2023 was marred with data leaks: 2024 might be even worse
Data leaks and identity theft have seen a record rise throughout 2023. The same trend may continue this year with several high-profile breaches hitting headlines in January. This includes the “mother of all breaches,” which hit platforms such as LinkedIn, Dropbox and Twitter, as well as a database of COVID-19 testing records.
ITRC: Identity verification can reduce crime
In the U.S., the number of data compromises during 2023 rose 78 percent compared to the previous year, reaching more than 3,200 incidents. The figure represents a new record, according to the Identity Theft Resource Center (ITRC), a nonprofit focused on victims of identity crime.
“The sheer scale of the 2023 data compromises is overwhelming,” the organization writes in its newly published 2023 Annual Data Breach Report.
Among the top breaches are those from T-Mobile, which impacted 37 million people, followed by Xfinity, PeopleConnect and Nationstar Mortgage. But while breaches were rampant, the number of victims has decreased by 16 percent compared to 2022. ITRC attributes this to a general trend of organized identity criminals focusing on specific information and identity-related fraud rather than mass attacks.
The organization warns that businesses are under-reporting breaches or not reporting them at all. The lack of information is not only impacting consumers but also companies that are in danger of supply chain attacks.
“A single supply chain attack can directly or indirectly impact hundreds or thousands of businesses that rely on the same vendor,” the report notes. “Stronger reporting requirements can help warn other vulnerable businesses of the risk associated with a similar attack.”
The organization’s call may find a sympathetic ear at the Federal Trade Commission, which will be hosting the Identity Theft Awareness Week starting on Monday, January 29.
In November 2023, the ITRC completed a review focused on identity verification, concluding that using facial verification and digital credentials is crucial to reducing the number of identity crimes.
January sees the ‘mother of all breaches’
The year 2024 is continuing to see similar trends in data breaches and leaks.
Researchers have discovered a whopping 26 billion leaked data records from platforms including LinkedIn, Twitter, Tencent, Dropbox, Adobe, Canva and Telegram. The database of leaked information is 12 terabytes in size and is referred to by those who discovered it as the “mother of all breaches” (MOAB).
The discovery was made by investigators from Security Discovery and CyberNews last week. According to the team, the dataset mainly contains information from past data breaches but also holds new information.
“The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts,” they say.
The largest number of records, 1.4 billion, comes from Chinese instant messaging app Tencent QQ. The database also holds data from Weibo, MySpace, Deezer, AdultFriendFinder, VKontakte and Daily Motion as well as various government organizations in the U.S., Brazil, Germany, Philippines, Turkey and more.
Poor security leaves Covid-19 databases open
Data leaks are also threatening sensitive health records. An estimated 1.3 million sets of COVID-19 testing records were left exposed in the Netherlands, including patient names, dates of birth, passport numbers and more.
The database belonged to one of the country’s largest commercial COVID-19 test providers, CoronaLab, a subsidiary of Microbe & Lab. The incident was discovered by Jeremiah Fowler, co-founder of Security Discovery, and reported to vpnMentor.
The vaccine record leak is not unprecedented. In April 2023, Thai authorities ordered ISPs to block a website that threatened to disclose the personal information of 55 million Thai citizens, allegedly obtained from vaccine registration records. The website was run by a hacker named 9Near, who claimed he was holding on to data such as full names, birthdates, ID card numbers and phone numbers.
More blocks may be coming. During January, Thailand has seen an increase in cyberattacks compared to 2023 with at least 14 significant data breaches, according to cybersecurity company Resecurity. One database posted to a dark web forum advertises records for 160,000 Thai people, and includes photos of individuals holding ID documents, such as are commonly used for matching selfie biometrics during identity verification.
Article Topics
cybersecurity | document verification | face biometrics | Identity Theft Resource Center | identity verification
Comments