Top 8 Biggest Data Breaches of 2022 and Learnings From Them

Top 8 Biggest Data Breaches of 2022 and Learnings From Them

Every year, we become more aware of the dangers of cybercrime and data breaches. Unfortunately, this doesn’t mean that the number of incidents decreases – quite the contrary. The biggest challenge for organizations is not the number or type of attacks they face, but how to respond quickly enough to mitigate their damage before it’s too late.

Cybercrime is expected to cost companies worldwide upwards of $10.5 trillion by 2025. The attackers use sophisticated tools to penetrate systems and steal data from organizations of all sizes. Malicious actors will also use social engineering tactics to lure employees into giving them access to their systems without knowing it.

A data breach could cause a wide range of harmful impacts on businesses, including physical, financial, material, or non-material damage. The GDPR states that the effects of data breaches on businesses and customers include,

  • Losing control over their data

  • Having their rights restricted

  • Falling victim to identity theft or fraud

  • Financial loss

  • Reputation damage

  • Losing the confidentiality of their data

In light of this, to help you better understand the consequences of data breaches and help you align your data security and breach prevention strategies towards the key risk factors, this blog presents the top 10 biggest data breaches of 2022 in no particular order.

“Turning Data Breaches into Lessons: Unveiling the Insights from 2022’s Top 8 Breaches.”

Top 8 Data Breaches in 2022

1. Block Data Breach

In April 2022, Block, formerly known as Square, confirmed a data breach involving a former employee who downloaded reports that contained critical customer information.

The San Francisco-based company underlined in the lawsuit that the reports did not include any personally identifying data, such as usernames or passwords, social security numbers, birth dates, credit card information, addresses, and bank account information.

What Happened?

The data breach allegedly occurred because an employee downloaded a report from Cash App, a P2P payment service owned by Block, which contained former and current customer information without proper permission.

The breach exposed customers’ full names, brokerage account numbers, portfolio holdings, values, and trading activity for one trading day. According to the lawsuit, Block’s share price dropped 6.4 percent due to the company’s disclosure of the data breach, which may have impacted as many as 8.2 million Cash App Investing users.

Learnings from Block Data Breach

Employee offboarding is a crucial process, and businesses should have proper procedures and automation to handle both employee onboarding and offboarding. With offboarding, businesses must ensure to revoke all rights and accesses given to respective employees effectively.

Also, it is essential to manage role-based access for all employees so that only authorized persons can access the desired information.

2. Flagstar Bank Data Breach

Despite extensive regulation and compliance to safeguard customer data, cybersecurity risks to financial institutions, such as banks and insurance services, have risen tremendously. One of the biggest American financial service providers, Flagstar Bank, reported a data breach in June 2022 that leaked 1.5 million customers’ personal information.

What Happened?

  • Number of persons affected (including residents): 1,547,169

  • Number of Maine residents affected: 1,028

  • Date(s) Breach Occurred: 12/03-04/2021

  • Data Breach Discovered: 06/02/2022

  • Description of the Breach: External system breach (hacking)

This data breach exposed the private information, including Social Security numbers, customer names, contact information, and tax records of over 1.5 million Flagstar Bank customers, which forced the bank to compensate $5.9 million in out-of-court settlements.

Furthermore, the respective Michigan-based bank withheld information about the data breach’s origin, its attack vector, and whether it resulted from an internal or external vulnerability.

Learnings from Flagstar Bank Data Breach

Even if the precise attack vector was not made public, it nevertheless emphasizes how critical it is to address all potential vulnerabilities, from insider threats to malware protection to third-party threats.

3. ICRC (International Committee of the Red Cross) Data Breach

It was reported in January 2022 that Unidentified hackers broke into the ICRC systems, stealing more than 515,000 people’s personal data from all over the world.

What Happened?

The hackers chose to target a Swiss company that the ICRC hires to store and manage its data. Then, the hackers gained access to the ICRC servers by leveraging a loophole in an authentication module.

This loophole allowed attackers to disguise themselves as authorized administrators and users, and attackers were able to access the data of vulnerable people, including those who were separated from their families due to migration or disaster, as well as missing people. However, currently, there is no proof of compromised data being disclosed to the public or leaked.

Learnings from ICRC Data Breach

This data breach is a crucial indication that businesses must enhance their cybersecurity risk management techniques so that key vulnerabilities are continuously assessed and data protection is given top importance.

4. Toyota Data Breach

In October 2022, Toyota, one of the largest automakers in the world, reported a breach that was allegedly brought on by a third-party vendor and is believed to have exposed close to 300,000 email addresses and the customer management numbers that go with it.

What Happened?

This breach happened with the T-Connect, an official Toyota-branded connectivity app that enables owners of Toyota cars to connect their smartphone to the car’s infotainment system for calls, music, route planning, engine condition, fuel usage, and more.

Toyota claimed that a third party working on the T-Connect website accidentally uploaded some of the site’s source code to a public GitHub repository in December 2017; the mistaken upload remained undetected until last month. The most alarming aspect is that the data remained in the public domain for five years, from 2017 to 2022.

