Tag Archive for: information leaks

Data Breach Investigation

DATA BREACH

Data Breach Investigation

Our Data Breach Team is ready to assist you.

Our AR INTELL Incident Response and Data Breach Investigations team are ready to assist you.  When we perform an Incident response operation we follow detailed procedures to handle the data breach or cyberattack. We follow your company/organization’s policy in order to mitigate the cyber-attack / data breach consequences.

Your company its data has leaked, you have been data-breached…

Just imagine that virtually everybody can download your confidential data and use it for all sorts of nefarious purposes. We have barely started to understand the different scenarios of the data abuse that will and has resulted from all these data breaches. We give you a few examples of these hellish scenarios…

Recently in 2021 the following a number of top data breaches have occurred. Just a few pointers should be enough to highlight the seriousness of this topic:

  • the average cost PER data breach will is estimated to be over $150 million by 2021
  • the global yearly cost for data breaches is forecast to be $2.1 trillion.
  • during the 1st 6 months of 2018 more than 4.5 billion records were exposed via data breaches
  • Example for 2019, 2.7 billion identity records were posted on the web

Numerous companies and organizations had their data leaked online, the security of cloud-based storage was either over-estimated, or security controls were not implemented. One wonders how all these data are being misused and will continue to be used against your interest or the interest of the company that collects and stores these data.

Examples of +50 huge data breaches with billions of records exposed online and offered for sale on the dark web

+Billion user accounts
  • ADULT VIDEO STREAMING WEBSITE CAM4 – MARCH 2020 – 10.88 BILLION RECORDS
  • YAHOO DATA BREACH – OCTOBER 2017 – 3 BILLION ACCOUNTS
  • AADHAAR DATA BREACH – MARCH 2018 – 1.1 BILLION PEOPLE
+500 Million users
  • FIRST AMERICAN FINANCIAL CORP. DATA BREACH – MAY 2019 – 885 MILLION USERS
  • VERIFICATIONS.IO DATA BREACH – FEBRUARY 2019 – 763 MILLION USERS
  • LINKEDIN DATA BREACH 2021 – JUNE 2021 – 700 MILLION USERS
  • YAHOO DATA BREACH 2014 – 500 MILLION ACCOUNTS
  • STARWOOD (MARRIOTT) DATA BREACH – NOVEMBER 2018 – 500 MILLION GUESTS
+200 Million of users
  • ADULT FRIEND FINDER DATA BREACH – OCTOBER 2016 – 412.2 MILLION ACCOUNTS
  • MYSPACE DATA BREACH – JUNE 2013 – 360 MILLION ACCOUNTS
  • EXACTIS DATA BREACH – JUNE 2018 – 340 MILLION PEOPLE
  • TWITTER DATA BREACH 2018 – MAY 2018 – 330 MILLION USERS
  • NETEASE DATA BREACH – OCTOBER 2015 – 234 MILLION USERS
  • SOCIALLARKS DATA BREACH – JANUARY 2021 – 200 MILLION RECORDS
  • DEEP ROOT ANALYTICS DATA BREACH – JUN 2017 – 200 MILLION U.S VOTERS
  • COURT VENTURES DATA BREACH – ‍OCT 2013 – 200 MILLION PERSONAL RECORDS
-200 Million of users
  • LINKEDIN DATA BREACH – JUNE 2012 – 165 MILLION USERS
  • DUBSMASH DATA BREACH – DECEMBER 2018 – 162 MILLION USERS
  • ADOBE DATA BREACH – OCTOBER 2013 – 152 MILLION
  • MYFITNESSPAL DATA BREACH – FEBRUARY 2018 – 150 MILLION USERS
  • EQUIFAX DATA BREACH – SEPTEMBER 2017 – 148 MILLION PEOPLE
  • EBAY DATA BREACH – FEBRUARY/MARCH 2014 – 145 MILLION USERS
  • CANVA DATA BREACH – MAY 2019 – 137 MILLION USERS

Unintentional data disclosure

A data breach is similar to a data leak. We call this also unintentional information disclosure, information spilling, or data spillage.

A data breach results from a cyberattack. In this instance, cybercriminals obtain unauthorized access to a computer system or network. As a result, your private data, sensitive documents, or other confidential data will have been stolen. These data often contain the personal and financial details of customers.

black server racks on a room
Have Cyber Criminals gained to access to your company data via a Data Breach? Is there a cyber attack on the way?

Thus in the event of a data breach; the attacker will release your secure, private & confidential data onto the public internet, deep web, or dark web. This causes quite some instant and long-term damage to your company or organization.

