1

The aftermath of the July cyber attacks: is your data on the dark web?

The month of July has come and gone, but the cybersecurity threat remains the same. So it’s never a good time to sit back and rest on one’s laurels.

Instead, we all have to be on high alert to avert the next potential cyberattack. It's the only way to keep your company's name out of the headlines.

So what happened in the world of cybersecurity over what’s been deemed the warmest month on record?

Here’s a rundown of what happened last month. Some of these security incidents should give you great cause for concern.

The big Bulgarian data breach

Bulgaria’s National Revenue Agency was breached and exposed the Personally Identifiable Information (PII) of over five million working adults in the country.

The nation’s tax agency wasn’t even aware of the data breach until the hacker(s) shared details about the security incident with local media.

Although a couple of arrests have been made, it’s still unclear if the motivation behind the attack was hacktivism or cybercrime.

Unfortunately, the stolen data of millions of Bulgarian (and some international) citizens are now freely available online

This security incident will have far-reaching consequences. As names, birth dates, (and sometimes) addresses can’t be changed (at least not easily), the victims of this cyber attack will have to deal with the risk of identity theft and more for years to come.

Government data breaches aren’t limited to South-Eastern European countries. It can happen just about anywhere on earth.

A recent study found that the United States government experienced 443 data government/military breaches involving 168,962,628 records since 2014 (with 2018 being the worst year with over 100 security events involving 81,505,426 records).

The colossal Capital One attack

An entire nation getting hacked is bad enough, but that wasn’t the end. Millions more were victims of relentless cybercrime.

To add to the devastation, Capital One announced that the PII (including names, addresses, phone numbers, and credit scores) of over 100 million individuals in the United States and six million people in Canada were stolen.

The good news is that the hacker wasn’t able to gain access to credit card account numbers. However, the bad news is that approximately 140,000 Social Security Numbers and 80,000 linked bank account numbers were compromised.

Another million social insurance numbers of Canadian credit card customers were stolen.

The Capital One security breach was the result of human error (or a misconfigured web application firewall, to be more precise).

Although the alleged hacker, Paige Thompson, was arrested, it’s still not clear if she found more vulnerabilities and targeted more companies

At the time of writing this post, there was no concrete evidence of this information being bought and sold on the dark web.

The great LAPD hack

Governments (including the United States) want to end encryption as we know it. However, this gives us great cause for concern because even those who serve and protect us are also victims of data breaches.

The Los Angeles Police Department was breached, and the PII of almost 2,500 officers was compromised.

This security incident also exposed the details of 17,500 applicants (including their names, dates of birth, partial employee serial numbers and social security numbers, email addresses, and passwords) who wanted to become police officers.

It’s still not clear if the stolen information found its way onto the dark web. However, the LAPD encouraged both officers and applicants to monitor their personal financial accounts and obtain their credit reports.

They were also asked to file a complaint with the Federal Trade Commission. To date, we still don’t know how the LAPD was compromised.

However, the hacker claimed that the data was obtained through external sources. This means that the department was breached without the help of an insider like a former employee (or rogue employee).

These security events and other cyberattacks not mentioned here reaffirm the need for encryption. Once your sensitive data is in the hands of a third-party, there’s nothing anyone can do to protect it. 

We can only stress the need for encryption at all levels to ensure that our sensitive information doesn’t end up in a dark web marketplace.

Other security incidents you should know about:

Essential Health protected health information data breach

Fieldwork Software database leak

Maryland Department of Labor data breach

Sprint's unknown data breach

Let's wrap this up by highlighting the key message that shouldn't be ignored.

In the age of data, cybercrime is rapidly becoming the norm. To protect our digital assets, we have to use all our cybersecurity resources efficiently and effectively.

So it's now more critical than ever before for both governments and businesses to leverage robust encryption protocols to meet this threat, head-on.

To learn more about cloud security and encryption, schedule a free call with one of our in-house security experts.



to top