Toyota claimed that the GitHub repository was made private as soon as the data breach was discovered, and the access key to the affected server was changed. Customers were also assured by the automaker that there was no potential for the leakage of identities, contact details, credit cards, and other information.

Learnings from Toyota Data Breach

Organizations must establish clear security policies that their subsidiaries should adhere to. Also, when finalizing subsidiaries, parent organizations should carefully evaluate the security posture of those subsidiaries.

Similar to the incident response plan for cases where a security incident occurs in the organization, there should be an incident response plan if any security incident occurs at the subsidiaries.

5. Twitter Data Breach

Twitter has confirmed that it was breached via a now-patched zero-day vulnerability in Twitter’s systems, allowing an attacker to access the contact details of 5.4 million user accounts.

What Happened?

Even if the users had concealed phone numbers and email addresses in their privacy settings, the zero-day vulnerability permitted attackers to obtain this information from Twitter accounts.

The data, which links Twitter accounts to phone numbers and emails, are being sold on a hacking forum for $30,000 by the attacker, leaving user information in an extremely vulnerable posture.

As a preventative measure against future breaches, Twitter said it is in the process of immediately alerting the account owners when affected by the breach. It also urged users to enable two-factor authentication to protect against fraudulent user access.

Learnings from Twitter Data Breach

The attackers used social engineering to gain access to sensitive information from Twitter employees. This type of attack manipulates people into giving up sensitive information like login information while posing the organization’s internal staff, such as an IT person.

Educating employees on common cyber attacks is critical and should be taken seriously by the organization. There should be frequent quizzes or internal mock attacks to train employees on recognizing and reporting such incidents.

Also, organizations should at least use MFA in case of using password-based authentication or should move to modern and more secure password-free authentication methods such as passkeys, Email link and email OTP.

6. Neopets Data Breach

In April 2022, Neopets reported that hackers gained access to Neopets’ database and took 460 MB of source code and the personal information of approximately 69 million users (both present and previous).

The inquiry, which was started on July 20, 2022, found that from January 3, 2021, to July 19, 2022, hackers gained access to the Neopets IT infrastructure.

What Happened?

It is alleged that users’ identities, such as usernames, email addresses, dates of birth, gender, IP addresses, PINs for Neopets, hashed passwords, details about their pets and gaming, and other personally identifiable information (PII), were among the data hacked.

As a precautionary measure and to better secure account access, Neopets has reset player passwords as part of their continued commitment to the security and privacy of the Neopets player information.

Learnings from Neopets Data Breach

When using password-based authentication, an organization must deploy effective multi-factor authentication (MFA) to enhance its security posture.

Also, users generally tend to reuse their account passwords or set similar passwords (following a pattern), which can weaken the security wall. Thus, using modern and more secure password-free authentication methods seems a better solution for organizations.

7. Singtel Optus Data Breach

In September 2022, Singtel Optus, aka Optus, was under a cyberattack that exposed the personal information, including email addresses, birth dates, and contact information of up to 9.8 million customers. It is the second-largest telecommunications provider in Australia.

This data breach led to a revision of consumer privacy laws in Australia. The revision was to make it easier and safer for banks and telecommunications companies to share specific user information and give users more rights to their data.

What Happened?

While Optus has not yet disclosed the details and attack vectors of the incident or the systems that were compromised, various regional sources point to an online API that allegedly required no authentication or authorization for user data to be accessed. The Optus data breach is currently regarded as one of the most important data breaches in Australian history, and it serves as a warning to businesses in and outside of Australia that deal with personal data.

Learnings from Singtel Optus Data Breach

Organizations should follow API hygiene standards, and periodic checks must be in place to identify and resolve any possible API security vulnerabilities.

Also, the API security measures should be well-defined and communicated across the relevant teams to ensure the utmost API security.

8. Data Breach

The Singapore-based cryptocurrency exchange reported that a hack that affected 483 of its users resulted in $35 million worth of unauthorized withdrawals of bitcoin and ether.

What Happened?

The company reported that the hackers acquired an estimated$35 million in tokens from users of the centralized exchange, comprising 4,836.26 ETH, 443.93 BTC, and about $66,200 worth of other currencies. The hack is one more illustration of how hackers target cryptocurrency websites.

During their inquiry, discovered unauthorized activity on users’ accounts. Further research showed that transactions were carried out on those accounts without the users completing two-factor authentication.

This is accomplished by hackers finding a loophole in’s security system that allows them to avoid the 2FA requirement during the authentication process totally.

Learnings from Data Breach

Having 2FA to complete the authentication is crucial, but so is verifying its security. Also, risk-based authentication must be in place for unusual account activities. For example, users should be prompted for authentication factors in case of an unusually high transaction amount.

About DVrtta

We are a leading Identity and Access Management service provider who stayed ahead of the pack by providing the best IAM services to customers since day one. We have successfully delivered 20+ IAM / IGA projects. We offer a seamless experience with integration across all cloud applications. Have questions? The consultation is always free.


Hire An IAM Expert

Reach out today to receive more information about our IAM services, if you have question reach us.