FB pixel

2023 was marred with data leaks: 2024 might be even worse

2023 was marred with data leaks: 2024 might be even worse
 

Data leaks and identity theft have seen a record rise throughout 2023. The same trend may continue this year with several high-profile breaches hitting headlines in January. This includes the “mother of all breaches,” which hit platforms such as LinkedIn, Dropbox and Twitter, as well as a database of COVID-19 testing records.

ITRC: Identity verification can reduce crime

In the U.S., the number of data compromises during 2023 rose 78 percent compared to the previous year, reaching more than 3,200 incidents. The figure represents a new record, according to the Identity Theft Resource Center (ITRC), a nonprofit focused on victims of identity crime.

“The sheer scale of the 2023 data compromises is overwhelming,” the organization writes in its newly published 2023 Annual Data Breach Report.

Among the top breaches are those from T-Mobile, which impacted 37 million people, followed by Xfinity, PeopleConnect and Nationstar Mortgage. But while breaches were rampant, the number of victims has decreased by 16 percent compared to 2022. ITRC attributes this to a general trend of organized identity criminals focusing on specific information and identity-related fraud rather than mass attacks.

The organization warns that businesses are under-reporting breaches or not reporting them at all. The lack of information is not only impacting consumers but also companies that are in danger of supply chain attacks.

“A single supply chain attack can directly or indirectly impact hundreds or thousands of businesses that rely on the same vendor,” the report notes. “Stronger reporting requirements can help warn other vulnerable businesses of the risk associated with a similar attack.”

The organization’s call may find a sympathetic ear at the Federal Trade Commission, which will be hosting the Identity Theft Awareness Week starting on Monday, January 29.

In November 2023, the ITRC completed a review focused on identity verification, concluding that using facial verification and digital credentials is crucial to reducing the number of identity crimes.

January sees the ‘mother of all breaches’

The year 2024 is continuing to see similar trends in data breaches and leaks.

Researchers have discovered a whopping 26 billion leaked data records from platforms including LinkedIn, Twitter, Tencent, Dropbox, Adobe, Canva and Telegram. The database of leaked information is 12 terabytes in size and is referred to by those who discovered it as the “mother of all breaches” (MOAB).

The discovery was made by investigators from Security Discovery and CyberNews last week. According to the team, the dataset mainly contains information from past data breaches but also holds new information.

“The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts,” they say.

The largest number of records, 1.4 billion, comes from Chinese instant messaging app Tencent QQ. The database also holds data from Weibo, MySpace, Deezer, AdultFriendFinder, VKontakte and Daily Motion as well as various government organizations in the U.S., Brazil, Germany, Philippines, Turkey and more.

Poor security leaves Covid-19 databases open

Data leaks are also threatening sensitive health records. An estimated 1.3 million sets of COVID-19 testing records were left exposed in the Netherlands, including patient names, dates of birth, passport numbers and more.

The database belonged to one of the country’s largest commercial COVID-19 test providers, CoronaLab, a subsidiary of Microbe & Lab. The incident was discovered by Jeremiah Fowler, co-founder of Security Discovery, and reported to vpnMentor.

The vaccine record leak is not unprecedented. In April 2023, Thai authorities ordered ISPs to block a website that threatened to disclose the personal information of 55 million Thai citizens, allegedly obtained from vaccine registration records. The website was run by a hacker named 9Near, who claimed he was holding on to data such as full names, birthdates, ID card numbers and phone numbers.

More blocks may be coming. During January, Thailand has seen an increase in cyberattacks compared to 2023 with at least 14 significant data breaches, according to cybersecurity company Resecurity. One database posted to a dark web forum advertises records for 160,000 Thai people, and includes photos of individuals holding ID documents, such as are commonly used for matching selfie biometrics during identity verification.

Article Topics

 |   |   |   | 

Latest Biometrics News

 

Age assurance laws for social media prove slippery

Age verification for social media remains a fluid issue across regions, as stakeholders argue their positions to courts and governments,…

 

ZeroBiometrics passes pioneering BixeLab biometric template protect test

ZeroBiometrics’ face biometrics software meets the specifications for template protection set out in the ISO/IEC 30136, according to a pioneering…

 

Apple patent filing aims for reuse of digital ID without sacrificing privacy

A patent filing from Apple for ensuring a presented reusable digital ID belongs to the person holding it via selfie…

 

Publication of ISO standard sets up biometric bias tests and measurement

The international standard for measuring biometric bias, or demographic differentials, is now available for purchase and preview from the International…

 

EU’s EES delayed again, border crossings still lack equipment

The European Union has confirmed that its upcoming biometric travel scheme will be delayed following warnings from several member states…

 

Age estimation leaders emerge in NIST evaluation

The National Institute for Standards and Technology (NIST) has released its latest Face Analysis Technology Evaluation for Age Estimation &…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events