Mega-Breaches of 2020: Delayed Reactions on Stolen Digital Identities

The top 6 mega-mishaps could have been prevented with little effort. Read in this blog why Multi-factor Authentication is the keyword.

Jun 9, 2021 - 3 min.
Picture of: Sonja Spaccarotella
Sonja Spaccarotella

According to IBM Security's 2020 study, "Cost of a Data Breach," Germany is leading the way in the use of security automation. The study states that 75 per cent of German companies are already using security automation and 30 per cent of them rely on full automation. This means German industry is above average, globally. The successes are clear to see: huge cost savings and faster containment of data leaks. Nevertheless, the number of cyberattacks remains at a record high. The top 6 mega data breaches of 2020 serve to highlight the security vulnerabilities that can result from stolen digital identities, which can be minimised using multi-factor authentication (MFA). 

Employee credentials and faulty cloud configurations are the two most popular ways for criminals to gain unauthorised access to corporate networks. According to the findings of the 2020 "Cost of a Data Breach" study, they account for nearly 40 per cent of the total; triggered in one of five cases by stolen digital identities in the form of passwords or emails. The top 6 mega-breaches confirm the pattern. 

Buchbinder ignores two warnings 

Back in 2019, IT security researcher, Matthias Nehl, twice informed Germany's biggest car rental company about open network interfaces in a central backup server. Buchbinder initially ignored the warnings, instead of taking them seriously. Only after Nehl contacted the Bavarian Office for Data Protection Supervision did the company close the security vulnerability. Until this point, the digital identities of over three million customers were available on the web, including drivers' licence numbers and the related addresses, payment data, birth data and telephone numbers. Politicians, athletes and journalists were among those affected. 

Credit card data were stolen from Easyjet customers

Over nine million customers of British airline Easyjet were victims of a hacker attack. As well as travel information, persons unknown were able to capture email addresses and credit card data, including security codes, of more than 2,200 customers. The company responded by issuing circulars to the affected customers, so as to take early action against phishing attacks by the fraudsters.

The data leak at the German Red Cross leads to a breakdown 

Three minutes was all it took for a hacker to gain access to the servers of several district associations of the German Red Cross in Brandenburg. This gave the hacker access to patient data for more than 30,000 people and a list of ambulance transports. The explosive nature of the case stems primarily from the lack of crisis management: despite the hacker pointing out the security breach and recording his actions, the website was only blocked. The server, however, continued to serve as the front door to patient data. Weeks later, the hacker tested the security breach again and was successful, obtaining unimpeded access to patient data and digital identities. It took the hacker tipping off journalists for the county associations to finally react, more than 72 days after they were initially notified about the issue. 

The phishing method captures rapid coronavirus loans in NRW

Numerous emergency loan applicants in North Rhine-Westphalia were lured to fake websites by the phishing method. A cloned State Ministry of Economics website was used alongside the fake applications. As soon as the applicants completed the fake forms, the cybercriminals had all the data they needed to create digital identities for real applications in the names of the entrepreneurs. The only information that was replaced was the bank account numbers, which left the victims waiting in vain for emergency coronavirus funding from the federal government. 

British vaccine researchers hit by industrial espionage 

According to information from the National Cyber Security Centre (NCSC), the United States and Canada have also been affected by Russian industrial espionage. Reportedly, the group APT29, also known as "The Dukes", attempted to steal information on vaccine production from research institutes and pharmaceutical companies on behalf of the Kremlin. Confidential government documents containing minutes from British–American trade talks were among the information stolen. Custom malware was used in conjunction with phishing emails.

Blackmail following insider attack at Scalable Capital

After an insider attack at asset management service Scalable Capital, complaints about blackmailing and spam calls increased. It all started with a hacker attack by a former employee who had gained access to an archive. Around 30,000 digital identities were affected, including copied IDs, contact data and tax identification numbers. Only securities account data remained unaffected. Complaints continued, however: the European Data Protection Association (Europäischen Gesellschaft für Datenschutz) alone are investigating the compensation cases of around 800 Scalable customers. 

What can be done against such attacks? Time and again, the inadequate protection of access points provides a gateway for hackers. Outdated password procedures, in particular, are now no longer able to withstand cyber criminals' ingenuity. An MFA is a suitable way to ensure the security of personal data in the online realm. This involves verifying identities by combining different security and validation methods; for example using facial recognition or analysis of typing styles. Such a measure costs the user neither time nor effort but ensures a high level of security against unauthorised access to digital identities.


Cybercrime: How to Protect Your Business