Ci spiace, ma questo articolo è disponibile soltanto in Inglese e Ucraino.
As we round off the year, take a look at some of the most noble cyber breaches that took place every month this year.
This year’s cyber-threat landscape was uniquely ferocious. The global average cost of a data breach rose to $4.45 million, up 15% over the past three years according to IBM.
This year also saw nearly 6 billion breached records, 3.8 billion of which came from one breach alone. 1 billion emails alone were exposed, meaning one in five internet users were affected.
That being said, here are some of the most notorious breaches from each month of the year.
January
Just a few days into the new year, the email addresses tied to 235 million Twitter accounts were shared online in a hacking forum. While the exposed information didn’t extend beyond that, it did bring with it broader implications. Many users post anonymously, and exposing the email address used to set up an account could identify users who post dissent in authoritarian nations.
.@elonmusk, just got an alert from credit monitoring that my information was leaked in a data breach from @Twitter? Can you share any information on this breach and what Twitter is doing to protect our information? pic.twitter.com/IeJpO9JKx2
— James Locke (@arctechinc) January 12, 2023
JD Sports
The sports clothing retailer JD Sports suffered a breach that affected about 10 million customers. The data was confined to billing and delivery addresses, phone numbers, order details, and the final four digits of payment cards, opening affected users up to be the victim of scams.
T-Mobile
This US company disclosed that 37 million prepaid and postpaid accounts were exposed. This breach marked the ninth since 2018. The company said they first noticed the attack on January 5th and said that the information obtained for each customer varied, but “may have included full name, contact information, account number and associated phone numbers, T-Mobile account PIN, social security number, government ID, date of birth, balance due, internal codes that T-Mobile uses to service customer accounts (for example, rate plan and feature codes), and the number of lines.”
February
PeopleConnect
This background check services organization confirmed a data breach that affected 20 million people. The breach happened when criminals leaked a 2019 backup database which included information from customer accounts created between 2011 and 2019. Information included email addresses, hashed passwords, and full names.
Ion Group
LockBit, a Russian-linked ransomware gang, attacked software provider Ion Group, a company that plays a key role in the underbelly of trading, debt, and derivatives in Square Mile and around the world. While only 42 clients were affected, the attack had a knock-on effect, leading to other trade processing systems to process trades manually.
The City of London traders hit by #Russia-linked #cyberattack. Lockbit targeted trading software provider Ion Group. Ion said 42 clients have been affected by the attack as it faces disruption in its cleared derivatives division. https://t.co/pia0PNdYeT
— Share_Talk ™ (@Share_Talk) February 1, 2023
Royal Mail
The same group that hit Ion Group also hit Royal Mail earlier in the month. After refusing to pay an $80m ransom, around 11,500 Post Office branches were unable to handle international mail or parcels. While the disruption lasted roughly six weeks, according to TechCrunch, the 45 GB data dump published from the attack by LockBit did not contain much sensitive customer or financial information.
March
Latitude Financial
The largest data breach this month was at Latitude Financial, with over 14 million records compromised. The Melbourne-based company provides personal loans and credit cards to people in Australia and New Zealand. Hackers were able to steal almost 8 million driver’s licenses, 53,000 passport numbers, dozens of monthly financial statements, and 6 million records dating back to 2005.
ChatGPT
ChatGPT, perhaps the most prolific website of 2023, experienced a breach in March of this year, which saw the payment-related information of 1.2% of ChatGPT Plus subscribers who were active during a specific nine-hour window be exposed on March 20th. According to OpenAI officials, some users were able to see other users’ email addresses, payment addresses, last four digits of credit card numbers, and credit card expiration dates.
OpenAI's ChatGPT has suffered its first major personal data breach.
The breach came during a March 20 outage and exposed payment-related and other personal information of 1.2% of the ChatGPT Plus subscribers who were active during a specific nine-hour window.
