Editor's Message

Welcome to DBD. 2023 has been the worst year on record for Data-Leaking Ransomware Attacks, and despite Law Enforcement gains, show no signs of slowing down. On a more positive note, our PRiSM platform continues to gain recognition and is now officially endorsed as a Ransomware Intelligence Resource by the SANS Institute. With that in mind, we would like to take this opportunity to thank you for all your very much appreciated and continued support. Stay safe. :)



Monday 11 January 2021

Data Breaches Digest - Week 02 2021

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 11th January and 17th January 2021.


17th January

7 Ways to Identify a Credit Repair Scam

AI likely to replace humans in cybersecurity space by 2030

Almere man arrested for stealing €130,000 in phishing scam

British Home Secretary under pressure after data breach

Cock Blocked: ‘Smart’ Chastity Devices Held To Ransom

COVID-19 vaccine supply vulnerable to cyberattack?

Hackers leak trucker, rail worker medical records

India Seizes Bitcoins Worth $1.2 Million From Hacker of Government Website and Crypto Exchanges

Information Warfare: A Hack To Die For

New coalition aims to combat growing wave of ransomware attacks

Over 22 billion records were exposed in data breaches in 2020

Ransomware reveals the hidden weakness of our big tech world

SEPA cyber-attack 'likely to be work of global organised crime groups'

Telegram or Signal? Welcome to the illusion called data security

Tenable's analysis of data breaches in 2020 reveals over 22 billion records exposed

The Changing Dynamics of Cyber Insurance

Warning over Netflix scam threatening to suspend membership 'within 48 hours'

Wentworth Golf Club hacked

Whatsapp Web messages, contact details leak on public search platforms

16th January

IT Security Trends in the Era of COVID: Our Top Five Tips for Making Your Network Safer in 2021

Joker's Stash Reportedly Shutting Down Operations

Lessons Learned from the Vaccine Supply Chain Attack

Phishing alert! Here’s how you can verify job offers

Phishing Attacks and Job Traps: What Can Save You from Fraud

Privacy: Does It Exist Anymore?

Quebec insurer says personal information of present, past staff may have been exposed in cyberattack

Scotland’s environment regulator refuses to pay ransom after cyberattack cripples systems

Stolen credit card shop Joker's Stash closes after making a fortune

Stolen Files From SEPA Systems Leaked by Conti Ransomware

The most used brands in impersonations and phishing crimes

The Scottish Environment Protection Agency Was Hit by Ransomware

UK Police mistakenly deleted 150,000 arrest records in software glitch

What Cyber Threats Await Us In 2021

15th January

17 tips to keep you safe from phishing schemes

70% of SEA population are targets for cyber criminals

150,000 arrest records accidentally deleted from police database

A hard drive with ‘vital information’ on SEPTA’s ransomware attack has been missing for months

A hundred-year-old secret is key to fighting cyberattacks

Aged Care Royal Commission involved in cyber security breach

AI and Quantum Technologies Set to Disrupt Cybersecurity Industry

AI set to replace humans in cybersecurity by 2030, says Trend Micro

Auckland Savings Bank (ASB) warns customers about scam text message asking for personal details

Automated “Classiscam” Operation Made $6.5m in 2020

British Airways breach could cost billions in landmark class-action push

CISOs Just Want To Be Loved

Cloud computing trends: Cyber security leads Twitter mentions in Q4 2020

Colorado county data breach exposed COVID-19 case info for 2 months last year

Companies Removing Sensitive Data From Cloud on Security Worries

Covid-19 Has Changed the Cyber Threat Landscape

Covid-19 medicine and vaccine info leaked following cyberattack

Excellus to pay $5 million over data breach that affected 9 million customers

Facebook Sues Devs of Alleged Data-Scraping Chrome Extensions

Flo Health App Fallout: HIPAA-Like Breach Notification Rule Not Enforced By FTC

Fujitsu: High Risk of #COVID19 Vaccine Disinformation Campaigns

Hackers leaked altered Pfizer data to sabotage trust in vaccines

Hackers using COVID vaccine as a lure to spread malware

How Are Cybercriminals Stealing Business Data?

