The Big Data Breaches of 2020: What Happened and What Did We Learn?

Sibel Bagcilar | January 19, 2021 | tag: Cybersecurity

Not to be forgotten during the chaos that was 2020 were the massive cybersecurity breaches that directly impacted some of the country’s largest businesses and their customers. Let’s take a closer look at four of the big data breaches of 2020 — and what we can learn from these incidents to avoid a repeat of similar events in 2021.

SolarWinds Orion cyber attack


We’d be remiss if we didn’t start with the biggest data breach of the year — and, indeed, possibly one of the largest and most significant cybersecurity incidents ever. The SolarWinds Orion breach was a cyber catastrophe caused by foreign hackers who infiltrated government and business networks through inserting malware into SolarWinds’ software updates. For months, if not longer, adversaries were able to use this backdoor to access sensitive information, potentially from hundreds of thousands of organizations around the world. One thing is for sure, the repercussions of the attack will likely reverberate throughout 2021 and beyond. 

We’ve written quite a bit about the SolarWinds Orion breach over the past few weeks. Start here to learn more about this attack and recommendations on what to do to mitigate its impact.

FireEye SUNBURST malware


Speaking of SolarWinds, the Orion hack was initially discovered by cybersecurity firm FireEye — which itself was a victim of the SolarWinds incident. FireEye discovered a malware intrusion apparently emanating from Orion which it subsequently dubbed “SUNBURST.” FireEye’s hack resulted in the theft of 300 proprietary software tools

When discussing the Orion attack in an interview with NPR, the company’s CEO, Kevin Mandia, summed it up in the following way: “We're a nation losing billions of dollars to ransomware, and we are a nation that just had potentially one of the most successful cyber espionage campaigns ever done on it.”

FireEye continues to investigate this incident and is working with federal authorities to track down the perpetrators. It’s an ongoing concern — and, like the Orion hack, will continue to be for the foreseeable future. 

Microsoft breach


2020 started off with a disclosure from Microsoft regarding a breach that took place at the end of the previous year. As the company reported, they discovered a misconfiguration of an internal customer support database that was used for support case analytics. The server in question contained roughly 250 million entries containing email addresses, support case details, and more — but Microsoft reported that “most customers did not have personally identifiable information exposed.”

To its credit, Microsoft launched an in-depth investigation into the incident, was highly transparent about what happened, and took swift steps to mitigate any damage. But the incident still shows the danger that a simple yet common error can introduce to a company and its customers.

Oracle BlueKai database hack


Oracle’s Data Management Platform (formerly known as BlueKai) suffered a serious blow in June 2020 when it was discovered that an unsecured server exposed billions of records — with information including names, email addresses, home addresses, and other personally identifiable data. 

This information had been collected through BlueKai’s web tracking platform, which marketers can use to infer as much about their audience as possible. According to TechCrunch, the company amassed “one of the largest banks of web tracking data outside of the federal government.” The exposure of that data certainly merits a place on this list and shows how not performing tried-and-true cybersecurity basics — like database encryption — can lead to one of the big data breaches of 2020.

Mitigating these risks


In light of these attacks, it’s never been more important to develop a strong third-party risk management program. As vendors can introduce unwanted vulnerabilities into your network through breaches and other security incidents, it’s critical that you develop optimized processes for regularly assessing third-party risk. Clearly, it’s not enough to simply perform manual, point-in-time third-party risk assessments. Continuous monitoring, backed by an easily understandable KPI like security ratings, is essential to maintaining a secure supply chain. Without this insight, organizations run the risk of exposure — and a repeat of the events of 2020.

Visit_the_BitSight_SolarWinds_Resource_Page

Suggested Posts

What’s Most Notable in Biden’s Cybersecurity Executive Order?

In light of recent significant attacks targeting the U.S. government, the Biden administration issued an Executive Order (EO) on cybersecurity on May 8, 2021.

Overall, the EO starts to fill in some critical gaps in US government...

READ MORE »

BitSight Observations Into Hafnium Part Four: Who Is Still Vulnerable?

The unfolding Hafnium attack is the latest event in the trend of cyber events. CISO’s are starting to recognize that enterprise cyber security is being redefined to mean me and all my suppliers, or  the combination of first and third party...

READ MORE »

Should Security Ratings Require Independent Verification?

As a recent Forrester report highlighted, there are many cybersecurity ratings available. Security ratings have a valuable place in your overall cyber risk mitigation strategy, for many reasons.

Not all security ratings are equal though.

READ MORE »

Subscribe to get security news and updates in your inbox.