Data Breaches That Have Happened in 2022, 2023 and 2024 So Far
Data breaches have been on the rise for a number of years, and sadly, this trend isn’t slowing down. The last year or so has been littered with thefts of sensitive information. Data breaches have affected companies and organizations of all shapes, sizes, and sectors, and they’re costing US businesses millions in damages.
The widely-covered T-Mobile data breach that occurred last year, for instance, cost the company $350 million in 2022 – and that’s just in customer payouts. T-Mobile fell victim to two more breaches during 2023, putting more customer data at risk. This puts more onus than ever on businesses to secure their networks, ensure staff have strong passwords, and train employees to spot the telltale signs of phishing campaigns.
Below, we’ve compiled a list of significant, recent data breaches (and a couple of important data leaks) that have taken place since January 1, 2022, dated to the day they were first reported in the media.
Dell Data Breach: Dell emails customers to inform that that their data may have been compromised after an attack on its customer portal. According to Dell, while no financial information was accessed, customers home addresses and order information may have been compromised. Data purportedly from the breach is being offered for sale on hacker forums, suggesting details of 49 million customers have been obtained.
Dropbox Data Breach: Dropbox tells users that its Dropbox Sign service has been accessed by a threat actor, who was able to see data including email addresses, phone numbers, hashed passwords and multi factor authenticator details. Dropbox cloud customers are unaffected.
US Government Data Breach: A threat actor known to be part of a Serbian hacking group claims to have breached Space-eyes, CSO Online reports . an intelligence corporation that works with the United States Department of Justice, the Department of Homeland Security, and a range of agencies and teams within the Armed Forces. The hacker claims they’ve stolen “highly confidential” documents relating to the services the company has provided to the government.
Giant Tiger Data Breach: A hacker claims to have stolen records of almost three million Giant Tiger customers. Although the attack happened back in March, the Canadian retailer only disclosed the incident this week. According to the hacker claiming to have extracted the data, the files contain email addresses, names, physical addresses and phone numbers.
Roku Data Breach: Streaming provider Roku has revealed that it suffered a data breach back in March. Over half a million (576,000) customers had their data compromised in the attack.
“After concluding our investigation of this first incident” Roku explained in a blog post , referencing a previous data breach the company suffered this year. “We notified affected customers in early March and continued to monitor account activity closely to protect our customers and their personal information. Through this monitoring we identified a second incident, which impacted approximately 576,000 additional accounts.”
Vans Data Breach : Vans customers have been told they might be at risk of fraud and identity theft following a breach of the company’s systems. “On December 13, we detected unauthorized activities on a part of our IT systems, apparently carried out by external threat actors,” the company said in a breach notification letter sent out to account holders. It claims that no “detailed financial information” or passwords were exposed during the incident.
Fujistu Data Breach: Multinational technology company Fujitsu has confirmed that it fell victim to a cyberattack recently after malware was found on a collection of the company’s work computers. The company – which employs almost 125,000 people globally – did not reveal what kind of information had been exposed by the attack.
February 2024
February 13.
Bank of America Data Breach: Tens of thousands of Bank of America customers have had their data exposed in a breach relating to a ransomware attack targeted at Infosys Mccamish Systems, one of the bank’s service providers. The attack occurred at the beginning of November 2023.
However, the news only hit the headlines after notifications began to be sent around to customers at the start of February. This may have violated state laws determining how long companies have to notify impacted customers, some reports have pointed out.
More than 57,000 customers are thought to have been impacted by the breach. Types of information exposed include addresses, names, social security numbers, DOBs, as well as some banking information (account numbers, credit card info).
January 2024
Anthropic Data Leak: Artificial intelligence startup Anthropic – the company behind the ChatGPT rival Claude – has suffered a small data leak. A contractor working with the company sent an email containing “non-sensitive customer information” to a third party who should not have had access to it.
Customer names and some information about their current Anthropic balances were the only types of information leaked in the incident, and customers impacted by the mistake have been notified.
Trello Data Breach: 15 million users of project management software platform Trello have their data leaked on the dark web, multiple sources report. “In January 2024, data was scraped from Trello and posted for sale on a popular hacking forum,” a cautionary email from Have I Been Pwned warning users about the breach states.
“Containing over 15 million email addresses, names, and usernames, the data was obtained by enumerating a publicly accessible resource using email addresses from previous breach corpuses” the email continues. “Trello advised that no unauthorized access had occurred.”
Victoria Court System Data Breach: The Guardian reports that the court system in Victoria, Australia has been hacked – and the unauthorized parties gained access the recordings of various court hearings. However, “no other court systems or records, including employee or financial data, were accessed,” chief executive Louise Anderson said in a statement.
December 2023
December 11.
Norton Healthcare Data Breach: Norton Healthcare has suffered a data breach impacting an estimated 2.5 million people. The firm, based in Kentucky, says that threat actors gained unauthorized access to personal information about millions of patients, as well as a considerable number of employees.
The Healthcare provider is one of the biggest in the state, with more than 40 clinics dotted in and around Kentucky’s state capital, Louiseville, TechCrunch reports. Although the data breach happened between May 7 and May 9, it only came to light this month when it was filed with Maine’s attorney general. An internal investigation by Norton suggests the threat actors had access to a broad selection of sensitive information.
November 2023
November 24.
Vanderbilt University Medical Center Data Breach: A Tennessee-based medical institution has confirmed it fell victim to a ransomware attack orchestrated by the Meow ransomware gang. The Medical Center – which has over 40,000 employees – was one of several organizations added to the group leak database in November 2023.
“Vanderbilt University Medical Center (VUMC) identified and contained a cybersecurity incident in which a database was compromised and has launched an investigation into the incident,” the center revealed in a statement published by The Record. “Preliminary results from the investigation indicate that the compromised database did not contain personal or protected information about patients or employees.”
November 15
Toronto Public Library Data Breach: The Toronto Public Library has said that sensitive, personal information relating to their employees, as well as library customers and volunteers, was stolen from their systems during a highly sophisticated ransomware attack. Some of the information had been stored in the system since 1998. According to Bleeping Computer, the Black Basta ransomware gang are behind the attack, a group who’s activity were first observed in 2022.
Infosys Data Breach: Indian IT services company Infosys says they’ve been struck with a “security event” which made several of the firm’s applications unavailable in its US unit, called Infosys McCamish Systems. The company is still investigating the impact the attack has had on its systems.
Boeing Data Breach: Aircraft manufacturer Boeing says that a “cyber incident” impacted several different elements of its business, with Reuters reporting that the company is already working with law enforcement to investigate the attack. The company has confirmed that the incident has no bearing on flight safety.
The LockBit ransomware gang initially claimed responsibility for the attack and posted a threat directed at Boeing on their website – which has since been taken down. There is no clear evidence available at this point that suggests Boeing has paid the organization a ransom.
October 2023
Indian Council of Medical Research Data Breach: Around 815 million Indian citizens may have had their Covid test and other health data exposed to a huge data breach. A US security firm first alerted the Indian authorities in mid-October after a threat actor going by the name of “pwn0001” claimed to have the names, addresses, and phone numbers of hundreds of millions of Indians for sale.
India’s opposition parties are asking the government to urgently launch a probe into the breach and create a working data security plan for government agencies and departments.
Okta Data Breach: Identity services and authentication management provider Okta has revealed that its support case management system was accessed by a threat actor using stolen credentials.
“The unauthorized access to Okta’s customer support system leveraged a service account stored in the system itself. This service account was granted permissions to view and update customer support cases” Okta’s chief security office said in a recent statement . “During our investigation into suspicious use of this account, Okta Security identified that an employee had signed in to their personal Google profile on the Chrome browser of their Okta-managed laptop.”
Air Europa Data Breach: Spanish airline carrier Air Europa has told their customers to cancel all of their credit cards after hackers managed to access their financial information during a breach. Card numbers, expiration dates, and 3-digit CVV numbers found on the back of credit and debit cards were all extracted from the company’s systems. Air Europa says the relevant authorities, (including banks) have been notified and their systems are fully operational once more.
23andMe Data Breach: Biotech company 23andMe has suffered a data breach – customer accounts were broken into with a credential-stuffing attack. Genetic data belonging to people who have used the service has been stolen, which may include first names and last names, email addresses, birth dates, and information 23andMe stores relating to users’ genetic ancestry and history. Reports suggest that the hackers were targeting/looking for data pertaining to individuals of Ashkenazi Jewish and Chinese descent.
September 2023
September 27.
Hunter Biden Data Breach lawsuit: Hunter Biden – the son of US President Joe Biden – is suing both Rudy Guliani and his lawyer Robert Costello for accessing and sharing his personal information after they obtained his laptop from a computer repair shop. The lawsuit says that Guliani and Co. were responsible for a “total annihilation” of Hunter Biden’s privacy.
September 25
SONY Data Breach: multinational technology company SONY has reportedly been broken into by ransomware group Ransomware.vc, who say they will sell the data they’ve stolen because SONY is refusing to pay them for it. Over 6,000 files have allegedly been extracted from the tech company’s systems by the group, including build log and Java files.
Ontario Birth Registry Data Breach (MOVEit): Ontario’s birth registry has confirmed that there has been a data breach of its systems, and around 3.4 million people who sought pregnancy care over the last ten years have had their information accessed.
It is thought that more than two million babies born during this period have had their healthcare data exposed. it is one of the latest attacks to exploit the now well-known vulnerability in the MOVEit file transfer tool.
September 5
Topgolf Callaway Data Breach: US golf club manufacturer Topgolf Callaway has suffered a large data breach affecting over one million customers. Email notifications were sent out to those who were affected this week. Data stolen includes full names, shipping addresses, email addresses, phone numbers, account passwords, and security question answers.
September 4
Freecycle Data Breach: Seven million Freecycle users have been affected in a breach of the nonprofit’s systems. By the time the company had discovered that the breach had taken place, extracted data had already appeared on hacking forums.
User IDs and email addresses were obtained during the breach, and Freecycle has advised all their members to reset their passwords as soon as possible.
August 2023
Forever 21 data breach: Fashion retailer Forever 21 has revealed that 500,000 customers were affected by a data breach that occurred earlier this year. Names, dates of birth, bank account information, and Social Security numbers were accessed by an unauthorized third party. Forever 21 says that the intruder no longer has access to the data, but it’s unclear precisely how they’ve been able to negotiate this.
Duolingo Data Breach: Data pertaining to 2.6 million Duolingo users has been leaked on BreachForums. The data includes names, email addresses, phone numbers, social media information, as well as the languages that users were studying at the time of the breach.
Discord.io Data Breach: Discord.io – an online service that helped people make custom links for their discord channels – has suffered a data breach. 760,000 users are thought to be impacted, with sensitive information such as passwords, usernames, Discord IDs, and billing addresses thought to have been extracted. Discord.io is a third-party service and not part of Discord Inc. It now seems to have shut down as a result of the breach.
IBM MOVEit Data Breach: 4.1 million patients in Colorado have had sensitive healthcare data stolen during another data breach exploiting a vulnerability in MOVEit transfer software. The systems affected are managed by tech behemoth IBM.
Police Service of Northern Ireland Data Breach: Every police officer currently working in Northern Ireland has had their data compromised in what is being described as a “monumental” data breach. The data was leaked in error and mistakenly published while the service was responding to a Freedom of Information request. Surnames, initials, ranks, work locations, and departments of all of the police staff were leaked.
Missouri Medicaid Data Breach: Some recipients of Medicaid in Missouri have had their health information stolen. Like many recent data breaches, it seems the MOVEit transfer vulnerability was once again to blame. Information stolen may include names, dates of birth, possible benefit status, and medical claims information.
