The year 2021 was notable for the record-breaking number of cyber-security incidents. This increase in the number of data breaches was partly due to the rise in remote work, which gave way to the risk of data breaches. As a result, cyber threats have been one of the most serious risks that companies face - from information technology to healthcare.
The technological solutions designed to mitigate those risks have developed along with the security risk assessment tools. However, vulnerabilities exist and cyber attackers will continue to find ways around them. That is why there is no shortage of news involving companies facing data breaches, which you would think should no longer happen in this day and age. But they still do.
Hence, you must learn from the example of others to avoid the same fate as many of these companies.
5 Notable Third-Party Breaches of 2022
The following are the most notable third-party breaches for 2022 (so far). It is important to take a closer look into these individual cases to learn how threats operate and the ways that you can prevent them from causing serious damage to your organization.
Toyota is one of the top auto manufacturing companies in the world. In February 2022, the company was the target of a third-party data breach in Japan. This cybersecurity event forced the company to shut down its Japan manufacturing plant to protect its data. The breach also impacted the operation of other Toyota subsidiaries.
The temporary shutdown of operations had a direct impact on the company's bottom line since they had to decrease production. The attack was directed at Kojima Industries, which is the company that supplies plastic parts to Toyota. The attack started with a message that demanded a ransom and a virus affecting the company's communication system.
The important lesson here is to be extra wary when accessing sites and clicking links on unsolicited emails as they could contain harmful viruses that attack your system.
2. Major League Baseball
From an auto manufacturing giant to one of the biggest sports leagues in the world, Major League Baseball (MLB) is another victim of a third-party breach in 2022. The personal and health plan information of MLB players were stolen in a cyberattack at the end of 2021.
The attack is a lesson for all companies who must work with a third-party vendor or service provider. The initial target of the attack was the consulting company, Horizon Actuarial, which handled the MLB Players' Benefits Plan. This attack compromised the data of up to 38,400 individuals (13,000 of those are members of the MLB Players' Benefit Plan. Horizon Actuarial gave the notification of the data breach in March 2022.
The lesson here is to have a written contract with a third-party vendor that stipulates their responsibility to notify you immediately upon the discovery of a breach. Otherwise, your data could be exposed without your knowledge.
Crypto.com is the leading cryptocurrency wallet today and, given the popularity of cryptocurrency today, it is no surprise they were targeted. The attack was launched on January 17, 2022, and affected 500 wallets. This attack comes as a surprise because many hold the belief that the cryptocurrency wallet is secure.
The cyberattackers circumvented the company's two-factor authentication method to gain access to the said wallets. This incident resulted in the theft of $18 million Bitcoin and $15 million Ethereum. Crypto.com reimbursed the affected users of the stolen cryptocurrency.
The lesson to take away here is to always conduct a review of the security protocols. Cyberattackers are more sophisticated these days, so you always have to think one step ahead and identify potential weak areas.
4. Red Cross
Red Cross is an international charity organization. Despite that, it was still the target of one of the biggest cybersecurity attacks in January 2022. Just like the case with MLB and Toyota, the attack initially targeted a third-party contractor. This event led to over 500,000 records being compromised including highly classified Red Cross documents and files.
The immediate response by Red Cross was to shut down its servers to stop the spread of the attack. There was also an investigation about the possibility of it being a politically-fueled attack.
5. Monley Companies
The attack on Monley Companies affected over 520,000 people and their protected health information. Monley Companies is a business service provider that was attacked in August 2021. However, the company only made its official notification in February 2022.
This company handles accounts from various Fortune 500 and Global 100 entities. This attack resulted in the theft of sensitive information from these companies including names, addresses, social security numbers, and patients' medical history. Employees' information was also compromised during the attack.
An important lesson here is to make sure that you work with third-party vendors that employ the same level of security protocols as you do. This is an important step to mitigate the risks to your company when handling protected health information. You must have a written contract to ensure they understand the security policies you have in place and to guarantee that they are also consistent in implementing their security measures.
How to Handle the Risk of a Data Breach
Cybersecurity threats are inevitable. However, you can reduce the impact of such breaches by learning how to manage the risk before, during, and after they happen. It is, therefore, important to come up with a risk management plan and a breach response program to minimize the impact of such threats.
Develop a secure infrastructure for storing private and sensitive data
Build a comprehensive network security policy
Employ data protection tools
Perform regular background checks
Dispose of sensitive data with caution and use proper methods
Develop a data breach response program
Data breaches are not just inconvenient; they can be costly, too. Taking the necessary steps and learning from the above cases of third-party breaches this year, you can improve your own security practices to avoid the same thing from happening to your organization.