In recent years, the Olympic games have become a target for cyber espionage, surveillance and other financially-motivated attacks. 

The NTT Corporation, which provided network security for the Tokyo 2020 Olympics, said there were more than 450 million cyberattacks launched during the 16 days of competition.

That's 2.5 times more than the number of attacks on the 2012 London Olympics.

Beijing won’t be much different.

A report from cybersecurity analysis firm Recorded Future found ransomware groups may try to encrypt machines used at the games, in part because it could lead to a significant profit, given that teams or officials might need to pay ransom to regain access to those systems as soon as possible. 

But experts think the biggest threat is possible cyber espionage and surveillance of athletes and visitors by the Chinese government.

The United States, Team Great Britain, Australia, Germany and Netherlands all urged their athletes and visitors to leave their personal phones and laptops back at home out of fear that they will be monitored by the government at the games and thereafter. 

"China's national security laws create a really different environment for privacy than what people are used to when they're in other countries, where privacy legislation places significant constraints on the government's ability to collect and use data," Robert Potter, CEO and co-founder of Internet 2.0 said.

"The identifiers for your phone are automatically collected, so that information is gone the moment you hit a mobile phone tower in China."

Potter's cybersecurity company Internet 2.0 examined some of the software being provided by official sponsors to the game and found that the Virtual Private Network service offered to athletes, which lets users hide and protect their internet traffic from being accessed by third parties, collected a "significant amount of user data" beyond what was needed to run the app. 

Newsy's research showed the camera and photo libraries were required to be accessed by the app, and they just didn't seem to be a particularly good reason or justifiable reason to think that that was normal for a VPN application.  

A separate report from Citizen Lab found serious privacy issues with the MY2022 Olympics app, which is required to be used by all attendees at the Beijing games.

For example, it contained an encryption flaw that could expose passport details and medical information of users. 

Both the IOC and Beijing Olympic Committee have rejected claims that there are security concerns with the MY2022 Olympics App. 

Experts told Newsy the only sure-fire way that visitors to the Olympics can protect themselves is by using new devices and accounts only while inside China in order to protect their personal information, then throw the devices away after the games are over.

China is committed to having open and accessible internet available to athletes that are within the "COVID bubble," but there is a line between open internet access and unmonitored internet access — and China is making no guarantees around the latter. 

This story was first reported by Tyler Adkisson at Newsy.

Facebook and Google are both forcing some users to switch to two-factor authentication in 2022.

The technology requires people to log in using a password and a secure code sent to their phone or email address. Critics say the decision poses too much of a burden for the average user. Cybersecurity experts insist it’s the least we can do.

“Passwords are breakable. Passwords can be stolen. Passwords can be guessed,” said Dr. Vahid Behzadan, a professor of computer science at the University of New Haven. “By adding two-factor authentication, we are making a successful compromise a little more difficult for the attacker.”

Dr. Behzadan said one of the biggest hurdles in cyber security is apathy from the general public.

“Many do not take security seriously,” he said. “Sharing passwords, writing passwords on a Post-it note and putting it on your desk, or choosing predictable, easy-to-guess passwords.”

Nearly 2 in 5 Americans shared one of their passwords with someone in 2021, according to a survey published in October. A different survey found that half of Americans believed their passwords are secure.

In a May post on the Google blog, the company’s director of product management, identity, and user security called passwords “the single biggest threat to your online security.” He said the company hopes to eliminate passwords altogether in the future.

“The internet is still suffering from that lack of foresight,” said Dr. Behzadan. “Internet protocols that were designed in the 80s are still in use, and they're still a major cause for concern in terms of cybersecurity.”

In the meantime, Google recommends using a password generator to create strong, unique passwords for every account. The company offers a password manager in its Chrome app so users don’t have to memorize everything. Similar products are available through Apple and Microsoft.

Robinhood said Monday it was hit by a data breach earlier this month that exposed information on millions of customers and that hackers later demanded an extortion payment.

The trading platform said in a statement that the Nov. 3 attack allowed the unauthorized party to obtain a list of email addresses for about 5 million people and full names for another group of about 2 million people.

The company said the incident caused a "limited number of people," approximately 310 in total, to have their names, dates of birth and zip codes exposed. About 10 customers had "more extensive account details revealed," Robinhood said, without elaborating.

"We believe that no Social Security numbers, bank account numbers or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident," the company said in the statement.

After Robinhood contained the intrusion, "the unauthorized party demanded an extortion payment," according to the statement. The company said it "promptly" informed law enforcement but did not indicate whether it complied with the extortion payment demand.

Shares of Robinhood were down about 3% in after-hours trading Monday.

The unauthorized party gained access to Robinhood's customer support systems by posing as a customer support employee by phone, the company said.

Robinhood said it is in the process of making "appropriate disclosures to affected people" and is continuing to investigate with the help of security firm Mandiant.

"As a Safety First company, we owe it to our customers to be transparent and act with integrity," Caleb Sima, Robinhood's chief security officer, said in the statement. "Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do."

Google is taking a step back, recently announcing they won’t track users as they browse the internet after ending support for third-party cookies.

These cookies have been allowing digital advertising and ad tech to thrive.

”That ad is placing a third-party cookie in your browser, so what's happening is that Chrome and other browsers that are doing this, are taking that cookie and they are reselling it to someone else. So that’s what they're saying they are going to stop doing,” said Donald McLaughlin, a cybersecurity consultant.

He said while Google is not going to support third-party cookies, they are still keeping some of your information.

“They're not going to stop tracking you based on your searches or email,” McLaughlin said.

The more information of ours that’s out there, the bigger the push to keep it out of those companies’ hands.