How next-gen cloud SIEM tools can offer critical visibility companies for effective threat hunting

Hy-Vee reaches settlement in class-action lawsuit over massive 2019 data breach

ICT trends: What to expect in 2021

In a major data breach, numbers of WhatsApp web users found on Google search

Integrity of Queensland firearms registry system questioned after data breach

Intel, Cybereason Beat Ransomware With Hardware Shield

Joker's Stash, the internet's largest carding forum, is shutting down

Ledger Users Get Phishing Phone Calls After Database Leak

Malware targeting trucking companies isn't an IT issue. 'It's everybody's issue'

Microsoft still the most-imitated brand for phishing

More than 10 million users installed Android apps that showed out-of-context ads

More than half of organizations that store customer data in the cloud had security incidents in 2020

New Year, New Cybersecurity Concerns: A Look at 2021’s Top Trends

New Zealand central bank data hack 'significant'

Nidhi Razdan falls victim to sophisticated phishing attack

NSA: DNS over HTTPS Provides “False Sense of Security”

NSA Offers Guidance on Adopting Encrypted DNS

Online scams and how to avoid them

Over 22 billion records exposed in data breaches in 2020

Phishers count on remotely hosted images to bypass email filters

Puget Sound Educational District hit with data breach

Ransomware attacks now to blame for half of healthcare data breaches

Ransomware Disrupts Scottish Environment Protection Agency

Ransomware has MSPs in its sights

Reserve Bank of New Zealand apologizes for ‘significant’ data breach

Responding to a Cyber Security Breach

Russian-Signature Scheme “Classiscam” Now Expanding to Europe

Scotland environmental regulator hit by ‘ongoing’ ransomware attack

Sepa systems disrupted in ransomware attack

SEPA Systems Knocked Offline by ‘Ongoing’ Ransomware Attack

Successful Malware Incidents Rise as Attackers Shift Tactics

Tesco warns customers about 'satisfaction survey' scam

UK Accidentally Deletes 150k Arrest Records

Understanding third-party hacks in the aftermath of the SolarWinds breach

Undisclosed Apache Velocity XSS vulnerability impacts GOV sites

What analytics can unveil about bot mitigation tactics

What The “Fortune 490” Needs To Do To Stay Safe In 2021

Why cybersecurity audits are essential for risk management

Windows Finger command abused by phishing to download malware

Wisconsin Medicaid program experiences data breach

14th January

5 foolproof signs of phishing scams - and how to react

5 Modern Security Operations Trends That Will Dominate 2021 and Beyond

2020 Saw 6% Rise in Number of CVEs Reported

2021 prediction: non-EU credit card fraud will rise this year

Assessing Enterprise Firmware Security Risk in 2021

Biomutant Fans Warned Of Email Scam By THQ Nordic

BSI forecasts 2021 Cybersecurity Trends

Businesses Struggle with Cloud Availability as Attackers Take Aim

CISA Warns of Cloud Attacks Exploiting Poor Cyber-Hygiene

CISA: Hackers bypassed MFA to access cloud service accounts

CISA Warns of Vulnerabilities in Cloud Use, Shares Solutions List

Convicted Hacker Allegedly Commits Fraud While Awaiting Release

Crypto currencies and Ransomware in 2021

Cyber criminals demand ransom to unlock Sepa systems

Data protection in an era of global change

Deutsche Telekom: Inside of CL0P's ransomware operation

DVLA issues warning over scam targeting drivers

ESET discovers Operation Spalax: Colombian government and industry sector under targeted attack

European Regulator: #COVID19 Vaccine Data Leaked Online

Facebook sues makers of malicious Chrome extensions for scraping data

Healthcare IT teams battle with technical challenges to ensure network resilience and security

How Conti Ransomware Works

How to protect your company data

Hy-Vee Data Breach Settlement Proposed

Intel Incorporates Ransomware Detection into 11th Gen CPU Hardware

IRS issues warning about new wave of COVID-19 scams around 2nd stimulus payment

IRS warns of COVID-19 scams related to stimulus payments

Judge Poised to Approve Historic $650M Facebook Privacy Settlement

Ledger owners report chilling threats after 20K more records leaked

MD Anderson avoids $4.3M HIPAA penalty

Microsoft Continues to be Most Imitated Brand for Phishing Attempts in Q4 2020

Minimizing cyberattacks by managing the lifecycle of non-human workers

Most containers are running as root, which increases runtime security risk

Navigating the Benefits and Challenges of AI Implementation as New Threats Loom

New Zealand central bank hack – are state-backed cyber breaches on the rise?

