Information Technology and Ethics/Security Breach

In today’s hyperconnected world, data has become one of the most valuable resources and one of the most vulnerable as well. In 2024 alone, the average cost of a data breach reached an all-time high of $4.45 million, according to the IBM and Ponenmon Institute’s annual report on cybersecurity, having an of 15% increase over the past three years.^[1] Th surge reflects the increasing scale and severity of modern cyberattacks across all industries. No organization is immune from a global corporation to small business and nonprofits. The consequences of these breaches expand beyond financial losses, impacting not only operational continuity, but also stacker holder trust and public perception. Breaches are also growing in frequency. In 2023 alone, there were over 3,200 publicly reported data breaches, compromising billions of records worldwide and impacting sectiors such as healthcare, finance, and education ^[2]. Often, these incidents arise not from highly advanced attackers, but from misconfigurations of systems, insufficient training for employees, outdated systems, or even simple human error. While ransomware and phishing remain widespread, attackers now exploit weaknesses across entire digital ecosystems, including supply chains and third-party services.

It is crucial to understand what a security breach is before moving on to the rest of this chapter. Any occurrence that leads to unauthorized access to computer data, applications, networks, or devices is referred to as a security breach. It results in information being accessed without authorization and usually happens when an intruder is able to bypass security measures. The majority of data breaches reveal sensitive information such as credit card numbers, trade secrets, and other proprietary details.^[3] According to recent research issued by Risk Based Security, in the first half of 2021, there were 1,767 publicly acknowledged data breaches, exposing 18.8 billion PII details.^[4] Data breaches are becoming increasingly common as more data is gathered and collected

A data breach is commonly assumed to be the result of an external hacker. However, this is not necessarily the case. Intentional assaults can sometimes be traced back to the causes of data breaches. However, because humans are one of the weakest links in the realm of security, it can just as easily originate from a simple mistake by an individual or vulnerabilities in a company's infrastructure. Financial gain (the attacker's objective is to generate money from the stolen data by selling it on the dark web or even demanding ransom by holding the victim's computer hostage), stealing trade secrets or military information, and hacktivism (to make a political statement) are some of the reasons malicious actors breach secure networks.

The following are some causes of security breach that are regularly exploited by malicious attackers in the wild,

Lack of knowledge and training is one of the critical reasons for security breaches. Due to a lack of knowledge and ignorance of the newest cyber trend, previous cyberattacks, or attacker strategies, most workers are ignorant of their role in defending the corporate network, exposing them to security events. People's actions such as using a weak password for accessing organization resources, not locking access to laptops and computers when they leave their desk, not following clear desk policy, using vulnerable software, and misplacing organization assets can often result in security breaches because they are unaware of the security policies in place and the necessity to follow them. Such situations may be effectively avoided by notifying each employee of the measures that must be taken to keep the organization safe and by giving appropriate security training and monitoring the results.^[5]

As critical data handled by a business is typically housed on storage devices/servers and accessible by employees for their everyday activities, the security of such data should always be a top priority for each individual. Employees frequently discard printed confidential material without following appropriate techniques like shredding, which can have severe ramifications for the organization if retrieved by a threat actor. In addition, companies are discarding a large number of servers and hard drives without following proper procedures as they upgrade their infrastructure to deliver better services. Such casualties can lead to a data breach as an attacker can easily retrieve data from these hard drives and servers for personal benefit. In order to ensure that no data is present in the memory of the computational devices that are about to be discarded, appropriate techniques like data erase or degaussing must be utilized.

While the consequences of security misconfiguration are numerous, they are generally overlooked by phishing, ransomware, malware, and other common security flaws exploited by threat actors. Misconfiguration occurs when a system or database administrator or developer fails to correctly setup an application's, website's, desktop's, or server's security architecture, resulting in dangerous open paths for hackers. Instead of default configurations, it is highly recommended that each computing equipment in the organization's network be configured according to the baseline defined by the corporate regulations as misconfigurations can lead to a massive data breach and result in financial repercussions, such as a temporary loss of business, lost customers due to lack of trust (and thus, lost revenue), and could lead to penalties through litigation and possible regulatory fines.

Due to the recent pandemic, many firms have adopted the Work-From-Home culture and have implemented different technologies within their network to allow remote work. To prevent these new technologies from increasing the organization's attack surface, it must be assured that access to organizational resources is continuously monitored and allowed only to company-issued assets. In addition, all the devices accessing the company's resources over the internet must be compliant with the organization's policies and regularly patched. Finally, any employee accessing the organization's internal network and resources must use secure technology like VPN to make this communication safe.

A data breach has the potential to devastate a company entirely. This is particularly problematic for small and medium-sized companies (SMBs), as more than half of them will close within six months of the assault. While bigger businesses and government institutions are unlikely to be forced to close their doors, they will also face significant implications. The impact of a security breach varies based on the affected business, the industry, and the type of breach that occurred.^[5] However, there are some common impacts that these businesses experience, such as monetary loss and reputation damage. Financial expenses amount to $4.24 million on average, according to the Ponemon Institute and IBM, with lost business accounting for 38% of the total. ^[6]In addition, after a data breach, a company's reputation suffers, as customers prefer to do business with organizations they can trust for securing their personal information.

Some of the expected consequences of a security breach are,

A data breach's financial effect is undoubtedly one of the most immediate and severe outcomes that victim businesses must cope with. Compensation for impacted consumers, incident response activities, investigation of the breach, investment in new security measures, legal expenses, and fines for non-compliance can all add up to a significant amount of money. In addition, a data breach may potentially have a significant influence on the stock price and valuation of a firm. According to a recent report by the Ponemon Institute, the global average cost of a data breach has increased by 12% in the last five years to £3.2 million.^[6]

The most damaging and horrific consequence of a security compromise is the loss of consumers' and the loss of stakeholders' confidence. Reputational damage leads to a loss of customers and, in turn, a decrease in sales. The negative press coupled with a loss in consumer trust can cause irreparable damage to the breached company. Moreover, the reputational repercussions of a data breach can last much longer than the short-term fine, causing long-term damage due to customers' loss of trust and loss of potential future business opportunities with different investors, as the vast majority of people would not do business with a company that had been breached, especially if it failed to protect its customers' data.

