Common Data Exposed in Data Breaches

"A dozen doughnuts, a large coffee, and 184 GB of personal data, please. To go..." Krispy Kreme is back in the news after their data breach from late 2024. They have now admitted that data was stolen. Nearly six months later... Krispy Kreme reports that data affected included " name, Social Security number, date of birth, driver’s license or state ID number, financial account information, financial account access information, credit or debit card information, credit or debit card information in combination with a security code, username and password to a financial account, passport number, digital signature, username and password, email address and password, biometric data, USCIS or Alien Registration Number, US military ID number, medical or health information, and health insurance information" We should *never* shame companies simply because a data breach occurs. Even if we do everything right, data breaches can still happen - because anything usable will never have perfect security. And that is okay. But, waiting 6 months to report and help affected individuals is too long. That is a broken incident response process, likely due to a lack of planning, testing, and preparing for a potential incident. Just goes to show that as individuals, we shouldn't wait for the report. If a service or company that has our data is hacked, change your password and get identity theft protection right away. For companies, provide regular updates as you can, even if it is just to say the investigation is still ongoing. Communication and transparency is key to re-establishing trust after a security incident. Don't wait Also, where are those dozen doughnuts already? #security #cybersecurity #databreach #krispykreme #privacy

A recent data breach has exposed the personal information of over 100 million U.S. citizens. The breach was attributed to a misconfigured database at the background check firm MC2 Data, which left 2.2TB of sensitive data online without password protection. The leaked database included extensive personal details such as full names, emails, IP addresses, dates of birth, partial payment details, home addresses, phone numbers, employment and legal histories, property records, and even data on family members, relatives, and neighbors. Additionally, encrypted passwords were compromised, making them susceptible to brute-force attacks if decrypted. This breach has raised serious concerns about the security practices of background check companies like MC2 Data. The incident highlights the potential risks of identity theft and fraud for millions of affected individuals and underscores the importance of robust security measures to protect sensitive information. https://lnkd.in/gHXfaAdz

AT&T Data Breach Exposes 86 Million Users—Social Security Numbers Leaked in Plain Text Introduction: One of the Largest U.S. Telecom Breaches Yet A devastating cyberattack has compromised the personal information of over 86 million AT&T customers, with data now circulating on Russian cybercrime forums. The breach includes names, addresses, emails, phone numbers, and—most alarmingly—44 million Social Security numbers in unencrypted form, prompting urgent warnings from cybersecurity experts and law enforcement agencies. ⸻ Key Facts About the AT&T Data Breach Scope and Severity • 86 million customers affected, making it one of the largest telecom breaches in U.S. history. • Data includes full names, birthdates, email and home addresses, phone numbers, and Social Security numbers (SSNs). • 44 million SSNs were leaked in plain text, exposing victims to identity theft and fraud. How the Breach Happened • Attackers reportedly exploited vulnerabilities in Snowflake, a cloud storage platform used by AT&T. • Access was gained via accounts lacking multi-factor authentication (MFA)—a basic but critical cybersecurity safeguard. • The data was published on a Russian dark web forum on June 3 and is now widely circulating among cybercriminals. Consumer Actions and Resources • Affected users should visit npd.pentester.com to check if their information has been exposed. • Cybersecurity experts recommend immediate action: • Freeze credit reports with all three major bureaus. • Set fraud alerts on financial accounts. • Watch for phishing scams and unauthorized account activity. • Law enforcement is actively investigating the breach, though long-term consequences for victims remain uncertain. ⸻ Why This Matters: A Wake-Up Call for Corporate Cybersecurity This breach underscores the growing threat posed by weak cloud security practices and the absence of MFA on sensitive accounts. With SSNs and other identity-critical data now in criminal hands, millions face the long-term risk of identity theft, financial fraud, and personal privacy erosion. The AT&T hack is a glaring reminder that even massive corporations can fall victim to preventable vulnerabilities—and that consumers often pay the highest price. Keith King https://lnkd.in/gHPvUttw