The Breachies 2024: The Worst, Weirdest, Most Impactful Data Breaches of the Year
Every year, countless emails hit our inboxes telling us that our personal information was accessed, shared, or stolen in a data breach. In many cases, there is little we can do. Most of us can assume that at least our phone numbers, emails, addresses, credit card numbers, and social security numbers are all available somewhere on the internet. But some of these data breaches are more noteworthy than others, because they include novel information about us, are the result of particularly noteworthy security flaws, or are just so massive they’re impossible to ignore. For that reason, we are introducing the Breachies, a series of tongue-in-cheek “awards” for some of the most egregious data breaches of the year.
One third of adults can’t delete device data
The UK’s Information Commissioner’s Office (ICO) has warned that many adults don’t know how to wipe their old devices, and a worrying number of young people just don’t care. Clearing personal data off an old device is an important step before ditching it or handing it on to another user. However, almost three in ten (29 percent) of adults don’t know how to remove the information, according to a survey of 2,170 members of the UK public. Seventy-one percent agreed that wiping a device was important, but almost a quarter (24 percent) reckoned it was too arduous. This means that the drawer of dusty devices is set to swell – three-quarters of respondents reported hanging on to at least one old device, and a fifth did so because they were worried about their personal information.
European Space Agency’s official store hacked to steal payment cards
European Space Agency’s official web shop was hacked as it started to load a piece of JavaScript code that generates a fake Stripe payment page at checkout. With a budget over 10 billion euros, the mission of the European Space Agency (ESA) is to extend the limits of space activities by training astronauts and building rockets and satellites for exploring the mysteries of the universe. The web store licensed to sell ESA merchandise is currently unavailable, showing a message that it is “temporarily out of orbit.”
The Intersection of AI and OSINT: Advanced Threats On The Horizon
Intelligence operations have undergone a profound transformation. Gone are the days when intelligence gathering relied purely on information obtained from human and other restricted sources. Today, much of the intelligence is publicly available – if one knows where and how to find it. This practice, known as Open Source Intelligence (OSINT), has emerged as an essential tool, especially in cybersecurity. Traditionally, OSINT proved to be a powerful tool for defenders. Security teams use it to proactively research publicly available information so they can thwart threat actors by preempting their moves. On the flip side, studies reveal that bad actors too have been leveraging OSINT to target organizations and their key executives.
UN General Assembly adopts milestone cybercrime treaty
The agreement on the legally binding treaty marked the culmination of a five-year effort by UN Member States, with inputs from civil society, information security experts, academia and the private sector. UN Secretary-General António Guterres welcomed the adoption of the Convention – the first international criminal justice treaty to have been negotiated in over 20 years. “This treaty is a demonstration of multilateralism succeeding during difficult times and reflects the collective will of Member States to promote international cooperation to prevent and combat cybercrime,” his spokesperson said in a statement. The statement added that the Convention “creates an unprecedented platform for collaboration” in the exchange of evidence, protection for victims and prevention, while safeguarding human rights online.