NSA advises companies to avoid third party DNS resolvers

Object Versus File Storage: Why Security is a Key Consideration

Over 200 million Facebook and Instagram users' personal data stolen, are you one of them?

Personal Facebook, Instagram and LinkedIn data of 200 Million users ‘exposed online by leakers’

Phishing warning: These are the brands most likely to be impersonated by crooks, so stay alert

Police release firearm owner details in data breach

Publicly Known Vulnerabilities Increased in 2020

Real-Time Phishing Kit Targets Brazilian Central Bank

Scam-as-a-Service operation made more than $6.5 million in 2020

Social networks to be a growing attack vector in 2021

Telegram-based phishing service Classiscam hits European marketplaces

The Great Authentication Gap: How Password Habits Differ Across Generations

The Ransomware Task Force: A Broad Coalition and a Comprehensive Plan

Top security threats for 2021

TransLink employees' pay squared up after ransomware attack

United Nations security vulnerability exposed

US government warns of cyberattacks targeting cloud services

Verified Twitter accounts hacked in $580k ‘Elon Musk’ crypto scam

What is the future of cybersecurity?

Why cyberinsurance can save your business

Why Your Small Business Needs Cybersecurity Software

Windows 10: Latest security patch fixes a zero-day vulnerability

With insured losses at $90 billion, did cyber insurance firms dodge financial calamity?

13th January

4 Steps to Mitigate Future Healthcare Cyberattacks

'Air-Gapped' Cloud Security Adds Protection in a Ransomware World

Be proactive: 3 risk management steps to take before a cyberattack

Bitcoin Holders Beware: From Phishing to Fakes, Here Are the Top 5 Ways Criminals Can Steal Your Crypto

British Airways could face potential £800 million lawsuit over 2018 data breach

British Airways Faces Class Action For Data Breach

British Airways faces possible £800m data breach claim

British Airways facing group action claim over data breach

Capcom data breach adds another 40,000 estimated victims

Capcom Data Breach May Have Impacted Extra 40,000 Customers

Capcom Says Ransomware Actors Did Access People’s Data After All

CISA: Hackers bypassed MFA to access cloud service accounts

Comply or Get Fined: 2020 GDPR Fines are the Highest on Record

#COVID19 Led to Surge in Malware Attacks Last Year

COVID-19 Vaccine Documents, Personal Data Leaked

Creating a Company Data Breach Response Plan

Email phishing attack on Minnesota health plan exposes 66,000 members' info

Experts question whether our vaccine supply is safe from cyber attacks

Fertility-tracking app Flo Health settles FTC allegations of inappropriate data sharing

Five cyber threats to watch in 2021

Free decryptor for files attacked by released Darkside ransomware

Google discloses hacking campaign targeting Windows, Android users

Google exposes malicious exploits targeting Windows and Android users

Grappling with the onslaught of ransomware attacks

Hackers have leaked the COVID-19 vaccine data they stole in a cyberattack

Hackers Leak COVID-19 Vaccine Data Stolen During EU Regulator Breach

Hackers leak stolen COVID‑19 vaccine documents

Hardware wallet startup Ledger offers bitcoin bounty for information on data attacks

Healthcare Hit by 187 Million Monthly Web App Attacks in 2020

Healthcare industry sitting on ticking time bomb of web application attacks

Hy-Vee Moves to Settle Data Breach Class Action

Iranian cyberspies behind major Christmas SMS spear-phishing campaign

Jefferson Healthcare breach possibly affects 2,550 people

Ledger Adds Bitcoin Bounty and New Data Security After Hack

Ledger discovers new security breach

Ledger Offering 10 Bitcoin to Catch Rogue Shopify Employees Who Leaked Data

Massive IT-employee disconnect hindering remote productivity

Microsoft Fixes Windows Defender Zero-Day Bug

Mimecast Cert Abused to Target Inboxes in “Sophisticated” Attack

Mimecast certificate compromised by a threat actor

New York and Others Settle with CafePress Over 2019 Data Breach

Over 16,000 customers seeking compensation for British Airways data breach

Proposed settlement in Hy-Vee data breach case would pay victims up to $225

Puget Sound Educational Service District reports data breach

Rogue is An Android Malware That Gives Hackers Full Control Over a Phone: Here's What We Know

