
  • Three years of payment information



#3 Astoria Company

Number of records leaked: 30 million

Astoria Company LLC focuses on lead generation from various websites and collects data for its clients.

In January, the team at Night Lion Security discovered several new breached databases of Astoria Company for sale on the dark web. Night Lion notified Astoria Company, the company was not aware of the breach.

Types of data exposed: 

  • Social security numbers
  • Bank accounts
  • Driver's license numbers
  • Names
  • Email addresses
  • Dates of birth
  • Mobile phone numbers
  • Physical addresses
  • IP addresses
  • Credit history
  • Medical data
  • Home and vehicle information



#4 Park Mobile

Number of records leaked: 21 million

Park Mobile provides the largest cashless parking app in the U.S. In March, the company experienced a data breach in which the personal data of 21 million customers was sold online by Russian hackers.

The breach occurred due to vulnerability in a third-party software that is being used by the company. Park Mobile immediately launched an investigation, notified legal authorities, and recommended that customers change their passwords.

Types of data exposed: 

  • License plate numbers
  • Email addresses
  • Phone numbers
  • Vehicle nicknames



#5 ClearVoiceResearch.com

Number of records leaked: 15.7 million

ClearVoice Research focuses on market research surveys. In April, the company discovered that a backup file of one of their survey databases from 2015 was exposed and sold online.

The company launched an investigation, located the backup file, secured it and eliminated any further exposure. Other files were checked to see whether they were secured properly against other breaches.

ClearVoice Research reset the passwords of people whose data might have been compromised and implemented security measures to prevent the recurrence of such an event.

Types of data exposed: 

  • Names
  • Email addresses
  • Addresses
  • Home addresses
  • Phone numbers
  • Dates of birth
  • Passwords from 2015
  • Responses to various questions (such as health conditions, political affiliation and ethnicity)



#6 Jefit

Number of records leaked: 9.05 million

Jefit is a workout tracking app. In March, the company experienced a data breach due to a security bug. The breach impacted clients’ accounts that were registered before 20th September 2020.

The company secured the servers and impacted accounts immediately and launched an investigation and contacted the authorities. Jefit also adopted new security measures to avoid another breach in the future.

Types of data exposed: 

  • Account usernames
  • Email addresses associated with the accounts
  • Encrypted passwords
  • IP addresses when creating the account



How to avoid data breaches

There are various ways to avoid data breaches. The tips below might help you to protect your company’s valuable data.

  • Identify all the sensitive data in your company and review who can access it and why.
  • Review security policies and make sure they are not too difficult to understand and follow.
  • Educate your employees and reiterate why data security is important.
  • Implement a DLP solution that helps you to perform security audits and set and manage security policies.

Eighty-five percent of companies experience a data breach and 60% of small businesses close within 6 months due to a major data leak. At Safetica, we help all companies, large and small, from various sectors to protect their data against leakage and insider threats. Find out more information here.

Author
Kristýna Svobodová
Content Strategist @Safetica