Data breaches happen constantly. Data breaches are daily news. You’ll hear us talk about this in any conversation you have with a member of our team. It isn’t new information that incidents have become commonplace, yet many are avoidable. The breaches that occur because of credentialed misuse most certainly are preventable, with the right strategy and solution. In these quarterly roundups, we’ll highlight the data breaches that could have been thwarted had the impacted companies had the means to protect against exfiltration.

First, a quick look at the statistics related to global data breaches in Q1, which are staggering.

Total records breached: 30,578,031,872

Total incidents disclosed: 8,839*

OpenSea

Data breached: 6.9 M

An update on an event that initially occurred in June 2022, it was reported in March that 6.9 million OpenSea records are now for sale on a hacking forum. In 2022 OpenSea, a popular NFT marketplace, suffered a breach due to a staff member at Customer.io – a then contractor for OpenSea – who misused their access to download and expose email addresses of its users and subscribers. As reported by TechCrunch at the time of the incident, a spokesperson for Customer.io stated, “…this resulted from the actions of an employee who had role-specific access privileges that were abused.”

Tangerine Telecom

Data breached: 232,000

In February, Tangerine, an Australia-based telecommunications provider, suffered a breach that was reported to have affected more than 232,000 customers. The incident was the result of a contractor who accessed the customer database using compromised credentials.

Optum

Data breached: 6 TB

At the end of February, Optum, a subsidiary of UnitedHealth Group, suffered an attack on its Change Healthcare system, a platform used by more than 70,000 pharmacies across the US. While as of the end of March, Optum was still working to identify the true impact on its data, the BlackCat/ALPHV ransomware group has claimed responsibility for the exfiltration of 6 TB of data from Change Healthcare’s network.

Anthropic

Data breached: Unreported

In January, Anthropic, AI startup and creator of Claude, suffered a data leak that was classified as having only affected a small segment of its customer data. The event was the result of a contractor working with the company having sent an email containing customer information to a third party who should not have had access to it. While deemed non-malicious human error and not a breach, the incident demonstrates how easy a breach can occur without having an intentional plan and solution in place to protect data from credentialed misuse.

We invite you to check back quarterly for up-to-date recaps of data breach events happening to companies and their customers due to insider threats. Or, learn more about how i4 Ops protects against these events by scheduling a conversation at your convenience.

*Source: ITGovernance.co.uk