You are currently viewing 2021 Data Breaches – A brief Review
2021 Data Breaches - A brief Review - by Alessandro Civati

2021 Data Breaches – A brief Review

Rapidly changing circumstances in the I.T. world and business have increased reliance on data and analytics. Data analytics is now critical to how companies can capture new value. The COVID-19 pandemic forced companies to react and pivot quickly to stay afloat. At the same time, businesses have struggled with gathering, using, and managing data.

The Identity Theft Research Center (ITRC) has reported a 17% increase in the total number of data breaches recorded in 2020. In 2021, significant data leaks and cybersecurity breaches have been reported, but it’s not all doom. The number of violations in the third quarter (446) was lower than the reported total in the second quarter (491). The last quarter of the year may yet see the total number of data breaches hit record numbers.

A significant factor driving the increase in data breaches is moving to remote work or a hybrid model following COVID-19. Remote work has presented a bear for every business to wrestle in business security. In the U.S., businesses suffered more than 1,108 data breaches in 2020, and that number has been surpassed in 2021, with 1,292 data breaches recorded by the end of September. Even though 2021 is projected to be a record-breaking year in terms of data breaches, it’s feared that many organizations and authorities are no longer reporting and discussing data breaches.

The lack of transparency may lead to a widespread impact on people. The withholding of critical information and failure to post notices on time will prevent users from taking adequate measures to protect their identities. In 2021, approximately 281.5 million people have been affected by a data breach. There were 160 million victims in the third quarter compared to 121 million victims for the first and second quarters. The total number of victims is still 30 million fewer thus far despite the increased number of incidents. For comparison, a record 2.2 billion people were affected by data breaches in 2018. Here some events based on companies:


In January, Bonobos, the men’s clothing store, suffered a massive data breach that exposed the personal information of more than 7 million customers, including about 3.5 million partial credit cards. The hacking group, ShinyHunters, leaked a 70 GB SQL file containing various categories of data that may interest threat actors.


Pixl, the online photo editor, suffered a significant data leak believed to be perpetrated by a notorious hacker, ShinyHunters. A dark web hacker forum exposed more than 1.9 million user records, including usernames, email addresses, passwords, and locations.

Microsoft Exchange

In March, four zero-day exploits were discovered on on-premises Microsoft Exchange Servers. The exploits provided attackers with full access to emails and passwords on the affected servers. The attackers also got administrator privileges on more than 250,000 servers. The installation of backdoors allowed the attackers to gain entry even after updates to original exploits were made to the vulnerable servers.


In April 2021, a user on a hacking forum published the personal data of more than 533 million Facebook users. The stolen data included the Facebook I.D.s, full names, phone numbers, dates of birth, locations, and email addresses of users from different countries. It is not the first time Facebook has suffered such a data breach. In 2019, the phone numbers of millions of users were stolen and leaked.

Colonial Pipeline

In May, an attack on Colonial Pipeline, an American oil pipeline system between Texas and South-Eastern USA, led to more than 100GB of stolen data and disrupted a critical petroleum supply chain. Colonial Pipeline was forced to halt the pipeline’s operations to contain the attack on computerized equipment managing the pipeline. The company paid a $4.4 million ransom to Darkside, a hacker group.


In June, the data of more than 700 million LinkedIn users was posted for sale on the dark web. Hackers had scraped data that included the full names, email addresses, usernames, phone numbers, social media accounts, and personal and professional experience. LinkedIn denied suffering a data breach and assured users that no private data had been exposed.


A few months ago in August, Accenture confirmed that data stolen from its systems had severely impacted its systems and operations. The LockBit ransomware group had stolen more than six terabytes of data and demanded a ransom of $50 million.


In August, T-Mobile admitted to suffering a massive data breach that affected more than 40 million customers. The admission came about after reports emerged that hackers were planning to sell an extensive database of T-Mobile customer data. According to T-Mobile, personal customer data was stolen, but financial details were not leaked. The attack was blamed on a sophisticated cyberattack.


A group of hackers, Desorden, hacked Acer servers and stole more than 60 gigabytes of sensitive data. The hacker group first reported the data breach and was later confirmed by Acer. The stolen data included the customer names, client phone numbers, and corporate financial data.

Data quantity is no longer a motivating factor for threat actors. Their focus is on gaining access and stealing high-quality data. Data breach costs increased with the rise of remote work and other challenges brought on by the COVID-19 pandemic. The IBM Cost of a Data Breach Study showed that companies that had most employees working from home experienced a considerable increase in the cost of a security incident that ended in a data breach.

Companies supporting a remote or hybrid workforce experienced an increase of up to $1 million more when a data breach occurred.

Everybody needs to practice good cyber hygiene to protect themselves and their loved ones from data breaches and other cybercrimes. The continued rise in the number of data compromises, ransomware, and hacking incidences has put cybersecurity companies under pressure but, most importantly, in the eyes of investors. Microsoft has reported that cybersecurity revenues are now pegged at $10 billion annually and has recently bought RiskIQ, a security threat management company, for $500 million.

Cybercriminals are getting more sophisticated with each passing day and use automated tools. The current state of the threat landscape means that businesses must seek a competitive advantage by going for a complete security suite. A comprehensive security suite will make it more effective to deal with unified threats.

No alt text provided for this image

Author: Alessandro Civati

Blockchain ID: