2021’s First Quarter Data Leaks Exceed 5-Billion

The first quarter of 2021 seems to be off to a good start – for cybercriminals, that is. According to new reports on Hackmageddon, the first few months of the year have been plagued with cyberattacks and data leaks, with February being the worst month of them all. While January had the most cyberattacks, 23 to be exact, February’s attacks (12 of them) resulted in the most significant data losses, with 3.4 billion records being breached.

An astounding 1.4 billion records were breached in January. Still, in February, when the COMB data leak was reported, it was found that nearly 70% of the world’s population was affected. That’s a lot of people! Before you start Google searching the “COMB data leak,” it actually refers to a “Combination of Many Breaches”, which was really the only way the researchers could compile and look at the breaches as a whole!

january & February data leaks

Research shows that data breached in January and February 2021, was a combination of emails and passwords that had been leaked before. These were the sign-in details of major sites, including the likes of LinkedIn and Netflix. Once the hackers had the information, they shared it with their hacker buddies on a hacking forum!

March must be the month that most hackers take their annual leave (sarcasm intended) because, during the month of March, only 153 billion records were breached, making it the quietest month of the year to date.

The award for the biggest data breach of the year thus far goes to Facebook. One fifth of their entire user network was recently affected in a data breach – leaving 533 million people exposed to hackers.

how can businesses protect themselves?

With data breaches as much on the rise in South Africa as the world over, downloading a free version of security software simply isn’t going to do enough to protect your business and its clients (and your employees too).

Industry professionals advise that businesses hire cybersecurity professionals who know what they are doing. Once you have your cybersecurity mechanisms in place, test them out because if you don’t, cybercriminals will. And they will find the weaknesses in your system and take advantage of them.

education is also an important factor

Any employee that uses a digital device, either one that belongs to the business or their own on your network, needs to be fully educated on the cybersecurity risks and how to behave when using the networks and devices.

Password updates need to be regular, and you must upgrade and enhance your security system as often as possible.

have you been a victim of a cyberattack in 2021?

Sharing stories and information plays a crucial role in helping others become more aware of the risks out there and how they can be overcome. If you or your business has been a victim of a cyberattack/breach this year, share your story with us!

Virgin Active, Latest Victim of a Cyberattack in South Africa

May brought with it an unhealthy surprise for Virgin Active South Africa, the country’s largest gym chain. A cyberattack on the fitness group carried out by what the company refers to as “sophisticated cybercriminals”, is the most recent attack in South Africa by modern-day hackers.

If you were struggling to access your Virgin Active account online, now you know why!

The company took all services offline while they implemented measures to protect the data of its customers. All South African branches spent a week acting on a first-come-first-serve basis, which of course, lead to a degree of disgruntlement.

While there was no indication that any data had been removed from the systems, Virgin Active told customers that clubs would be operating as normal but advised that they should remain vigilant of any suspicious activity on their accounts. Forensic experts were hard at work trying to ascertain the extent of the attack!

business as usual, kind of!

Virgin Active doors remained open, but customers had to adapt to booking classes by phone or in-person, with online workouts out of the question for some time.

Regular gym-goers used to racking up points on a weekly basis became a little concerned about what this would mean for their benefits. In an attempt of goodwill, Virgin Active reassured customers that they would be awarded the full points for the week that they would have otherwise accrued.

virgin active’s response to the latest cyberattack in South Africa?

People want answers, and while those answers are sketchy right now, one thing is evident; the security of Virgin Active customer data seems to have been a top priority and that there was no negligence involved.

The company is adamant that the security practices of the brand are top-notch and that all security audits leading up to the attack were passed. Also, all financial and banking data of customers on the system were data encrypted, which leads to a massive amount of customer relief!

While Virgin Active is still to release the full details of the cyberattack, it’s reassuring for members to know that the company followed reasonable protocols in the face of the attack. The company notified the SA Information regulator and worked closely with law enforcement to ensure that all bases were covered.

last word

Cyber experts warn that it’s only a matter of time before other companies fall prey to similar data attacks in South Africa. Businesses and individuals are advised to change their passwords frequently and to ensure that they don’t use the same password across different websites.

Were you affected by the latest Virgin Active cyberattack? Let us know how you were impacted – we’d love to know!

 

The Serious Consequences of Bad Data Security Practices

Online shopping and digital payment systems were already on an upward trend before COVID-19. The pandemic only served to catapult businesses into embracing digital business formats ahead of schedule and now, more than a year in, retailers and small business owners are reaching a broader audience through their online services.

As we begin to settle in to a new state of normal, online shopping continues to soar, as do bad security data practices. In the rush to go digital, many companies have not given due consideration to data security and what happens when the correct measures aren’t set in place to protect consumers.

With consumers turning to digital shopping for lifestyle and convenience, “cash is king” is no longer relevant. Even if COVID-19 had to disappear tomorrow, it’s doubtful that consumers would go back to the old way of shopping.

A look at the current digital business environment shows us that companies are now using cloud-based point-of-sale systems as well as online networks to share, store, and access important company information. With such an upward trend in online transactions, the inevitable is happening; cybercriminals are starting to take note and pay attention to them. Modern cyber crooks are finding new ways to take advantage of people and businesses online.

bad data security practices an incentive for cybercriminals

In 2017, the retail giant Target paid the biggest data breach settlement in history to opportunistic hackers who had gained access to the payment details of their 41+ million customers.

With corporates showing that they are willing to pay what it takes in order to get their data back, the bar is set much higher for cybercriminals giving them far more incentive to exploit the weaknesses in the design of payment systems.

avoiding bad data security practices

The fact that Target was forced to pay a ransom as a consequence of bad data security practices was a costly lesson to many. What needs to be done now is that companies should seriously consider what they can do to avoid being hacked in the first place so that they don’t have to resort to the same behaviour.

Business owners need to spend more time ensuring that they select the correct security software for their business.

Tighter digital security practices can go a long way towards deterring point-of-sale system hacks.

If your business processes credit card payment information online, then protecting your point-of-sale system should be your number one consideration. In fact, you shouldn’t process even one payment online until you are 100% certain that your security system is well suited to your business and that it is running optimally.

make end-to-end encryption a priority

Don’t overlook the importance of end-to-end encryption when data is exchanged between two points. When the data is encrypted from both sides of the transaction it remains private throughout the process, making it less attractive to possible hackers. Even law enforcement can’t view a person’s data when it is end-to-end encrypted.

make two-factor authentication mandatory

Nobody wants to force their customers into doing anything, but you might want to put a bit of pressure on them to activate and make use of two-factor authentication.

Educate your customers. Let them know that when they sign up for an online account that they can access via log-in information, two-factor authentication should be the norm. This means that a customer will have a second layer of defence and will be the first to know if someone has accessed (or is trying to access) their account.

take heed – protect your company data today

No business is too big or too small to be the victim of a data breach. Hackers don’t discriminate and they don’t take pity on any company they target.

The reputational damage that a business suffers after a data breach is far more damaging than the monetary loss. Pay attention to the warning signs and don’t wait until it’s too late. Install encrypted data backups and look into various other ways of installing safety systems to protect your customers – and your business.