“We see a movement towards more privacy,” he said.

“Surveillance capitalism has been growing over the last 20 years. The technological abilities to frankly spy on people and track their every movement are really profound,” said Dr. Jen Golbeck, Professor in the College of Information Studies at the University of Maryland.

So what does this mean for your privacy?

“This move by Google suggests some of the big players are starting to think maybe we don't need to track every individual in every way we technically can,” Dr. Golbeck said. “There may be ways to make the money they want and not keep all that individual information”

One concept is to group people together, rather than targeting individuals.

“The idea here I think is to create groups of customers instead of individually identifiable tracking opportunities so they can pre-segment these customer groups for advertisers based on their buying behaviors,” said Melissa Akaka, an Associate Professor of Marketing at the University of Denver.

For ad companies, it’s going to change the way they present those advertisements. For brands, it could change their customer relationships.

“Companies are going to have to really think through who their customers are and how they can build longer lasting relationships with them,” Akaka said.

Although Google is making this change, not many other big tech companies are following suit.

“Apple is really the only other big tech company we see pushing privacy in a really serious way, and frankly more seriously than Google is,” Dr. Golbeck said. “Facebook hasn't really shown an interest in reducing that kind of individual knowledge, that's really the cornerstone of their business at this point.”

She said Google is simply getting ahead of future policy.

“I don’t think the tech companies care what people want. They care about making money. But if people want their privacy protected and they're going to push for regulation that affects the company, they're going to respond in that way and I think they see that coming. There is this new public understanding and push for more privacy,” Dr. Golbeck said.

The cyber insurance industry, once a profitable niche, is now in the crosshairs of ransomware criminals.

They have hacked brokerages and major insurers.

Determining who has coverage and how much can help them pick targets and negotiate payments.

Skyrocketing extortion demands and a rise in ransomware attacks has the industry teetering on the edge of profitability.

Pressure is building on the industry to stop reimbursing for ransoms, but so far only one major cyber insurer, AXA, is doing so — and only with new policies in France.

To try to absorb the growing onslaught and stay profitable, insurers are retooling coverage, demanding clients up their security.

The pandemic slammed businesses, including health care systems. On top of the stress of COVID-19, they also saw more cybersecurity attacks.

“Health care has always been a target, but it tremendously just blew up when the pandemic started,” said Angela Kobel, Chief Financial Officer of Lincoln Health in Hugo, Colorado.

She’s talking about cybersecurity. As the pandemic stressed health care systems, the industry also saw more attempted cyberattacks.

“A lot of our employees were working remotely as we closed the hospital down, which made us vulnerable,” Kobel said. “Everybody was so busy fighting COVID and trying to figure out what was happening with COVID that we didn't have the resources to put towards IT security.”

Hospitals are at a higher risk for attacks. Many of us have personal, private information shared with our doctors, often stored digitally. So for the past few years, Lincoln Health has used a third-party company to manage its IT system. That’s where Lance Goudzwaard with ReliableIT comes in.

“Health care organizations, they need to be very careful with that information. And I'll tell you the value of each of these records is very high. It's scary to think how much a hacker can sell one record for,” said Lance Goudzwaard, Virtual CIO at ReliableIT.

And hacking is getting easier.

“My 15-year-old daughter could go to the internet and download instructions on how to hack a lot of health care systems,” Goudzwaard said.

“It's incredibly easy to find and use hacking tools, and there are services you can outsource all of this too, if you want to,” cybersecurity expert Nathan Evans said.

It’s not just hospitals that are seeing these data breaches and ransomware attacks. Earlier this year, a cyberattack on the Colonial Pipeline caused a disruption in fuel transportation, leading to gas shortages in the southeastern U.S.

And JBA USA, a large meat supplier, recently announced it too was targeted by a cybersecurity attack. There are more that go unreported, as there aren’t regulations in place in most industries to report these incidents.

“The health care sector and financial sector have government requirements to report when they actually get breached,” said Nathan Evans, an assistant teaching professor at the University of Denver.

So what does all of this mean for your data, and your accounts? Evans said part of it is trust in the organization you give your information to.

“There's not really anything we can do on an individual basis to protect our medical information. There are HIPAA guidelines that require you to, if you're handling patient data, to encrypt it and make sure it's protected when it’s in transit or in storage,” Evans said.

Another safety net you can control is enabling two-factor authentication for your accounts.

“Two-factor authentication is combining something you know, which would be like a password, with something physical, so either your cell phone or a hardware key device,” he said. “The idea is that if an attacker gets just your password, they won't be able to log into your account because they won't have this second factor.”

It all boils down to education.

“The more we are aware of these common exploits, the better job we’re going to do at preventing them,” Goudzwaard said.

He said they are able to educate employees about common attacks and tools they can use to monitor themselves, especially with e-mails where many hackers can pose as co-workers, clients, or vendors.

“We’ve definitely become more aware,” Kobel said.

The Transportation Security Administration is expected to issue new cybersecurity measures this week aimed at the pipeline industry for the first time.

The new rules will apply to U.S. pipeline operators and follow the ransomware attack against one of the country's largest, Colonial Pipeline, earlier this month. The attack resulted in a disruption to fuel supply on the entire east coast for nearly two weeks.

Pipeline companies would be required to report cyber incidents to the federal government as soon as possible.

They will also reportedly be asked to review their security system to determine any weaknesses or risks.

The rules are coming from the TSA, which operates under the Department of Homeland Security. The Washington Post reports a security directive is expected this week, and more rules will be released in the coming weeks.

This is the first time such rules will be issued for the pipeline industry. Previously, there were voluntary guidelines.

Alex Livingston and Robin Dich contributed to this report