Sonrai Security website logo for identity and data governance and cloud security

Breach Watch

Breach Watch Aims to Be a Useful Hub of Information About Data Breaches Related to Public Cloud Security

Average Cost of a Data Breach

Data breaches and security incidents are becoming increasingly costly. The Ponemon Institute reports that the average cost of a data breach is over $3.86 million. Globally, US organizations face the highest costs with an average of $8.19 million per breach that is driven by complex regulations that can vary from state-to-state. The data breach examples showcased on this page are the most high-profile cloud security events, but the financial impact of suffering a data breach remains high for companies of all shapes and sizes.

$3,860,000

Data Breaches Around the World

Data is rapidly becoming one of the most valuable assets in the modern world. With data breaches happening throughout the world on a regular basis, securing identities and data in public cloud is now more important than ever. Data breaches, whether they are caused by a misconfiguration, malicious insider, or human error, can result in the compromise of billions of personal records. From financial access to patient healthcare records, some of the biggest companies have had data leaks at one point or another. And many of these companies are chosen because they are in target industries, like healthcare or financial services. Data breaches in public cloud are difficult to identify, are very costly to address, and cause reputational damage that some businesses may never recover from. However, given the value of data and the inevitability of risk, the best that an organization can do to mitigate the effects of a breach is to implement the right public cloud security solutions to prevent, remediate and reduce the blast radius of a data breach. Below you'll find a map of the data breaches or information security events in which personal information was publicly exposed or accessed without authorization through public cloud resources or error.

1
Aadhaar data breach
2
Couch Surfing Breach
3
MCA Wizard Breach
4
MongoDB Breach
5
Key Ring Breach
6
Photo Squared Breach
7
Decathlon Breach
8
Nextmotion Breach
9
Israeli Marketing Firm Breach
10
BGR India Breach
11
Malindo Air Breach
12
Wappanalyzer Breach
13
IndieFlix Breach
14
CIA Data Breach
15
Cisco WebEx VMs Wiped From AWS Data
16
Microsoft Bing Breach
17
Shopify Breach
18
Edureka Beeach
19
Fitness Chain
20
NSW driver's licenses
21
Cisco Breach
22
Dr Lal PathLabs Breach
23
Friendemic Breach
24
Twilio Breach
25
“Repwatch” Breach
26
CAM4 Breach
27
BHIM Breach
28
SSL247 Breach
29
SSL247 Breach
30
Aspire News Breach
31
Rotem and Locar Breach
32
Fresh Film Breach
33
MGM Breach
34
Razer Breach
35
Zhenhua Data Breach
36
University of Tasmania Breach
37
Dating App Breach
38
Lion Air Breach
39
V Shred LLC Breach
40
WizCase Breach
41
Lion Air Breach
42
Docker Hub Breach
43
Tesla Breach
44
Kubeflow Breach
45
Jenkins Server Breach
46
University of Washington Medicine Breach
47
Misconfigured Elasticsearch Breach
48
Clearview AI Breach
49
Adit Breach
50
Remine Breach
51
Texas Health Resources Data Breach
52
Medico and Amarin Pharma Breach
53
Hotels.com Breach
54
21 Buttons Breach
55
Ubiquiti Data Breach
56
Mailfire Elasticsearch Breach
57
SocialArk Data Breach
58
Pixlr Data Breach
59
Bonobos Data Breach
60
VIPGames Leak
61
Antheus Tecnologia data breach
62
CAM4 data breach
63
Government of Saskatchewan Hunting, Angling & Fishing Licensing (HAL) Human Error
64
Aurora Cannabis Unauthorized Access
65
Nissan North America Misconfiguration
66
Nohow International Unsecured Database
67
Health and Community Services Union Tasmania Unsecured Database
68
CallX S3 Bucket Data Breach
69
Adecco Group Unsecured Database
70
Circuit Court of Cook County Unsecured Server
71
Comparitech Server Data Breach
72
Malaysia Airlines Third-Party Breach
73
Verada Video Feed Breach
74
Petersburg Medical Center Breach
75
Premier Diagnostics Unsecured Database
76
Virgin Media Unsecured Database
77
Comparitech Unsecured Database
78
Hobby Lobby Misconfiguration
79
Ubiquiti Data Breach
80
Microsoft Azure Cloud Storage Account Data Breach
81
Paleohacks data leak
82
Accellion Breach 1.3m patients impacted
83
Bizongo Data Breach
84
Upstox Data Breach
85
MobiKwik Data Breach
86
Philippines Solicitor General Data Breach
87
Eversource Data Breach
88
Cognyte
89
CVS Pharmacy, CVS Caremark, and Aetna
90
Wegmans
91
Battle for the Galaxy

Public Cloud Data Breaches in the News

Whether government institutions, financial services, healthcare, or retail, no industry is immune to data breaches. Below are some examples.

Types of Data Breaches

Here are the six major types of breaches you need to understand to protect your business.

Misconfiguration

Misconfiguration means that the public cloud server instances, such as storage and compute, are configured in such a way that they are vulnerable to breaches. The reason cloud misconfigurations are increasing is due to a lack of visibility, as well as rapidly growing public cloud adoption.

Human Error

Human mistakes will happen and will not be deliberate at times, but these errors can still wreak havoc in an organization. Employees accidentally send proprietary data to the wrong person, upload it to public shares, or misconfigure a server where it is stored.

Insider Threat

The simplest and most common situation is when an insider uses legitimate permissions for malicious activities. Malicious insiders come in a variety of flavors, and they are not easy to spot.

Hacker

An attack based on privilege escalation is likely to be much easier if the point of entry is an account that already has a high level of privileges. You can prevent unauthorized users from wreaking havoc by continuously monitoring access across multiple cloud providers and third-party data stores.

Unauthorized Access

People who access unauthorized keys and digital authentication credentials, such as passwords, APIs, and tokens (“secrets”) can accidentally expose a company’s most valuable data on the internet. Organizations need to keep all the information contained in services, apps, privileged accounts, and other parts of the cloud ecosystem secure.

Overprivileged Identities

Users with access to more data than they require. Users with too many administrative privileges — “overprivilege” — can make it difficult for organizations to properly manage user identities and data access

magnifier