Maximus Data Breach: US government contractor Maximus has suffered a huge data breach. Once again, hackers exploited the MOVEit transfer vulnerability and accessed health-related data pertaining to “at least 8 to 11 million” US citizens, the company said in an 8-K filing . A full review of the incident, the company says, will take “several more weeks”.
Norweigan Government Breach: Hackers have exploited a zero-day vulnerability in a third-party IT platform to hack into the government of Norway’s systems. The country’s authorities have shut down email and mobile services for government employees in response. It is unclear at present who is behind the attack, but the vulnerability that they were exploiting has now been closed, the Norwegian Government said in a statement .
Roblox Data Breach: Almost 4,000 members of Roblox’s developer community have had their data exposed in a leak, including phone numbers, email addresses, and dates of birth. The sensitive information, which belongs to individuals who attended Roblox developer conferences held between 2017 and 2020, was reportedly first lifted from Roblox’s systems in 2021.
PokerStars Data Breach: The world’s largest online poker platform has suffered a data breach exposing the information of 110,000 customers. The attackers – known as the Cl0p ransomware cartel – exploited a MOVEit zero-day vulnerability to gain access to the poker site’s systems. PokerStars has confirmed that they’re no longer utilizing the MOVEit transfer application after the incident. The stolen data consists of social security numbers, names, and addresses.
American Airlines Data Breach: Hackers have reportedly stolen personal information relating to ‘thousands’ of pilots that applied for roles at American Airlines and Southwest Airlines. Rather than being taken directly from either airline, the information was extracted from a database maintained by a recruiting company. Around 8,000 pilots are thought to have been affected, including 2,200 represented by the Allied Pilots Association.
UPS Canada Data Breach: United Parcel Service has strongly hinted to customers based in Canada via a letter that their personal data may have been exposed in a breach, after fraudulent messages demanding payment before delivery were spotted.
The strangely-worded letter sent out to customers suggested that “a person who searched for a particular package or misused a package lookup tool” could have uncovered personal information relating to customers, such as phone numbers.
Bryan Cave/Mondelez Data Breach: Snack and confectionary manufacturer Mondelez, the parent company that owns Oreo, Chips Ahoy!, Sour Patch Kids, Toblerone, Milka, Cadbury, and many other well-known brands, has notified employees that their personal information has been compromised in a breach at law firm Bryan Cave.
Bryan Cave provides Mondelez and a number of other large companies with legal services. According to the data breach notice filed to the Maine Attorney General’s Office, 51110 employees are thought to have been affected. Although the data breach occurred in February of this year, it was only discovered three months later in May, the filing reveals.
Reddit Data Breach: Hackers purporting to be from the BlackCat ransomware gang have threatened Reddit with leaking 80GB of confidential data they stole from its servers in February. The gang is demanding a $4.5 million payout and also wants Reddit to renege on its new pricing policy that garnered widespread backlash.
Intellihartx Data Breach: Healthcare management firm Intellihartx confirmed that hackers stole the medical details of over half a million patients, including social security numbers. According to a notice filed with the Maine attorney general’s office, the breach took place in January, but wasn’t discovered until April.
MOVEit hack, affecting Zellis, British Airways, BBC and others: MOVEit, a popular file transfer tool, was compromised, leading to sensitive data belonging to many firms that use the software being compromised as well. The hack was disclosed by Progress Software, makers of MOVEit, and since then, many companies have reported being affected. These include payroll provider Zellis, British Airways, BBC, and the province of Nova Scotia. However, it is believed that many more companies will have been impacted. Russian ransomware group Clop has claimed responsibility for the attack on June 6th.
Apria Healthcare Data Breach: US healthcare company Apria Healthcare has told almost 1.9 million customers this week that their personal data may have been exposed during a data breach, The Register reports.
The “unauthorized third party” access detected on “select Apria systems” referenced by the company in their notification apparently occurred in 2019 and again in 2021. Why the incident has only just been made public and was not declared earlier is unclear at present.
Suzuki Data Breach: Car manufacturer Suzuki had to halt operations at a plant in India after a cyberattack, reports this week have alleged. According to Autocar’s sources, “production has been stalled since Saturday, May 10, and it is estimated to have incurred a production of loss of over 20,000 vehicles in this timeframe.” The perpetrators of the attack have not been publicly identified by Suzuki.
PharMerica Data Breach: US Pharmaceutical giant PharMerica – which manages 2,500 different facilities across the US – has revealed that an unknown actor accessed its systems in March and extracted personal data pertaining to 5.8 million individuals (both alive and deceased).
Social security numbers, birth dates, names, and health insurance information were all extracted from the Kentucky-based health provider’s systems.
US Government Data Breach: Personal information pertaining to 237,000 US government employees has reportedly been exposed in a Department of Transport data breach.
Reuters reports that the breached system is usually used to process “TRANServe transit benefits”, which are effectively transport expenses that government employees commuting into offices can claim back. The Department of Transport told Congress last week that it had “isolated the breach to certain systems at the department used for administrative functions”. No systems that deal with transportation safety have been affected.
Discord Data Breach: Messaging and video chatting platform Discord has told users that their information may have been exposed in a data breach after a malicious actor gained access to it via “a third-party customer service agent”.
Discord has told users that their email addresses and customer service queries – as well as any documents sent to Discord – may have been accessed. The customer service agent’s account has been locked and the company is in the process of ensuring that no persistent threat remains on their devices or network.
T-Mobile Data Breach: T-Mobile has suffered yet another data breach, this time affecting around 800 of the telecom provider’s customers. According to recent reports, customer contact information, ID cards, and/or social security numbers were scraped from PIN-protected accounts, as well as other personal information pertaining to T-Mobile customers.
A data breach notification letter sent out to customers by T-Mobile, and subsequently published by Bleeping Computer, details the full extent of the data accessed by the threat actors. Unfortunately, this is the company’s second data breach of the year. The first one, which took place in January, affected 37 million customers. T-Mobile was also breached in December 2021 and November 2022.
Pizza Hut/KFC Data Breach: Yum! Brands, which owns fast food chains Pizza Hut, KFC, and Taco Bell, has informed a number of individuals that their personal data was exposed during a ransomware attack that took place in January of this year. The hospitality giant confirmed that names, driver’s license, and ID card info was stolen. An investigation into whether the information has been used to commit fraud already is currently underway.
MSI Data Breach/Ransomware Attack: Computer vendor Micro-Star International has suffered a data breach , with new ransomware gang Money Message claiming responsibility for the attack. The group says they’ve stolen 1.5TB of information from the Taiwanese company’s systems and want $4 million in payment – or they’ll release the data if MSI fails to pay.
“Say [to] your manager, that we have MSI source code, including framework to develop bios, also we have private keys able to sign in any custom module of those BIOS and install it on PC with this bios,” a member of the ransomware gang said to an MSI agent in a chat seen by Bleeping Computer.
Western Digital Data Breach: Western Digital has reported a data breach , the scope of which at the time of writing is unknown. The company has stated that an unauthorized third party was able to access ‘a number’ of cloud systems. Users of Western Digital products have reported being unable to access the cloud features of their devices since the hack was reported. In a statement on its site, Western Digital said it is “actively working to restore impacted infrastructure and services”, with more updates allegedly on the way.
ChatGPT Data Leak: A bug found in ChatGPT’s open-source library caused the chatbot to leak the personal data of customers, which included some credit card information and the titles of some chats they initiated. “In the hours before we took ChatGPT offline,” OpenAI said after the incident, “it was possible for some users to see another active user’s first and last name, email address, payment address, the last four digits (only) of a credit card number, and credit card expiration date. Full credit card numbers were not exposed at any time.”
US House of Representatives Data Breach: A breach of a Washington DC-based healthcare provider that handles sensitive data belonging to a number of federal legislators and their families may have affected up to 170,000 people. The data has been put up for sale online, although the FBI is thought to have already purchased it as part of their investigation.
February 2023
February 21.
Activision Data Breach: Call of Duty makers Activision has suffered a data breach , with sensitive employee data and content schedules exfiltrated from the company’s computer systems. Although the breach occurred in early December 2022, the company has only recently revealed this to the public. According to reports, an employee’s credentials were obtained in a phishing attack and subsequently used to infiltrate the system.
February 15
Atlassian Data Breach: Australian software company Atlassian seems to have suffered a serious data breach. A hacking group known as “SiegedSec” claims to have broken into the company’s systems and extracted data relating to staff as well as floor plans for offices in San Francisco and Sydney. Included in the dataset are names, email addresses, the departments that staff work in, and other information relating to their employment at Atlassian.
“THATS RIGHT FOLKS, SiegedSec is here to announce we have hacked the software company Atlassian,” the hacking group said in a message that was posted along with the data. “This company worth $44 billion has been pwned by the furry hackers uwu.”
Although Atlassian initially blamed software company office coordination platform Envoy for the breach, the company later reneged on this, revealing that the hacking group had managed to obtain “an Atlassian employee’s credentials that had been mistakenly posted in a public repository by the employee.”
February 10
Reddit Data Breach: Reddit has confirmed that the social media company suffered a data breach on February 5. “After successfully obtaining a single employee’s credentials” Reddit CTO Christopher Slowe explained in a recent statement regarding the attack, “the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems.”
Slowe said that Reddit’s systems show “no indications of breach of our primary production systems (the parts of our stack that run Reddit and store the majority of our data),” but did confirm that “limited contact information… for company contacts and employees (current and former), as well as limited advertiser information” were all accessed.
At present, Reddit has “no evidence to suggest that any of your non-public data has been accessed, or that Reddit’s information has been published or distributed online.”
Optus Data Breach Extortion Attempt: A man from Sydney has been served a Community Correction Order and 100 hours of community service for leveraging data from a recent Optus data breach to blackmail the company’s customers. Initially arrested back in October of last year, the perpetrator sent SMS communications to 92 people saying that their personal information would be sold to other hackers if they didn’t pay AU$ 2000.
Weee! Data Breach: 1.1 million customers of Asian and Hispanic food delivery service Weee! have had their personal information exposed in a data breach. A threat actor that goes by the name of IntelBroker posted some of the leaked data on the infamous hacking forum Breached. However, Weee! told Bleeping Computer that “no customer payment data was exposed” because Weee! does not retain any payment information.
Sharp HealthCare Data Breach: Sharp HealthCare, which is the largest healthcare provider in San Diego, California, has notified 62,777 patients that their personal information was exposed during a recent attack on the organization’s website. Social Security numbers, health insurance data, and health records belonging to customers have all been compromised, but Sharp says no bank account or credit card information was stolen.
January 2023
JD Sports Data Breach: As many as 10 million people may have had their personal information accessed by hackers after a data breach occurred at fashion retailer JD sports, which owns JD, Size?, Millets, Blacks, and Scotts. JD Sports CFO Neil Greenhalgh told the Guardian that the company is advising customers “to be vigilant about potential scam emails, calls, and texts” while also “providing details on how to report these.”
T-Mobile Data Breach: T-Mobile has suffered another data breach, this time affecting around 37 million postpaid and prepaid customers who’ve all had their data accessed by hackers. The company claims that while it only discovered the issue on January 5th of this year, the intruders are thought to have been exfiltrating data from the company’s systems since late November 2022.
As discussed in the introduction to this article, this is not the first time that T-Mobile has fallen victim to a high-profile cyber attack impacting millions of customers. In the aftermath of last year’s attack, during which 76 million customers had their data compromised, the company pledged it would spend $150 million to upgrade its data security – but the recent attack raises serious questions over whether this has been well spent.
MailChimp Breach: Another data breach for MailChimp, just six months after its previous one. MailChimp claims that a threat actor was able to gain access to its systems through a social engineering attack, and was then able to access data attached to 133 MailChimp accounts. It’s a bad sign for the company, as the attack method is startling similar to last year’s breach, casting serious doubts on its security protocols.
