Digital transformation has made our lives easier in many ways, but one of its unwanted side effects is that it has also led to an increase in cybercrime. We rely on our Web-connected devices to work, entertain ourselves, and keep in touch with our loved ones, but all the personal data that is being put out there is often within the reach of cybercriminals.
Security experts point out that cyberattacks are more common than ever before and that hackers are eavesdropping on the many of the digital interactions we have every day. What’s more, no company seems to be immune. Even the Web services we assume to the completely safe can become victims of cyberattacks, which is why it’s all the more important to develop good security habits, such as creating strong passwords and using a VPN.
What makes these data leaks possible? One explanation could be that the practices used by hackers are becoming more sophisticated and, to a certain extent, that is true. However, data also shows that many companies have underdeveloped infrastructures that cannot handle cyberattacks. For example, one study found that 78% of IT leaders don’t have confidence in their cybersecurity posture, and another, that only 5% of company folders are properly protected.
With that in mind, it doesn’t come as a surprise that data is being leaked. In the past year, security experts have uncovered dozens of incidents, and some of them are unfortunately bleak reminders for the current state of the Web:
Patients of a Finnish mental health company were blackmailed with sensitive personal information.
Finland is one of the leading countries when it comes to telehealth and the digitization of patient records. However, when these records are not properly protected, and personal patient data is accessed, lives can be destroyed.
This happened to Finnish mental health company Vastaamo, which, prior to the security incident, had a great reputation locally and was quite popular in Finland, especially among students. Last year, a critical security flaw in the company’s systems exposed the entire database, and a group of hackers was quick to profit from it. In addition to names, phone numbers, and email addresses, the database also contained actual transcripts of therapy sessions and therapy notes. Hackers sent patients this sensitive information in a ransom email, threatening them that, if they did not receive €200 worth of Bitcoin in 24 hours, the hackers would send it to their entire contact list.
Needless to say, the episode was extremely distressing for victims, who couldn’t have imagined that records of their personal traumas and mental health concerns would become the topic of a ransom email. Unsurprisingly, this massive security incident marked the end of Vastaamo, and shows that decades of work and ethical practices can go up in smoke because of one flaw in the system.
This is just one of a series of data breaches suffered by healthcare companies. According to one study, 90% of healthcare organizations have reported at least one security breach in the past three years, but very few have the budget to tighten their security systems. This is a huge problem because telehealth is becoming more widespread, and healthcare organizations are being encouraged to move their records online, so we could see more leaks in the future.
For patients, the situation can be all the more frustrating because there’s nothing they can do to protect themselves. If on social media they can set their own strong password or enable two-factor authentication, how healthcare companies manage their data is out of their control.
The data of 533 million Facebook users was leaked online.
Facebook has been under the spotlight lately, and not in a good way. Apart from its controversial privacy practices, ad policies, and lack of sensitivity for users’ personal data, Facebook is now being criticized for its lack of transparency regarding a 2019 security vulnerability. Because of this vulnerability, the data of 533 million Facebook users was leaked online for free, including the email addresses and phone numbers that the accounts were linked to, birth dates, bios, and locations.
The leak targeted users from 90+ countries, but most victims were from the US, UK, and India. The most worrying part about this breach is that, even though it happened in 2019 and Facebook reportedly addressed the issue, the users weren’t notified, so they may be using a pwned email address.
Although the issue was fixed, this security incident is worrying because it happened to Facebook, the biggest social media platform in the world, which should have the resources to prevent leaks. What’s more, almost everyone uses Facebook, so a data breach of this magnitude can raise questions about the hidden dangers of using the platform. The good news is that there are ways to check if your email address was involved in a data leak and protect yourself by setting up two-factor authentication and creating stronger passwords.
An API security issue made Experian credit scores freely available.
Your credit score is a personal matter that you wouldn’t want to share with anyone and that only lenders should have access to. Unfortunately, a security issue in an API that credit bureau Experian was using allowed everyone who knew the subject’s name and email address could access their FICO credit score. Because the API wasn’t secured, the user looking for the credit score didn’t even have to know the subject’s birth date; instead, all they had to do was enter a string of zeros. The flaw was discovered by a student at Rochester Institute of Technology as he was looking for student loans and was thankfully fixed quickly.
However, the incident did reignite the discussion regarding API vulnerabilities, especially considering it wasn’t isolated. A few months ago, Clubhouse and Geico suffered similar leaks because of the APIs they were using. As for Experian, this isn’t the first cybersecurity scandal they’re involved in. In 2015, 15 million clients got their social security numbers, and passport numbers leaked online.