1

Data Breaches that hit the headlines in 2023

Ci spiace, ma questo articolo è disponibile soltanto in Inglese e Ucraino.

As we round off the year, take a look at some of the most noble cyber breaches that took place every month this year.

 

This year’s cyber-threat landscape was uniquely ferocious. The global average cost of a data breach rose to $4.45 million, up 15% over the past three years according to IBM.

 

This year also saw nearly 6 billion breached records, 3.8 billion of which came from one breach alone. 1 billion emails alone were exposed, meaning one in five internet users were affected.

 

That being said, here are some of the most notorious breaches from each month of the year.

 

January

 

Twitter 

 

Just a few days into the new year, the email addresses tied to 235 million Twitter accounts were shared online in a hacking forum. While the exposed information didn’t extend beyond that, it did bring with it broader implications. Many users post anonymously, and exposing the email address used to set up an account could identify users who post dissent in authoritarian nations.

 

 

JD Sports

 

The sports clothing retailer JD Sports suffered a breach that affected about 10 million customers. The data was confined to billing and delivery addresses, phone numbers, order details, and the final four digits of payment cards, opening affected users up to be the victim of scams.

 

T-Mobile 

 

This US company disclosed that 37 million prepaid and postpaid accounts were exposed. This breach marked the ninth since 2018. The company said they first noticed the attack on January 5th and said that the information obtained for each customer varied, but “may have included full name, contact information, account number and associated phone numbers, T-Mobile account PIN, social security number, government ID, date of birth, balance due, internal codes that T-Mobile uses to service customer accounts (for example, rate plan and feature codes), and the number of lines.”

February

 

PeopleConnect

 

This background check services organization confirmed a data breach that affected 20 million people. The breach happened when criminals leaked a 2019 backup database which included information from customer accounts created between 2011 and 2019. Information included email addresses, hashed passwords, and full names.

 

Ion Group

 

LockBit, a Russian-linked ransomware gang, attacked software provider Ion Group, a company that plays a key role in the underbelly of trading, debt, and derivatives in Square Mile and around the world. While only 42 clients were affected, the attack had a knock-on effect, leading to other trade processing systems to process trades manually.

 

 

Royal Mail

 

The same group that hit Ion Group also hit Royal Mail earlier in the month. After refusing to pay an $80m ransom, around 11,500 Post Office branches were unable to handle international mail or parcels. While the disruption lasted roughly six weeks, according to TechCrunch, the 45 GB data dump published from the attack by LockBit did not contain much sensitive customer or financial information.

March

 

Latitude Financial 

 

The largest data breach this month was at Latitude Financial, with over 14 million records compromised. The Melbourne-based company provides personal loans and credit cards to people in Australia and New Zealand. Hackers were able to steal almost 8 million driver’s licenses, 53,000 passport numbers, dozens of monthly financial statements, and 6 million records dating back to 2005.

 

ChatGPT

 

ChatGPT, perhaps the most prolific website of 2023, experienced a breach in March of this year, which saw the payment-related information of 1.2% of ChatGPT Plus subscribers who were active during a specific nine-hour window be exposed on March 20th. According to OpenAI officials, some users were able to see other users’ email addresses, payment addresses, last four digits of credit card numbers, and credit card expiration dates.

 

 

Capita

 

One of the UK’s largest business processing outsourcing companies was hit by a ransomware attack, where criminals managed to exfiltrate data from Capita’s servers belonging to around 90 organizations. The organization deals with the pensions of about 4.5 million people from companies such as Royal Mail, PwC, and Axa. The breach is believed to have cost Capita up to £25 million.

 

April 

 

Shields Health Care Group

 

The largest data breach this month was Shields Health Care Group, based in Massachusetts, US. The cyber-criminal gained access to the personal data of 2.3 million people, for two weeks which included social security numbers, dates of birth, home addresses, healthcare provider information and healthcare history, billing information, insurance numbers, and other financial details.

 

Yum! Brands

 

This month, Yum! Brands, which represents KFC Taco Bell, and Pizza Hut announced they had suffered from a cyber-attack that affected both corporate and employee data. The attack resulted in almost 300 locations across the UK shutting down.

 

MSI

 

The computer hardware company confirmed that a ransomware gang called Money Message had stolen 1.5TB of company data including source code and threatened to make the data public if MSI didn’t pay $4 million. When no ransom was paid, Money Message began to leak the MSI data on its leak site.

 

 

May 

 

Discord

 

During this month, the popular messaging platform notified its users of a data breach that occurred when a third-party support agent’s account was compromised, giving the attackers access to the agent’s support ticket queue. As a result, user email addresses, customer service messages, and any attachments sent between users and Discord may have been exposed.

 

US Government

 

The system that is used to process transport expenses that government employees commuting into offices claim back was hit by a breach, which resulted in roughly 237,000 employees being exposed. However, the US Congress pointed out that the breach was isolated and no systems that dealt with transportation safety had been affected.

 

Sony

 

A zero-day exploit was carried out by the Clop ransomware group this month which exposed the data of 6,791 current and former Sony employees. The specifics of what stolen personal data was redacted by Sony, however, the company did disclose that the hackers were able to access personally identifiable information about US-based employees.

