Sonrai Security website logo for identity and data governance and cloud security

Breach Watch

Breach Watch Aims to Be a Useful Hub of Information About Data Breaches Related to Public Cloud Security

Average Cost of a Data Breach

Data breaches and security incidents are becoming increasingly costly. The Ponemon Institute reports that the average cost of a data breach is over $3.8 million. Globally, US organizations face the highest costs with an average of $8.19 million per breach that is driven by complex regulations that can vary from state-to-state. The data breach examples showcased on this page are the most high-profile cloud security events, but the financial impact of suffering a data breach remains high for companies of all shapes and sizes.


Data Breaches Around the World

Data is rapidly becoming one of the most valuable assets in the modern world. With data breaches happening throughout the world on a regular basis, securing identities and data in public cloud is now more important than ever. Data breaches, whether they are caused by a misconfiguration, malicious insider, or human error, can result in the compromise of billions of personal records. From financial access to patient healthcare records, some of the biggest companies have had data leaks at one point or another. And many of these companies are chosen because they are in target industries, like healthcare or financial services. Data breaches in public cloud are difficult to identify, are very costly to address, and cause reputational damage that some businesses may never recover from. However, given the value of data and the inevitability of risk, the best that an organization can do to mitigate the effects of a breach is to implement the right public cloud security solutions to prevent, remediate and reduce the blast radius of a data breach. Below you'll find a map of the data breaches or information security events in which personal information was publicly exposed or accessed without authorization through public cloud resources or error.

Couch Surfing Breach
MCA Wizard Breach
MongoDB Breach
Key Ring Breach
Photo Squared Breach
Decathlon Breach
Nextmotion Breach
Israeli Marketing Firm Breach
BGR India Breach
Malindo Air Breach
Wappanalyzer Breach
IndieFlix Breach
CIA Data Breach
Cisco WebEx VMs Wiped From AWS Data

Public Cloud Data Breaches in the News

Whether government institutions, financial services, healthcare, or retail, no industry is immune to data breaches. Below are some examples.

Types of Data Breaches

Here are the six major types of breaches you need to understand to protect your business.


Misconfiguration means that the public cloud server instances, such as storage and compute, are configured in such a way that they are vulnerable to breaches. The reason cloud misconfigurations are increasing is due to a lack of visibility, as well as rapidly growing public cloud adoption.

Human Error

Human mistakes will happen and will not be deliberate at times, but these errors can still wreak havoc in an organization. Employees accidentally send proprietary data to the wrong person, upload it to public shares, or misconfigure a server where it is stored.

Insider Threat

The simplest and most common situation is when an insider uses legitimate permissions for malicious activities. Malicious insiders come in a variety of flavors, and they are not easy to spot.


An attack based on privilege escalation is likely to be much easier if the point of entry is an account that already has a high level of privileges. You can prevent unauthorized users from wreaking havoc by continuously monitoring access across multiple cloud providers and 3rd party data stores.

Unauthorized Access

People who access unauthorized keys and digital authentication credentials, such as passwords, APIs, and tokens (“secrets”) can accidentally expose a company’s most valuable data on the internet. Organizations need to keep all the information contained in services, apps, privileged accounts, and other parts of the cloud ecosystem secure.

Overprivileged Identities

Users with access to more data than they require. Users with too many administrative privileges — “overprivilege” — can make it difficult for organizations to properly manage user identities and data access

© 2020 Sonraí Security. All rights reserved | Privacy Policy

Sonrai Security cloud security platform, products and services are covered by U.S. Patent No. 10,728,307, together with other domestic and international patents pending. All rights are reserved.