PayPal Data Breach: A letter sent to PayPal customers on January 18, 2023, says that on December 20, 2022, “unauthorized parties” were able to access PayPal customer accounts using stolen login credentials.
PayPal goes on to say that the company has “no information” regarding the misuse of this personal information or “any unauthorized transactions” on customer accounts and that there isn’t any evidence that the customer credentials were stolen from PayPal’s systems.
Chick-fil-A Data Breach: fast food chain Chick-fil-A is investigating “suspicious activity” linked to a select number of customer accounts. The company has published information on what customers should do if they notice suspicious activity on their accounts, and advised such customers to remove any stored payment methods on the account.
Twitter Data Breach: Twitter users’ data was continuously bought and sold on the dark web during 2022, and it seems 2023 is going to be no different. According to recent reports, a bank of email addresses belonging to around 200 million Twitter users is being sold on the dark web right now for as little as $2. Even though the flaw that led to this leak was fixed in January 2022, the data is still being leaked by various threat actors.
December 2022
December 31.
Slack Security Incident: Business communications platform Slack released a statement just before the new year regarding “suspicious activity” taking place on the company’s GitHub account.
“Upon investigation, we discovered that a limited number of Slack employee tokens were stolen and misused to gain access to our externally hosted GitHub repository. Our investigation also revealed that the threat actor downloaded private code repositories on December 27,” the company said. However, Slack confirmed that “no downloaded repositories contained customer data, means to access customer data, or Slack’s primary codebase”.
December 15
SevenRooms Data Breach: Threat actors on a hacking forum posted details of over 400GB of sensitive data stolen from the CRM platform’s servers . The information included files from big restaurant clients, promo codes, payment reports, and API keys. However, it seems that the servers that were breached did not store any customer payment details.
LastPass Data Breach: Password manager LastPass has told some customers that their information was accessed during a recent security breach. According to LastPass, however, no passwords were accessed by the intruder. This is not the first time LastPass has fallen victim to a breach of their systems this year – someone broke into their development environment in August, but again, no passwords were accessed.
November 2022
November 11.
AirAsia Data Breach: AirAsia Group has, according to reports, suffered a ransomware attack orchestrated by “Daixin Team”. The threat group told DataBreaches.net that they obtained “the personal data of 5 million unique passengers and all employees.” This included name, date of birth, country of birth, location, and their “secret question” answer.
Dropbox data breach: Dropbox has fallen victim to a phishing attack, with 130 Github repositories copied and API credentials stolen after credentials were unwittingly handed over to the threat actor via a fake CricleCI login page.
However, Dropbox confirmed in a statement relating to the attack that “no one’s content, passwords or payment information was accessed” and that the issue was “quickly resolved”. Dropbox also said that they were in the process of adopting the “more phishing-resistant form” of multi-factor authentication technique, called “WebAuthn”.
October 2022
Medibank Data Breach: Medibank Private Ltd, currently the largest health insurance provider in Australia, said today that data pertaining to almost all of its customer base (nearly 4 million Australians) had been accessed by an unauthorized party. The attack caused Medibank’s stock price to slide 14%, the biggest one-day dip since the company was listed.
Vinomofo Data Breach: Australian wine dealer Vinomofo has confirmed it has suffered a cyber attack. Names, dates of birth, addresses, email addresses, phone numbers, and genders of the company’s almost 500,000 customers may have been exposed – although it is currently unclear how many have been affected.
MyDeal Data Breach: 2.2 million customers of Woolworths subsidiary MyDeal, an Australian retail marketplace, has been impacted by a data breach. According to reports, the company’s CRM system was compromised, with names, email addresses, telephone numbers, delivery addresses, and some dates of birth exposed during the breach.
Shein Data Breach: Fashion brand Shein’s parent company Zoetop has been fined $1.9 million for its handling of a data breach back in 2018, one which exposed the personal information of over 39 million customers that had made accounts with the clothing brand.
The New York Attorney General’s Office says Zoetop lied about the size of the breach, as the company initially said only 6.42 million accounts had been affected and didn’t confirm credit card information had been stolen when it in fact had.
Toyota Data Breach: In a message posted on the company’s website, the car manufacturer stated that almost 300,000 customers who had used its T-Connect telematics service had had their email addresses and customer control numbers compromised. The company assured customers that there was no danger of financial data such as credit card information, nor names or telephone numbers, having been breached.
In its statement, Toyota acknowledged that the T-Connect database had been compromised since July 2017, and that customers should be vigilant for phishing emails.
Singtel Data Breach: Singtel, the parent company of Optus, revealed that “the personal data of 129,000 customers and 23 businesses” was illegally obtained in a cyber-attack that happened two years ago. Data exposed includes “National Registration Identity care information, name, date of birth, mobile numbers, and addresses” of breach victims.
Possible Facebook Accounts Data Breach: Meta said that it has identified more than 400 malicious apps on Android and iOS app stores that target online users with the goal of stealing their Facebook login credentials. “These apps were listed on the Google Play Store and Apple’s App Store and disguised as photo editors, games, VPN services, business apps, and other utilities to trick people into downloading them,” the Tech giant said.
LAUSD Data Breach: Russian-speaking hacking group Vice Society has leaked 500GB of information from The Los Angeles Unified School District (LAUSD) after the US’s second-largest school district failed to pay an unspecified ransom by October 4th. The ransomware attack itself first made the headlines in early September when the attack disrupted email servers and computer systems under the district’s control.
September 2022
September 23.
Optus Data Breach: Australian telecoms company Optus – which has 9.7 million subscribers – has suffered a “massive” data breach. According to reports, names, dates of birth, phone numbers, and email addresses may have been exposed, while a group of customers may have also had their physical addresses and documents like driving licenses and passport numbers accessed.
The attackers are thought to be a state-sponsored hacking group or some sort of criminal organization and breached the company’s firewall to get to the sensitive information. Australia’s Information Commissioner has been notified.
The Australian government has said Optus should pay for new passports for those who entrusted Optus with their data, and Prime Minister Antony Albanese has already suggested it may lead to “better national laws, after a decade of inaction, to manage the immense amount of data collected by companies about Australians – and clear consequences for when they do not manage it well.”
September 20
American Airlines Data Breach: The personal data of a “very small number” of American Airlines customers has been accessed by hackers after they broke into employee email accounts, the airline has said. Information accessed could have included customers’ date of birth, driver’s license, passport numbers, and even medical information, they added.
September 19
Kiwi Farms Data Breach: Notorious trolling and doxing website Kiwi Farms – known for its vicious harassment campaigns that target trans people and non-binary people – has been hacked. According to site owner Josh Moon, whose administrator account was accessed, all users should “assume your password for the Kiwi Farms has been stolen”, “assume your email has been leaked”, as well as “any IP you’ve used on your Kiwi Farms account in the last month”.
Revolut Data Breach: Revolut has suffered a cyberattack that facilitated an unauthorized third party accessing personal information pertaining to tens of thousands of the app’s clients. 50,150 customers have reportedly been impacted. The State Data Protection Inspectorate in Lithuania, where Revolut holds a banking license, said that email addresses, full names, postal addresses, phone numbers, limited payment card data, and account data were likely exposed.
September 18
Rockstar Data Breach: Games company Rockstar, the developer responsible for the Grand Theft Auto series, was victim of a hack which saw footage of its unreleased Grand Theft Auto VI game leaked by the hacker. In addition, the hacker also claims to have the game’s source code, and is purportedly trying to sell it. The breach is thought to have been caused through social engineering, with the hacker gaining access to an employee’s Slack account. The hacker also claims to be responsible for the Uber attack earlier in the month.
In a statement, Rockstar said: “We recently suffered a network intrusion in which an unauthorized third party illegally accessed and downloaded confidential information from our systems, including early development footage for the next Grand Theft Auto.”
September 15
Uber Data Breach: Uber’s computer network has been breached, with several engineering and comms systems taken offline as the company investigates how the hack took place. Dubbed a “total compromise” by one researcher, email, cloud storage, and code repositories have already been sent to security firms and The New York Times by the perpetrator.
Uber employees found out their systems had been breached after the hacker broke into a staff member’s slack account and sent out messages confirming they’d successfully compromised their network.
September 14
Fishpig Data breach: Ecommerce software developer Fishpig, which over 200,000 websites currently use, has informed customers that a distribution server breach has allowed threat actors to backdoor a number of customer systems. “We are quite used to seeing automated exploits of applications and perhaps that is how the attackers initially gained access to our system” lead developer Ben Tideswell said of the incident.
September 7
North Face Data Breach: roughly 200,000 North Face accounts have been compromised in a credential stuffing attack on the company’s website. These accounts included full names purchase histories, billing addresses, shipping addresses, phone numbers, account holders’ genders, and XPLR Pass reward records. No credit card information is stored on site. All account passwords have been reset, and account holders have been advised to change their passwords on other sites where they have used the same password credentials.
September 6
IHG/Holiday Inn Data Breach: IHG released a statement saying they became aware of “unauthorized access” to its systems. The company is assessing the “nature, extent and impact of the incident”, with the full extent of the breach yet to be made clear.
September 3
TikTok Data Breach Rumour: Rumours started circulating that TikTok had been breached after a Twitter user claimed to have stolen the social media site’s internal backend source code. However, after inspecting the code, a number of security experts have dubbed the evidence “inconclusive”, including haveibeenpwned.com’s Troy Hunt. Users commenting on YCombinator’s Hacker News, on the other hand, suggested the data is from some sort of ecommerce application that integrates with TikTok.
Responding to a request for comment from Bloomberg UK, a spokesperson for TikTok said that the company’s “security team investigated this statement and determined that the code in question is completely unrelated to TikTok’s backend source code.”
September 2
Samsung Data Breach: Samsung announced that they’d fallen victim to a “cybersecurity incident” when an unauthorized party gained access to their systems in July. In August, they learned some personal information was impacted, including names, contact information, demographics, birth dates as well as product registration information. Samsung is contacting everyone whose data was compromised during the breach via email.
August 2022
Nelnet Servicing Data Breach: Personal information pertaining to 2.5 million people who took out student loans with the Oklahoma Student Loan Authority (OSLA) and/or EdFinancial has been exposed after threat actors breached Nelnet Servicing’s systems. The systems were compromised in June and the unauthorized party, who remained on the network until late July.
Facebook/Cambridge Analytica Data Breach Settlement: Meta agreed on this date to settle a lawsuit that alleged Facebook illegally shared data pertaining to its users with the UK analysis firm Cambridge Analytica. The data was subsequently used by political campaigns in the UK and US during 2016, a year which saw Donald Trump become president and Britain leave the EU via referendum.
DoorDash Data Breach : “We recently became aware that a third-party vendor was the target of a sophisticated phishing campaign and that certain personal information maintained by DoorDash was affected,” DoorDash said in a blog post.
The delivery service went on to explain that “the information accessed by the unauthorized party primarily included [the] name, email address, delivery address and phone number” of a number of DoorDash customers, whilst other customers had their “basic order information and partial payment card information (i.e., the card type and last four digits of the card number)” accessed.
LastPass Breach: The password manager disclosed to its customers that it was compromised by an “unauthorized party”. The company assured customers that this took place in its development environment and that no customer details are at risk. A September update confirmed that LastPass’s security measures prevented customer data from being breached, and the company reminded customers that they do not have access to or store users’ master passwords.
Plex Data Breach: Client-server media streaming platform Plex is enforcing a password reset on all of its user accounts after “suspicious activity” was detected on one of its databases. Reports suggest that usernames, emails, and encrypted passwords were accessed.