Security researcher archives Parler content

‘Sickening’ new ways scammers use pandemic to con vulnerable residents

SMBs’ Cybersecurity Risk Awareness Is Rising

SOC analysts overloaded, but role more important than ever

Social Engineering And Social Media: How to Stop Oversharing

SocialArks data breach has left over 200 million social media users’ personal and professional records exposed

SolarWinds Attackers May Have Hit Mimecast, Driving New Concerns

Stolen Pfizer/BioNTech Covid-19 vaccine data leaked

Stolen Softbank 5G data found on PC confiscated from Rakuten

Thales Report Reveals Risks of Organised Cybercrime

That Capcom data breach looks worse than previously thought

The future history of medical device cybersecurity

The REvil Ransomware Gang Threatens to Publish Celebrity Surgery Photos

TikTok tightens up privacy controls for young users

Ubiquiti suffers data breach and alerts customers to change passwords

United Nations discloses new data breach

US raises concern over China, Russia targeting Covid -19 vaccine supply chain

WhatsApp vs. Signal vs. Telegram vs. Facebook: What data do they have about you?

Your New Tools and Policies Won’t Save You

12th January

3 months after cyberattack that threatened ‘public health crisis,’ Jersey City Municipal Utilities Authority computer systems still not fully restored

4 ways to protect your small business from a data breach

7 Important Cyber Security Steps for Companies

200 million Facebook, Instagram, and Linkedin users' scraped data exposed

A brief history of cyber-threats — from 2000 to 2020

Accellion hack behind Reserve Bank of New Zealand data breach

Addressing the lack of knowledge around pen testing

AKVA targeted by ransomware hackers

Amazon Scam Emails: How to Protect Yourself From Phishing

Austin's SolarWinds says it's closer to understanding source of data breach

Australia: We must bolster our cyber war defences

Australian man arrested for alleged operation of now-shuttered DarkMarket

Big increase in cyber-attacks during the Covid-19 pandemic

Billions were stolen in blockchain hacks last year

BitDefender Has Released a Decryptor for ‘DarkSide’ Ransomware

Breach of Trust: How Cyber-Espionage Thrives On Human Nature

British Airways Faces Biggest Class-Action Suit Over Data Breach

British Airways faces largest-ever group claim in UK over data breach

British Airways faces massive group-action lawsuit over 2018 data breach

Capcom confirms its personal data breach is worse than first thought

Chinese Startup Leaks Social Profiles of 214 Million Users

Colombian energy, metal firms under fire in new Trojan attack wave

COVID-19 Vaccine Distribution Spurs 51% Rise in Health Web App Attacks

Cyber Attackers Leaked Covid-19 Vaccine Data After EU Hack

Cyberattack may have exposed 500,000 files: Saskatchewan privacy commissioner

Cyberattacks on UK firms saw a major increase in 2020

Cybersecurity industry faces a challenging 2021 as attacks rise

Cybersecurity teams are struggling with burnout, but the attacks keep coming

Data Breach at ‘Resident Evil’ Gaming Company Widens

Data of Millions of Indian Consumers Up for Sale on Dark Web

Data, Privacy, Pandemic: India just had the Biggest Medical Records Breach Ever

DVLA issues fresh warning over online phishing scams

Email security firm Mimecast says hackers hijacked its products to spy on customers

European agency says hackers leaked stolen COVID-19 vaccine data

Exposed Git repositories leaked details of over 100,000 UNEP workers

Five emerging fraud threats facing businesses in 2021

Hackers block electronic sex toy during use to ask for “ransom” in bitcoin

Hackers Have Been Remotely Locking People’s Chastity Cages & Holding Their Dicks For Ransom

Hackers leak stolen Pfizer COVID-19 vaccine data online

Hackney Council hit with ransomware attack

Homebuyers warned over stamp duty scams: Thousands rush to complete sales before March deadline and criminals look to take advantage

Intel 11th gen chips to add hardware-based ransomware detection

It’s time for a national privacy law in the US

Jefferson Healthcare email hack put info of 2,500 patients at risk

Kaspersky’s top three cybersecurity predictions for 2021

Lack of Funding Could Lead to “Lost Generation” of Cyber-Startups

Location Data from Muslim Prayer App Sold to Data Broker

macOS malware used run-only AppleScripts to avoid detection for five years

Mimecast discloses Microsoft 365 SSL certificate compromise

Mimecast says hackers abused one of its certificates to access Microsoft accounts

