Resources Articles The Top 5 Security Breaches of 2021

The Top 5 Security Breaches of 2021

Has your business experienced one of the Top 5 Security Breaches of 2021? Sadly, many have. As businesses become more reliant on technology, the risk of becoming a victim of a data breach only increases.

Unfortunately, the United States exceeded the previous record of cyber attacks in a single year. In 2017, we saw a whopping 1,529 data breaches – compared to the 1,862 data breaches we saw last year.

We can’t avoid technology in today’s digital age, especially with the COVID-19 pandemic and many businesses still operating remotely. Cybercriminals find new and creative ways to get into networks and systems, which means organizations need to continuously improve their cybersecurity operations.

Let’s take a look at the top 5 security breaches in 2021 and what we learned from them.

Microsoft Data Breach

The Microsoft data breach came to light in January. This attack impacted over 30,000 U.S. companies, and roughly 60,000 companies globally. The victims were small businesses and local governments.

Cybercriminals used stolen passwords and zero-day vulnerabilities on Microsoft Exchange servers which gave them full administrative rights over the systems. The hackers logged in and installed malware to create command-and-control proxies.

Microsoft believes the attack came from an unidentified Chinese hacking crew dubbed “Hafnium.”

Microsoft acted quickly to patch the vulnerabilities. Server owners were told to apply proper updates for protection.

Facebook Data Breach

In April, a hacker leaked the personal data of over 500 million Facebook users. The personal information included phone numbers, date of birth, current city, and posts made to their wall.

The Facebook users impacted were global.  The hacker released information on people from 106 countries for free. When asked about the breach, Facebook confirmed a vulnerability in their previous platform. Although they patched the vulnerability in 2019, the data had leaked before it was fixed.

Facebook received criticism from cybersecurity professionals all around the world, one stating that the social media platform downplayed the severity of the attack.

Facebook recommended that users should 1) update their password and 2) enable two-factor authentication on their accounts.

Android Data Leak

In May, over 100 million Android users fell victim to a cyber attack. Their data was exposed because of many misconfigurations of third-party cloud services. Sensitive data including emails, phone numbers, photos, passwords, payment information, and chat messages could be accessed by anyone.

Android told affected customers to reset passwords and wipe app data logs.


In July, IT software company Kaseya was hit with a ransomware attack by cybercriminal group REvil.

The advanced coordinated cyber attack debuted by hitting over a thousand companies around the globe with ransomware. Kaseya had a single zero-day vulnerability that REvil used to breach the Kaseya VSA appliance.

This attack targeted MSPs using Kaseya and their customers. Over 50 MSPs and roughly 1500 companies were impacted.

Kaseya issued a security advisory warning all Kaseya VSA customers to immediately shut down their VSA server to prevent the attack’s spread while investigating.

Colonial Pipeline Ransomware Attack

In May, there was a ransomware attack on the U.S.-based colonial pipeline. Attackers gained access to their network on April 29, when they breached the company through a VPN account that had only one compromised password.

The attack led to fuel shortages in the Southeast, Midwest, and Northeast regions of the country and rising fuel prices.

Since the attack, the company revealed it didn’t use multi-factor authentication. The attack resulted in a 6-day shutdown.

The Colonial Pipeline decided to pay the ransom of $4.4 million.

Avoid Being the Next Victim

These attacks are just a few examples of why companies and organizations must ensure they have robust security measures in place to prevent attacks from happening.

Sedara believes in being proactive and putting measures in place to be prepared for when – not if – an attack happens.

Subscribe to Sedara Declassified to get timely updates on new and evolving threats–and what to do about them–just like our clients do.

Sedara Whiteboard Series

Looking for more information on offensive security operations? Check out our blog and video about a crawl-walk-run approach to offensive operations.

Accomplish your security & compliance goals.

Get a Demo