DESFA Data Breach: Greece’s largest natural gas distributor confirmed that a ransomware attack caused an IT system outage and some files were accessed. However, a quick response from the organization’s IT team – including deactivating online servers – meant that the damage caused by the threat was minimal.
Cisco Data Breach: Multi-national technology conglomerate Cisco confirmed that the Yanluowang ransomware gang had breached its corporate network after the group published data stolen during the breach online. Security experts have suggested the data is not of “great importance or sensitivity”, and that the threat actors may instead be looking for credibility.
Twilio Data Breach: Messaging behemoth Twilio confirmed on this date that data pertaining to 125 customers was accessed by hackers after they tricked company employees into handing over their login credentials by masquerading as IT department workers.
Uber Data Breach Cover-Up: Although this data breach actually took place way back in 2016 and was first revealed in November 2017, it took Uber until July 2022 to finally admit it had covered up an enormous data breach that impacted 57 million users , and even paid $100,000 to the hackers just to ensure it wasn’t made public. The case will see Uber’s former chief security officer, Joe Sullivan, stand trial for the breach – the first instance of an executive being brought to the dock for charges related to a data breach.
Twitter Data Breach: The first reports that Twitter had suffered a data breach concerning phone numbers and email addresses attached to 5.4 million accounts started to hit the headlines on this date, with the company confirming in August that the breach was indeed genuine. The vulnerability that facilitated the breach was known by Twitter at the turn of the year and had been patched by January 13, 2022, so data theft must have happened within that short window.
Neopets Data Breach: On this date, a hacker going by the alias “TarTaX” put the source code and database for the popular game Neopet’s website up for sale on an online forum. The database contained account information for 69 million users , including names, email addresses, zip codes, genders, and dates of birth.
Cleartrip Data Breach: Travel booking company Cleartrip – which is massively popular in India and majority-owned by Walmart – confirmed its systems had been breached after hackers claimed to have posted its data on an invite-only dark web forum. The full extent of the data captured from the company’s internal servers is unknown.
Infinity Rehab and Avamere Health Services Data Breach: The Department of Health and Human Services was notified by Infinity Rehab that 183,254 patients had had their personal data stolen. At the same time, Avamere Health Services informed the HHS that 197,730 patients had suffered a similar fate. Information stolen included names, addresses, driver’s license information, and more. On August 16, Washington’s MultiCare revealed that 18,165 more patients were affected in the same breach.
Deakin University Data Breach: Australia’s Deakin University confirmed on this date that it was the target of a successful cyberattack that saw the personal information of 46,980 students stolen , including recent exam results. Around 10,000 of the university’s students received scam text messages shortly after the data breach occurred.
Marriot Data Breach: The Hotel group – which is no stranger to a data breach – confirmed its second high-profile data breach of recent years had taken place in June, after a hacking group tricked an employee and subsequently gained computer access. According to databreaches.net, the group claimed to be in possession 20 GB of data stolen from the BWI Airport Marriott’s server in Maryland. Marriot would be notifying 300-400 individuals regarding the breach.
OpenSea Data Breach: NFT marketplace OpenSea – that lost $1.7 million of NFTs in February to phishers – suffered a data breach after an employee of Customer.io, the company’s email delivery vendor, “misused their employee access to download and share email addresses provided by OpenSea users… with an unauthorized external party”. The company said that anyone with an email account they shared with OpenSea should “assume they are affected”.
Flagstar Bank Data Breach: 1.5 million customers were reportedly affected in a data breach that was first noticed by the company on June 2, 2022. “We have no evidence that any of the information has been misused. Nevertheless, out of an abundance of caution, we want to make you aware of the incident” a letter from Flagstar bank to affected customers read.
Baptist Medical Center and Resolute Health Hospital Data Breach: The two health organizations – based in San Antonio and New Braunfels respectively – disclosed that a data breach had taken place between March 31 and April 24. Data lifted from its systems by an “unauthorized third party” included the social security numbers, insurance information, and full names of patients.
Choice Health Insurance Data Breach: On this date, Choice Health Insurance started to notify customers of a data breach caused by “human error” after it realized an unauthorized individual was offering to make data belonging to Choice Health available online. This had actually been publicly available since May 2022. The data dump consisted of 600MB of data with 2,141,006 files with labels such as “Agents” and “Contacts”.
Shields Health Care Group Data Breach: It was reported in early June that Massachusetts-based healthcare company Shields was the victim of a data breach that affected 2,000,000 people across the United States. The breach was first discovered on March 28, 2022, and information such as Social Security numbers, Patient IDs, home addresses, and information about medical treatments was stolen. A class action lawsuit was filed against the company shortly after.
Verizon Data Breach: A threat actor got their hands on a database full of names, email addresses, and phone numbers of a large number of Verizon employees in this Verizon data breach. Vice/Motherboard confirmed these numbers were legitimate by ringing the numbers contained in the databases and confirming they currently (or used to) work at Verizon. According to Vice, the hacker was able to infiltrate the system after convincing an employee to give them remote access in a social engineering scam.
Texas Department of Transportation Data Breach: According to databreaches.net, personal records belonging to over 7,000 individuals had been acquired by someone who hacked the Texas Dept. for Transportation.
Alameda Health System Data Breach: Located in Oakland, California, Alameda Health System notified the Department of Health and Human Services that around 90,000 individuals had been affected by a data breach after suspicious activity was detected on some employee email accounts, which was later found to be an unauthorized third party.
National Registration Department of Malaysia Data Breach: A group of hackers claimed to hold the personal details of 22.5 million Malaysians stolen from myIDENTITI API, a database that lets government agencies like the National Registration Department access information about Malaysian citizens. The hackers were looking for $10,000 worth of Bitcoin for the data.
Cost Rican Government Data Breach: In one of the most high-profile cyberattacks of the year, the Costa Rican government – which was forced to declare a state of emergency – was hacked by the Conti ransomware gang . Conti members breached the government’s systems, stole highly valuable data, and demanded $20 million in payment to avoid it being leaked. 90% of this data – amounting to around 670GB – was posted to a leak site on May 20.
SuperVPN, GeckoVPN, and ChatVPN Data Breach: A breach involving a number of widely used VPN companies led to 21 million users having their information leaked on the dark web, Full names, usernames, country names, billing details, email addresses, and randomly generated passwords strings were among the information available. Unfortunately, this is not the first time supposedly privacy-enhancing VPNs have made the headlines for a data breach .
Cash App Data Breach: A Cash App data breach affecting 8.2 million customers was confirmed by parent company Block on April 4, 2022 via a report to the US Securities and Exchange Commission. The breach had actually occurred way back in December 2021, with customer names and brokerage account numbers among the information taken.
Emma Sleep Data Breach: First reported on April 4, customer credit card information was skimmed using a “Magecart attack”. “This was a sophisticated, targeted cyber-attack on the checkout process on our website and personal information entered, including credit card data, may have been stolen” an email to customers read.
Apple & Meta Data Breach: According to Bloomberg, in late March, two of the world’s largest tech companies were caught out by hackers pretending to be law enforcement officials. Apple and Meta provided the threat actors with customer addresses, phone numbers, and IP addresses in mid-2021. The hackers had already gained access to police systems to send out fraudulent demands for the data. Some of the hackers were thought to be members of the Lapsus$ hacking group, who reportedly stole the Galaxy source code from Samsung earlier in the month .
US Department of Education Data Breach: It was revealed that 820,000 students in New York had their data stolen in January 2022, with demographic data, academic information, and economic profiles all accessed. Chancellor David Banks blamed software company Illuminate Education for the incident.
Texas Department of Insurance Data Leak: The state agency confirmed on March 24 that it had become aware of a “data security event” in January 2022, which had been ongoing for around three years. “Types of information that may have been accessible”, the TDI said in a statement in March, included “names, addresses, dates of birth, phone numbers, parts or all of Social Security numbers, and information about injuries and workers’ compensation claims. 1.8 million Texans are thought to have been affected.
Morgan Stanley Client Data Breach: US investment bank Morgan Stanley disclosed that a number of clients had their accounts breached in a Vishing (voice phishing) attack in February 2022, in which the attacker claimed to be a representative of the bank in order to breach accounts and initiate payments to their own account. This was, however, not the fault of Morgan Stanley, who confirmed its systems “remained secure”.
February 2022
February 25.
Nvidia Data Breach: Chipmaker Nvidia confirmed in late February that it was investigating a potential cyberattack, which was subsequently confirmed in early March. In the breach, information relating to more than 71,000 employees was leaked. Hacking group Lapsus$ claimed responsibility for the intrusion into Nvidia’s systems.
February 20
Credit Suisse Data Leak: Although this is technically a “data leak”, it was orchestrated by a whistleblower against the company’s wishes and one of the more significant exposures of customer data this year. Information relating to 18,000 Credit Suisse accounts was handed over to German publication Süddeutsche Zeitung, and showed the Swiss company had a number of high-profile criminals on their books. The incident kickstarted a fresh conversation about the immorality of Switzerland’s banking secrecy laws.
January 2022
Crypto.com Data Breach: On January 20, 2022, Crypto.com made the headlines after a data breach led to funds being lifted from 483 accounts. Roughly $30 million is thought to have been stolen, despite Crypto.com initially suggesting no customer funds had been lost.
Red Cross Data Breach: In January, it was reported that the data of more than 515,000 “extremely vulnerable” people , some of whom were fleeing from warzones, had been seized by hackers via a complex cyberattack. The data was lifted from at least 60 Red Cross and Red Crescent societies across the globe via a third-party company that the organization uses to store data.
Flexbooker Data Breach: On January 6, 2022, data breach tracking site HaveIBeenPwned.com revealed on Twitter that 3.7 million accounts had been breached in the month prior. Flexbooker only confirmed that customer names, phone numbers, and addresses were stolen, but HaveIBeenPwned.com said “partial credit card data” was also included. Interestingly, 69% of the accounts were already in the website’s database, presumably from previous breaches.
Data Breaches vs Data Leaks vs Cyberattacks
This article largely concerns data breaches. A data breach occurs when a threat actor breaks into (or breaches) a company, organization, or entity’s system and purposefully lifts sensitive, private, and/or personally identifiable data from that system. When this happened, companies are sometimes forced to pay ransoms, or their information is stolen ad posted online. According to one estimate, 5.9 billion accounts were targeted in data breaches last year.
This is different from a data leak , which is when sensitive data is unknowingly exposed to the public/members of the public, such as the Texas Department for Insurance leak mentioned above. The term “data leak” is often used to describe data that could, in theory, have been accessed by people it shouldn’t of, or data that fell into the hands of people via non-malicious means. A government employee accidentally sending someone an email with sensitive data is usually described as a leak, rather than a breach.
Although all data breaches fall under the umbrella of a “ cyberattack “, cyberattacks are not limited to data breaches. Some cyber attacks have different motivations – such as slowing a website or service down or causing some other sort of other disruption. Not all cyberattacks lead to the exfiltration of data, but many do.
How Can I Protect My Organization From Cyber-Attacks?
Ensuring you take steps to protect your company from the sorts of cyber attacks that lead to financially fatal data breaches is one of the most crucial things you can do. It’s not just businesses that are at risk, however – schools and colleges are some of the most frequently targeted organizations that suffer huge financial losses .
Some companies and organizations – like Lincoln College – have had to shut down due to the fallout costs of a cyberattack. There has never been more of an onus on companies, colleges, and other types of organizations to protect themselves.
Unauthorized access to networks is often facilitated by weak business account credentials. So, whilst passwords are still in use , the best thing you can do is get your hands on a password manager for yourself and the rest of your staff team. This will allow you to create robust passwords that are sufficiently long and different for every account you hold. However, you’ll also need to use additional security measures, like 2-Factor Authentication, wherever possible, to create a second line of defense.
