By Alisa Fetic
Cybersecurity attacks remain a top threat for businesses as more and more companies devise proactive measures to secure their data.
More than 4,000 publicly disclosed data breaches occurred in 2022, exposing over 22 billion records to bad actors. IBM reported that the average cost of data breaches increased from $4.24 million in 2021 to $4.35 million in 2022—representing a 2.6% increase.
While the financial loss resulting from data breaches is significantly high, the real impact on businesses runs much deeper; reputational damages, legal liabilities, and loss of customer trust.
Unfortunately, cybersecurity threats aren’t going away.
In fact, they get more sophisticated by the day. These threats affect businesses of all sizes—big and small, so it’s vital for organizations to take appropriate measures to thwart the attacks. This article discusses the most notable data breaches that occurred in December 2022.
1. Uber
Uber, the global mobility company, suffered a series of attacks in 2022.
In September, the company suffered a data breach from an alleged “teenager” threat actor. The hacker compromised the company’s ride-sharing system, gaining access to confidential user data. Uber reported that the attacker downloaded some internal slack messages and accessed data from an internal tool the company uses to manage invoices.
Its latest attack happened in December 2022.
On December 10th, a new trove of Uber data was posted on BreachForums. The leaked data included personally identifiable information (PII) of 77,000 Uber employees, source code, and the company’s internal reports.
Uber announced on December 12th that a hacker going by the name “UberLeaks” gained access to their employees’ data and was posting it on social forums. The company believes the attackers accessed its data in a recent breach on TeqTivity—a vendor Uber uses for tracking services.
3. Rackspace
On December 2nd, Texas-based cloud computing giant Rackspace was hit by a ransomware attack, leaving thousands of customers worldwide without access to their data.
A few days later, the firm revealed that it was dealing with a security incident that forced it to shut down its Microsoft Exchange Server.
Shortly after, Rackspace confirmed that the incident was indeed a ransomware attack. The company also warned its customers not to hand over their sensitive information to anyone who may contact them requesting such information over email or phone.
Rackspace didn’t disclose which ransomware group was behind the attack and whether customer data was compromised. The company has received widespread criticism for concealing critical information about the incident. So far, at least two lawsuits have been filed against the company.
2. Last Pass
On December 22nd, the beleaguered password manager giant Last Pass confirmed in a blog post that a hacker had infiltrated their system in an August data breach attempt.
Customers’ data may have been at risk of being exposed in a data breach that targeted a database of encrypted password vaults.
The hacker used data they stole in the August breach to compromise another employee and obtain credentials that allowed them access to the password database.
But just because the attacker gained access to the encrypted vaults doesn’t mean they accessed the passwords. While they have the vaults, it would still be difficult for them to access the passwords, though not impossible. It’s just the first step to cracking the passwords.
Wrapping Up
2022 has been a busy year for security professionals as data breaches have affected millions of users and cost companies billions in damages. As attackers advance their strategies, organizations should tighten their security policies to thwart cyberattacks and minimize damage.