With an inflated presence of digital products and information, an overwhelming amount of opportunity to obtain proprietary information relating to companies and individuals has come forth. Data breaches are a new fact of life as our world enters an increasingly data-driven state.

What is a Data Breach?

A data breach is an unauthorized act used to access and retrieve sensitive or personal information by an individual, group or software system. In other words, they are cybersecurity adversities that occur when data, intentionally or unintentionally, is placed into the wrong hands without the owner’s knowledge. The most common cyber-attacks used in data breaches are:

• Ransomware
• Malware
• Credential suffering
• Phishing

In 2020, data breaches exposed digital consumers’ Personally Identifiable Information (PII) at a shocking rate, placing almost three hundred million people at risk of identity theft and fraud. Below are some of the most colossal breaches to hit corporations of late.

1. LinkedIn

• 700 Million Individuals Impacted
• April 2021

In June 2021, A hacker known as “God User” used data scraping techniques to exploit LinkedIn’s API and announced they would be selling the entire 700 million customer database, impacting more than 90% of the platform’s users. LinkedIn argued that no personal, sensitive data had been exposed, but the incident violated the site’s terms of service. As noted in a statement by LinkedIn:

“While we’re still investigating this issue, our initial analysis indicates that the dataset includes information scraped from LinkedIn as well as information obtained from other sources. This was not a LinkedIn data breach, and our investigation has determined that no private LinkedIn member data was exposed.”

The scraped data sample shared by “God User” contained information regarding email addresses, phone numbers, geolocation records, genders and other personal social media details, giving access to plenty of user PII.

2. ParkMobile

• 21 Million Individuals Impacted
• April 2021

ParkMobile, a mobile parking app that assists users in finding parking and paying for its fees, experienced a data breach when the company became aware of user data being sold on a Russian-language crime forum. Gemini Advisory, a New York City-based threat intelligence firm, notified ParkMobile of a sales thread containing user data such as email addresses, phone numbers and license plate numbers. A response to the breach released by ParkMobile states,

“Our investigation indicates that no sensitive data or Payment Card Information, which we encrypt, was affected. Meanwhile, we have taken additional precautionary steps since learning of the incident, including eliminating the third-party vulnerability, maintaining our security, and continuing to monitor our systems.”

3. Accellion

• 3.46 Million Individuals Impacted
• February 2021

An American technology company specializing in secure file sharing for businesses, Accellion suffered from a data breach when hackers exploited several unpatched vulnerabilities in Accellion’s File Transfer Appliance (FTA). The hackers first gained access through several zero-day vulnerabilities in Accellion’s FTA, then used the key to install a web shell titled “DEWMODE.” Motives behind the attack were unclear until several organizations had received extortion emails from the hackers, threatening to leak the stolen data unless a ransom payment was made. 

A total of 100 companies from all sectors had been affected by the extortion when Clop’s, a dark web blog, leaked the data from several users in the U.S., Canada, the Netherlands and Singapore. At least nine healthcare organizations were affected, which included: 1.47 million Kroger Pharmacy users, 1.24 million Health Net members, 597,000 Trinity Health patients, 80,000 California Health & Wellness patients, 29,000 Arizona Complete Health members, and more. 

4. Volkswagen Group of America

• 3.3 Million Individuals Impacted
• March 2021

Volkswagen Group of America (VWGoA), a subdivision of the German Volkswagen Group, faced a data breach that exposed the personal data of more than 3 million Volkswagen customers. The breach came to light between August of 2019 and May of 2021 due to a VWGoA vendor leaving unsecured personal data disclosed on the internet. The vendor notified the corporation that unauthorized person(s) received access to the insecure data and may have had the opportunity to acquire user information of those who had purchased a Volkswagen or Audi automobile during that time.

Data analysis uncovered that the information belonging to 3.3 million users had been exposed, 97% of those records relating to owners of Audi vehicles or those interested in buying one. The released data included full names, email addresses, phone numbers and more than 95% of the stolen data included driver’s license numbers. 

5. ClubHouse

• 1.3 Million Individuals Impacted
• April 2021

An audio-based social media app, ClubHouse, experienced a data breach containing 1.3 million scraped consumer records from an SQL database. The user information was leaked for free on a popular hacker forum which included:

• User ID
• Name
• Photo IRL
• Username
• Twitter handle
• Instagram handle
• Amount of followers
• Account creation date
• Invited by user profile name

ClubHouse released a statement regarding the breach on social media, saying they never experienced a data breach. The response to another comment on Twitter states:

“This is misleading and false. ClubHouse has not been breached or hacked. The data referred to is all public profile information from our app, which anyone can access via the app or our API.”

Do you have information about data breaches and identity theft to share with Identity Review? Email us at press@identityreview.com.