— George Njoroge (@georgenjoroge_) March 26, 2023
Capita
One of the UK’s largest business processing outsourcing companies was hit by a ransomware attack, where criminals managed to exfiltrate data from Capita’s servers belonging to around 90 organizations. The organization deals with the pensions of about 4.5 million people from companies such as Royal Mail, PwC, and Axa. The breach is believed to have cost Capita up to £25 million.
April
Shields Health Care Group
The largest data breach this month was Shields Health Care Group, based in Massachusetts, US. The cyber-criminal gained access to the personal data of 2.3 million people, for two weeks which included social security numbers, dates of birth, home addresses, healthcare provider information and healthcare history, billing information, insurance numbers, and other financial details.
Yum! Brands
This month, Yum! Brands, which represents KFC Taco Bell, and Pizza Hut announced they had suffered from a cyber-attack that affected both corporate and employee data. The attack resulted in almost 300 locations across the UK shutting down.
MSI
The computer hardware company confirmed that a ransomware gang called Money Message had stolen 1.5TB of company data including source code and threatened to make the data public if MSI didn’t pay $4 million. When no ransom was paid, Money Message began to leak the MSI data on its leak site.
MSI confirms security breach after Money Message ransomware attack: Multinational IT corporation MSI (Micro-Star International) confirms security breach after Money Message ransomware gang claimed the hack. This week the ransomware gang Money Message… https://t.co/DrXVi8Y4B6 pic.twitter.com/514tdJyMaQ
— Shah Sheikh (@shah_sheikh) April 7, 2023
May
Discord
During this month, the popular messaging platform notified its users of a data breach that occurred when a third-party support agent’s account was compromised, giving the attackers access to the agent’s support ticket queue. As a result, user email addresses, customer service messages, and any attachments sent between users and Discord may have been exposed.
US Government
The system that is used to process transport expenses that government employees commuting into offices claim back was hit by a breach, which resulted in roughly 237,000 employees being exposed. However, the US Congress pointed out that the breach was isolated and no systems that dealt with transportation safety had been affected.
Sony
A zero-day exploit was carried out by the Clop ransomware group this month which exposed the data of 6,791 current and former Sony employees. The specifics of what stolen personal data was redacted by Sony, however, the company did disclose that the hackers were able to access personally identifiable information about US-based employees.
June
MOVEit
Perhaps one of the most prolific cyber-attack campaigns of the year was carried out by the Clop ransomware gang. They exploited a zero-day bug in the MOVEit enterprise file transfer tool, which led to data stolen from roughly 2,000 organizations, and data thefts affecting more than 62 million people. In the UK, an HR solutions and payroll provider was targeted, exposing data from companies like Bots, British Airways, and the BBC.
The cl0p ransomware gang has added a public statement on their dark web/Tor hidden services .onion leak site, claiming responsibility for the MOVEit Transfer exploitation.
They are starting the clock to hear from victims until June 14th. pic.twitter.com/wvuzzQj7Y1
— John Hammond (@_JohnHammond) June 6, 2023
UK Universities
A risk monitoring platform discovered that 2.2 million breached credentials were found on the dark web for the UK’s top 100 universities. 57% of the emails, usernames, and passwords discovered belonged to Russel Group Universities which include the University of Edinburgh, and the University of Glasgow, as well as larger universities like the University of Oxford and Cambridge.
Hackers from the BlackCat ransomware gang threatened Reddit with leaking 80GB of confidential data stolen from its servers. The gang asked for $4.5 million in payment and for Reddit to renege on a new controversial pricing policy.
July
Tigo
This video chat platform leaked more than 700,000 people’s data online, including names, usernames, gender, email, and IP addresses, as well as photos uploaded to accounts and private messages. Tigo is one of China’s most popular messaging platforms despite the concerns around data privacy.
Roblox
About 4,000 members in Roblox’s developer community had their data exposed in a lead. The information belonged to people who attended Roblox developer conferences between 2017 and 2020 and includes phone numbers, emails, and dates of birth.
