The Biggest Breaches and Data Leaks of 2020

Year after year, cyberattackers cause unnecessary stress for organizations, disrupting innovation and impacting profit. 2020 was no different – last year brought a bevy of damaging breaches that cost organizations precious money and time they couldn’t get back.  

Ranging from thousands to billions of records exposed, breaches big and small gave threat actors access to sensitive information like email addresses, locations, passwords, dates of birth, and more. Impacts were felt across the board with organizations from Nintendo to Broadvoice and even the U.S. Small Business Administration making waves in the news.

The biggest breach, however, went to Keepnet Labs with what was most likely a directory traversal exploit from an unsecured server. This typically allows threat actors to gain unauthorized access to files and, ultimately compromise an entire web server. Unfortunately for Keepnet Labs, attempting to move an unsecured server with their firewall disabled for about ten minutes landed them in the headlines with over 5 billion records leaked from previous cybersecurity incidents, including hash types, passwords, email addresses, email domains, and more.

So why are security breaches still so common? We know from State of Software Security v11 that 76 percent of applications have at least one flaw on initial scan today (24 percent with high-severity flaws), and that organizations with a higher flaw density remediate risky flaws a whopping 63 days slower than others. The good news: some of the biggest breaches from 2020 stemmed from common problems with code quality, CRLF injection, and cryptographic issues, which are preventable with secure coding best practices.

​

Check out our full infographic here to see the biggest breaches of 2020 and learn how to prevent similar threats. Looking ahead to 2021 and beyond it’s critical that organizations continue to pivot and improve their security; with the right combination of secure coding best practices, educational training, and integrated testing types, developers can stay one step ahead of these and other modern threats.