Data theft refers to the act of illegally obtaining digital information from an organization for financial gain or with the intent to sabotage the business' operations. Adversaries or even malicious employees can steal corporate data from secured file servers, database servers, cloud applications, or even from personal devices. There is a huge market for stolen personal data such as phone numbers, credit card information, work email addresses, and much more, which keeps malicious insiders and hackers motivated.
Check out the top eight data breaches in recent history where millions of customers' personal data was exposed and the organizations faced severe backlash.
|CAM4||March 2020||10.88 billion records stolen||An employee misconfigured the Elasticsearch production database, leaving it vulnerable.|
|Yahoo||October 2017||3 billion records stolen||A phishing scheme was used by the perpetrators to gain access to Yahoo's network.|
|Indian government (Aadhaar data leak)||March 2018||1.1 billion records stolen||India's national ID database was left exposed when a state-owned utility company left its network unsecured.|
|June 2021||700 million records stolen||A hacker named God User scraped the data by exploiting LinkedIn's API. The data was put up for sale on the dark web.|
|Marriott (Starwood)||November 2018||383 million records stolen||Hackers probed and infiltrated Marriott's reservation system to steal customer data.|
|Myspace||June 2013||360 million records stolen||Perpetrators obtained user data by taking advantage of the obsolete password protection system that used unsalted SHA-1 hashes.|
|SocialArks||January 2021||214 million records stolen||A misconfigured Elasticsearch database left the server exposed online, leaving customer data without password or encryption protection.|
|Equifax||September 2017||148 million records stolen||Hackers exploited an unpatched vulnerability dubbed CVE-2017-5638 to hack into Equifax's customer complaint web portal.|
All data theft has devastating consequences. It leaves severe financial, operational, and reputational scars on a business. Most businesses that fall prey to data theft experience:
Most data theft exposes the organization's non-compliance to data security mandates. Data protection authorities like those overseeing GDPR and HIPAA compliance penalize such negligence with steep fines.
Customers tend to lose trust in organizations that fall victim to data theft attempts. The damage to the brand name will last and it might take years for the organization to rebuild.
Most organizations will go into damage control mode following data theft, bringing routine operations to a standstill until the damage is fully analyzed. This loss of productivity can result in huge financial repercussions.
Data theft is immediately followed by an in-depth forensic investigation by the organization looking into the origin of the breach, its impact, and more.
Data theft can be broadly classified into two categories, i.e., those caused by internal and external threats.
Employees harboring illicit motives can attempt to steal sensitive personal data stored via USBs, email, and much more. Aside from willful insiders, it's negligent and careless employees who are the major cause of data breaches. These employees fall prey to phishing tricks and spam campaigns, or leave their critical server unsecured or misconfigured.
Digital criminals are always on the lookout to exploit and thieve organizations with obsolete data protection standards, unpatched system vulnerabilities, and misconfigured cloud storage. They launch ransomware attacks, malvertisement campaigns, man-in-the-middle attacks, and more to infiltrate the organization's network.
Here are the most common best practices that an organization needs to exercise to reduce the risk of data theft.