In the aftermath of a data breach, business activities are frequently affected. First, companies must control the breach and thoroughly investigate how it happened and what systems were accessed. It is possible that operations will have to be shut down altogether until investigators have all the information they need. Depending on the severity of the breach, this procedure might take days or even weeks. This can have a significant impact on revenue and the capacity of a company to recover. The average cost of a network outage, according to Gartner, is roughly $5,600 per minute. This works up to almost $300,000 every hour. This will undoubtedly vary depending on the size of the organization and the sector in question, but it will definitely have a disastrous effect on corporate efficiency.^[7]

Organizations are legally required to demonstrate that they have taken all necessary precautions to secure personal data under data protection regulations. In addition, individuals might initiate legal action to demand compensation if their data is compromised, whether intentionally or unintentionally. In the United States, class action lawsuits have risen dramatically as victims seek monetary recompense for their data loss. As the frequency and severity of breaches continue to rise, we can expect to see more of these group cases being brought to court.^[8]

The implications of a data breach that results in the loss of sensitive personal data may be disastrous. Personal data includes anything from a name to an email address, IP address, and photos that may be used to directly or indirectly identify an individual. It also includes sensitive personal information, such as biometric or genetic information, that might be used to identify a person. Biometric information is also vital to fraudsters, and it is worth far more than credit card numbers and email addresses. Breaches that reveal sensitive data can have severe consequences that far outweigh any financial or reputational harm.^[5]

In addition to the monetary costs of incident response, there are several intangible costs that may wreak havoc on a company long after the event has passed. For example, the impact of operational interruption is sometimes underestimated – particularly among businesses that lack formal business resilience and continuity plans – and small businesses that already struggle to manage cash flow may suffer catastrophic increases in insurance premiums or higher borrowing rates after such incidents.^[8]

An attack vector is a technique for gaining unwanted network access to conduct a cyberattack in cybersecurity. Cybercriminals can use attack vectors to acquire sensitive data, personally identifiable information (PII), and other valuable information following a data breach by exploiting system flaws.^[9] As hackers seek unpatched vulnerabilities posted on CVE and the dark web, the number of cyber risks is on the rise, and no one solution can protect against every attack vector. In addition, as cybercriminals are becoming more adept, antivirus software alone is no longer sufficient, and so to reduce cybersecurity risk, businesses must use defense-in-depth strategies.

Some of the most widely used attack vectors to successfully breach a secure network are,

Usernames and passwords remain the most frequent sort of access credential, and they continue to be exposed as a result of data breaches, phishing frauds, and malware. Credentials offer attackers unrestricted access if they are lost, stolen, or revealed. This is why businesses constantly invest in systems to check for data breaches and credentials leaks. Password managers, two-factor authentication, and biometrics can help to limit the chance of credentials being leaked and causing a security breach.^[10]

Predisposition to choose convenience over security has long been recognized, and even suppliers are guilty of it. Another primary concern and a typical symptom in firms that implement password complexity requirements is password reuse. Users are more inclined to repeat a single complicated password since they are pushed to remember increasingly complex passwords for various apps. This exposes the company to a credential stuffing attack. ‍Weak passwords and reused passwords mean one data breach can result in many more. To achieve comprehensive security from such attack vectors, reasonable efforts should be made to teach the company how to construct a safe password. In addition, security solutions such as a password manager or a single sign-on tool should be deployed.^[10]

A malicious insider threat to an organization is defined as a current or former employee, contractor, or another business partner who has or had authorized access to an organization's network, system, or data and has intentionally exceeded or misused that access for personal gain in a way that compromises the confidentiality, integrity, or availability of the organization's information or information systems.

Ransomware is malicious software that blocks access to a computer system or data until a ransom is paid. Phishing emails, malvertising, accessing infected websites, and exploiting vulnerabilities are all ways through which ransomware propagates. Data leaks, intellectual property theft, and data breaches are the consequences of ransomware attacks. To reduce the effect of ransomware attacks, make sure that all systems and endpoints are patched regularly, and that critical data is backed up on a daily basis.^[10]

Phishing is a type of cyber fraud that uses fraudulent emails or other electronic communications to persuade victims to part with anything of value, such as money or personal information. Phishing is most commonly carried out using email messages sent from a device such as a laptop or a tablet, in which the attacker poses as someone the receiver trusts. In whatever shape it takes, phishing may have a severe security impact. Phishing attacks have evolved to the point that they now often transparently mirror the site being attacked, allowing the attacker to watch everything the victim does while exploring the site and cross any extra security barriers alongside the victim.

Data encryption converts data into a format that can only be viewed by persons who have access to a secret key or password. Data encryption ensures the security of digital data as it is stored on computer systems and delivered across the internet or other computer networks. Strong encryption should be used for data at rest, in transit, and, if appropriate, in processing. Due to a lack of or insufficient encryption, sensitive data such as credentials is transferred in plaintext or via weak cryptographic ciphers or protocols. This means that an adversary eavesdropping on data storage, transmission, or processing might get access to sensitive information by breaking poor encryption with brute-force methods. To mitigate the effect of such an attack vector, adequate encryption mechanisms must be used, with sensitive data encrypted at rest, in transit, and during processing.^[10]

Cyber attacks are increasing in both number and complexity. For instance, password-based attacks have surged from 579 per second in 2021 to over 7,000 per second in 2024.^[11] This dramatic rise shows just how much more aggressive and automated cyber threats have become. To address this growing risk, organizations need to take a thoughtful and proactive approach to both prevention and mitigation. Simply having antivirus software is no longer enough—defending against modern threats means using a mix of smart technology, clear policies, and ongoing education.

This section explores updated strategies for preventing security breaches, followed by helpful tips tois train employees and a short checklist organizations can use to boost their overall cybersecurity.

Modern Prevention Strategies

Building strong cybersecurity is a bit like building a castle—you need strong walls, gates, and guards watching from all angles. Here are key strategies that organizations are using today to stay secure:

Zero Trust Security: The Zero Trust model is built around one main idea: trust no one by default. Every device and user must prove they are allowed to access a resource every time. This makes it much harder for attackers to move around if they do manage to get inside.^[12]

Endpoint Detection and Response (EDR): EDR software watches over company devices—like laptops and desktops—to spot any strange behavior. If something suspicious happens, the system can respond quickly, even isolating the device before the threat spreads. ^[13]

AI-Powered Threat Detection: Today’s cyberattacks often happen faster than a person can react. That’s where artificial intelligence comes in. AI tools scan massive amounts of data in real-time, spotting unusual behavior and responding faster than any human team could. ^[14]

Encrypted and Air-Gapped Backups: Organizations should maintain encrypted backups of critical data and store them in secure, air-gapped locations physically separated from the main network. Cloud-integrated but isolated services like AWS Glacier, or geographically redundant sites in cities like Chicago, can help ensure that backup data remains intact and inaccessible during a cyber attack.

Penetration Testing: Conducting early and regular penetration testing for both networks and applications helps identify weaknesses before attackers do. These tests simulate real-world attacks and allow teams to fix vulnerabilities proactively. ^[15]

Log Monitoring and SIEM Tools: Security Information and Event Management (SIEM) tools collect and analyze logs from different systems. They help detect threats early by flagging unusual activity in real-time. Continuous monitoring also provides useful data for investigations. ^[16]

Privileged Access Management (PAM): PAM solutions help control and monitor access to critical systems by privileged users. By recording sessions and limiting elevated access to only when needed, PAM reduces the risk of insider threats or account misuse.^[17]

Network Segmentation and Least Privilege: Imagine your network as a building with locked doors. Network segmentation puts up those locks between departments and systems, so a breach in one area doesn’t expose everything. Limiting user access—called the principle of least privilege—helps reduce the damage attackers can do if they get in.^[18]

Multi-Factor Authentication (MFA): MFA is a simple but powerful tool. It adds another step to logging in, such as a code sent to your phone or a fingerprint scan. According to the Cybersecurity and Infrastructure Security Agency (CISA), using MFA can stop over 99% of password-based attacks. ^[19]

Regular Patching and Updates: One of the most common ways attackers break in is by using known weaknesses in outdated software. Regularly updating your systems and applying patches keeps you one step ahead. ^[20]

Even the most advanced security system can be undone by a simple mistake—like clicking a bad link. That’s why employee training is so important. Here are six quick tips that can help workers stay alert:

Watch out for urgent messages: If an email says you must act fast or face a consequence, slow down. Scammers use urgency to trick people.

Check the sender’s address: A name might look familiar, but the email address could be slightly off. Always double-check.

Don’t click unexpected links or attachments: If you weren’t expecting a file or a link, don’t open it until you’re sure it’s safe.

Look for grammar and spelling errors: Many phishing emails have small mistakes that a real company would likely catch.

Be cautious with requests for sensitive information: Real businesses won’t ask you to share passwords, banking info, or personal details over email.

Report anything suspicious: When in doubt, forward the message to your IT department or use the “Report Phish” button, if available.

Security Checklist for Organizations

Every organization big or small can benefit from a structured checklist to ensure core security measures are in place. Here is an expanded look at key steps to help prevent, detect, and respond to security threats effectively:

Enable MFA on all important systems and user accounts: Multi-Factor Authentication (MFA) is one of the simplest yet most powerful tools to prevent unauthorized access. It requires users to verify their identity using two or more credentials, which greatly reduces the risk from stolen or guessed passwords.

Apply patches and updates without delay: Outdated systems and applications are easy targets for attackers. Organizations should establish a formal patch management process that includes regularly scheduled updates, emergency patches for critical vulnerabilities, and verification that updates have been applied correctly.

Backup important data regularly using encrypted, off-network, or air-gapped storage: A reliable backup strategy includes both encryption to protect data from unauthorized access and physical or logical separation from the main network to protect against ransomware. Air-gapped backups stored offline or in locations like secure data centers in Chicago can provide vital recovery options after a breach. ^[21]

Limit access based on job roles and segment your network where possible: Implement the principle of least privilege so that users only have access to the data and systems necessary for their role. Combine this with network segmentation, which separates sensitive areas of the network so that intrusions in one area do not spread easily to others.

Use monitoring tools like EDR, SIEM, and PAM: Endpoint Detection and Response (EDR) helps detect threats on user devices. Security Information and Event Management (SIEM) systems centralize and analyze logs for signs of attack. Privileged Access Management (PAM) controls and monitors users with elevated privileges, reducing the risk of insider threats.

Create and test an incident response plan: A well-prepared incident response plan outlines what steps to take in case of a breach. Teams should practice this plan regularly through simulations or tabletop exercises. Knowing who to contact, what systems to isolate, and how to communicate during a crisis makes a big difference.

Conduct regular penetration testing: Simulated attacks—conducted internally or by a trusted third party—can reveal weak points before real attackers do. Test both internal networks and external-facing applications. Penetration testing helps validate the effectiveness of your defenses and prioritizes areas for improvement.

By following this detailed checklist, organizations can build a strong foundation for their cybersecurity efforts. These steps work together to reduce vulnerabilities, detect problems early, and ensure teams are ready to respond quickly and confidently when incidents happen.

Cyber attacks are not merely technical issues in an increasingly digitally interconnected world; they are also ethical issues. Organizations are faced with tough choices that impact lives when personal information is compromised, core services are interrupted, or falsehoods are presented as being created through online deception. Should hackers be paid by a company in order to restore its network? When hacked genetic personal information is compromised, who is to blame? What to do with artificial intelligence that is being used for deception and dishonesty? These are ethical challenges that impact human rights, trust from the public, and societal well-being.

Besides causing direct damage, breaches raise questions about responsibility, justice, consent, and transparency. As new technologies evolve, ethical frameworks must keep pace. Decisions made under pressure during crises often set long-lasting precedents for both attackers and defenders. Organizations should therefore adopt not only formal cybersecurity policies but also ethical response strategies that account for the broader consequences of their actions.

A ransomware attack hit UnitedHealth Group's pharmacy claims system, Change Healthcare, in 2024. UHG paid a ransom of $22 million in Bitcoin to restore core applications after the attack disrupted the national health system. Although restoring critical services saved lives, especially in healthcare, paying ransom is morally contentious as it also finances future attacks. For this reason, the FBI discourages paying ransoms. ^[22]

This dilemma invites comparison between deontological ethics, which prohibit wrongdoing under any circumstance, and utilitarian ethics, which seek the greatest good for the greatest number. Choosing not to pay may be ethically permissible, but can also lead to serious harm for those dependent on the affected services.

In late 2023, 23andMe experienced a breach that affected about 7 million users. Attackers accessed highly sensitive genetic data using credentials reused from other sites. ^[23] Genetic information, unlike other types of data, is permanent and inherently linked to relatives—many of whom never consented to the data being collected.

This breach raises major concerns about informed consent and long-term data stewardship. Can companies ethically retain genetic data indefinitely? What happens to privacy when one person's breach indirectly exposes their family’s genetic profile? Following the incident and resulting bankruptcy, questions arose about whether new ownership would honor existing data-sharing agreements. ^[24]

Artificial intelligence is also being used by cybercriminals. Deepfake technology can replicate voices and faces of real individuals with alarming accuracy. In one case, an employee was tricked into transferring funds by a convincing AI-generated imitation of their CEO’s voice. ^[25]

While developers of AI platforms may claim positive intentions, these tools can easily be misused. Organizations are increasingly adopting layered authentication and staff training to detect deception. Microsoft has called for global regulations to label and watermark AI-generated media to help the public distinguish fake from real content. ^[26]

The Yahoo security breaches of 2013 and 2014 represent some of the most egregious violations of user trust and data privacy in recent memory. In September 2016, as negotiations were underway for Verizon's acquisition of Yahoo, the company disclosed a staggering data breach affecting 500 million registered users in late 2014. This breach, orchestrated by Russian hackers, compromised a wealth of sensitive information, including users' names, email addresses, birth dates, and phone numbers. Despite Yahoo's use of the bcrypt algorithm to protect user data, the breach underscored the inadequacy of existing security measures in the face of sophisticated cyber threats. In December 2016, Yahoo disclosed another breach, this time affecting a staggering 1 billion users in 2013, perpetrated by a different group of hackers. The magnitude of these breaches continued to escalate, with Yahoo updating the earlier figure to an unprecedented 3 billion compromised users in October 2017, solidifying its status as the largest data breach in history up to that point. The ethical implications of these breaches are profound. Yahoo's failure to adequately safeguard user data compromised the privacy and security of millions of individuals, exposing them to potential identity theft, fraud, and other malicious activities. Moreover, the delayed disclosure of these breaches to both users and potential acquirers like Verizon further eroded trust and integrity in Yahoo's operations^[27]. Since disclosing the final breach estimate, Yahoo's market value plummeted, leading to a $350 million reduction in the Verizon acquisition price. Additionally, Yahoo faced regulatory penalties, including a $35 million fine from the Securities and Exchange Commission for misleading investors about the breaches. Furthermore, Yahoo agreed to an $80 million class-action settlement to compensate affected users, reflecting the immense costs of failing to protect user data adequately.^[28].

In October 2016, an anonymous Twitter user, known as 1x0123, alerted FriendFinder Networks Inc., the parent company of adult content websites like 'AdultFriendFinder' and 'Cams.com', about a critical Local File Inclusion (LFI) vulnerability within their server infrastructure. Despite this warning, it was soon discovered that the FriendFinder Networks' databases had fallen victim to a breach, compromising an initial estimate of over 100 million user accounts. However, subsequent investigations, notably by LeakSource, revealed a staggering total of 412 million accounts affected by the breach. It was later found out the majority of the personal information and passwords stored were protected with a weak SHA1 hashing algorithm. As a result, an alarming 99 percent of the passwords were deciphered even before the final breach count was reported by LeakSource. The breach prompted FriendFinder Networks to notify users of the incident and strongly advise them to reset and update their passwords to mitigate further risk ^[29]. The failure to promptly address known vulnerabilities, despite warnings from external sources, raises questions about the company's commitment to safeguarding user data. Moreover, the use of inadequate encryption methods highlights the ethical responsibility of organizations to employ robust security measures to protect sensitive information from exploitation.  

The Equifax breach stands out as one of the most severe cybersecurity incidents in U.S. history, primarily due to the highly sensitive nature of the compromised information, which could potentially lead to widespread identity theft. About 148 million individuals were affected by the breach, with most having their names, social security numbers, addresses, and birth dates exposed. Additionally, a smaller subset of individuals had their driver's license numbers minimally exposed. The Equifax breach occurred due to a critical vulnerability in a web application. Specifically, attackers exploited a flaw in the Apache Struts framework, a widely used open-source framework for building web applications in Java. This vulnerability, tracked as CVE-2017-5638, allowed remote attackers to execute arbitrary code on Equifax's servers, giving them unauthorized access to sensitive files containing personal information of millions of individuals^[30]. Following the breach, former Equifax CEO Richard Smith attributed blame to a single former employee and promptly resigned from his position. Blaming one individual for the entire breach raises ethical concerns about accountability and transparency within Equifax's leadership. In the wake of the breach, free credit monitoring was offered to those affected. However, the full extent of the damage and financial implications of the breach remain uncertain at this time^[31]. Although some critics do not believe it was necessarily a factor in the breach^[32][33], many questioned the fact the Chief Security Officer at Equifax, Susan Mauldin, held two degrees in music and no documented education or certifications related to technology or security^[34].

In December 2018, Google disclosed a security vulnerability affecting approximately 52 million users of Google+. The bug exposed personal information such as users' names, email addresses, and ages, putting their privacy at risk. While Google+ users were typically able to access public information of their friends, this bug allowed unauthorized access to private information. Google identified the bug during routine testing and promptly resolved it within one week. Despite earlier plans to shut down Google+ due to low usage and previous security issues, the decision was expedited following this incident, leading to the service's closure in April 2019 instead of August as originally scheduled. The delayed decision to shut down Google+ despite prior security concerns underscores the need for proactive risk management and timely responses to mitigate potential harm to users^[35].

In December 2018, Marriott International disclosed a significant breach in its reservation database, revealing unauthorized access and the theft of guests' personal information. It was reported that approximately 500 million guests' data had been compromised, with 65% of victims having their passport numbers and itineraries exposed alongside their names and addresses. Additionally, some guests had their credit card numbers and expiration dates stolen. Following the incident, Marriott engaged security experts to investigate the breach, which had gone undetected since 2014 despite ongoing unauthorized access. The delayed discovery of the breach raised concerns about Marriott's security protocols and the effectiveness of its monitoring systems in detecting and responding to cyber threats^[36]. The breach's impact extended beyond the compromised personal information, impacting guests' trust in Marriott's ability to safeguard their data and fulfill its duty of care. Ethical considerations surrounding the Marriott breach center on issues of transparency, accountability, and the duty to protect customer data.

In September 2018, Facebook disclosed a significant security breach affecting approximately 50 million user accounts. According to Facebook company, the attackers exploited a combination of three vulnerabilities in Facebook's "View As" feature, allowing them to steal access tokens. These vulnerabilities included a flaw in Facebook's video uploading feature, which inadvertently generated access tokens for the "View As" feature. Attackers leveraged this flaw to steal access tokens, digital keys used to maintain user sessions and keep users logged in. With possession of these tokens, hackers could potentially take control of affected accounts, posing serious risks to user privacy and security. And also, hackers can access other websites using the Facebook account for logging in^[37]. Following the discovery of the breach, Facebook promptly patched the vulnerabilities and invalidated the compromised access tokens to prevent further unauthorized access. Additionally, the company reset the access tokens for an additional 40 million accounts as a precautionary measure, bringing the total number of affected accounts to approximately 90 million^[38]

The cyber-security firm FireEye initially uncovered a widespread compromise of private-sector and government networks in late 2020, with the hacking of software provided by SolarWinds emerging as a primary vector for the intrusion. This attack, known as the SolarWinds or SUNBURST attack, affected approximately 18,000 out of SolarWinds' 33,000 clients who unwittingly downloaded a malicious software update embedded in their supply chain^[39]. The malicious software, SUNBURST, operated stealthily within compromised networks, remaining dormant and undetected until activated by threat actors. Once activated, SUNBURST granted unauthorized access to the network, allowing attackers to infiltrate systems, steal sensitive data, and establish persistence for further malicious activities. The attack highlighted the vulnerabilities inherent in software supply chains and underscored the need for robust security measures to prevent and respond to such breaches^[40]. From an ethical perspective, the SolarWinds attack raised concerns about the responsibility of technology companies to safeguard their software and protect their customers from malicious actors.

The exploitation of the Ronin bridge in the Axie Infinity ecosystem on March 23rd, 2022, represents a sophisticated attack on the underlying blockchain infrastructure. The breach targeted Sky Mavis's Ronin validator nodes and the Axie DAO, exploiting vulnerabilities in the system's transaction authorization mechanisms. At the core of the attack were stolen private keys, which the attacker used to execute fraudulent transactions on the Ronin blockchain. These private keys, typically safeguarded by users to authorize legitimate transactions, were compromised, allowing the attacker to impersonate authorized users and falsify transaction signatures. By leveraging these stolen keys, the attacker executed two unauthorized transactions, resulting in the theft of about 173,000 Ether, valued at $600 million^[41]. The origins of the breach trace back to November 2021, when Sky Mavis sought assistance from the Axie DAO to manage the high user load by distributing free transactions. The Axie DAO granted Sky Mavis authorization to sign numerous transactions on its behalf. Despite this arrangement being terminated in December 2021, access to the allowlist was not revoked, leaving the system vulnerable to exploitation^[42]. From an ethical perspective, the breach highlights the evolving threat landscape facing blockchain-based ecosystems and the imperative for ongoing vigilance, collaboration, and innovation in cybersecurity practices. Today, these hacks have been found to be linked to the Lazarus Group, a nation-state hacker group sponsored by North Korea.^[43] Any wallet linked to those attacks has since been blocked by several cryptocurrency services.

Date: May to July 2023
Attack Method: Zero-day SQL injection vulnerability in MOVEit Transfer Impact: Data stolen from over 2,500 organizations and 80 million people
Lesson: Secure file transfer tools need stronger access controls and regular testing
In 2023, attackers exploited a previously unknown vulnerability in MOVEit Transfer, a managed file transfer solution used by many large organizations, including financial firms, universities, and U.S. government agencies. The zero-day vulnerability allowed attackers to inject malicious SQL commands into the system and gain unauthorized access to stored data. ^[44]

Once inside, the Clop ransomware group created user accounts, bypassed authentication, and exfiltrated sensitive data without deploying traditional ransomware. They targeted both direct users of MOVEit and downstream entities through third-party service providers, demonstrating how a single software flaw in one tool can expose a much broader set of organizations.

