5 Major Cloud Security Breaches and How to Boost Your Defenses Against Them

The biggest cloud data breaches to date

A report from the World Economic Forum highlights that data theft and cyberattacks are the fourth and fifth biggest threats facing organizations around the world. What’s more, Insights for Professionals’ cloud report shows 41.5% of IT professionals view cloud data breaches as a top threat, and 38.5% have faced a breach or cyberattack in the past 12 months.

Businesses that don’t have sufficient security measures in place are at increased risk of exposing sensitive data to hackers and other threat actors. Here are five well-known companies that have experienced cloud security breaches:

1. SolarWinds

The most infamous recent example is the SolarWinds breach that led to a massive explosion of hacks across many branches of the US and UK governments, NATO and many businesses. One of those was FireEye, a security firm that traced their breach back to a 2020 hack into SolarWinds’ enterprise IT solution software, alerting the rest of the world.

2. Yahoo

Yahoo recorded the biggest cloud data breach in 2013, where 1 billion customers had their accounts compromised by hackers, although this was only announced publicly in December 2016. Unfortunately, Yahoo underestimated the impact of this breach, and later revealed in October 2017 that 3 billion accounts were compromised, not 1 billion.

Due to poor security measures and the late disclosure of data breaches, Yahoo had to renegotiate its sale to Verizon Communications, slashing the sale price by $350 million. In addition, the company also faced legal battles and eventually agreed to pay up to $25,000 per person as part of a $117.5 million settlement.

3. SITA

More recently, Swiss-based airline booking provider and data handler SITA saw its cloud hacked as part of a highly sophisticated attack. This led to a data leak for many airlines, with more still being revealed. Air India only just reported the loss of 4.5 million customer records including credit card numbers, but not the CVC codes.

4. LinkedIn

It’s not the first time that LinkedIn’s made the headlines when it comes to data breaches. In April 2021, personal information from 500 million LinkedIn users was leaked and put up for sale on a hacker forum. Two months later, the site reportedly suffered another security breach, affecting 92% of users (700 million).

According to RestorePrivacy, the culprits behind these separate incidents abused LinkedIn’s API and scraped the following information from user profiles:

• Full names
• Genders
• Email addresses
• Contact numbers
• Postal addresses
• Personal and professional experience
• LinkedIn username and profile URL
• Other social media accounts
• Geolocation records

While LinkedIn strongly denies that they’re at fault, the exposure of personal information means users are at risk of phishing attempts, identity theft, social engineering attacks and more.

5. Marriott Hotel

In terms of volume, the Marriott Hotel chain hack of 2018 saw around 383 million user details lost to what was believed to be a hack by the Chinese government. The weakness that led to the hack was believed to be a “failed cloud security strategy during the Marriott-Starwood Merger.”

Among IT professionals, 92% worry that their organization is at risk of a major breach due to cloud misconfiguration, and these examples are just the tip of the iceberg. Many other hacks share similar attributes such as the long gap between the hack and its discovery and the tough job of establishing exactly what was taken. These will give IT practitioners and security experts nightmares for years to come.

Strengthen your organization’s defenses

When it comes to protecting your business against cloud misconfigurations that could lead to hacks and data breaches, there are several steps to take.

1. Train and educate employees regularly

All workers are busy people, with just a few seconds to recognize that something may be amiss when it comes to cloud security or to judge if an email looks suspicious. Onboarding sessions that highlight the risks are key to set a baseline of knowledge.

All staff should get regular alerts to the risks, training emails that highlight the latest threats and best practices to help protect the business. From time to time, the business should send out benign “scam” emails to test which workers are paying attention and which need some further education.

2. Encrypt and protect data

Data access should only be granted to relevant personnel, and strongly encrypted both in storage and when transferred across the cloud with end-to-end encryption. Files stored on end users’ devices should be password protected.

Any related pieces of data in a set that would make a breach worse (like the credit card numbers and CVV/CVC codes in the SITA hack mentioned above) must be stored in separate files or locations to limit the potential for damage.

Tokenization is an increasingly popular method of protecting sensitive data. It works by replacing the actual information with a cryptographic hash, ensuring that no useful information can be gleaned should a file be stolen without access to the token vault. Tokenization is common in the banking and other regulated industries and is becoming more widely used as breaches become more frequent.

3. Build strong cloud governance policies

Any high-growth or expanding business is under pressure to adopt cloud services to enable that growth. Doing so in an unstructured manner will increase the likelihood of a breach or hack. Starting the business with a leadership-led cloud governance policy is one way to reduce the risk.

A cloud governance policy should explicitly state what cloud services the business can use, what security features must be enabled and operating rules for all users. The policy must enable regular feedback and reporting, so it isn’t left on a shelf to collect dust, with key roles responsible for updates and building the accompanying breach or disaster recovery plan.

4. Use a CASB rather than leave users to their own devices

When unsupervised some workers can get up to all kinds of clever or chaotic ways of using services, apps and files. A cloud access security broker (CASB) is a tool to monitor and audit the activity of users, reporting out-of-normal behavior to the IT department for investigation.

The CASB acts as an intermediary between the business and cloud services, monitoring activity and ensuring that corporate data policies are followed. These can include ensuring features like malware detection is enabled and that single sign-on or multi-factor authentication are in operation, along with encryption, tokenization, access logging and other elements to protect data.

5. Ensure cloud resources are archived

Business data backups may have moved on from the era of DVDs or tape drives kept off-site, but all on-premises data needs to be backed up, ideally to remote cloud storage, while all cloud data needs redundant backups to ensure business continuity and recovery from disaster.

Cloud backups reduce costs, improve accessibility to the data and backup services offer redundant, encrypted data storage. While the cloud can be slower to recover from compared to on-site storage, the flexibility is often of more value to firms.

Cloud data breaches will continue to happen and increase in size as global businesses move more data to the cloud, creating a tempting target for government or financially motivated hackers. Layering all the defenses your business can to protect against them is the only way to maximize security and prepare for when the inevitable attack does happen.

Further reading:

• The State of Cloud Security 2021 [Infographic]
• Hybrid Cloud Headaches: Securing a Complex Environment
• Manage Risks and Ensure Security: 5 Cloud Governance Tips
• Top CASB Use Cases