More Than Half of Organizations That Store Customer Data in the Cloud had Security Incidents in 2020

New Brunswick city's insurance costs could surge due to ransomware incident

New Sunspot malware found while investigating SolarWinds hack

New Zealand Central Bank Breach Hit Other Companies

New Zealand Federal Reserve Bank Addressing to Data Breach with Haste

New Zealand Reserve Bank breached using bug patched on Xmas Eve

Obfuscation Techniques in Ransomweb “Ransomware”

Organizations must prepare for these 2021 security risks now, or may fail to make it in a post-COVID world

Parler collapse opens door to phishing attacks

Parler data breach: Hackers claim they downloaded everything from Parler before it was taken offline

Parler Data Breach Explained: What Type of Information Was Actually 'Hacked'

Parler data breach will reveal its role in US Capitol riots

Passwords, Phishing and the Dark Web

Proactive vs Responsive AI: Which One Protects Against Major Modern Adversaries in Cybersecurity?

Ransomware Attacks: Don't Think It Can Happen to You?

Reconsidering enterprise cyber-risk in the post-Covid world

Reserve Bank of New Zealand investigates illegal access of third-party system

Reserve Bank of New Zealand "responding with urgency" to data breach

Reserve Bank says it wasn’t directly targeted in cyber attack

Saint John will rebuild from scratch after cyberattack, cover costs from reserves

Sangoma Technologies Provides Update on Ransomware Attack, Expects No Material Impact on Sales

Securing the connected home: A joint task for homeowners and their ISP

SolarLeaks site claims to sell data stolen in SolarWinds attacks

SolarWinds hack investigation reveals new Sunspot malware

The 2020 Capcom cyberattack may have been more dire than you realized

The current state of ransomware — and its future

The growing threat to farmers from cybercrime

The perfect theft: the increase in card-not-present fraud

The role of encryption technology in data protection

The SolarWinds Cyberattack and the Need for Hyper-Vigilance

Third Malware Strain Discovered as Part of SolarWinds Attack

Third malware strain discovered in SolarWinds supply chain attack

This Android malware claims to give hackers full control of your smartphone

This NXP side-channel attack can clone Google Titan 2FA keys

Top videoconferencing attacks and security best practices

Two-Thirds of Employees Don’t Consider Security Whilst Home Working

Ubiquiti Discloses Major Data Breach, Urges Customers To Change Passwords Immediately

Ubiquiti tells customers to change passwords following data breach

Ubiquiti warns customers about potential data breach

Using 5G And Cybersecurity To Realize Edge Computing In 2021

Vulnerable Database Exposed UN Employees' Data

Wawa Data Breach: A Lesson in the Consequences of Data Security Failures

Why healthcare remains a prized target for cybercriminals

World's Largest Illegal Dark Web Marketplace Taken Down

Your Facebook, Instagram, and LinkedIn Data Might Have Leaked Last Month

11th January

2 in every 3 Perth businesses will be a victim of cybercrime this year in 2021

4 must-have cybersecurity skills for youth to combat cyber threats

5 common scams and how to avoid them

5 fraud predictions for 2021 and beyond

28th January: Save the Date. Save the Data!

Are hackers targeting your computer? 3 things you must do to protect yourself

As retail moves online, brands must adapt to today’s cyberthreat landscape

Automated cyberthreat intelligence pilot reduced states' response times to minutes

BGP Attacks Pose A Substantial Operation Risk - Are Enterprises Paying Attention?

British Airways £3bn Compensation Pay-Out for Data Breach Case

Capitol attack's cybersecurity fallout: Stolen laptops, lost data and possible espionage

Cyber attacks on healthcare organizations soared in Israel in 2020

Cyberattack on Saint John could push up city's insurance costs even more

Cyberscout reveals its 2021 predictions for the UK cyber insurance sector

Cybersecurity: Has COVID-19 Made Us More Vulnerable To Data Breaches?

