Take The 2022 Security Operations Trends Survey Today  START 
Skip to main content

The Top Cyberattacks of December 2020

To top off a ruthless year, cybercriminals again struck gold at the end of 2020.

As the world shuttered thanks to the coronavirus pandemic, bad actors found numerous loopholes and vulnerabilities in systems across all industries. Healthcare institutions, local governments, schools, transportation firms, and supply chains were among the hardest hit by breaches in December. 

Last month’s breaches include some of the worst attacks in the history of cybercrime, which have overwhelmed victims with data loss, halted operations, and triggered hefty ongoing lawsuits. One of these breaches has been called the “second-most extensive healthcare cyberattack of all time.” Another may prove yet to render entire government networks powerless. 

Read about all these attacks and more in our December 2020 data breaches list below. 

Notable December 2020 Cyberattacks

Here are some key stats from December’s hacking incidents and security breaches.

  • Records Exposed: The healthcare sector was hit the hardest in a series of cyberattacks in 2020. In total, nearly 4 million health records were compromised, with a total of 40 organizations reporting attacks to the Department of Health and Human Services. 
  • Widespread Threat: Ransomware and malware

A series of bright blue lines connecting five different lock icons.

4. T-Mobile's Fourth Data Breach in Three Years Leaks Call Records

T-Mobile has experienced more than its share of cybersecurity incidents in the last few years. The company has consistently struggled to protect customers' data against attackers, beginning in August 2018, then in November 2019, and again in March 2020.

The cycle continued in December when hackers exposed T-Mobile customers' proprietary network information (CPNI). The CPNI includes a vast amount of sensitive and potentially identifiable information, all of which was exposed in the attack. 

T-Mobile promptly sent out texts summarizing that cybercriminal had gained "malicious, unauthorized access" to the company's telecommunications data center to execute the breach. Thanks to the company's quick action, less than 0.2% of its customer base was affected (about 200,000 people).

In a notification published on the company website, T-Mobile emphasized that it had started an investigation and had shut down the system immediately upon discovering the security breach. To gain insight into the specific events leading up to the incident, they contacted cybersecurity forensics experts and reported it to the federal government. 

The case is still unfolding, so T-Mobile officials warn customers to keep their eyes out for scam texts they may receive possible "smishing" attacks, where attackers claim to represent the mobile carrier. 

  • Records Exposed: CPNI of 200,000 customers 
  • Type of Attack: Not yet identified
  • Industry: Telecommunications
  • Date of Attack: Late December 2020
  • Location: Bellevue, WA

Key Takeaways

  • Companies, especially those that have been targets before, must enhance their customer data security by preventing misdirected emails, and encrypting communications with sensitive customer data. 
  • Tighter access to sensitive data, enforcing multi-factor authentication, and significantly reducing the number of devices on which this data is shared can each lower your risk. 

3. Egregor Ransomware Strikes Metro Vancouver's TransLink Transportation Agency

The Metro Vancouver Transportation Agency confirmed it was victimized by a ransomware attack in 2020, executed by Egregor hackers. The virtual assault led to the theft of employees' sensitive information, including banking details and social security numbers. 

TransLink also disclosed that attackers harmed its computer systems, causing severe disruptions to the functionality of phone and web services. Customers struggled to pay their fares with debit and credit cards; however, core transit services were virtually unaffected. 

The agency reports that attackers accessed a wealth of documentation through local network drives. Though customer data was relatively safe, employees faced tremendous information exposure. In fact, ransomware attackers accessed payroll information for:

  • TransLink
  • Coast Mountain Bus Company
  • Metro Vancouver Transit Police

TransLink learned of Egregor operators' participation in the recent breaches thanks to a printed message issued to its officials. A copy of the letter was posted to Twitter, displaying the attackers' threat to publicize the stolen data within three days if TransLink did not respond in the desired manner. 

  • Records Exposed: Banking details, social security numbers, payroll information 
  • Type of Attack: Ransomware
  • Industry: Transportation
  • Date of Attack: December 1, 2020
  • Location: New Westminster, B.C. 

