The biggest data breaches of 2021

It can be hard to assess the severity of data breaches, because it takes a while for all the gory details to reach the public. Sometimes companies try to withhold some of the damning evidence, or simply aren’t aware of the extent to which they’ve been compromised.

Here are ten of the biggest data breaches we’ve seen in 2021.

Facebook

Facebook made a lot of headlines this year with the announcement of their Metaverse project. But don’t let that distract you from the social media giant’s other big news; a truly massive data breach.

A vast trove of user data was found on hacking forums in early 2021. The leak included full names, phone numbers, emails, location information, and more. In total, 533 million users were impacted.

According to Facebook, the hackers behind the breach took advantage of a security flaw that was fixed back in 2019. But that only highlights the fact that users often only find out about these incidents long after it’s too late.

Experian

The credit score company Experian found itself in hot water with regulators and the public after suffering a major breach.

While the hack itself may have occurred in 2020, the news broke this year that Experian was linked to the exposure of data from 220 million Brazilians. The breach, uncovered by the security company PSafe, resulted in large quantities of personal information being sold on the dark web.

This is just one of an ongoing string of Experian data breaches, although it occurred on a truly striking scale.

Syniverse

You might not have heard of Syniverse before, but this company actually plays a key role in the infrastructure of many huge telecom groups (T-Mobile, AT&T, and Verizon, to name but a few).

They got on our radar in 2021, however, after they admitted that hackers had access to their networks for potentially several years. Consequently, millions of cellphones have been at risk, with call logs and other details accessible to an unspecified number of bad actors.

This incident underlines the fact that even if high-profile companies implement appropriate data security measures, they may still outsource work to other less reliable players.

Thailand travel logs

In September 2021, British security firm Comparitech announced that they’d found a giant online database of stolen data, seemingly extracted from the records of Thailand's government.

Specifically, the database included information on more than 100 million international travelers who visited Thailand, including their names, travel dates, and passport numbers.

The Thai government says it has patched the issue that allowed the data to be leaked, but if even government databases can’t be protected, it bodes ill for the future.

Microsoft Power Apps

Thanks to a flaw in Microsoft's Power Apps service (a platform that allows for easy app creation) 38 million records were exposed online in 2021.

Worryingly, the leaked information included details from Covid-19 contact tracing apps, as well as vaccination data.

As a result of the pandemic, public data collection has skyrocketed. The Power Apps breach raises questions over the capacity of companies and systems to keep up with the levels of security needed to protect the information they’re gathering.

Twitch

The live-streaming platform Twitch has seen spectacular rates of growth in recent years. However, their security protocols may not have kept pace with the rapid expansion of their user base, as a now infamous data breach demonstrates.

The leak saw Twitch’s source code, along with details about creator payouts, hit the internet in October 2021.

Following the incident, the company assured users that they were taking the appropriate steps to improve security. However, this breach follows similar events in 2017 and 2014, leading some experts to question Twitch’s security practices.

Raychat

The Iranian messaging app Raychat was involved in a large breach, during which millions of users had their information leaked and then wiped.

It appears that Raychat was storing user information on misconfigured databases, which made them vulnerable to cyberattacks and breaches.

While this may not have been the worst breach of the year, it’s another reminder that a few small human errors are all hackers need to make off with vast hauls of data.

Will 2022 be any better?

The truth is, these large corporate data breaches are probably only going to get worse. Hackers and their tools are becoming more sophisticated, while companies and governments struggle to keep up.

Many breaches are preventable, however, and there are still steps that individuals within larger organizations can take to avoid unnecessary risks. If you work in a company of any size, here are some actionable changes you can implement today.

• Don’t fall for phishing. One of the easiest ways for hackers to sneak through a company’s security is with phishing emails. These are messages in which they pose as a trusted or professional contact, and convince an employee to give them login details, or to download malware. If you receive an email in your work inbox urging you to click on a link, double-check its authenticity, no matter how confident you are that the sender is genuine.
• Improve your passwords. A password is often the only thing standing between a hacker and their target. That’s why it’s essential that you use strong passwords for all your accounts, both personally and professionally. Make sure to use a mix of upper and lowercase letters, along with numbers and special characters. And if you’re worried you’ll forget your login details if they’re too complicated, get a password manager to remember them for you.
• Use a VPN. Virtual private networks, or VPNs, are tools that encrypt your internet traffic. That means that even if you’re working out of office — and especially when using high-risk public Wi-fi — you can keep your data private. With a premium VPN like NordVPN, you can make sure your personal information is for your eyes only.