FB pixel

2023 was marred with data leaks: 2024 might be even worse

2023 was marred with data leaks: 2024 might be even worse
 

Data leaks and identity theft have seen a record rise throughout 2023. The same trend may continue this year with several high-profile breaches hitting headlines in January. This includes the “mother of all breaches,” which hit platforms such as LinkedIn, Dropbox and Twitter, as well as a database of COVID-19 testing records.

ITRC: Identity verification can reduce crime

In the U.S., the number of data compromises during 2023 rose 78 percent compared to the previous year, reaching more than 3,200 incidents. The figure represents a new record, according to the Identity Theft Resource Center (ITRC), a nonprofit focused on victims of identity crime.

“The sheer scale of the 2023 data compromises is overwhelming,” the organization writes in its newly published 2023 Annual Data Breach Report.

Among the top breaches are those from T-Mobile, which impacted 37 million people, followed by Xfinity, PeopleConnect and Nationstar Mortgage. But while breaches were rampant, the number of victims has decreased by 16 percent compared to 2022. ITRC attributes this to a general trend of organized identity criminals focusing on specific information and identity-related fraud rather than mass attacks.

The organization warns that businesses are under-reporting breaches or not reporting them at all. The lack of information is not only impacting consumers but also companies that are in danger of supply chain attacks.

“A single supply chain attack can directly or indirectly impact hundreds or thousands of businesses that rely on the same vendor,” the report notes. “Stronger reporting requirements can help warn other vulnerable businesses of the risk associated with a similar attack.”

The organization’s call may find a sympathetic ear at the Federal Trade Commission, which will be hosting the Identity Theft Awareness Week starting on Monday, January 29.

In November 2023, the ITRC completed a review focused on identity verification, concluding that using facial verification and digital credentials is crucial to reducing the number of identity crimes.

January sees the ‘mother of all breaches’

The year 2024 is continuing to see similar trends in data breaches and leaks.

Researchers have discovered a whopping 26 billion leaked data records from platforms including LinkedIn, Twitter, Tencent, Dropbox, Adobe, Canva and Telegram. The database of leaked information is 12 terabytes in size and is referred to by those who discovered it as the “mother of all breaches” (MOAB).

The discovery was made by investigators from Security Discovery and CyberNews last week. According to the team, the dataset mainly contains information from past data breaches but also holds new information.

“The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts,” they say.

The largest number of records, 1.4 billion, comes from Chinese instant messaging app Tencent QQ. The database also holds data from Weibo, MySpace, Deezer, AdultFriendFinder, VKontakte and Daily Motion as well as various government organizations in the U.S., Brazil, Germany, Philippines, Turkey and more.

Poor security leaves Covid-19 databases open

Data leaks are also threatening sensitive health records. An estimated 1.3 million sets of COVID-19 testing records were left exposed in the Netherlands, including patient names, dates of birth, passport numbers and more.

The database belonged to one of the country’s largest commercial COVID-19 test providers, CoronaLab, a subsidiary of Microbe & Lab. The incident was discovered by Jeremiah Fowler, co-founder of Security Discovery, and reported to vpnMentor.

The vaccine record leak is not unprecedented. In April 2023, Thai authorities ordered ISPs to block a website that threatened to disclose the personal information of 55 million Thai citizens, allegedly obtained from vaccine registration records. The website was run by a hacker named 9Near, who claimed he was holding on to data such as full names, birthdates, ID card numbers and phone numbers.

More blocks may be coming. During January, Thailand has seen an increase in cyberattacks compared to 2023 with at least 14 significant data breaches, according to cybersecurity company Resecurity. One database posted to a dark web forum advertises records for 160,000 Thai people, and includes photos of individuals holding ID documents, such as are commonly used for matching selfie biometrics during identity verification.

Article Topics

 |   |   |   | 

Latest Biometrics News

 

Facewatch, Met police face lawsuits after facial recognition misidentification

Biometric security company Facewatch, which provides facial recognition software to shops across the UK, is facing a lawsuit after its…

 

Call for bids on Dominican Republic biometric passport deal closes today

The Dominican Republic’s General Directorate of Passports (DGP) is seeking digital identity service providers to acquire, install and maintain new…

 

Who is looking out for your data? Security in an era of wide-spread breaches

By Vince Graziani, CEO, Idex Biometrics While some of the biggest businesses in the world now rely heavily on data, concern…

 

ITL’s Alerts App expands biometric portfolio to integrated venue management

Businesses from every sector all face access control challenges to ensure the security and safety of their staff and customers….

 

Best biometrics use cases become clearer as ecosystems mature

Biometrics are for digital identity, socio-economic development, air travel and remote identity verification, but not public surveillance, the most-read news…

 

UK Biometrics and Surveillance Camera Commissioner role survives as DPDI fails

UK parliament will not pass data protection legislation during the current session, following the announcement of the general election in…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events