The increasing incidents of data breaches worldwide and their impact on national security

As the volume of data exchanged worldwide increases daily, there is a counter-trend against the international recognition of data protection principles on the one hand and the ever-accelerating pace of data localization policies on the other. This, in turn, has led to a surge in data breaches, commercialization and sales on hacking forums and the dark web in 2022 and the early days of 2023 as a valuable target coupled with a range of related crimes, including theft and extortion. As a result, the importance of precautionary security measures to maintain data integrity has increased.

Key indicators Over the last year and early this year, cases of data breaches have increased, with some prominent examples explained as follows:

Social media: In April 2022, about 487 million personal phone numbers of WhatsApp users in 84 countries were leaked and put up for sale on a notorious hacker forum. This included 94 million numbers from users from Arab countries, including 34 million Egyptian users. Previously, in April 2021, personal data of half a billion Facebook users, including their phone numbers and email addresses, appeared on a hacker site. Additionally, on January 6, 2023, in one of the largest data breaches in the platform’s history, hackers stole the email addresses of over 200 million Twitter users and then sold that data for a low price on a leak forum called (Breached ). (2 euros per account). In November 2022, Twitter suffered a data breach of 5.4 million users due to a vulnerability in its API.

Cloud storage applications: In November 2022, Apple’s iCloud leak occurred when multiple videos and images of numerous users were exposed, attributing the incident to a technical glitch affecting iPhone 13 Pro and 14 Pro users. This caused the videos to turn black, making them impossible to view when saved or downloaded, while others showed black lines with images that came from unknown sources and may have belonged to other accounts on the app.

Government Services: In November 2022, the UK postal service Royal Mail suffered a data breach that caused a disruption in its click-and-drop parcel delivery service, which allowed customers to view other users’ information, queries and details. To contain the problem, the company suspended its postal services without disclosing the reason for the disruption. Additionally, Indian Railways suffered a cyberattack affecting the data of about 30 million customers, including emails and phone numbers, amid concerns over possible exposure of users’ travel records including names, phone numbers, locations, train numbers, arrival times, emails. Emails and nationalities exist. In December 2022, the Moroccan Ministry of Higher Education, Scientific Research and Innovation was hacked, resulting in the loss of data for tens of thousands of students at the public “Cadi Ayyad University” in Marrakesh.

Private company: Uber launched an investigation in September 2022 after a breach of customer data stemming from a vulnerability in its Slack account, which was used for communications between customers and the company. This gave the hacker control of internal company systems and databases. Uber then suspended the service after its shares fell 5%. The hacker threatened to reveal the company’s source code and claimed the breach was done for fun, although it resulted in the seizure of the company’s web services and some internal financial data.

Banking institutions: Around 1.25 million bank card details were leaked on the dark web on a marketplace called (BidenCash) in October 2022. This personal data included customer email addresses, telephone numbers and addresses. Cybersecurity experts attributed this to registration data found on shopping pages of several hacked e-commerce websites. In addition, leaked bank data provided to the Süddeutsche Zeitung in February 2022 by customers of the Swiss bank “Credit Suisse” revealed the wealth of certain political figures and former/current rulers, as well as those involved in money laundering and drug trafficking in Egypt , Jordan, Algeria, Oman and beyond, encompassing more than 18,000 bank accounts worth over $100 billion, with no evidence of current banking activity.

Large global companies: In October 2022, a Microsoft server called (Azure Blob Storage) was attacked, resulting in the exposure of data from over 65,000 companies in 111 countries. This data included customer information such as names, telephone numbers, email addresses, as well as names of some companies and sales-related data. The company reached out to affected customers without providing detailed statistics on the breach.

Healthcare companies: In November 2022, hackers demanded a $10 million ransom to prevent the disclosure of records from Medibank, one of Australia’s largest healthcare companies, through which they accessed information on 9.7 million current and former customers, including the Australian Prime Minister Anthony Albanese, have accessed. The leaked data included confidential details about drug addicts, patients with sexually transmitted diseases and women undergoing abortions, all of which were published on the dark web, including names, addresses and birth dates of hundreds of customers.

Important implications The growing number of data breaches can be illustrated in several points:

Increase in extortion cases: Hackers typically target data from influential and wealthy individuals or large institutions concerned about their reputation/market value, or organizations who are likely to pay significant amounts to prevent their information from being made public. The more sensitive the data is, the higher the risk of blackmail. This implies that sharing could inevitably lead to other crimes, including selling on the dark web or to national newspapers/media. Still, paying a ransom to prevent data from being released or traded shows that hackers have successfully achieved their goals, which could encourage them to target the same companies again in the future, assuming they will do so again will pay. Conversely, non-payment typically results in the publication of user data and an increased likelihood of claims for damages, which may be lower or higher than the ransom amount; However, payment is not a guarantee of recovery or non-publication of the data.

Global character and distribution: Data breaches can affect all countries, regardless of their level of development, and all companies, regardless of size. For example, in July 2022, an information leak from one of Shanghai’s police databases exposed the data of a billion citizens, with over 23 terabytes of data being sold for 10 Bitcoins (approximately $200,000) on a hacker forum. Conversely, in the Netherlands, in December 2022, passport details and vaccination certificates of hundreds of professional table tennis players were also leaked online due to a security issue related to the International Table Tennis Federation server.

Growing importance of data worldwide: Similar to various programs and video platforms, data is vulnerable to hacking and security breaches, and the more individuals and companies rely on it, the more targeted it becomes. The widespread global nature of data breaches – spanning government services, major technology companies, global supply chains and more – underscores their critical importance and points to their transformation into 21st century oil. Data has become the backbone of the global economy and one of the most important pillars of economic development. In addition, it supports digital transformation and serves as the main gateway to the global digital economy.

Weak protection mechanisms: Despite the many privacy laws in place, they do not deter hackers, especially given the challenges of revealing their identity due to advanced obfuscation techniques, to name a few. Additionally, the effectiveness of these laws typically relates to cases where financial penalties are imposed on large technology companies due to user data leaks. That’s why a hacker offered Elon Musk the opportunity to exclusively purchase leaked Twitter data to avoid hefty fines. Likewise, Meta agreed to pay $725 million to settle a years-long legal dispute over alleged breaches of user data in 2018 and its sharing with political consulting firm Cambridge Analytica. This fine is slightly lower than the one imposed on Amazon by the National Data Protection Commission in Luxembourg in 2021, amounting to 746 million euros for violating EU data protection laws.

Increased importance of data localization: The increasing prevalence of data breaches, particularly against social media platforms, highlights the need for data localization, i.e. storing and processing data on national servers rather than servers abroad, to ensure a secure environment for information sharing in cyberspace. This requires the creation of domestic social media alternatives, such as China, which requires foreign technology companies to store user data domestically and imposes new restrictions on content, with its social media sites comprising more than half of the world’s most active social platforms .

In summary, robust protection of user data is becoming increasingly important as this data represents the greatest treasure for social media platforms that offer free services without users realizing that this is the price paid for it . Users cannot track the whereabouts of their data and do not know that, in addition to hackers, numerous companies, institutions and government authorities are after them. Therefore, it is critical to invest in cybersecurity measures and raise awareness of the importance of data protection and localization, especially given the myriad challenges facing the organization.