 

June

 

MOVEit

 

Perhaps one of the most prolific cyber-attack campaigns of the year was carried out by the Clop ransomware gang. They exploited a zero-day bug in the MOVEit enterprise file transfer tool, which led to data stolen from roughly 2,000 organizations, and data thefts affecting more than 62 million people. In the UK, an HR solutions and payroll provider was targeted, exposing data from companies like Bots, British Airways, and the BBC.

 

 

UK Universities

 

A risk monitoring platform discovered that 2.2 million breached credentials were found on the dark web for the UK’s top 100 universities. 57% of the emails, usernames, and passwords discovered belonged to Russel Group Universities which include the University of Edinburgh, and the University of Glasgow, as well as larger universities like the University of Oxford and Cambridge.

 

Reddit

 

Hackers from the BlackCat ransomware gang threatened Reddit with leaking 80GB of confidential data stolen from its servers. The gang asked for $4.5 million in payment and for Reddit to renege on a new controversial pricing policy.

 

July 

 

Tigo

 

This video chat platform leaked more than 700,000 people’s data online, including names, usernames, gender, email, and IP addresses, as well as photos uploaded to accounts and private messages. Tigo is one of China’s most popular messaging platforms despite the concerns around data privacy.

 

Roblox

 

About 4,000 members in Roblox’s developer community had their data exposed in a lead. The information belonged to people who attended Roblox developer conferences between 2017 and 2020 and includes phone numbers, emails, and dates of birth.

 

 

Indonesian Immigration Directorate General

 

The Immigration Directorate General was breached by a hacktivist known as Bjorka, who lifted the passport data of more than 34 million Indonesians which includes names, genders, passport numbers, expiry and issue dates, and dates of birth. The hacker had listed a vast quantity of this data on the dark web, and law enforcement agencies continue to investigate what they say looks more like a traditional cyber-attack than a politically motivated one.

 

August

 

UK Electoral Commission

 

In August the Electoral Commission issued a notification for what it said was a “complex cyber-attack” where hostile actors gained access to the UK’s electoral registers, containing the personal information of 40 million people. The personal data included names, email addresses, home addresses, and phone numbers, as well as any data that might have been submitted through web portals or emails.

 

 

Northern Ireland Police

 

The Police Services of Northern Ireland suffered an attack that led to the breach of personal details of 10,000 staff, including officers, and civilian workers. While addresses, emails, and phone numbers were not exposed, even just the surnames of staff and the department and role they work in were considered a “severe threat” to the staff.

 

Duolingo

 

The popular language education app Duolingo had the data pertaining to 2.6 million users leaked on BreachForums. The data included names, emails, phone numbers, and social media information of the users, as well as which languages they were studying.

 

September

 

DarkBeam

 

DarkBeam, a cyber-vulnerability and threat management provider, created a compilation of public data and added them to a database housing information on cyber-breaches between 2018 and 2019, which was in turn left open to the public. This mistake was due to human error, according to researchers, and over 3 billion records were exposed.

 

MGM Resorts International

 

The popular hospitality and casino company MGM reported a cyber-attack that resulted in over £89 million in costs through both consulting and clean-up fees and the cost of the breach itself. Threat actors were able to get information from customers who transacted with the company before March 2019 and obtained social security numbers, and passport numbers.

 

 

October

 

23andMe

 

The genetic testing platform 23andMe was involved in a data breach. This led to the exposure of genetically linked relatives, making the impact of the breach felt by about 6.9 million members. In total, the threat actors claim to have breached 20 million data records from the attack.

 

Indian Council of Medical Research

 

Approximately 815 million Indian citizens had their COVID test and health data exposed by a threat actor who went by the name ‘pwn0001’.

 

Air Europa

 

The Spanish airline Air Europa had to tell all their customers to cancel credit cards after hackers breached the card numbers, expiration dates, and 3-digit CVV numbers were all extracted from the company’s systems.

 

November

 

Kid Security

 

The parental control app, allowing parents to monitor their child’s online safety exposed more than 300 million data records including 21,000 phone numbers, 31,000 emails, and some payment card data.

 

Samsung UK

 

A third-party business application utilized by Samsung UK was targeted and resulted in the names, phone numbers, email addresses, and physical addresses of an undisclosed number of customers exposed. The attack impacted customers who made purchases on its eCommerce site between 1 July 2019 and 30 June 2020. The company assured that no financial information was exposed.

 

December

 

Toyota Financial Services

 

So far this month, Toyota Financial Services, a subsidiary of the global automotive giant Toyota Motor Corporation, issued a warning to its customers about a significant data breach following an unauthorized access detected last month in some of its European and African systems. The exact number of victims has not been released, and the company says it is working diligently on an internal investigation into the incident. The threat actors asked for $8 million to delete data.

 

Ukraine mobile network Kyivstar

 

Ukraine’s biggest mobile network operator said it hoped to restore operations by Wednesday after coming under what appeared to be the largest cyberattack since Russia launched its war on the country in February 2022.

  • Kyivstar’s IT systems ‘partially destroyed’
  • CEO says attack connected to war with Russia
  • Ukraine investigating possibility of Russian state involvement

 

Source: digit.fyi

Related Posts

card__image

vv

Ci spiace, ma questo articolo è disponibile soltanto in Inglese e Ucraino. Over 709 million attempts to access phishing and scam websites in 2023 have been thwarted by Kaspersky’s anti-phishing system, marking a 40% increase compared to the previous year’s figures. Messaging apps, artificial intelligence platforms, social media services, and cryptocurrency exchanges were among the […]