Cybercriminals are relentless in their pursuit of stealing data. This is evident in the steadily increasing cybercrime costs, which are expected to reach 10.5 trillion USD (13.44 trillion CAD) by 2025. Unfortunately, 2022 is already shaping up to be one of the biggest years in terms of cyberattacks. In just the first quarter, we’ve seen some massive breaches that have put millions of people’s data at risk.
Let’s look at some of the most notable data breaches of the year so far.
Hackers take over Canada's foreign affairs ministry
On January 24, Ottawa officials disclosed that hackers had launched an attack on Global Affairs Canada (GAC), the department responsible for the country's diplomatic and consular relations as well as humanitarian assistance programs. The good news is that while the attack made some internet-based services unavailable, critical services and other government departments have not been affected.
The GAC breach was detected on January 19, with investigations still ongoing. Notably, the attack came around the time the Canadian Centre for Cyber Security issued a warning to critical infrastructure operators to take mitigatory actions against Russian-backed threats. GAC officials have stayed mum when asked if Russian hackers were responsible for the attack.
DatPiff data breach compromises data of over 7.5 million users
Established in 2005, DatPiff is an online mixtape distribution site that allows users to upload and download hip-hop, rap, and urban music samples for free. Early this year, the unencrypted passwords of over 7.5 million DatPiff members were found available for sale online. According to investigations, the hacker did not breach the actual DatPiff website; instead, they gained access to a server containing an old database backup.
But while this database is outdated, DatPiff users are still advised to check whether their associated email address has been compromised. Users are also instructed to change their passwords to avoid becoming a victim of credential stuffing attacks.
Personal information of Freedom Convoy donors leaked
On Valentine's Day, GiveSendGo’s website was hacked and redirected to a site that condemned Canada’s Freedom Convoy, a series of protests against Ottawa’s mandatory COVID-19 vaccinations that caused week-long disruption to trade and traffic.
The said page, which no longer loads as of writing, also contained a link to a file with names, emails, ZIP codes, addresses, and IP addresses of those who donated to the Freedom Convoy. What’s more, the nonprofit leak site Distributed Denial of Secrets (DDoSecrets) said that it received 30 megabytes of similar donor information from GiveSendGo. However, they clarified that this data would only be shown to journalists and researchers and would not be up for sale.
Crypto.com data breach amounts to over 38.5 million CAD
In an interview with Bloomberg TV, Crypto.com CEO Kris Marszalek confirmed that hackers stole about 38.5 million CAD in cryptocurrency from the digital wallets of 483 users. Hackers made off with 4,836.26 ETH (16.69 million CAD), 443.93 BTC (20.54 million CAD), and thousands of dollars more in other currencies by bypassing the site’s 2FA access control. The international cryptocurrency exchange initially referred to the situation as an “incident” and reassured that no customer funds were lost.
Following the breach, Crypto.com suspended all withdrawals for 14 hours. It also implemented more robust measures, asked the help of third-party auditors to fortify its cybersecurity posture, and reimbursed some of its customers’ losses.
No business is exempt from cyberattacks; the best your company can do is to be prepared when a breach happens. Protect your systems and mitigate risks by partnering with XBASE Technologies. We offer EXponentially Better™cybersecurity defense solutions that enable your business to detect threats early so you can better protect, respond, and recover from an attack. Drop us a line today.