Everyone’s Data is a Target

It seems more and more common these days that the sum total of breached data is in the billions.  Researchers this month have announced the discovery of 16 billion exposed login credentials across multiple major platforms.  Just about everything imaginable was caught up in this net: social media like Facebook, Google email logins, Apple accounts, Telegram, GitHub, government services and more, across 30 exposed databases.

Nor is the data old and defunct.  Researchers warn that much of it is new and eminently weaponizable for exploitation for any bad actors that get their hands on it.  Beyond the usual bits of login data (usernames, passwords, URLs), certain metadata like tokens and cookies were up for grabs,  According to Cybernews, “cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing.” 

The culprits, however, remain unclear, as the exposure only lasted long enough for researchers to find them, before the datasets disappeared.

A more positive success story comes from Aflac (you can’t not hear it in the goose’s voice).  The health insurance giant recently reported a breach that was quickly thwarted.  Customer data, health claims, Social Security numbers and more were all potentially exposed when Aflac noticed suspicious activity on its network.  A spokesperson for the firm has attributed the attack to “a highly sophisticated and well-known group that has the insurance industry under siege,” including Erie Insurance and Philadelphia Insurance Companies; although thanks to Aflac’s security team, no malware or ransomware was deployed to interrupt operations.  An investigation is currently underway to determine the number of customers whose information was affected, while also offering free credit monitoring, identity theft protection, and Medical Shield for 24 months.

Newsweek puts the spotlight on the hacker group Scattered Spider, which appears to be following its cyberattacks on US and UK retailers by switching to the insurance industry, targeting them with social engineering schemes.

In today’s digital landscape, organizations must adopt a proactive stance against cyber threats. By the time an attack occurs, it is often too late to implement effective countermeasures. Enterprises must prioritize robust data protection measures to safeguard against theft and misuse. NetLib Security’s Encryptionizer solution offers transparent data encryption right out of the box, protecting you against data theft across all environments—physical, virtual and cloud—with almost no impact on performance.

16 billion.  Pretty much everyone’s sensitive data is a target by this point.  Don’t let your customers’ be next.