Today in brief emails about a security breach, here’s Roblox. pic.twitter.com/4njfklGbdj
— railworks2 (he/they) 🛤️ (@railworks2rblx) July 19, 2023
Indonesian Immigration Directorate General
The Immigration Directorate General was breached by a hacktivist known as Bjorka, who lifted the passport data of more than 34 million Indonesians which includes names, genders, passport numbers, expiry and issue dates, and dates of birth. The hacker had listed a vast quantity of this data on the dark web, and law enforcement agencies continue to investigate what they say looks more like a traditional cyber-attack than a politically motivated one.
August
UK Electoral Commission
In August the Electoral Commission issued a notification for what it said was a “complex cyber-attack” where hostile actors gained access to the UK’s electoral registers, containing the personal information of 40 million people. The personal data included names, email addresses, home addresses, and phone numbers, as well as any data that might have been submitted through web portals or emails.
Hostile actors were active in our systems and had access to servers which held our email, control systems, and copies of the electoral registers. We have since worked with external security experts and the National Cyber Security Centre to investigate and secure our systems.
— Electoral Commission (@ElectoralCommUK) August 8, 2023
Northern Ireland Police
The Police Services of Northern Ireland suffered an attack that led to the breach of personal details of 10,000 staff, including officers, and civilian workers. While addresses, emails, and phone numbers were not exposed, even just the surnames of staff and the department and role they work in were considered a “severe threat” to the staff.
Duolingo
The popular language education app Duolingo had the data pertaining to 2.6 million users leaked on BreachForums. The data included names, emails, phone numbers, and social media information of the users, as well as which languages they were studying.
September
DarkBeam
DarkBeam, a cyber-vulnerability and threat management provider, created a compilation of public data and added them to a database housing information on cyber-breaches between 2018 and 2019, which was in turn left open to the public. This mistake was due to human error, according to researchers, and over 3 billion records were exposed.
MGM Resorts International
The popular hospitality and casino company MGM reported a cyber-attack that resulted in over £89 million in costs through both consulting and clean-up fees and the cost of the breach itself. Threat actors were able to get information from customers who transacted with the company before March 2019 and obtained social security numbers, and passport numbers.
The ALPHV ransomware group has posted a long message about MGM Resorts on their leak site. pic.twitter.com/ufBuuOpOaG
— @mikko (@mikko) September 14, 2023
October
23andMe
The genetic testing platform 23andMe was involved in a data breach. This led to the exposure of genetically linked relatives, making the impact of the breach felt by about 6.9 million members. In total, the threat actors claim to have breached 20 million data records from the attack.
Indian Council of Medical Research
Approximately 815 million Indian citizens had their COVID test and health data exposed by a threat actor who went by the name ‘pwn0001’.
Air Europa
The Spanish airline Air Europa had to tell all their customers to cancel credit cards after hackers breached the card numbers, expiration dates, and 3-digit CVV numbers were all extracted from the company’s systems.
November
Kid Security
The parental control app, allowing parents to monitor their child’s online safety exposed more than 300 million data records including 21,000 phone numbers, 31,000 emails, and some payment card data.
Samsung UK
A third-party business application utilized by Samsung UK was targeted and resulted in the names, phone numbers, email addresses, and physical addresses of an undisclosed number of customers exposed. The attack impacted customers who made purchases on its eCommerce site between 1 July 2019 and 30 June 2020. The company assured that no financial information was exposed.
December
Toyota Financial Services
So far this month, Toyota Financial Services, a subsidiary of the global automotive giant Toyota Motor Corporation, issued a warning to its customers about a significant data breach following an unauthorized access detected last month in some of its European and African systems. The exact number of victims has not been released, and the company says it is working diligently on an internal investigation into the incident. The threat actors asked for $8 million to delete data.
Ukraine mobile network Kyivstar
Ukraine’s biggest mobile network operator said it hoped to restore operations by Wednesday after coming under what appeared to be the largest cyberattack since Russia launched its war on the country in February 2022.
- Kyivstar’s IT systems ‘partially destroyed’
- CEO says attack connected to war with Russia
- Ukraine investigating possibility of Russian state involvement
Source: digit.fyi
