10 Businesses with the Biggest Data Breaches in 2021

Suffering from a data breach is a headache every business wants to avoid. Unfortunately for the companies we discuss in this post, commercial data breaches are unavoidable if the right security measures aren’t put in place…

The consequences of a data breach for businesses cannot be underestimated. Effective cyber security has never been more business critical. They can lead to direct financial loss, irredeemable reputational damage, operational downtime, and potential legal action from anyone affected.

But, while suffering from a data breach can cause untold amounts of damage, businesses up and down the country are continually falling victim to attacks from cybercriminals and fraudsters. From the recent Guntrader data breach, to the French Connection ransomware attack, these are the latest in a long line of major incidents.

In this post, we’ll be taking a closer look at 10 businesses that have suffered the biggest data breaches so far in 2021.

10 Businesses Who Have Experienced Major Data Breaches in 2021

1.     Guntrader

Thousands of names and addresses belonging to customers of the firearms dealer Guntrader.uk were published to the dark web in July, following a significant cyber-attack. The website learned about the breach on July 19, where they then discovered that around 100,000 customer records had been stolen.

In response to this breach, The British Association for Shooting and Conservation (BASC) urged its members to be vigilant around home security. This is because the issue presented additional risks for anyone who was recorded as owning a firearm.

2.     GEICO

The auto insurance company Government Employees Insurance Company (GEICO) filed a data breach notice in April 2021. An announcement from GEICO revealed that information gathered from other sources was used to obtain unauthorised access to customer’s driving license numbers contained on their database.

The total of affected GEICO customers was not officially disclosed, though it was confirmed that hackers were able to access data between January 21 and March 1.

3.     French Connection UK

French Connection UK, also known as FCUK, was hit by a ransomware attack in June, which compromised private internal company data. The hackers responsible for the attack were believed to be affiliated with the REvil hacker group, who exploited a vulnerability in the company’s back end-systems to access the data.

To prove the legitimacy of the attack, REvil used passport ID scans of high-profile French Connection staff members. While French Connection did make it clear that no customer data was breached, those same assurances were not made for current and former employees of the fashion company.

4.     Moss Bros

In a similar data breach, the clothing company Moss Bros was forced to contact current and former employees to inform them that personal data relating to their employment had been exposed. In April, Moss Bros discovered that their systems, which are hosted with a third-party provider, were accessed by an unauthorised third party.

A forensic information technology expert was brought in to help determine the source and outcome of the access, learning that the unauthorised third-party responsible for the initial attack had downloaded data from the servers operated by the service provider. Information included names, addresses, phone numbers, bank account details and employment records.

5.     Npower

Energy firm Npower had to permanently close down its app following an attack that exposed customers’ financial and personal information. Contact details, birth dates, addresses and partial bank account details were all stolen during the attack, though it was not confirmed how many accounts were affected.

A spokesperson for Npower commented on this data breach, saying: “We’ve contacted all affected customers to make them aware of the issue, encouraging them to change their passwords and offering advice on how to prevent unauthorised access to their online account.”

6.     Facebook, Instagram and LinkedIn

At the start of the year, a Chinese social management company, Socialarks, suffered a data breach through an unsecured database. This exposed the account details and personal information of at least 214 million users of Facebook, Instagram and LinkedIn.

The information that was exposed in the breach varied from person to person, but it was said to include user’s names, phone numbers, email addresses, profile links, usernames and profile pictures.

7.     Pixlr

A database containing 1.9 million user records belonging to Pixlr, a free online photo-editing application, was leaked by a hacker that goes by the name of ‘ShinyHunters’. The group is well known for selling stolen databases on the Dark Web.

The data that was stolen was said to contain usernames, email addresses, ‘hashed’ versions of passwords, a user’s country and whether they had signed up to receive Pixlr’s newsletter.

8.     Bose

Bose disclosed a data breach in May following a ransomware attack. It was discovered that the data breach led to some of its current and former employees’ personal information being accessed by the attackers, including a wide range of HR-related information.

The audio maker claimed that, after hiring external security experts to restore impacted systems, they did not make any ransom payment to the attackers and they recovered and secured their systems.

9.     Volkswagen

In June, a third-party marketing service disclosed the personal information of 3.3 million Volkswagen customers, as well as its Audi subsidiary. Standard personal information, such as names, addresses and phone numbers were exposed, but for a select number of customers in the US, more sensitive data was leaked.

Volkswagen revealed that the driver license numbers for 90,000 customers were leaked and a smaller number within that group may have also had their birth dates, social insurance number, and tax identification numbers revealed.

10. T-Mobile

In February, an undisclosed number of T-Mobile customers were affected by SIM swap attacks, otherwise known as SIM hijacking. This is where scammers take control and switch phone numbers over to a SIM card they own using social engineering. With this access, scammers can receive messages and phone calls, allowing them to log into victim’s bank accounts.

The T-Mobile attack also exposed customer information, including names, addresses, email addresses, account numbers, social security numbers (SSNs), and PIN codes.

Have Any Other Businesses Suffered Major Data Breaches?

In this post, we’ve taken a closer look at ten businesses that have fallen victim to major data breaches so far in 2021. However, as you might expect, this is a far from exhaustive list, and there are bound to be dozens of more companies right around the world who have failed to keep their customer’s data secure.

With months to go until the end of 2021, further data breaches are guaranteed to be on the horizon. So, businesses need to be sure they’re taking every step to tighten up their data security to avoid hitting the news for all the wrong reasons.


Photo credits:

Photo 1 – Sai Kiran Anagani via Unplash

Photo 2 – Jefferson Santos via Unsplash

Photo 3 – Brett Jordan via Unsplash