Another thing you must do is ensure your staff has sufficient training to spot suspicious emails and phishing scams . Around 70% of cyberattacks target business email accounts, so having staff that can recognize danger when it’s present is just as important as any software.
Get the latest tech news, straight to your inbox
Stay informed on the top business tech stories with Tech.co's weekly highlights reel.
By signing up to receive our newsletter, you agree to our Privacy Policy . You can unsubscribe at any time.
We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at [email protected]
- Business Trends
- Privacy and Security
Written by:
Companies That Offer Generous Paid Parental Leave in 2024
If you're planning on starting or growing your family, here...
Fully Remote Jobs at Microsoft You Can Apply for in May 2024
Microsoft has hundreds of open and fully remote positions...
Dell Cracks Down on Remote Workers (Again) with Red Flag System
Dell staff are being color-coded for office attendance,...
Microsoft Releases an Internet-Free AI Model For Spies
Microsoft's new internet-free chatbot finally gives...
BREAKING: A controlled explosion frees the Dali container ship trapped beneath the Francis Scott Key Bridge in Baltimore
U.S. government says several agencies hacked as part of broader cyberattack
Several U.S. agencies have been hacked as part of a broader cyberattack that has hit dozens of companies and organizations in recent weeks through a previously unknown vulnerability in popular file sharing software.
The Cybersecurity and Infrastructure Security Agency, the country’s top civilian cybersecurity watchdog, said Thursday that it is still investigating the scope of the hacks, said Eric Goldstein, its executive assistant director.
“CISA is providing support to several federal agencies that have experienced intrusions,” he said. “We are working urgently to understand impacts and ensure timely remediation.”
The hackers exploited a vulnerability in a program called MOVEIt, a popular tool for transferring files quickly.
Charles Carmakal, the chief technology officer of Mandiant, a cybersecurity company owned by Google whose clients include government agencies, said he was aware of some data theft from federal agencies through the MOVEIt hacks.
It wasn’t immediately clear whether the stolen files were sensitive or whether the hackers had disrupted government systems. CNN first reported CISA's statement.
It’s the third known time in as many years that foreign hackers have been able to break into multiple federal agencies and steal information. In 2020, hackers working for Russian intelligence broke into nine agencies by first hacking into software they used that was developed by a Texas company called SolarWinds. The next year, Chinese intelligence hackers broke into additional agencies through a remote work program called Pulse Secure .
In an interview with NBC News’ Andrea Mitchell on Thursday, CISA Director Jen Easterly said the agency was tracking the hackers “as a well-known ransomware group.”
That appeared to be a reference to an established cybercriminal group called CL0P.
Last week, CISA and the FBI issued a warning that CL0P was exploiting a previously unknown vulnerability in MOVEIt. In a rapid hacking spree, the group used the flaw to steal files from at least 47 organizations and demand payment not to publish them online, said Brett Callow, an analyst at the cybersecurity company Emsisoft.
CL0P is a primarily Russian-speaking cybercrime gang, said Allan Liska, a ransomware expert at the cybersecurity company Recorded Future.
Speaking to reporters on a call Thursday afternoon, a CISA official said that it appeared that CL0P was able to steal information that organizations had stored specifically with MOVEIt but that the hackers weren’t able to use that as a foothold to break into other systems.
The Energy Department was one of the victims, a spokesperson for the agency said in an emailed statement Thursday.
The CISA official declined to give a specific number of victims. The agency is assisting several agencies whose files were hacked, the official said. CISA is unaware of any military branches’ or intelligence community agencies’ being affected, the official said.
The Office of the Director of National Intelligence declined to comment. The National Security Council didn’t immediately respond to a request for comment.
Wendi Whitmore, who leads threat analysis for the cybersecurity company Palo Alto Networks, said CL0P’s campaign of hacking victims through MOVEIt was incredibly widespread.
“I think it’s at least hundreds, if not more,” of the total victims, she said.
This is a developing story. Please check back for updates.
Kevin Collier is a reporter covering cybersecurity, privacy and technology policy for NBC News.
Ascension warns of suspected cyberattack; clinical operations disrupted
- Medium Text
Sign up here.
Reporting by Pratik Jain in Bengaluru; Editing by Pooja Desai
Our Standards: The Thomson Reuters Trust Principles. New Tab , opens new tab
Australia's Iress Ltd over the weekend detected and contained an unauthorized access of the firm's space on a third-party platform which is used to manage its pre-production software code, the financial software firm said on Monday.
Technology Chevron
GameStop soars after flag bearer 'Roaring Kitty' resurfaces
Shares of videogame retailer GameStop surged nearly 75% on Monday after "Roaring Kitty", an account associated with a social media finance influencer credited with sparking the 2021 meme stock rally, returned to X.com after a three-year hiatus from the app.
Games Global has withdrawn its initial public offering registration in the United States, the UK-based maker of online casino-styled games said on Monday, a day before its stock market debut in New York.
Report: 2.6 billion personal records compromised by data breaches in past two years — underscoring need for end‑to‑end encryption
Text of this article
December 7, 2023
An Apple-commissioned study shows that threats to consumer data stored in the cloud have grown dramatically since the last report was published in December 2022
Today Apple published an independent study conducted by Massachusetts Institute of Technology professor Dr. Stuart Madnick that found clear and compelling proof that data breaches have become an epidemic, threatening sensitive and personal consumer data the world over. The total number of data breaches more than tripled between 2013 and 2022 — exposing 2.6 billion personal records in the past two years alone — and has continued to get worse in 2023. The findings underscore that strong protections against data breaches in the cloud, like end-to-end encryption, have only grown more essential since last year’s report and the launch of Advanced Data Protection for iCloud.
This year’s study, “ The Continued Threat to Personal Data: Key Factors Behind the 2023 Increase ,” demonstrates threats that had already reached historic levels — as shown in last year’s report, " The Rising Threat to Consumer Data in the Cloud " — continue to rise. Increasingly, companies across the technology industry are addressing these threats by implementing end-to-end encryption, as Apple did with last year’s launch of Advanced Data Protection for iCloud.
With Advanced Data Protection for iCloud, which uses end-to-end encryption to provide Apple’s highest level of cloud data security, users have the choice to further protect important iCloud data even in the case of a data breach. iCloud already protects 14 sensitive data categories using end-to-end encryption by default, including passwords in iCloud Keychain and Health data. For users who enable Advanced Data Protection for iCloud, the total number of data categories protected using end-to-end encryption rises to 23, including iCloud Backup, Notes, and Photos.
“Bad actors continue to pour enormous amounts of time and resources into finding more creative and effective ways to steal consumer data, and we won’t rest in our efforts to stop them,” said Craig Federighi, Apple’s senior vice president of Software Engineering. “As threats to consumer data grow, we’ll keep finding ways to fight back on behalf of our users by adding even more powerful protections.”
As shown in this year’s report, the increasing digitalization of users’ personal and professional lives has fueled a dramatic rise in data breaches. Each year, thousands of data breaches expose the personal information of hundreds of millions of consumers. Hackers are evolving their methods and finding more ways to defeat security practices that once held them back. Consequently, even organizations with the strongest possible security practices are vulnerable to threats in a way that wasn’t true just a few years ago.
The report also shows that even when consumers take all the right steps to secure their sensitive data, it’s still at risk of being compromised by hackers if it’s stored in a readable form by organizations they entrust it with. For instance, when attempting to infiltrate companies with robust security practices, hackers often start by targeting a different organization with relatively weak security that has a technical business relationship with the ultimate target. They then steal credentials or information that helps them target employees or systems at the organization that is their primary objective.
As threats to user data continue to grow more frequent and sophisticated, Apple’s long track record of engineering powerful and innovative features make its products the most secure on the market. With Lockdown Mode, Apple developed a protection for those who may be targeted by extreme threats like mercenary spyware because of who they are or what they do. Apple’s Advanced Data Protection for iCloud is another feature the company has developed to protect users against growing threats to their data, keeping most user data in iCloud protected even in the case of a data breach in the cloud.
The report illustrates that the historic threats to user data that saw the number of data breaches nearly triple between 2013 and 2022, compromising 2.6 billion records over the course of two years, are only getting worse in 2023. In the U.S. alone, there were nearly 20 percent more breaches in just the first nine months of 2023 than in any prior year. The target for cybercriminals was very clear, with a 2023 survey finding that over 80 percent of breaches involved data stored in the cloud. This is after attacks targeting cloud infrastructure nearly doubled from 2021 to 2022.
This is due in part to the increased targeting of consumer data by ransomware gangs and coordinated campaigns that compromised vendors or their products to target customers. The threat of ransomware has only grown in 2023, as shown by the fact that there were nearly 70 percent more attacks reported through September 2023 than in the first three quarters of 2022. In fact, experts found that there were more ransomware attacks through September 2023 than in all of 2022 combined. This has led to alarming trends in the U.S. and abroad, with more than double the accounts getting breached in the first half of 2023 compared to the first half of 2022 in the U.K., Australia, and Canada combined.
Press Contacts
Scott Radcliffe
Apple Media Helpline
Images in this article
“The Continued Threat to Personal Data: Key Factors Behind the 2023 Increase”
The biggest data breaches, hacks of 2021
In 2021, thousands of new cybersecurity incidents have been recorded -- and while cryptocurrency theft and data loss are now commonplace, this year stands out due to several high-profile incidents involving ransomware, supply chain attacks, and the exploitation of critical vulnerabilities.
The Identity Theft Research Center (ITRC) has reported an increase of 17% in the number of recorded data breaches during 2021 in comparison to 2020. However, an entrenched lack of transparency around the disclosure of security incidents continues to persist -- and so this may be a low ball estimation.
According to IBM, the average cost of a data breach has now reached over $4 million, while Mimecast estimates that the average ransomware demand levied against US companies is well over $6 million . The world record for the largest payout, made by an insurance company this year, now stands at $40 million.
Read on: This is the perfect ransomware victim, according to cybercriminals | Enterprise data breach cost reached record high during COVID-19 pandemic |
Experts have warned that the security issue could persist for years with the recent emergence and rapid exploitation of the Log4j vulnerability. That goes for data leaks, breaches, and theft, too, which are unlikely to decline in number in the near future.
Here are some of the most notable security incidents, cyberattacks, and data breaches over 2021.
ZDNET Recommends
- Best VPN services
- Best security keys
- Best antivirus software
- The fastest VPNs
- Livecoin: Following an alleged hack in December, cryptocurrency exchange Livecoin slammed its doors shut and exited the market in January. The Russian trading post claimed that threat actors were able to break in and tamper with cryptocurrency exchange rate values, leading to irreparable financial damage.
- Microsoft Exchange Server : One of the most damaging cybersecurity incidents this year was the widespread compromise of Microsoft Exchange servers caused by a set of zero-day vulnerabilities known collectively as ProxyLogon. The Redmond giant became aware of the flaws in January and released emergency patches in March; however, the Hafnium state-sponsored threat group was joined by others for months after in attacks against unpatched systems. Tens of thousands of organizations are believed to have been compromised.
- MeetMindful : The data of over two million users of the dating app was reportedly stolen and leaked by a hacking group. The information leaked included everything from full names to Facebook account tokens.
- SITA : An IT supplier for aviation services around the world, SITA, said a security incident involving SITA Passenger Service System servers led to the exposure of personal, identifiable information belonging to airline passengers. Airlines involved in the data breach were then required to reach out to their customers.
- ATFS : A ransomware attack against payment processor ATFS forced multiple US cities to send out data breach notifications. The cybercriminal group which claimed responsibility, Cuba, claimed to have stolen a wide range of financial information on their leak site.