Cybersecurity in the Year of COVID-19: A Recap

DarkSide decryptor unlocks systems without ransom payment – for now

DarkSide ransomware decryptor recovers victims' files for free

Dassault Falcon Jet Disclosed Data Breach – Ransomware Attack Suspected

Data breach at New Zealand’s Reserve Bank after third-party service hack

Emotet remains top malware threat

Experian Warns About Synthetic Identities and COVID Scams in Future of Fraud Predictions

Finland: Staffing firm target of cyber attack

Free decrypter released for victims of Darkside ransomware

Hackers get patients' PHI after inflicting malware on Florida hospital's computer network

Hackers Post Hackney Council’s ‘Stolen Documents’ Months After the Cyberattack

Hackers use ransomware to lock up internet-enabled chastity belts

High Court Rules Against Government Bulk Hacking

How Hyperautomation Takes the Worry Out of Remote Work

How The Demand For Supply Chain Automation Creates A Precarious New Attack Vector

How to Build a Business Case for Cybersecurity Investment

How to do simulated phishing exercises ethically

How to Protect Your Business from the Top six Cyber Attacks?

How to stay safer online: Your online privacy and device security checklist for 2021

‘I’ll Teams you’: Employees assume security of links, file sharing via Microsoft comms platform

Intel adds hardware-based ransomware detection to 11th gen CPUs

Intel adds ransomware detection capabilities at the silicon level

Jefferson Healthcare hit by 'phishing' cyber attack

Learning Lessons From Previous Lockdowns – How Not To Fall Into The Trap Of A Cyberattack

Mac malware uses 'run-only' AppleScripts to evade analysis

Maharashtra: Scammers phish for victims in run-up to Covid vaccine rollout

Microsoft Sysmon adds support for detecting Process Herpaderping attacks

Millions of Social Profiles Leaked by Chinese Data-Scrapers

Networking giant Ubiquiti alerts customers of potential data breach

New ransomware trend will have executives worried

New Zealand Central Bank reports cyberattack

Over 100,000 UN Employee Records Accessed by Researchers

Overcoming human error in email security

Pay This Hacker Bitcoin or Your Penis Stays in the Cage

Personal data of 300,000 Vietnamese offered on cyberhacking forum

Phishers Masquerade as Australian Cyber Agency Officials in Malware Campaign

Protecting Data Breach Investigations From Disclosure

Protecting your business from a ransomware attack

Ransomware Attack Hits Short Line Rail Operator OmniTRAX

Ransomware gang Ryuk thought to have pulled in US$150 million

Ransomware the 'most prominent issue' for cyber insurers

Rwanda: Cyber fraud cases on the rise as scammers steal over Rwf280m in 2020

Saskatchewan healthcare database breach one of the largest on record

Scammers posing as Woolworths virtual assistants with fake prizes ask shoppers for personal information

Schools wade into an increasingly dangerous online world

Secure Email Gateway: The Gaps That Could Cost You

SQL injection: The bug that seemingly can’t be squashed

Strike a chord: What cybersecurity can learn from music

Sunburst backdoor shares features with Russian APT malware

The 4 cybersecurity resolutions every care provider should make in 2021

The data of more than 200 million people left in open access on a Chinese server

The evolving threat of ransomware: Beware of cyber extortion in 2021

This worrying new ransomware trend is hitting businesses where it hurts

Time To Retire The Password? What A New Authentication Can Mean For SSO

Top Five Common CISO Myths Debunked

Typeform fixes Zendesk Sell form data hijacking vulnerability

Ubiquiti tells customers to change passwords after security breach

United Nations data breach exposed over 100k UNEP staff records

United Nations data breach exposes details of more than 100,000 employees

United Nations discloses possible data breach

United Nations reveals potential data breach

United Nations suffers major data breach

US Announces Controversial State Department Cyber-Bureau

Utility Billing Disrupted by Cyberattack in Independence, Missouri

Warning over coronavirus vaccine text scam

What Are Advanced Persistent Threats? Should You Worry?

What does Twitter’s GDPR fine mean for your business?

Who is responsible for protecting physical security systems from cyber-attacks?

Why cybersecurity training is imperative in post-Covid world

Why paying hackers a ransom for your data isn’t the best idea

Why You Should Be Aware of Instagram Phishing Scams of the Kind That Hit Bollywood Actor Esha Deol

Younger customers most likely to stop using financial firms that suffer data breaches