Many victims were unaware of the breach until after the stolen data appeared on leak sites. The attackers focused on data theft and extortion, threatening public release unless payments were made. Progress Software released emergency fixes, and cybersecurity agencies warned that MOVEit’s popularity posed a risk to many industries.

This breach showed the need to monitor software supply chains, apply patches quickly, and use zero-trust principles to control access to high-risk systems.

Date: October to December 2023
Attack Method: Credential stuffing with reused passwords
Impact: 14,000 accounts breached, data exposed for 6.9 million users
Lesson: Password reuse and account linking increased risk
In late 2023, attackers used previously leaked credentials from other websites to access 23andMe user accounts. This credential stuffing attack succeeded because many users reused the same email and password combinations across services. Although only 14,000 accounts were directly compromised, the attackers gained access to millions of additional profiles through the DNA Relatives feature, which automatically shares genetic and ancestry data between linked users. ^[45]

The stolen data included names, locations, ancestry breakdowns, and genetic traits. Some of this information, including profiles tied to Jewish and Chinese heritage, was later offered for sale on dark web forums. The company initially described the breach as the result of individual user negligence rather than a system failure, delaying stronger security measures.

Eventually, 23andMe required users to reset passwords and enabled two-step verification. The incident illustrated how a small set of compromised accounts can lead to widespread privacy violations when systems allow data sharing by default. Platforms that store sensitive personal or genetic information should enforce strong authentication, monitor account behavior for unusual activity, and limit the reach of any one user’s access.

How Often Do Data Breaches Happen?
It's logical to expect that big firms' security systems are constantly tested, but 2023 was a particularly disastrous year for data breaches. In their list of cybercrime predictions for 2024, the Identity Theft Resource Center (ITRC) forecasts an increase in identity theft cases following "an unprecedented number of data breaches in 2023 by financially motivated and nation-state threat actors". In recent years, data breaches have affected customers of Facebook, Yahoo, and Amazon alike. If these huge firms can't keep your data safe, can anyone?

How to Protect Your Data From Breaches^[46]:
Hunt told me that mitigating the damage from data breaches hinges on taking preventative action and changing your online habits. Below are a couple of pain-free ways that you can change your internet habits and protect your private data in the future.

Here are some strategies to consider:^[47]
It is crucial to defend oneself against security breaches in today's linked world. The following are some essential tactics that people can use to improve their digital security:

•  Employ Strong Passwords: Creating strong, unique passwords is critical for protecting your online accounts from illegal access and potential breaches. When creating passwords, prioritize length, complexity, and uniqueness. Choose passwords that are at least 12 characters long and contain a combination of uppercase and lowercase letters, numbers, and special characters. Avoid utilizing personal information or common dictionary phrases, as these are easily guessed or cracked by hackers. Instead, consider utilizing passphrases or random character combinations that are simple to remember but difficult for others to guess. Furthermore, using a unique password for each account reduces the possibility of a single breach compromising many accounts. Consider utilizing a trustworthy password manager to generate and securely store your passwords, ensuring an extra layer of protection for your online accounts. By following these best practices, you can significantly reduce the risk of falling victim to password-related security breaches.
• Turn on two-factor authentication: To increase security added protection for your internet accounts. A code texted to your phone or produced by an authentication app serves as the second form of verification required for two-factor authentication, in addition to a password. When 2FA is enabled, access to your secondary authentication method is required for account entry, even if someone manages to crack your password. That way, even in the case of a password leak, the likelihood of unwanted access is greatly diminished. It is highly suggested to enable 2FA whenever possible to improve the security of your accounts, as it is a feature that many online services and platforms offer. You can considerably enhance the general security posture of your online accounts by combining strong passwords with two-factor authentication.
• Staying Up to Date: Maintaining a strong defense against potential intrusions requires staying current with software upgrades and security patches. Updates are frequently released by software developers to fix vulnerabilities and flaws that have been found recently and that hackers might exploit. Patches and fixes that close security gaps and improve the general integrity of the operating system or software are frequently included in these upgrades. You may be protected against the most recent threats and vulnerabilities by quickly applying updates for your antivirus software, applications, and devices. Ignoring updates exposes your systems to attack since hackers aggressively seek out and exploit known vulnerabilities in order to get access to and compromise systems. Thus, it's essential to keep up a proactive software update schedule to strengthen your cybersecurity defenses and protect your critical data from unauthorized access and data breaches.
• Update Software Regularly: Update your operating system, antivirus program, and programs to fix security flaws and stop online criminals from taking advantage of you.
• Requests for Personal Information Should Be Skeptical: Requests for personal data should always be handled cautiously and with suspicion to guard against identity theft and any security lapses. Requests for private information like passwords, Social Security numbers, or financial information should trigger red flags, whether they come via emails, phone calls, or online messaging. Usually, legitimate companies don't send out unsolicited communications requesting this kind of information. Make sure the request is legitimate before providing any money or personal information. This may entail getting in touch with the company directly using dependable contact details that you can find on their official website or in earlier correspondence. Examine the message closely for any indications of phishing attempts, such as misspellings, dubious links, or demands for quick action. People can reduce their vulnerability to identity theft, phishing schemes, and scams by being cautious and skeptical when answering requests for personal information. This will protect their privacy and financial stability.
• Secure Internet Connections: In the current digital era, protecting sensitive data and upholding privacy depend heavily on secure internet connections. In order to ensure that data transported between devices and online services is unreadable by unauthorized parties, encryption technologies like SSL and TLS play a vital role. Furthermore, preventing unwanted access to Wi-Fi networks can be achieved by using strong encryption techniques like WPA2 or WPA3 along with distinctive passwords. By encrypting internet traffic and guarding against interception, using VPNs provides an additional layer of protection, particularly when using public Wi-Fi networks. Patching security flaws in devices and routers requires routine updates. Reducing hazards even more is to practice safe browsing practices, like avoiding dubious websites and links. People can dramatically improve the security of their internet connections by putting these precautions in place, which will lessen the possibility of unauthorized access and data breaches.
• Data Backup: Establish a consistent backup schedule for critical files and data. If there is a security breach or data loss, ensure you have backups safely stored on offline storage devices, cloud storage services, or external hard drives.