Key Takeaways

  • Ransomware can only take hold if someone clicks on a link in a phishing email or presents an opportunity for "drive-by downloading." Cybersecurity awareness campaigns are a must in business training programs. 
  • Installing reliable antivirus software is one of the most effective ways to protect your devices from falling victim to ransomware —and it’s imperative to keep the software updated. 

The transportation industry isn't immune from the sights of hackers. A large blue city bus waits to pick up passengers.

2. More than 1 Million Health and Payment Records Breached at Dental Care Alliance

Personal records of third-party dental supplier Dental Care Alliance (DCA)'s 1,004,304 patients were lost in a devastating ransomware and data misconfiguration combo. The breadth of this latest data breach makes it the second largest cyberattack on the healthcare sector in all of 2020. 

The investigation is not yet complete, and the DCA continues to look into the matter in partnership with law enforcement officials. The company first noticed unusual activity within its virtual environment back in mid-October. Immediately upon detecting the security breach, it contacted third-party forensics experts and issued warnings in December. 

The DCA’s quick action ultimately enabled it to confirm that hackers breached its network in both September and October, accessing and exposing the following data types:

  • Patient names
  • Contact information
  • Dental care diagnoses and related treatment information
  • Account numbers
  • Billing details (including bank account numbers and health insurance information)
  • Dentists' and caregivers' names

According to the HIPAA Journal, the DCA has not yet found any "specific evidence" pointing to malicious use of the compromised data. It emphasizes that the breach of financial data impacted only 10 percent of its customers. 

  • Records Exposed: 1,004,304 personal data records 
  • Type of Attack: Not yet identified
  • Industry: Healthcare
  • Date of Attack: September-December 2020
  • Location: Sarasota, Fl

Key Takeaway

  • Like the DCA, you should enforce strict access standards to customer data, no matter what is your industry. Identity verification and access control are the two keys to ensuring that only designated individuals access your company's sensitive materials.

1.  Hackers Hijack SolarWinds to Infiltrate 18,000 Government and Private Networks

Russian cyberattacks on U.S. governmental institutions are on the rise. In one of the most catastrophic data breaches during all of 2020, foreign intelligence operatives took advantage of a compromised SolarWinds program and invaded an estimated 18,000 private and government-affiliated networks. 

These recent data breaches granted attackers access to an abundance of identifiable information, including financial information, source code, passwords, and usernames. 

Federal workers in the Cybersecurity Infrastructure and Security Agency (CISA) department are working endlessly to restore security and defeat this "grave risk." Officials have warned that if they cannot get the matter under control soon—in part, by updating their systems with Orion's 2020.2.1HF2 —by the year's end, they may be forced to take the systems offline entirely. 

Existing vulnerabilities within the SolarWinds platform are being used to install malware into the federal government and private tech. To many, the software's failings are not a surprise, given SolarWinds' well-documented cybersecurity failures to date. 

  • Organizations Impacted: 18,000 affected, 40 known targets  
  • Type of Attack: Malware
  • Industry: Government
  • Date of Attack: Ongoing
  • Location: Nationwide, primarily federal government

Key Takeaways

  • Business owners and private network authorities should seek trusted, updated software with an excellent reputation. Research the cybersecurity track record of any software you're interested in before downloading it. 
  • One significant action these vulnerable networks can take is to update their Orion software. Always keep your programs up to date to ensure as part of an elevated security posture. 
  • This SolarWinds attack wasn't the results of a tools problem, organizations need 24x7 protection delivered by trained security experts. 

The Next Attack...

If 2020 has a lesson for private network owners, business owners, or government officials, cyberattacks are continually evolving. They occur everywhere, every day.  For more on the most high-profile attacks, take a look at some of our previously published monthly recaps.

Stay Ahead of Cyberthreats

These recent security breaches have shown that staying ahead of cyberthreats is the best way to avoid any attack's consequences. Is your company in need of a cybersecurity solution? Get in contact with us today to learn more about the solutions that make Arctic Wolf the leader in security operations.

Additional Resources

If you're ready to get started, request a demo, or get a quote today.