Possible data breaches extremely harmful to organizations of all shapes and sizes – but it is how these companies respond to incidents that can deal the final blow. Although we have seen some great examples of how companies Candlestick response to data breaches in the past year — reputation for Red Cross and pardon for their transparency — 2022 is a yearlong lesson in how not to react to a data breach.
Here’s an overview of this year’s poorly handled data breaches:
Chip maker giant Nvidia confirmed it was investigating the so-called “network problem” in February, which was later confirmed as a data blackmail event. The company declined to say much else about the incident, and when pressed by TechCrunch, it declined to say how it was compromised, what data was stolen, or how many customers or employees were compromised. affect.
While Nvidia remained silent, the now notorious Lapsus$ gang quickly claimed responsibility for the breach and claimed they stole a terabyte of information, including “very secret” data and source code. monopoly. According to data breach monitoring website I was PwnedHackers stole the login credentials of more than 71,000 Nvidia employees, including email addresses and Windows password hashes.
In August, DoorDash approached TechCrunch with an offer to exclusively report on a Data breach exposes personal data of DoorDash customers. Not only is it unusual to be given news of an undisclosed breach before it’s been announced, but it’s even stranger that the company refuses to answer nearly every question about the news it wants us to. disclosure.
The food delivery giant confirmed to TechCrunch that the attackers accessed the names, email addresses, shipping addresses and phone numbers of DoorDash customers, along with portions of payment card information, to a group of people. smaller users. It also confirmed that for DoorDash or Dashers delivery drivers, hackers accessed data “primarily consisting of names and phone numbers or email addresses.”
But DoorDash declined to tell TechCrunch how many users were affected by the issue — or even how many existing users. DoorDash also said the breach was caused by a third-party vendor, but declined to name the vendor when asked by TechCrunch, nor did it say when it discovered it was compromised.
A few hours before the long holiday on July 4th, Samsung quietly unsubscribee that U.S. systems had been breached several weeks earlier and hacker stole customer’s personal informationWOMEN. In its barebones breach notice, Samsung confirmed unspecified “demographic” data, which likely includes precise geolocation data of customers, browsers, and other device data from phones Customers’ Samsung phones and smart TVs, were also stolen.
Now that it’s the end of the year, Samsung has yet to say anything more about its hack. Instead of using the time to draft a blog post showing which customers or even how many were affected, Samsung used the weeks leading up to the disclosure to draft and roll out its insurance policy. New mandatory password on same day of its breach disclosureeallows Samsung to use the exact geographical location of its customers for advertising and marketing purposes.
Because that’s clearly a priority for Samsung.
Fintech Startup Revolut in September confirmed it was hit by a “highly targeted cyberattack” and told TechCrunch at the time that an “unauthorized third party” had gained access to the details of a small percentage (0.16%) customers “for a short period of time.”
However, Revolution would not say exactly how many customers were affected. Its website says the company has about 20 million customers; 0.16% will translate to about 32,000 customers. However, according to Revolut’s breach disclosure, the company said 50,150 customers were affected by the breach, including 20,687 customers in the European Economic Area and 379 Lithuanian citizens.
The company also declined to say what kind of data was accessed. In a message sent to affected customers, the company said “no card details, PINs or passwords were accessed”. However, Revolut’s data breach disclosure states that hackers may have accessed part of card payment data, along with customers’ names, addresses, email addresses, and phone numbers.
Advanced NHS Providers
Advanced, the UK’s NHS IT service provider, confirmed in October that attackers had stolen data from its systems. in an August ransomware attack. The incident disrupted several of the organization’s services, including the Adastra patient management system, which helps non-emergency call handlers send ambulances and helps doctors access patient records, and Carenotes, used by mental health trusts to obtain patient information.
Although Advanced has shared with TechCrunch that its incident responders – Microsoft and Mandiant – have identified LockBit 3.0 because of the malware used in the attack, the company declined to say whether patient data was accessed. The company acknowledged that “some data” relating to more than a dozen NHS trusts had been “copied and extracted”, but declined to say how many patients were potentially affected or the type of data. which was stolen.
Advanced said there was “no evidence” that the data in question existed elsewhere beyond our control and that “the likelihood of harm to individuals is low”. When contacted by TechCrunch, Advanced’s chief executive officer, Simon Short, declined to say whether patient data had been affected or if Advanced had technical means, such as logs, to detect it. see if the data is leaked.
In October, US messaging giant Twilio confirmed it had been hacked by a second violation saw cybercriminals accessing customer contact information. News of the breach, made by the same “0ktapusThe hacker who breached Twilio in August was buried in an update to a lengthy crash report and contained some details about the nature of the breach and the impact on customers.
Twilio spokeswoman Laurelle Remzi declined to confirm the number of customers affected by the June breach or share a copy of the notice the company claims to have sent to those affected. Remzi also declined to say why it took Twilio four months to make the case public.
Huge cloud computing enterprise Rackspace attacked by ransomware on December 2, leaving thousands of customers worldwide without access to their data including email, contacts, and archived calendar entries. Rackspace has received much criticism for its response for saying very little about the crash or their data recovery efforts.
In one of the company’s first updates, published on December 6, Rackspace said that it had yet to determine “what data, if any, was affected,” adding that if sensitive information is affected, they will “notify customers as appropriate”. We are now at the end of December and customers don’t know if their sensitive information has been stolen.
And last, but not least: password management giant LastPass confirmed three days before Christmas that hackers had steal the key to its kingdoI and stole a customer’s encrypted password vault a few weeks earlier. The breach caused the equivalent of 33 million LastPass customers, whose encrypted password vaults are only as secure as the customer master passwords used to lock them down.
But LastPass’ handling of the breach was quickly criticized and harshly criticized from the security community, especially because LastPass said there was no action for the customer to takee. However, based on a parsed read its data breach messageeLastPass learned that its customers’ encrypted password vaults could have been stolen as early as November after the company confirmed that its cloud storage was accessed using a set of storage keys. employee cloud was stolen in an earlier breach in August but the company did not recover it.
Errors and bugs are entirely on LastPass for its violation, but its handling is in extremely bad form. Will the company survive? Probably. But in its rough handling of its data breach, LastPass has sealed its reputation.