Question

Describe 5 most recent cybersecurity incidents that happened to organisations by providing the following details:

• What happened?
• How did it happen?
• What was the consequences?
• What could have been done to prevent the incident?

No longer than 3 pages.

Answer 1

5 most recent cybersecurity incidents that happened to organisations

1.Hacker leaks data of 18 companies

Impact: Records of 386 million users stolen from 18 companies.

Till July, numerous cybersecurity incidents happened. About 386 million user records from 18 different companies were stolen. The hacker who believed to have stolen the data posted links to the databases of companies, where anyone could download for free. The hacker, named ShinyHunters is believed to have made a lot of money by selling the data online.

After hackers steal the data, they usually sell it privately first, with prices ranging from $500 to $100,000. Once the data is no longer useful, hackers generally publish them on hacker forums to increase their reputation in the community.

Take Action Now: Use a strong password for your system and update it frequently.

2.Experian Breach

Impact: Records of 24 million people and 793,749 businesses’ data stolen.

Experian, a consumer credit reporting agency, suffered a major breach, impacting nearly 24 million South African consumers and about 793,749 business entities in August 2020.

The agency further revealed that an individual fraudulently claiming to be one of its clients requested services from the company, prompting the release of the information. Soon, after the breach, the company reported the incident to the local authorities. Eventually, the misappropriated data was secured and deleted.

Experian said that the data was not used for fraudulent purposes before being deleted. Also, it further said the cybersecurity incident did not compromise its own infrastructure, systems, and customer database.

Take Action Now: Strengthen your company’s security policy.

3.MGM Hotel

Impact: Details of over 10.6 million users revealed.

In February 2020, the personal details of more than 10.6 million guests who stayed at MGM Resorts hotels was leaked on a hacking forum.

The information leaked included names, phone numbers, addresses, birth dates, and email addresses of users ranging from tourists, CEOs, celebrities, and government employees. However, the details of the credit cards were not breached.

This cybersecurity incident started in the mid of 2019. Then, the MGM employees discovered unauthorized access to a server. From that day, the stolen information was being shared in several hacking forums.

After the cybersecurity incident got revealed, immediately MGM notified the impacted individuals. In February, once again there was a data breach and as a result, information of MGM hotel users was published openly, on an accessible forum.

Take Action Now: Protect your data with continuous assessment of your system.

4.Cognizant Technology Solutions Corp

Impact: Disruption of client services, revenue and impact on margins. The company paid $50-70 M for ransom.

On April 18, 2020, Cognizant Technology Solutions (CTS), was hit by Maze ransomware cyber-attack, which resulted in service disruption of company’s clients.

The tech giant confirmed about the breach on its website. It took steps to contain the cybersecurity incident and notified its clients about the breach and measures to take to further secure their systems.

During a ransomware attack, attackers generally infect the company’s systems with virus, steal the data, and demand payment from the company to restore the data. But, in case of Cognizant Maze ransomware, attackers threatened the company to pay the ransom or they would publish the breached information online.

Later, in May, Cognizant revealed that it paid a ransom of $50-70 million to cyber attackers to restore its services.

Take Action Now: Always keep your systems updated. Employ an effective way to defend against ransomware attacks.

5.California University

Impact: A ransom of $1.14M paid.

On June 1, University of California, San Francisco, was attacked by cyber criminals. This was again a ransomware attack and hackers demanded $3 million. The leading medical-research company negotiated the ransom amount and paid $1.14 million as the information encrypted in the attack was critical to the school.

Cyber criminals penetrated the university’s system through a malware that eventually encrypted multiple servers. The university officials later said that no data was compromised, and their development progress was not completely hampered.

Take Action Now: Backup your data- locally, or in the cloud.