- Mimecast: Due to the Solarwinds supply chain attack disclosed in December 2020, Mimecast found itself as a recipient of a malicious software update that compromised the firm's systems. Mimecast said that its production grid environment had been compromised, leading to the exposure and theft of source code repositories. In addition, Mimecast-issued certificates and some customer server connection datasets were also caught in the breach.
- Tether : Tether faced an extortion demand from cyberattackers who threatened to leak documents online that would "harm the Bitcoin ecosystem." The demand, of approximately $24 million or 500 Bitcoin (BTC), was met with deaf ears as the blockchain organization refused to pay .
- CNA Financial : CNA Financial employees were left unable to access corporate resources and were locked out following a ransomware attack which also involved the theft of company data. The company reportedly paid a $40 million ransom.
- Facebook : A data dump of information belonging to over 550 million Facebook users was published online. Facebook IDs, names, dates of birth, genders, locations, and relationship statuses were included in the logs, of which Facebook -- now known as Meta -- said was collected via scraping in 2019.
- Colonial Pipeline : If there was ever an example of how a cyberattack can impact the physical world, the cyberattack experienced by Colonial Pipeline is it. The fuel pipeline operator was struck by ransomware, courtesy of DarkSide , leading to fuel delivery disruption and panic buying across the United States. The company paid a ransom, but the damage was already done.
- Omiai : The Japanese dating app said unauthorized entry may have led to the exposure of data belonging to 1.7 million users.
- Volkswagen, Audi: The automakers disclosed a data breach impacting over 3.3 million customers and some prospective buyers, the majority of which were based in the United States. A finger was pointed at an associated vendor as the cause of the breach, believed to be responsible for exposing this data in an unsecured manner at "some point" between August 2019 and May 2021.
- JBS USA: The international meatpacking giant suffered a ransomware attack , attributed to the REvil ransomware group, which had such a disastrous impact on operations that the company chose to pay an $11 million ransom in return for a decryption key to restore access to its systems.
- UC San Diego Health : UC San Diego Health said employee email accounts were compromised by threat actors, leading to a wider incident in which patient, student, and employee data potentially including medical records, claims information, prescriptions, treatments, Social Security numbers, and more were exposed.
- Guntrader.uk : The UK trading website for shotguns, rifles, and shooting equipment said that records belonging to roughly 100,000 gun owners, including their names and addresses, had been published online . As gun ownership and supply are strictly controlled in the UK, this leak has caused serious privacy and personal safety concerns.
- Kaseya : A vulnerability in a platform developed by IT services provider Kaseya was exploited in order to hit an estimated 800 - 1500 customers, including MSPs.
- T-Mobile: T-Mobile experienced a yet-another data breach in August. According to reports , the names, addresses, Social Security numbers, driver's licenses, IMEI and IMSI numbers, and ID information of customers were compromised. It is possible that approximately 50 million existing and prospective customers were impacted. A 21-year-old took responsibility for the hack and claimed to have stolen roughly 106GB of data from the telecoms giant.
- Poly Network : Blockchain organization Poly Network disclosed an Ethereum smart contract hack used to steal in excess of $600 million in various cryptocurrencies.
- Liquid : Over $97 million in cryptocurrency was stolen from the Japanese cryptocurrency exchange.
- Cream Finance : Decentralized finance (DeFi) organization Cream Finance reported a loss of $34 million after a vulnerability was exploited in the project's market system.
- AP-HP : Paris' public hospital system, AP-HP, was targeted by cyberattackers who managed to swipe the PII of individuals who took COVID-19 tests in 2020.
- Debt-IN Consultants : The South African debt recovery firm said a cyberattack had resulted in a "significant" incident impacting client and employee information. PII, including names, contact details, salary and employment records, and debts owed, are suspected of being involved.
- Coinbase: Coinbase sent out a letter to roughly 6,000 users after detecting a "third-party campaign to gain unauthorized access to the accounts of Coinbase customers and move customer funds off the Coinbase platform." Cryptocurrency was taken without permission from some user accounts.
- Neiman Marcus : In October, Neiman Marcus made a data breach that occurred in May 2020 public. The intrusion was only detected in September 2021 and included the exposure and potential theft of over 3.1 million payment cards belonging to customers, although most are believed to be invalid or expired.
- Argentina : A hacker claimed to have compromised the Argentinian government's National Registry of Persons , thereby stealing the data of 45 million residents. The government has denied the report.
- Panasonic : The Japanese tech giant revealed a cyberattack had taken place -- a data breach occurring from June 22 to November 3, with discovery on November 11 -- and admitted that information had been accessed on a file server.
- Squid Game : The operators of a cryptocurrency jumping on the popularity of the Netflix show Squid Game (although not officially associated) crashed the value of the SQUID token in what appears to be an exit scam. The value plummeted from a peak of $2,850 to $0.003028 overnight, losing investors millions of dollars. An anti-dumping mechanism ensured that investors could not sell their tokens -- and could only watch in horror as the value of the coin was destroyed.
- Robinhood : Robinhood disclosed a data breach impacting roughly five million users of the trading app. Email addresses, names, phone numbers, and more were accessed via a customer support system.
- Bitmart : In December, Bitmart said a security breach permitted cyberattackers to steal roughly $150 million in cryptocurrency and has caused total losses, including damages, to reach $200 million.
- Log4j: A zero-day vulnerability in the Log4j Java library, a remote code execution (RCE) flaw, is now being actively exploited in the wild. The bug is known as Log4Shell and is now being weaponized by botnets, including Mirai.
- Kronos : Kronos, an HR platform, became a victim of a ransomware attack. Some users of Kronos Private Cloud are now facing an outage that may last weeks -- and just ahead of Christmas, too.
Previous and related coverage
- Best gifts for hackers: Cybersecurity presents, secured
- With 18,378 vulnerabilities reported in 2021, NIST records fifth straight year of record numbers
- Best VPNs for small and home-based businesses
- Security company offers Log4j 'vaccine' for systems that can't be updated immediately
- Virginia legislative agencies and commissions hit with ransomware attack
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0
Security researchers say this scary exploit could render all VPNs useless
The best travel vpns: expert tested, ai raises cybersecurity fears among professionals, ey report finds.
- Share full article
Advertisement
Supported by
Uber Investigating Breach of Its Computer Systems
The company said on Thursday that it was looking into the scope of the apparent hack.
By Kate Conger and Kevin Roose
Uber discovered its computer network had been breached on Thursday, leading the company to take several of its internal communications and engineering systems offline as it investigated the extent of the hack.
The breach appeared to have compromised many of Uber’s internal systems, and a person claiming responsibility for the hack sent images of email, cloud storage and code repositories to cybersecurity researchers and The New York Times.
“They pretty much have full access to Uber,” said Sam Curry, a security engineer at Yuga Labs who corresponded with the person who claimed to be responsible for the breach. “This is a total compromise, from what it looks like.”
An Uber spokesman said the company was investigating the breach and contacting law enforcement officials.
Uber employees were instructed not to use the company’s internal messaging service, Slack, and found that other internal systems were inaccessible, said two employees, who were not authorized to speak publicly.
Shortly before the Slack system was taken offline on Thursday afternoon, Uber employees received a message that read, “I announce I am a hacker and Uber has suffered a data breach.” The message went on to list several internal databases that the hacker claimed had been compromised.
The hacker compromised a worker’s Slack account and used it to send the message, the Uber spokesman said. It appeared that the hacker was later able to gain access to other internal systems, posting an explicit photo on an internal information page for employees.
The person who claimed responsibility for the hack told The New York Times that he had sent a text message to an Uber worker claiming to be a corporate information technology person. The worker was persuaded to hand over a password that allowed the hacker to gain access to Uber’s systems, a technique known as social engineering.
“These types of social engineering attacks to gain a foothold within tech companies have been increasing,” said Rachel Tobac, chief executive of SocialProof Security. Ms. Tobac pointed to the 2020 hack of Twitter, in which teenagers used social engineering to break into the company. Similar social engineering techniques were used in recent breaches at Microsoft and Okta.
“We are seeing that attackers are getting smart and also documenting what is working,” Ms. Tobac said. “They have kits now that make it easier to deploy and use these social engineering methods. It’s become almost commoditized.”
The hacker, who provided screenshots of internal Uber systems to demonstrate his access, said that he was 18 years old and had been working on his cybersecurity skills for several years. He said he had broken into Uber’s systems because the company had weak security. In the Slack message that announced the breach, the person also said Uber drivers should receive higher pay.
The person appeared to have access to Uber source code, email and other internal systems, Mr. Curry said. “It seems like maybe they’re this kid who got into Uber and doesn’t know what to do with it, and is having the time of his life,” he said.
In an internal email that was seen by The New York Times, an Uber executive told employees that the hack was under investigation. “We don’t have an estimate right now as to when full access to tools will be restored, so thank you for bearing with us,” wrote Latha Maripuri, Uber’s chief information security officer.
It was not the first time that a hacker had stolen data from Uber. In 2016, hackers stole information from 57 million driver and rider accounts and then approached Uber and demanded $100,000 to delete their copy of the data. Uber arranged the payment but kept the breach a secret for more than a year.
Joe Sullivan, who was Uber’s top security executive at the time, was fired for his role in the company’s response to the hack. Mr. Sullivan was charged with obstructing justice for failing to disclose the breach to regulators and is currently on trial.
Lawyers for Mr. Sullivan have argued that other employees were responsible for regulatory disclosures and said the company had scapegoated Mr. Sullivan.
Kate Conger is a technology reporter in the San Francisco bureau, where she covers the gig economy and social media. More about Kate Conger
Kevin Roose is a technology columnist and the author of “Futureproof: 9 Rules for Humans in the Age of Automation.” More about Kevin Roose
A Guide to Digital Safety
A few simple changes can go a long way toward protecting yourself and your information online..
A data breach into your health information can leave you feeling helpless. But there are steps you can take to limit the potential harm.
Don’t know where to start? These easy-to-follow tips and best practices will keep you safe with minimal effort.
Your email address has become a digital bread crumb that companies can use to link your activity across sites. Here’s how you can limit this .
Protect your most sensitive accounts by creating unique passwords and adding extra layers of verification .
There are stronger methods of two-factor authentication than text messages. Here are the pros and cons of each .
Do you store photos, videos and important documents in the cloud? Make sure you keep a copy of what you hold most dear .
Browser extensions are free add-ons that you can use to slow down or stop data collection. Here are a few to try.
Top data breaches and cyber attacks of 2022
Cybercrime is big business, and it’s already rife in 2022 – we’ve highlighted ten top cases
In Association with
Regrettably, cyberattacks and breaches are big business – bad actors with an endless stream of nefarious motives populate the internet, ready to pounce on insecure data and immature security practices.
There’s no shortage of attacks and breaches, and that can make it hard to manage if you like to keep up with the latest security news.
Happily, we’ve done the hard work to round up ten of 2022’s top breaches and cyberattacks so far. They’re not in any particular order, but you should read on if you want to find out how significant an attack can be – and if you want to learn how to avoid the same issues.
There’s plenty of business security advice elsewhere on the site, including our explainer on the differences between endpoint protection and antivirus software and a guide on picking the best antivirus product for your business .
A Techradar Choice for Best Antivirus Get online protection you can trust from one of the leaders in cybersecurity. Defend against viruses, phishing, ransomware, spyware, zero-second threats, Wi-Fi vulnerabilities, and more. Visit Avast.com today to see Special Pricing for Small Business Solutions.
Cryptocurrency is big business, so it’s no wonder that Crypto.com was subjected to a serious breach at the start of 2022. The attack took place on January 17th, and targeted nearly 500 people’s cryptocurrency wallets .
Despite the blockchain being a relatively secure transaction method, the thieves used a pretty simple method to get the job done: they circumvented the site’s two-factor authentication ( 2FA ). They stole $18 million of Bitcoin and $15 million of Ethereum.
