Back
Cyber Security Training & Software for Companies | MetaCompliance

Products

Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters

Back
Industry

Industries

Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 


Financial Services

Creating A First Line Of Defence For Financial Service Organisations

Governments

A Go-To Security Awareness Solution For Governments

Enterprises

A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives

Back
Resources

Resources

From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

Back
MetaCompliance | Cyber Security Training & Software for Employees

About

With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Leadership Team

Meet the MetaCompliance Leadership Team

Careers

Join Us and Make Cybersecurity Personal

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

MetaBlog

Stay informed about cyber awareness training topics and mitigate risk in your organisation.

5 Examples of Security Breaches in 2020

5 Major Security Breaches of 2020 | MetaCompliance

about the author

Share this post

Data breaches in 2020 continued to hit the headlines and cause crippling consequences for organisations around the world. Since the start of the year, the Covid-19 pandemic completely transformed our lives and created an ideal environment for cyber attacks and security breaches.

In 2020 so far, there have been as many as 726 million cyber attacks, exposing an eye-watering 16 billion records. Whilst many industries came under attack, security researchers found the healthcare sector was particularly vulnerable and accounted for 12.3% of reported data breaches in 2020.

Sensitive information is a valuable commodity and cybercriminals are keen to cash in on exposing vulnerabilities to make money and commit fraudulent activities. According to the 2020 Verizon Data Breach investigations report, 86% of this year’s data breaches were driven by financial gain, up 15% from 2019.

The report also concluded that phishing attacks, ransomware, malware and stolen passwords remain the top ways that attackers are accessing company networks and systems.

Below are 5 examples of some of the most prominent security breaches of 2020.

The Top 5 Security Breaches of 2020

1. Marriott

In March 2020, hotel chain Marriott announced that they had suffered a serious security incident that compromised the data of more than 5.2 million guests. By using the login credentials of two employees, hackers were able to steal sensitive information from a third-party app. The personal information included names, addresses, email addresses, phone numbers, loyalty account information, company, gender, birth dates, linked airline loyalty programs and numbers, and guest preferences.

The company stated that no payment information, passport information, national IDs, or driver’s license numbers were exposed in the data breach.

This is the second time that Marriott has suffered a data breach within two years. In November 2018, hackers exposed the personal data of up to 500 million guests. The ICO has since fined the company $124 million due to system security shortfalls. The latest breach is likely to cause further damage and undermine consumer confidence in the hotel chain.

2. EasyJet

In May 2020, EasyJet revealed it had been the target of a cyber attack that exposed the email addresses and travel details of nine million customers. The airline also confirmed that 2,208 customers had their credit card details and CVV security codes accessed.

Initially, Easyjet claimed that there was no evidence the compromised customer data has been misused. However, information obtained from Action Fraud suggests that there were reports of fraudulent activity and identity theft as a result of the EasyJet breach.

Despite the attack taking place in January, it took four months for the airline to publicly disclose the data breach. Under the GDPR, organisations are legally bound to report a data breach within 72 hours of detection. EasyJet claimed the lag in reporting time was due to the sophisticated nature of the attack.

It’s likely the company will face significant fines for the data breach. However, in light of the Covid-19 pandemic, the ICO has stated that it would take an ’empathetic and proportionate’ approach to assess reported incidents. This has led to speculation that the airline will receive a lighter fine due to the mounting pressures that the aviation industry is currently under.

3. MGM Resorts

In July 2019, MGM Resorts suffered a massive security breach after a hacker gained access to one of the hotel’s cloud servers. News of the data breach was revealed in February 2020 when hackers leaked the personal details of 10.6 million hotel guests on the dark web. The records exposed included names, home addresses, phone numbers, emails, and dates of birth of former hotel guests. High profile guests affected by the breach included Justin Bieber, Twitter CEO Jack Dorsey, and many government agency officials.

It has since emerged that the data leak was much bigger than initially reported. The personal details of over 142 million guests have appeared for $2,900 on an online cybercrime marketplace. The company has confirmed that they have notified affected guests and are confident that no financial, payment card or password data was involved in the breach.

4. Nintendo

In April 2020, Nintendo announced a data breach of 160,000 accounts. The security incident was the result of a suspected credential stuffing attack. Using ID numbers and passwords from a previous cyber attack, hackers were able to gain access to user accounts. This then allowed them to purchase digital items and view sensitive data including name, email address, date of birth date, gender and country.

The gaming giant has since announced that a further 140,000 accounts were compromised in the attack, bringing the total number of hacked accounts to 300,000. The company has reset the passwords for all affected customers and urged users not to use the same password across multiple accounts and services.

5. Zoom

In April, it emerged that virtual meeting app Zoom had suffered a data breach that exposed the login credentials of over 500,000 users.

In yet another credential stuffing attack, hackers appear to have gained access to the accounts by using username and password combinations obtained in previous data breaches. The information appeared for sale on dark web hacking forums for as little as 1p.

Compromised data included login credentials, email addresses, personal meeting URLs, and Host Keys. This enabled criminals to log in and join meetings or use the harvested information for other malicious purposes.

Cyber Security Awareness for Dummies

Other Articles on Cyber Security Awareness Training You Might Find Interesting