Biggest data leak of all time: What lessons can we learn?

What would a cyberattack on your local government look like? Drata analyzed threat trends to break down the growing issue.
– THOMAS SAMSON/AFP // Getty Images

The latest cybersecurity issue relates to 10 billion stolen passwords being shared online in what is being described as the biggest data leak of all time. The compilation of almost 10 billion passwords was posted to an underground hacking forum.

This significant technology news feature follows on from several high-profile cyber breaches that have taken place during the course of 2024.

Looking into the matter for Digital Journal is Stephen Crow, Security Director at ANS, who comments: “An immediate priority for impacted individuals will be to be wary of communications around recent orders, as these could be fraudulent. Malicious actors may seek to gain more data through targeted attacks using the information stolen.”

As well as this advice for individuals, Crow extends his analysis by assessing what this incident means for r businesses. This centres on a need to protect all forms of personal data.

Here Crow states the primary lesson: “The data breach is a stark reminder that no organisation is completely immune from cyber threats, and that all forms of customer data require stringent protection.”

Crow adds, looking at what malicious actors can do with the acquired data: “Despite the absence of financial data, threat actors could potentially use the stolen information to launch phishing or malware attacks against consumers. They are likely to sell this data on the dark web as well, putting customers at even more risk.”

However, there are measures that can be adopted in order to lower the risks to a firm. Crow captures these as: “This incident serves as a call to action for companies to reassess their proactive cyber security strategies and incident response plans.”

While such responses can be effective, Crow places greater emphasis upon stopping such things from arising in the first place. Here he observes: “Prevention is of course preferable, but should the worst happen, businesses need the ability to react quickly to contain the damage and minimise the impact on customers, no matter the type of data involved in a breach.”

As a final point, looking across both person and business uses, Crow emphasises that cybersecurity is a shared responsibility.

He closes with the following salient point: “Cybersecurity is a shared responsibility. It requires collaboration between organisations, customers, and cybersecurity experts, to create a safer digital environment.”

In related news, the NCC Group has found that global ransomware attack levels are at an all-time high, increasing 24 percent month-on-month (356 to 470) and 7.5 percent (435-470) year-on-year according to NCC Group’s Threat Pulse bulletin.