Initially, Crypto.com described the hack as a mere “incident” and denied any theft, but clarified the situation a few days later and reimbursed the affected users.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Computing giant Microsoft is no stranger to cyberattacks, and on March 20th 2022 the firm was targeted by a hacking collective called Lapsus$ . The group posted a screenshot on Telegram to indicate that they’d managed to hack Microsoft and, in the process, they’d compromised Cortana, Bing , and several other products.
The hackers made off with some material from Microsoft, too, but by March 22nd Microsoft announced that they’d shut down the hacking attempt promptly and that only one account was compromised.
Microsoft said that no customer data had been stolen, and Microsoft undoubtedly benefitted from its effective security team – the Lapsus$ group has previously targeted Nvidia, Samsung and plenty of other companies, and the politically-motivated group was already on Microsoft’s radar.
News Corp is one of the biggest news organizations in the world, so it’s no surprise that hackers are eager to breach its security – and in February 2022, News Corp admitted server breaches way back in February 2020.
News Corp quickly asserted that no customer data was stolen during the breach, and that the company’s everyday work wasn’t hindered.
Instead, News Corp uncovered evidence that emails were stolen from its journalists. The thieves have not been identified, but News Corp has mooted that espionage is at the root of this attack – no surprise when News Corp servers hold loads of sensitive information.
You wouldn’t think anyone would want to attack the Red Cross, but that’s what happened in January 2022. An attack on a third-party contractor saw more than half a million records compromised – including documents that the Red Cross classed as “highly vulnerable”.
Ultimately, thousands of people had their sensitive data stolen, and most of the victims are currently listed as missing or vulnerable. The Red Cross took servers offline to stop the attack and investigate this seemingly political breach, but no culprit has been identified.
Ronin is a blockchain gaming platform that relies on cryptocurrency, so it’s bound to be targeted by forward-thinking criminals – and that’s exactly what happened between November 2021 and March 2022.
Ronin’s Axie Infinity game enables players to earn digital currency and NFTs , and its increasing popularity saw the firm dial back security protocols so its servers could handle a growing audience.
That helped Axie Infinity deal with the number of people who wanted to play, but it also let criminals in – and they stole $600 million of cryptocurrencies. Ronin’s parent company is working with authorities to identify the culprits and recover funds, but it’s a lesson that any business can learn: never compromise your security standards.
At the end of 2021 and the start of 2022, appointment management business FlexBooker was hit by a vast attack that affected around three million of its users.
Confidential data including ID information, drivers’ licenses and passwords was stolen by the hackers and then offered for sale on popular hacking message boards, and many powerful users have left FlexBooker because of the breach.
A hacking group called Uawrongteam was responsible for the hack, and it wasn’t a particularly sophisticated affair – the group cracked FlexBooker’s AWS servers and installed malware to control the firm’s systems.
Plenty of hacks are motivated by politics rather than pure financial gain, and that’s certainly true of GiveSendGo’s breach in February 2022.
GiveSendGo is a Christian fundraising site favored by Canadian truckers who drove across the country to protest against COVID rules.
Political hackers stole and then published the information of 90,000 people who had donated money to the protestors and then redirected the fundraising page to another site that criticized the truckers – a classic DDoS attack. Some data was also sent to a group that publishes leaked data that usually comes from far-right groups.
It’s a clear lesson that companies need top-notch security to ward off political attacks – because not all breaches are driven by financial gain.
Block (formerly Twitter) owns this popular mobile payment tool , and in April 2022 the firm acknowledged that a former employee had breached the service’s servers.
The culprit clearly had a significant axe to grind with the business. The hack involved customer names, stock trading information, account numbers and portfolio values alongside loads of other sensitive financial information.
Block hasn’t yet said how many people were affected by the breach, but the firm has contacted more than 8 million customers to tell them about the incident. Luckily, no account credentials were stolen in the attack, and the hacker only stole a limited amount of identifiable information.
Marquard & Bahls
You’ve probably not heard of this business, but in February 2022 the Germany energy giant was attacked and saw its IT infrastructure destabilized. The result? A closure of more than 200 gas stations across Germany.
Companies like Shell struggled to supply customers with fuel because of the attack, and experts have said that the attack looks like it’s come from the infamous BlackHat gang – a Russian group that has attacked oil pipelines in the past.
With energy volatility an increasingly relevant topic given the climate crisis and the war in Ukraine, expect to see more attacks that hit oil businesses and other energy organizations.
PressReader
This Vancouver-based company is the world’s largest online distributor of newspapers and magazines. In March 2022 an attack halted its publication of loads of top news titles – from big names like the New York Times to local papers and outlets.
PressReader hasn’t said if any ransomware was involved in the attack, but the attack immediately followed the company’s announcement that it would give users in Ukraine free access – so it could well be a political attack.
PressReader was able to quickly restore its full publishing capability, but the three-day attack stopped people from accessing more than 7,000 news sources.
- Protect your business from the latest cyberthreats with the best antivirus software
Mike has worked as a technology journalist for more than a decade and has written for most of the UK’s big technology titles alongside numerous global outlets. He loves PCs, laptops and any new hardware, and covers everything from the latest business trends to high-end gaming gear.
Android malware poses as top apps to steal data — Google, Instagram, WhatsApp all spoofed
Top conservative news website hit in data breach — around 26 million Post Millennial users affected
Apple iPad Air 13-inch (2024) – Bigger, faster, and the best bet for your big-tablet dreams
Most Popular
- 2 Microsoft is investing billions into another major US AI data center — and its location is a slap in the face to Apple
- 3 I tested Samsung's glare-free OLED TV vs a conventional OLED TV – here's what I learned
- 4 Data breaches are getting worse - and many are coming from a familiar source
- 5 Dell cracks down on hybrid working again — computing giant is going to start color-coding employees to show who is coming back to the office
- 2 I tested Samsung's glare-free OLED TV vs a conventional OLED TV – here's what I learned
- 3 Researcher tests five Arm-powered server CPUs and Intel's Xeon Platinum, and Alibaba's Yitian 710 came out on top
- 4 10 things Apple forgot to tell us about the new iPad Pro and iPad Air
- 5 This app put the universe in my hands and now I can't put it down
Prototype pollution
Prototype pollution project yields another Parse Server RCE
Bug Bounty Radar
The latest programs for February 2023
All Day DevOps
AppSec engineer keynote says Log4j revealed lessons were not learned from the Equifax breach
Infosec beginner?
A rough guide to launching a career in cybersecurity
Cybersecurity conferences
A schedule of events in 2022 and beyond
Latest data breach news
Read about the latest data breaches, who and what was impacted, and how these security incidents could have been prevented.
This is one of the biggest issues in both government and corporate information security today.
The Daily Swig covers data leaks from all sectors, and we always aim to bring you the inside line on the latest stories.
Check out the latest data breach news from around the world below.
Firewall Times
Recent Data Breaches – 2024
Recent months have seen a string of data breaches affecting major companies, including Prudential, Verizon, and Bank of America. In this article, you’ll find an overview of the latest data breaches, starting with the most recent.
February 2024: Prudential breached by ALPHV
On February 13, Prudential Financial reported to the Securities and Exchange Commission that they experienced a data breach on February 4. In this disclosure, Prudential reported that they did not believe that customer data was exposed in this incident.
The hacker group ALPHV took credit for this incident, as well as the loanDepot breach reported in January.
February 2024: Verizon breach affects over 63,000 employees
On February 7, Verizon Communications notified the Maine Attorney General that the company experienced a data breach back on September 21, resulting in the theft of sensitive information of over 63,000 employees. The breach included Social Security Numbers and other sensitive information on employees, but it does not appear any Verizon customers were implicated in this incident.
February 2024: Bank of America vendor breached
In early February, Bank of America notified customers of a data breach that occurred at Infosys McCamish, a software vendor for Bank of America. A ransomware group breached Infosys McCamish and stole sensitive personal information, including Social Security Numbers, from 57,028 Bank of America customers.
The breach itself occurred on November 3. Infosys McCamish informed Bank of America of the incident on November 24, and Bank of America disclosed the breach on February 2.
February 2024: Viamedis and Almerys hacks expose 33m French residents
In early February, hackers targeted two French healthcare insurance service providers, Viamedis and Almerys. As a result, 33 million French residents had their sensitive personal information stolen, though financial data is seemingly safe.
Viamedis said the hackers phished and used health professionals’ logins to get into the system. Almerys said that the hackers entered through a portal used by health professionals. Both providers issued complaints with the public prosecutor and an investigation is underway.
January 2024: Microsoft breached by Russian hacker group
On January 12, Microsoft discovered a breach conducted by a Russian SVR foreign intelligence agency group. The incident occurred in November 2023 through a method called “password spraying,” and targeted Microsoft’s corporate email system.
Cozy Bear, the Russian-backed hacker group behind the SolarWinds breach, appears to have been behind this attack. Microsoft disclosed that these hackers compromised credentials on a “legacy” test account, likely with an outdated code, before accessing senior leadership accounts, among others. The hackers’ access was removed on January 13.
Microsoft’s disclosure comes a month after a new ruling that pushes publicly traded companies to disclose breaches that could negatively impact their business.
January 2024: 16.6m loanDepot customers’ information stolen
On January 6, mortgage firm loanDepot fell victim to a ransomware attack in which 16.6 million users’ personal information was stolen. It is unclear exactly what personal information was implicated in the breach, but it is possible sensitive financial information was exposed.
An ongoing investigation has revealed that attackers gained access to data encryption and company systems. The incident was revealed when customers were unable to enter company websites, like MyloanDepot and HELOC, to pay loans. LoanDepot is a major nonbank mortgage lender in the United States with over $140 billion in serviced loans.
January 2024: 35m Customers Implicated in VF Corp Data Breach
On January 18, news broke of a data breach of VF Corporation, the parent company of brands such as Vans, North Face, Timberland, Supreme, and Dickies. Over 35 million customers’ data was stolen in the breach, though VF Corporation has stated that no financial data or passwords were compromised in the breach.
The incident was first detected on December 13 and later disclosed to the SEC.
January 2024: Framework Accountant Phishing Exposes Customer Data
Between January 8 and 11 , California laptop production company Framework experienced a breach when its accountant, Keating Consulting Group, fell for a phishing attack. An actor impersonated Framework’s CEO by emailing Keating a spreadsheet with customers’ personally identifiable information associated with Framework purchases.
The obtained data could be used in further phishing attacks to request payment information or redirect to malicious websites aimed at gathering more sensitive data.
December 2023: Extortion Emails Follow Integris Health Cyberattack
On December 24 , attackers emailed extortion emails to 2 million patients of Integris Health, Oklahoma’s largest not-for-profit health network. The emails followed a security breach on November 28, 2023. The extortion mails claimed to have stolen sensitive personal information like Social Security Numbers and insurance information. Integris Health has warned recipients against engaging with the emails.
December 2023: 4.5m Patients Implicated in HealthEC Breach
On December 22 , healthcare tech firm HealthEC reported a data breach affecting roughly 4.5 million individuals. The stolen data included sensitive personal information, including social security numbers and taxpayer identification numbers, as well as medical records and health insurance information.
The breach itself occurred between July 14 and July 23, 2023. Following an investigation, HealthEC reported the breach in December 2023.
December 2023: Xfinity Discloses Data Breach Affecting Over 35 Million People
On December 18, Xfinity reported a data breach affecting over 35 million customers. The breach itself occurred in October, when hackers exploited a vulnerability in Citrix. The stolen data included sensitive personal information, such as partial Social Security numbers and dates of birth.
