The 4 customer data breaches you didn’t know happened in 2021

The 4 customer data breaches you didn't know happened in 2021
Table of Contents

The amount of data breach attempts and successes in the first half of 2021 have been at a record high. Last year, we covered the 5 biggest names to have a data breach in 2020. This year, we wanted to focus on the instances where customer data has been put at risk, and how companies have dealt with them.

These breaches are from some of the most well-known companies in the world. Some you most likely have an account with and use regularly. Although we may think our data is safest with large, trustworthy businesses, these examples show the extent of damage a data breach can do.

1. CVS – 1 billion customer data records at risk

The pharmaceutical company CVS found their client data vulnerable when it was brought to their attention that 1 billion medical records were posted online.

An independent cybersecurity researcher by the name of Jeremiah Fowler found the information and reported it. The company quickly responded by notifying its vendor and taking down the database stating that ‘protecting the private information of our customers and our company is a high priority’. 

Computer security

Luckily, the data did not include information that was personal to the members or patients. With this said, the data breach, and others like it, caused a shockwave throughout America which alerted the Whitehouse itself to take action.

Increasing threats to cybersecurity are becoming an increasing problem in America. The Whitehouse released a statement on June 2nd to businesses across the country, encouraging them to check their processes. The advice includes 5 ways to improve security and prevent data breach attempts, but for some, this statement came too late.

2. Socialarks – 214 million social media profiles exposed

Although some of us may not know the name Socialarks, the social media management company had a significant breach of data in 2021. In the breach, 400GB worth of data on profiles from Facebook, Instagram, and LinkedIn were found unprotected. Much like the event with CVS, the leak was down to an unsecured database. Thankfully, the cybersecurity expert group SafetyDetectives found the breach ‘during routine IP-address checks on potentially unsecured databases’.

It is thought that the data was collected via ‘data scraping’, an illegal method of data collection. By doing this, a hacker can collect massive amounts of data from multiple sources quickly and automatically. There are some forms of data scraping which are legal, it is when this method is exploited and personal data is extracted where a breach occurs.

3. LinkedIn – 500 million profiles data scraped

Another incident of data scraping happened days after a Facebook data breach. Business social media site LinkedIn experienced a breach in April of this year, finding user’s profile information for sale for just 2 dollars.

Data Breach

Fortunately, much like the data scraping which happened to Socialarks, the breach was not serious, and LinkedIn was quick to reassure users.

‘[the scraped data] does include publicly viewable member profile data that appears to have been scraped from LinkedIn. This was not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we’ve been able to review.’ – LinkedIn Company News

4. Wegmans – Customer data unprotected

Another breach in April of 2021 took place in America within the supermarket chain Wegmans. The company, with 52,000 employees spanning across 106 different stores, has been a household name in America for many decades.

The names, addresses, phone numbers, and passwords for member’s accounts were found unprotected in a cloud database. With the pandemic resulting in more remote working than ever before, more businesses are investing in cloud databases to help adapt. When left unmonitored, these databases can be vulnerable to infiltration, which businesses like Wegmans have experienced.

What we can learn from these data breaches

Now more than ever, businesses need to ensure they take care of their customer’s data. As consumers, we trust companies with our personal information and lose trust in them when our data is compromised.

Over time as technologies improve, hacker’s attempts to infiltrate businesses become more sophisticated. As a result, businesses need to keep up to protect themselves from a breach. 

Following some basic practices to prevent a breach can significantly reduce the risks of one occurring on your current devices. For advice on how to protect your data bearing assets from a cyberattack, speak to a member of our team.

Do you have an IT recycling requirement?

Get in touch