Quantum computing could break current encryption standards by the early 2030s. Organizations must begin migrating to post-quantum cryptography standards such as CRYSTALS-Kyber. ^[48] Artificial intelligence will continue to enhance both attack and defense methods in cybersecurity. ^[49] Quantum computing poses an existential risk to modern encryption. Current public-key encryption (PKE) methods like RSA-2048 rely on mathematical problems that quantum algorithms such as Shor’s can solve exponentially faster. Analysts anticipate cryptographically relevant quantum computers (CRQCs) to become available between 5 and 15 years from now with the capability to breach current encrypted data through “harvest now, decrypt later” method. PQC know as post-quantum cryptography which is standardized by NIST allows CRYSTALS-Kyber to provide encryption functions and CRYSTALS-Dilithium to establish secure digital signatures. The migration to PQC must start in 2030 because it represents the best method to secure sensitive data.

AI-Driven Threats & Defenses
The AI arms race is revolutionizing cybersecurity:

• Offensive AI: Hyper-realistic phishing: Generative AI generates personalized messages using stolen data, using voice/video deepfakes to bypass traditional detection
• Autonomous malware: Self-learning malware possesses adaptive capabilities which allow it to escape EDR/SIEM defenses by modifying its functions while an attack occurs. ^[50]
• Defensive AI: Anomaly detection: AI monitors 10,000+ events/sec to identify zero-day threats.
• Automated response: Systems like IBM's QRadar auto-isolate infected devices in milliseconds ^[51].

The research suggests that 40% of enterprises will initiate PQC pilot projects by 2027 (Gartner). By 2029, 65% of breaches will be AI-driven attacks (MITRE). The exposure of 80% of historical encrypted data through quantum decryption becomes possible after 2035 unless organizations find mitigation strategies.

Why Proactive Security Matters: Businesses that take reactive measures must spend $4.45M on average to handle a breach which requires 277 days to detect and contain incidents. Taking a preventative stance by incorporating PQC migration, AI-aided monitoring, and Zero Trust will reduce breaches by 70%.

Key steps:

• Organizations must implement crypto-agility frameworks which provide a smooth path to quantum-safe encryption implementation.
• Deploy AI-powered solutions like CISA's Malcolm for real-time log analysis. ^[52]
• Training the staff every quarter using tools such as KnowBe4 as a platform to teach them about deepfake social engineering tactics.

The future of cybersecurity demands ceaseless adaptation. Begin now before attackers exploit tomorrow's vulnerabilities.

