Most 2021 Data Breaches Were Cloud-based: Learn to Protect Yourself


Last month, Security magazine posted an excellent roundup of the Top Ten Data Breaches of 2021. These breaches impacted over 50 million individuals, were globally dispersed, and struck various industries spanning financial services, manufacturing and utilities, healthcare, and government, and others. 

While a couple of them were new leaks or aggregations of previously breached data, the vast majority were fresh breaches, and almost all of them contained PII and other sensitive data.

More importantly, 7 out of the 10 breaches were confirmed to be from data stored in publicly accessible cloud repositories, highlighting the importance of proper data access control for cloud data. 




Data Store

Android Data Leak

Various Android apps store user information in third-party cloud databases that are either unprotected or inadequately protected


Thailand Visitors

Data from over 100 million visitors to Thailand was being stored on a cloud-based unprotected database



150M records from this Iranian social and business networking site were stored on an unsecured MongoDB instance



Over 200M records of this adult cam site including email addresses, usernames, and IP addresses were stored on an unprotected Elastic cluster



Over 200M records that contained PII, including those of high profile celebrities was available on an unsecured Elastic cluster 


Brazilian Database

Over 100M records including PII information for Brazilian nationals was leaked. Based on the contents of the data, it is suspected to have originated from an Experian subsidiary in Brazli



Over 400 million records showing people’s full names, locations, and other personal information was stored on an unsecured Elastic instance



Phone numbers, email addresses, and other personal data for over 500M users was leaked onto a hacker forum



LinkedIn data for over 700M users, likely from previous breaches in past years, was available for sale



Over 5B records (a subset of which include passwords and other data) from previous breaches were aggregated onto an unprotected Elastic cluster


The clear takeaway here is that in the surge to move data to the cloud, typically in support of mobility and digital transformation initiatives, organizations are not taking sufficient steps to safeguard the data that they move to the cloud. Many of the breaches were of data stored in third party services like MongoDB and ElasticSearch that do offer adequate protection, but require customers to make use of those controls. 

Here are three steps you should be taking to implement data centric security and keep yourself and your organization out of the news this year:

  • Take a Data Inventory - For any cloud-based data, make sure that you have your arms around what sensitive data is available, who has access to it, and how it’s protected. This sounds basic and obvious, and yet the examples above highlight the fact that many organizations are not taking this elementary and crucial step.


  • Identify Dark Data - This is the data that’s out there but isn’t being used or accessed. Typically placed in the cloud in anticipation of an upcoming project, it gets forgotten and, over time, left unguarded. At best, it’s money you’re burning needlessly and can recoup. At worst, it’s adding an unnecessary threat surface to your organization.


  • Implement a Data Access Recertification Process - While the first two steps will identify any existing exposures you need to shore up, this final step will ensure that you remain protected going forward. For any data access, institute a recertification process that ensures that needless data access privileges are periodically pruned to enforce the principle of least privilege.

Moving your organizational data to the cloud is necessary to drive digital transformation. It is important to apply best practices in how that data is migrated and protected once it’s there. This is what we do and how we help our clients. Please contact us if we can be of service to you.