How come our passwords/data are “out there”?

This is one of the most common questions our callers ask. The call usually starts with a concern over identity theft, possibly from an email sent to them with personal details. And most of us think there are hackers trying to penetrate our individual Ocado account or maybe we gave the details away on a fake site. In reality most of our data has been stolen in data breaches. In fact, according to Varonis. Since 2013 over 10 billion data records have been stolen. In the UK over 140 million. Household names have been hit Nintendo, Zoom, Marriot Hotels and EasyJet to name but a few. This article explains how these breaches occur and although it will not make the reader any happier about being caught up in one it will erase some common misconceptions.

The first scary fact is that, according to Radar metadata, 94% of data breaches occurred because of unintentional or inadvertent user errors That is to say only 6% of data leaks came from malicious actions such as a computer virus/malware or unauthorized access. So, the first lesson is that we should be more worried about how big companies keep our data safe then nefarious cyber criminals in dark hoodies!

The first major source of these unintentional losses is when companies use code repositories for programmers to store work. Unfortunately, not all programmers ensure the information is locked away. Scotiabank from Canada and Mercedes Benz are examples of large companies that left huge amounts of important data available for public access in one of these repositories.

Another source of leaked data is when programmers make a mistake when setting up their data in cloud depositories. UK based printing company Doxzoo had 270,000 records including confidential documents exposed this way. The Cloud like all technology is great advance but must be used safely.

Equifax suffered one of the worst data leaks in history in 2017 with 143 million records exposed. This loss came about due to them not having not updated the security on one of their servers. In the same way as well need to regularly download updates for our phones and PCs, it is the same for big companies and when they do not, they leave a big vulnerability.

Another unintentional way that big breaches have occurred is when suppliers to big company’s shave been compromised and this back door has been exploited. Target, the massive US retailer, suffered the loss of 70 million customer records when one of their third-party suppliers’ systems was compromised and hackers then found their way to Target’s data. The moral of this lesson that its not only organization that needs to stay cyber safe its all your suppliers as well!

We have to mention business email compromise (BEC) attacks before we finish. According to the FBI, BEC attacks between June 2016 and July 2019 led to over $26 billion of losses. Poor password etiquette, lack of training and insufficient protection suffer are all to blame. And, although as mentioned above these only amount to 6% of data losses the numbers still add up to an awful lot!

So, next time you receive an email where they seem to know a lot of your details or are sent an invoice from your builder asking to pay a different account, please think about how it is very possible that your details or your builders email account details are out there due to a leak and its worth calling them to find out if its real or just a scammer using data that’s been accessed or stolen.

This article was produced with the help of Nightfall AI: Cloud-Native Data Loss Prevention Platform