1. ↑ "Cost of a data breach 2024 | IBM". www.ibm.com. Retrieved 2025-04-29.
2. ↑ "2023 Annual Data Breach Report". Identity Theft Resource Center. Retrieved 2025-04-17.
3. ↑ Kaspersky. (2021, July 12). What is a security breach?. Retrieved from[1]
4. ↑ RiskBased Security. (2021). 2021 Mid Year Report Data Breach QuickView. Retrieved from [2]
5. ↑ ^{a b c} Strawbridge, G. (2020, February 28). 5 Damaging Consequences Of A Data Breach. Retrieved from [3]
6. ↑ ^{a b} IBM. (2022, April). Cost of a Data Breach Report. Retrieved from [4]
7. ↑ Lerner, A. (2014, July 16). The Cost of Downtime. Retrieved from [5]
8. ↑ ^{a b} As, S. (2021, December 10). The Consequences of a Cyber Security Breach. Retrieved from [6]
9. ↑ UpGuard. (2022). What is an Attack Vector? 16 Common Attack Vectors in 2022. Retrieved from [7]
10. ↑ ^{a b c d} Balbix. (2022, April 20). 8 Common Cyber Attack Vectors and How to Avoid Them. Retrieved from [8]
11. ↑ "Microsoft Digital Defense Report 2024". www.microsoft.com. Retrieved 2025-04-29.
12. ↑ Rose, Scott; Borchert, Oliver; Mitchell, Stu; Connelly, Sean (2020-08-11). "Zero Trust Architecture". {{cite journal}}: Cite journal requires |journal= (help)
13. ↑ "What is Endpoint Detection and Response (EDR)? | Definition from TechTarget". Search Security. Retrieved 2025-04-29.
14. ↑ "Think | IBM". www.ibm.com. Retrieved 2025-04-29.
15. ↑ "What is Penetration Testing? | IBM". www.ibm.com. 2023-01-24. Retrieved 2025-04-30.
16. ↑ "What is SIEM? | IBM". www.ibm.com. 2023-06-23. Retrieved 2025-04-30.
17. ↑ "What is Privileged Access Management (PAM)? - CrowdStrike". CrowdStrike.com. Retrieved 2025-04-30.
18. ↑ "Zero Trust Maturity Model | CISA". www.cisa.gov. Retrieved 2025-04-30.
19. ↑ "More than a Password | CISA". www.cisa.gov. Retrieved 2025-04-30.
20. ↑ "Patch Management | SANS Institute". www.sans.org. Retrieved 2025-04-30.
21. ↑ "What is an Air Gap Backup? | IBM". www.ibm.com. 2024-08-21. Retrieved 2025-04-30.
22. ↑ Kanter, Genevieve P.; Rekowski, James R.; Kannarkat, Joseph T. (2024-09-06). "Lessons From the Change Healthcare Ransomware Attack". JAMA health forum. 5 (9): e242764. doi:10.1001/jamahealthforum.2024.2764. ISSN 2689-0186. PMID 39302668. {{cite journal}}: Check |pmid= value (help)
23. ↑ "The 23andMe Bankruptcy | Frego & Associates". www.fregolaw.com. 2025-04-03. Retrieved 2025-04-30.
24. ↑ Muoio, Dave (2025-03-25). "23andMe bankruptcy sparks genetic data privacy concerns". www.fiercehealthcare.com. Retrieved 2025-04-30.
25. ↑ "The Rise of Deepfake Social Engineering". ironscales.com. Retrieved 2025-04-30.
26. ↑ "Microsoft warns against 'deepfake fraud' and begs the government to take action". The Sun. 2024-07-31. Retrieved 2025-04-30.
27. ↑ Daswani, Neil; Elbayadi, Moudy (2021), Daswani, Neil; Elbayadi, Moudy (eds.), "The Yahoo Breaches of 2013 and 2014", Big Breaches: Cybersecurity Lessons for Everyone, Berkeley, CA: Apress, pp. 155–169, doi:10.1007/978-1-4842-6655-7_7, ISBN 978-1-4842-6655-7, retrieved 2024-04-20
28. ↑ McAndrew, Edward J. (2018). “The Hacked & the Hacker-for-Hire: Lessons from the Yahoo Data Breaches (So Far).” In natlawreview.com. Retrieved on April 29, 2019.
29. ↑ Ragan, Steve. (2016). “412 Million FriendFinder Accounts Exposed by Hackers.” In csoonline.com. Retrieved on April 29, 2019.
30. ↑ "The Equifax Data Breach: What CPAs and Firms Need to Know Now - ProQuest". www.proquest.com. Retrieved 2024-04-20.
31. ↑ Adams, R. L. (2017, May 5). Identity theft protection: 10 ways to secure your personal data. Retrieved April 19, 2018, from Forbes website: https://www.forbes.com/sites/robertadams/2017/05/05/identity-theft-protection-10-ways-to-secure-your-personal-data/#55cc87f62fde
32. ↑ https://www.thesslstore.com/blog/equifaxs-cso-music-major-college/
33. ↑ http://www.chicagonow.com/listing-beyond-forty/2017/09/equifax-cso-music-degree/
34. ↑ https://www.marketwatch.com/story/equifax-ceo-hired-a-music-major-as-the-companys-chief-security-officer-2017-09-15
35. ↑ David Thacker. (2018, December 18). Expediting changes to Google+. Retrieved from https://www.blog.google/technology/safety-security/expediting-changes-google-plus/
36. ↑ Jordan Valinsky. (2018, November 30). Marriott reveals data breach of 500 million Starwood guests. Retrieved from https://www.cnn.com/2018/11/30/tech/marriott-hotels-hacked/index.html
37. ↑ Guy Rosen. (2018, September 28). Security Update. Retrieved from https://newsroom.fb.com/news/2018/09/security-update/
38. ↑ Suhonen, Seela (2019). "Crisis communication in organizational data breach situations: Facebook data breach 2018". {{cite journal}}: Cite journal requires |journal= (help)
39. ↑ Willett, M. (2021). Lessons of the Solarwinds hack. Survival, 63(2), 7–26. https://doi.org/10.1080/00396338.2021.1906001
40. ↑ [9] Wolff, E. D., Growley, K. M., Lerner, M. O., Welling, M. B., Gruden, M. G., & Canter, J. (2021, March 21). Navigating the solarwinds supply chain attack. Crowell. Retrieved April 23, 2022, from https://m.crowell.com/files/20210325-Navigating-the-SolarWinds-Supply-Chain-Attack%20.pdf]
41. ↑ Kshetri, Nir (2023). "Privacy violations, security breaches and other threats of Web3 and the metaverse". Calgary: International Telecommunications Society (ITS). {{cite journal}}: Cite journal requires |journal= (help)
42. ↑ Ronin. (2022, March 29). Community alert: Ronin validators compromised. Community Alert: Ronin Validators Compromised. Retrieved April 23, 2022, from https://roninblockchain.substack.com/p/community-alert-ronin-validators?s=w
43. ↑ Toti, B. (2022, April 23). US sanctions more addresses linked to Axie Infinity Hack. Coin Journal. Retrieved April 23, 2022, from https://coinjournal.net/news/us-treasury-links-three-more-ethereum-wallets-to-the-625m-ronin-hack/
44. ↑ "X-Force 2025 Threat Intelligence Index | IBM". www.ibm.com. Retrieved 2025-04-30.
45. ↑ Alder, Steve (2023-10-10). "23andMe User Data Stolen in Credential Stuffing Attack" (in en-US). HIPAA Journal. https://www.hipaajournal.com/23andme-user-data-stolen-credential-stuffing-campaign/. 
46. ↑ "How to Protect Yourself From Data Breaches: Plan Ahead". PCMAG. Retrieved 2024-04-20.
47. ↑ "Top tips for staff". www.ncsc.gov.uk. Retrieved 2024-04-20.
48. ↑ "NIST Releases First 3 Finalized Post-Quantum Encryption Standards". NIST. 2024-08-13.
49. ↑ "Artificial Intelligence (AI) Cybersecurity | IBM". www.ibm.com. Retrieved 2025-04-30.
50. ↑ Marketing, Abusix (2025-02-20). "AI-Powered Cyber Threats in 2025: How Attackers Use Machine Learning". Cybersecurity Solutions | Email & Network Security. Retrieved 2025-04-30.
51. ↑ "Artificial Intelligence (AI) Cybersecurity | IBM". www.ibm.com. Retrieved 2025-04-30. {{cite web}}: Unknown parameter |langu age= ignored (help)
52. ↑ "Malcolm | CISA". www.cisa.gov. Retrieved 2025-04-30.