Ask yourself how you will prevent this type of damaging form of information leakage.

Which type of data could have been exposed?

  • employee information
  • trade secrets
  • intellectual-property
  • usernames, email addresses
  • data of birth, social security numbers
  • passwords, login credentials
  • cellphone numbers, fixed phone number
  • postal addresses, private addresses
  • passport number, I/C numbers, and other customer IDs
  • bank account numbers
  • credit card numbers
  • credit and debit accounts
  • e-commerce logins
  • IM chat content (WhatsApp, Messenger, and other systems)
  • online payment account information
  • exposed business and consumer data
  • social media profiles
  • data points on personal interests and individual preferences
  • retail customer details
  • personal pictures
  • details of your hotel visits
  • details of contracts
  • government information
  • military information
  • law enforcement related data

Dangers of a data breach

Dangers of a Data Breach

  • infiltration of your data systems
  • identity theft, PID exposed
  • company reputational damage
  • blackmailing
  • malware attacks – ransomware attacks – phishing
  • fines by authorities for non-compliance with GDPR and PDPA
  • putting customers and supply chain at risk or in harm’s way
  • loss of vital information
  • personal data sold and or misused
  • violation of your privacy 
  • exposure and exploitation of PID (personally identifiable data)
  • by using the data exposed in the data breach, lateral movement will occur and more attacks will follow
  • full and violent exploitation of the data will occur

Instant Response Checklist – Immediate action to take in the 1st 24 hours after the data breach

There are many variants possible on the response scenario but we think that this should be the rough timeline of your actions to take when you were hit by a data breach attack.

Did you ever think of doing a simulation? Prepare for the worst, hope for the best!

Who are the actors behind a data breach?

  • black hat hackers
  • personal gain hackers
  • organized crime groups
  • political activists
  • nation-state hackers
  • APT groups
  • other adversaries
  • unknown cybercriminals

Data Breach Investigation

A data breach investigation will focus on the:

  • insider threat
  • outsider threat
  • interaction of both

After you have detected the data breach, the 1st step is to contain the data breach with your Incident Response Plan. 2nd step is to minimize your direct losses. But then immediately the intelligence gathering will need to start. So, at that point in time, a thorough investigation can be set up by our independent & experienced forensic investigators.

You can rest assured that we will find the source of the data breach, document the extent, of the effect of the data leak, and hopefully find the perpetrators.

Hence, as you can imagine; we need to investigate the details of what happened. and understand the chronology (when). Later we will see why it happened, who did what, and how it was done (the methodology). Especially the lead-up to the events needs to be thoroughly documented. There is always trace evidence or digital footprint.

Our investigation addresses the following topics:

  • extend the damages
  • post mortem report
  • we check what and who is affected
  • map out the attack
  • document the cyber kill chain
  • pattern discovery
  • timeline of the attack + life cycle of a data breach
  • profiling of insiders involved
  • profiling of external parties – suspects
  • summary of attack vectors
  • document mistakes, accidents, or misuse by staff or vendors
  • was this a targeted attack by malicious operators?
  • identify the attackers
  • determine the tools and methods used
  • status of the Intrusion Prevention / Detection System
  • observation of suspicious behavior
  • analysis of log-files
  • collection of breach-related data
  • conduct interviews with staff and vendors
  • document all discoveries
  • how do inform the affected parties?

Who are the targets for this type of cyber attack?

Essentially anybody who hosts a substantial amount of data online and/or offline can become the victim or target of a data breach. Common and popular candidates for data leaks are:

  • banks & financial institutions
  • legal firms
  • consulting agencies
  • most business corporations, but typically major corporations are prime targets
  • big hotels
  • businesses of specific importance
  • defense industry
  • computer data centers
  • governments
  • hospitals, medical facilities
  •  healthcare organization
  • social media companies
  • VPN providers
  • ISP – Internet Service Providers
  • Telecoms
  • cloud storage services
data breach cyber attack
Are you a potential target for a cyber attack or data breach?

There is a good historical overview of major data breach incidents here. Do take note that many data breaches are never reported, because of confidentiality issues and probably regulatory requirements.

Why do a data breach investigation?

  • prevent future data breaches
  • we try to understand what can be done with the stolen information
  • future risk mitigation and remediation
  • minimizing the current and future losses
  • successful containment strategy
  • 100% disaster recovery
  • do a proper post-attack recovery
  • provide a good explanation to your customers about the data breach

Request Data Breach Investigation