Lessons Learned from the Scariest Cyber Breaches of 2020


ACA Aponix

Publish Date




  • Cybersecurity

Each year, ACA reviews the most terrifying cybersecurity breaches of the year. In the Scariest Cyber Breaches of 2020 session at ACA’s Cyber Week Virtual Conference, Raj Bakhru and Marc Lotti discussed causes and impacts of major cyber-attacks in 2020.

In 2020, breaches and hacks were not from a single source; this was a departure from 2019, where the source of most major breaches was the ”Gnosticplayers” hacking group. Many breaches in 2020 seemed to be done by hackers taking advantage of opportunities from system misconfigurations and industries that may have let their guard down during the COVID-19 pandemic.

Data breaches can be costly. A May 2020 report from Iomart shows that large data breaches, like the ones described below, could result in an average company value drop of 7.27%. Here are some of 2020’s scariest cyber breaches:

  • COVID-19 opportunity attacks – The financial impact of COVID-19 has been substantial for many firms, causing them to cut costs – reducing headcount, IT resources, and other expenses, for example. This may have left firms more vulnerable to cyber-attack than they were previously. For example, travel industry firms that disclosed data breaches during the initial phase of the pandemic include Princess Cruises, Marriott, Norwegian Cruise Lines, and EasyJet. While in some cases the details of these breaches have yet to be released, the timing of the breaches is worth noting.
  • Keepnet Labs – This cybersecurity firm was breached via an open firewall with a third-party IT vendor. More than five billion records were exposed from a consolidated database of personal data records that had been the subject of prior data breaches. The firewall was open for less than 24 hours, but the data was accessed in that time, highlighting just how thoroughly cybercriminals scan corporate defenses for potential weaknesses.
  • Garmin® – A ransomware attack shut down Garmin’s IT systems for 48 hours. The ransomware, which demanded ransom to unencrypt files, was suspected to have been the WastedLocker variant used by the Russian hacking group EvilCorp which is on the U.S. Department of the Treasury’s sanctions list. Companies should ensure their business continuity plans outline what to do if they are subject to a ransomware attack by an entity that is on a sanctions list.
  • AIS Mobile – This mobile phone company in Thailand exposed eight billion DNS search query records over several days in May 2020 through a “leaky” open database. Although initial claims reported no personal data was compromised, the following data that was exposed could be used to create a convincing email to attack individuals:
    • Internet-of-Things (IoT) devices owned
    • Antivirus software used
    • Browsers used
    • Social media activity
    • Banking websites used
  • Microsoft – From 2005 to 2019, 250 million data records were exposed due to misconfigured Azure security rules in five Elasticsearch servers. No personally identifiable information (PII) was compromised, but the database contained customer service and support logs between Microsoft support agents and customers, including:
    • Customer email addresses
    • IP addresses
    • Microsoft support agent emails
    • Case numbers and resolutions
    • Internal notes marked as confidential

As with the AIS Mobile case, although the data wasn’t PII, it could be used to craft convincing scam emails.

Breaches Aren’t the Only Concern

The reputational and financial damage from breaches can be devastating, but regulatory fines and sanctions related to such incidents are on the rise. For example, GDPR-related fines total €177 million to date, including a €50 million fine for Google. Meanwhile, the UK’s Information Commissioners Office has said that it intends to fine British Airways nearly €205 million and Marriott more than €110 million.

Watch the Scariest Cyber Breaches of 2020 Session

Watch Now

You can access and watch all the sessions from ACA's Cyber Week On Demand

How We Help

ACA Aponix® Protect is a complete cybersecurity program that helps firms address evolving cyber risks and threats to ensure that their cybersecurity needs are covered year-round including these features and more:

  • Risk Assessment, Management and Strategy
  • Staff Awareness
  • Privacy
  • Third Party Risk Management
  • Incident Response
  • Threat Intelligence

If you have any questions, please contact your ACA consultant, or email us at [email protected].