As we continue to see, data breaches are happening daily; the rate continues to rise. With each instance of a breach, one would expect companies and their data security leaders to become more and more concerned about what has more or less become an epidemic. Instead, it seems most are still ok with looking outward instead of in.

The way these events are being considered and reported has become stagnant. The story of every instance is framed the same way – it’s the traditional cybersecurity perspective: ‘bad actor gets in and walks, (or sneaks) away with the data.’ It’s simply another day, another hack, another company. With this perspective, the problem persists. It’s time to recognize the real issue – that data breach is a data storage problem rather than a network problem.

The events we highlight in this quarter’s round up won’t be new information to most. Unfortunately, they each showcase this same point.

Here is a count of the global data breaches that have already occurred this year.*

Total records breached: 35,900,145,035

Total incidents disclosed: 9,478

As a sidebar to this quarter’s round up:

Beyond the above count is one very recent and staggering incident, which happened just last week. Titled RockYou2024, this is an exposure of a file containing nearly 10 billion plaintext passwords accumulated from past data leaks. It’s believed to be the biggest password leak in history. Some reports have urged individuals to change their password for any online profile they have created. From this compilation of passwords, threat actors could target any system that isn’t protected against a brute force attack.

If the daily reporting of other breaches isn’t enough, this further underscores how critical it is for the industry to change its cybersecurity practices and demand a new standard: to keep data in instead of waiting for it to get out.

As for Q2 2024, below are a few other events worth noting:  

Kaiser Permanente

Data breached: 13.4M

In April, this health care conglomerate reported a breach impacting more than 13 million current and former customer accounts. The event was described as “unauthorized access/disclosure,” and it has since been confirmed to be the result of the company’s sharing of information with third-party advertisers via a technology installed on its website and mobile applications.   

AT&T

Data breached: 73M

First reported in the final days of March, AT&T announced user data that it found to have been published on the dark web exposing personal information of 7.6 million current customers and more than 65 million former customers. After an investigation, a cybersecurity researcher has made clear that the exposed data also contained encrypted passcodes. As of the end of June, AT&T has claimed it does not believe the data exposure to be the result of exfiltration, though it has yet verified how the data was truly leaked. Other sources have indicated that the data set is now in third-party possession.

Advance Auto Parts

Data breached: 3TB

Reported in May, this incident comes as a result of unauthorized activity within a third-party cloud database environment containing company data. The breach impacted 380 million customer profiles, and data from 140 million customer orders, 44 million loyalty card numbers, and sales history, as well as employment candidate and employee information. As of early June, the company believes it has incurred $3 million in expenses as a result of the event.

Live Nation – Ticketmaster

Data breached: 1.3TB

In May, an attack on Live Nation resulted in the exposure of the personal data of users of its subsidiary, Ticketmaster. Originally reported as having impacted more than 560M consumers, the company claimed the breach was due to ‘unauthorized activity within a third-party database,’ and commented that it had executed remediation efforts to mitigate risk. In June, it launched an investigation to understand better what happened. Researchers have so far described the event as ‘absolutely massive’ and have stated that the sensitivity of the data in the leak is yet to be known.

Neiman Marcus Group

Data breached: 1.3TB

As the result of yet another attack reported in June, this luxury retailer suffered a leak of personal information of more than 60,000 customers after an unauthorized party gained access to a cloud database platform operated by a third-party database partner. As a result of the event, Neiman Marcus Group initiated an investigation with cybersecurity experts to determine that basic information and customers’ gift card numbers had been exposed.

____

A noted theme in all of the above – with the exception of the Kaiser Permanente breach – is the naming of a ‘third-party database’ as the cause of the leak. That third-party is now known to be cloud-based data storage provider, Snowflake.

Initially denying that its products were to blame, researchers identified that a single credential resulted in the exfiltration of potentially hundreds of companies that stored their data using Snowflake. As a result of investigations led by Mandiant, Snowflake has since issued a statement that the attacks were not caused by a vulnerability, misconfiguration, or breach of the platform, nor does the company have evidence suggesting the attacks were due to a compromised credential of a current or former employee. Rather, this was the result of stolen customer credentials by infostealer malware and urges the need for credential monitoring.  

____

If you rely on a third party that promises the protection of your data, this does not prevent exposure. Implementing stronger credential monitoring practices also does not prevent a breach. And if you rely on in-house measures, you likely have data protection, compliance, security standards and credentialed abuse – or some combination thereof – covered. But, if you don’t also have a proven exfiltration solution, your data is absolutely at risk.

If you have thoughts on this edition of the Quarterly Roundup, please weigh in. And if you have questions about how your company can be assured that a data breach can be prevented rather than simply protected against, reach us at any time. Check back next quarter for the most current roundup of data breach incidents due to insider threats.

*Source: ITGovernance.co.uk. Totals reflect data published in May 2024.