December 2023: EasyPark Peports Data Breach Impacting European Customers
On December 10 , Swedish app developer EasyPark discovered a data breach, primarily concerning its European customers. The stolen data included personal information such as address, phone number, and partial credit card numbers. In a public statement, EasyPark did not disclose how many individuals were affected, but noted they did not expect the breach to result in unauthorized transactions.
December 2023: ESO Solutions Data Breach Impacts 2.7 Million Patients
In December, news broke of a data breach concerning ESO Solutions, a healthcare and fire department software company. 2.7 million patients’ data, was compromised — including Social Security Numbers and sensitive medical information. ESO has offered 12 months of identity monitoring service coverage through Kroll to all notice recipients.
November 2023: More MOVEit Attack Victims Identified
The fallout from the MOVEit attacks perpetrated by the Russian ransomware group Clop continues, with new information about victims being released in November.
AutoZone – an auto parts retailer – informed US authorities on November 21 that it fell victim to a MOVEit attack on or about August 15. Data on nearly 185,000 people was compromised, and AutoZone has offered free identity and credit monitoring, as well as identity protection, services to impacted individuals. In a release from the Maine Attorney General, full names and Social Security numbers are mentioned as potentially part of the breach.
Welltok – a healthcare organization – initially announced its data breach on October 24, stating the breach occurred on July 26. However, a report to the US Department of Health and Human Services on November 6 provided more information, noting that more than 8.49 million patients were impacted.
Patient data exposed in the Welltok breach includes full names, addresses, emails, and phone numbers. For some patients, Social Security numbers, Medicare ID numbers, Medicaid ID numbers, and some health insurance information were also exposed.
November 2023: Delta Dental of California breach Affects 7 million
On November 27 , California Dental insurance provider Delta Dental learned that nearly 7 million were affected in a security breach in May 2023. The company had suffered unauthorized access by threat actors through the MOVEit file transfer software application. Customer financial information, like financial account numbers and credit/debit card numbers, were exposed.
November 2023: Nearly 2 Million Dollar Tree Employees Impacted by Breach
On November 27, Zeroed-In Technologies, a Dollar Tree third-party service provider, formally announced a data breach that impacted more than 1.97 million Dollar Tree and Family Dollar employees. The security incident occurred between August 7 and August 8, and it was discovered on August 31.
Hackers managed to steal employee names, birth dates, and Social Security numbers. Zeroed-In Technologies has notified the impacted individuals and provided instructions on how to receive 12 months of credit monitoring and identity protection services.
November 2023: Hackers Steal Employee Data from US Nuclear Research Lab
The Idaho National Laboratory (INL) – a nuclear research lab – confirmed a data breach impacting current and former employees and their spouses and dependents. According to INL’s data breach page , the organization discovered the breach on November 20. Employee, dependent, and spouse names, birth dates, and other personally identifiable information (PII) were later released by SiegedSec – a hacker group – on hacker forums. The INL is offering credit monitoring and identity protection services to impacted individuals.
November 2023: Mortgage firm LoanCare Warns 1.3 Million People of Breach
On November 19, Fidelity National Financial’s mortgage service LoanCare experienced a breach that exposed 1.3 million individuals. The attack was contained in mid-December but the company has not shared what kind of data was obtained. The company told account holders to keep an eye on unusual account activity and instructed them on enrolling in Kroll’s two-year identity monitoring service.
November 2023: ALPHV/BlackCat Ransomware Attackers File SEC Complaint on Alleged Victim
In an unexpected move, ALPHV/BlackCat – a ransomware group – filed a US Securities and Exchange Commission (SEC) complaint against MeridianLink, which the group said they breached on November 7. The hackers stated that they stole company data and gave the organization 24 hours to pay a ransom to prevent its release. After not receiving a response from MeridianLink, the hackers submitted a complaint to the SEC saying MeridianLink failed to disclose a customer data and operational information-impacting incident within four days, as required.
MeridianLink later stated that an incident did occur and that it took immediate action to address the threat. It also said an investigation was ongoing and that it wasn’t yet clear whether consumer information was compromised.
November 2023: McLaren Data Breach Exposes Information on 2.2 Million People
McLaren Health Care – a Michigan-based provider – began informing patients of a data breach on November 9 that exposed sensitive information on approximately 2.2 million patients. Systems were compromised in late July, but the breach wasn’t discovered until August 31. Accessed data includes full names, Social Security numbers, birth dates, personal health information, and more. Credit monitoring and identity protection services are available to impacted individuals.
October 2023: Seiko Confirms 60,000 Records Stolen in BlackCat Breach
On October 25, watchmaker Seiko confirmed a cyberattack by BlackCat ransomware hacker group in July resulted in 60,000 “items of personal data” stolen from Group, Watch, and Instruments departments.
The compromised data included personal data on customers, including names, email addresses, and phone numbers, but not any payment data. Seiko is reaching out to impacted customers directly.
October 2023: Philadelphia Confirms Data Stolen via Email Hack
On October 20, the City of Philadelphia confirmed that personal information was compromised during an email hack between May 26 and July 28 . Hackers accessed city email accounts and personal information on individuals – such as names, birth dates, and Social Security numbers. They also accessed sensitive health information, such as diagnosis and treatment information, and limited financial information. The exact number of impacted individuals is still unknown.
October 2023: District of Columbia Voter Roll Accessed During Attack
On October 21, the DC Board of Elections announced that voter records on all DC registered voters were possibly accessed during a cyberattack. The Board of Elections learned of the breach on October 5 when hacker group RansomVC claimed to have accessed 600,000 lines of voter data.
The Board determined full voter rolls were possibly accessed, including driver’s license numbers, dates of birth, and partial Social Security numbers. The Board is contacting every registered voter and working on next steps.
October 2023: Casio Data Stolen in Breach
On October 18, electronics maker Casio announced a data breach that affected its ClassPad web application. Hackers accessed nearly 127,000 pieces of information during the hack, impacting customers across 149 countries but mostly in in Japan.
Casio detected an incident on October 11 when the ClassPad database failed, and they believe hackers accessed customer data on October 12. Exposed customer data includes payment methods, order information, and personally identifiable information.
October 2023: Hackers Steal Data on 4 million 23andMe users
On October 6, 23andMe, a genetic testing company, announced hackers obtained user data after an attack. Hackers used credential stuffing, a technique using usernames, email addresses, and passwords exposed in previous data breaches, to secure access to 23andMe user accounts.
Customer data was compromised in the attack, including display names, birth years, and some genetic ancestry results. In total, data on an estimated 4 million 23andMe users was impacted.
October 2023: Sony Notifies Employees of Data Breach
In early October , Sony notified 6,791 current and former employees that their data had been compromised by a data breach earlier in the year. The attack itself occurred in late May, as part of the MOVEit attacks, which compromised hundreds of companies and government agencies.
Sony stated that they detected the intrusion on June 2, and promptly fixed the situation. It does not appear that any customer data was implicated in this breach.
September 2023: 60k State Department Emails Stolen in Microsoft Breach
On September 27, a Senate staffer briefed by State Department IT officials informed Reuters that Chinese hackers had stolen over 60,000 emails by State Department officials. The breach occurred in July, when a series of errors enabled the Chinese hacker group, identified as Storm-0558, hacked Microsoft and stole a key granting them broad access to Microsoft customer accounts, including those of the U.S. government.
Details continue to emerge concerning this Microsoft breach and its broader impact.
September 2023: Sony Investigates Alleged Hack
On September 25, the hacker group RansomedVC claimed to have stolen 260 GB of proprietary data from Sony — by the hackers’ description, “all of sony systems.” They posted 6,000 files as a sample of the stolen data, including a PowerPoint presentation and source code files.
Another hacker, MajorNelson, claimed credit for the breach on Breached Forums, and stated that “RansomedVCs are scammers who are just trying to scam you and chase influence.”
Sony has stated they are investigating the matter, and has not offered greater detail on the alleged hack. It does not appear any customer data was implicated in this incident.
September 2023: 89 GB of T-Mobile Employee Data Posted to Hacker Forum
On September 21, a trove of stolen data was posted to Breached forums, a popular hacker forum. The 89 gigabyte cache largely pertained to T-Mobile employees, including email addresses and partial Social Security Numbers, as well as some order information pertaining to T-Mobile customers.
This data was tied to an April breach of Connectivity Source, a T-Mobile retailer. T-Mobile itself denied the breach, and does not appear to have been directly hacked as part of this incident.
September 2023: 38 TB of Data Leaked by Microsoft AI Research Division
On September 18, cybersecurity researchers discovered a trove of 38 terabytes of private data, leaked by Microsoft’s AI Research Division. This data, published on GitHub, included sensitive information, including a disk backup of two employee computers that featured passwords, private keys, personal data, and more than 30,000 internal Microsoft Teams messages. By Microsoft’s description, no customer data appears to have been exposed in this breach.
The sensitive data was exposed via a misconfigured Azure cloud storage container. The issue was quickly corrected once the cybersecurity researchers informed Microsoft of the issue.
September 2023: System Error Exposes Data on T-Mobile Customers
In late September, a glitch at T-Mobile exposed customer and payment data pertaining to fewer than 100 customers. Some T-Mobile customers discussed this data leak on Twitter, stating that the T-Mobile app was showing them information on other customers, including phone numbers and billing addresses.
According to T-Mobile, the issue was connected to an overnight technology update and involved very limited account information. Additionally, the company stated that the glitch was quickly corrected.
September 2023: Caesars Entertainment Pays $15 Million Data Ransom
On September 7, Caesars Entertainment reported a data breach involving the theft of its loyalty program customer database. The stolen database included driver’s license information, Social Security numbers, and other sensitive customer data.
After experiencing the cyberattack, Caesars Entertainment paid a $15 million ransom to the hacker group that managed to access its systems. The company stated it took steps to ensure the data was deleted by the attackers, though it admitted it couldn’t guarantee the data was erased.
August 2023: Callaway Breach Exposes Data on 1.1+ Million Customers
On August 29, sporting company Topgolf Callaway confirmed a data breach had occurred earlier in the month. This breach included shipping addresses, account passwords, and more sensitive data pertaining to over 1.1 million customers.
The breach began on August 1, and was discovered on August 16. In response, Callaway reset customer login credentials to force the creation of new passwords. The company also stated the incident has since been contained.
August 2023: New Victims Emerge from MOVEit Attacks
August saw continued fallout from the MOVEit attacks, as more companies and government agencies disclosed that they had been breached in this string of cyberattacks perpetrated by Clop, a Russian ransomware group.
IBM was implicated as an attack vector for breaches on several state agencies, including the Colorado Department of Health & Financing, the Colorado Department of Higher Education, and the Missouri Department of Social Services. Stolen data included social security numbers, Medicare and Medicaid ID numbers, and sensitive health data on millions of Americans.
Two more government contractors, Serco and Maximus, disclosed that they, too, had been breached in the MOVEit attacks. Compromised data in these cases included social security numbers and sensitive health data for millions more Americans.
By now, the MOVEit attacks have compromised hundreds of companies and tens of millions of individuals, with more news still coming to light.
August 2023: Proprietary Data Stolen from Seiko
On August 10, Japanese watchmaker Seiko disclosed that they had been targeted in a data breach, for which the BlackCat/ALPHV ransomware group claimed responsibility. The stolen data includes schematics, patented technology, and other proprietary data, but does not appear to include sensitive customer data.
August 2023: Data on 760k Users Stolen From Discord.io
Discord.io, a third-party service for Discord users, suspended operations after a breach exposed data on its 760,000 members. Data, including email addresses, billing addresses, and hashed passwords, was listed for sale on Breached forums.
Discord.io is not owned or operated by Discord itself, and Discord users who have not used Discord.io have not been implicated in this data breach.
July 2023: Cybercrime Forum Gets Breached
BreachForums, a popular destination for ransomware hackers extorting companies and selling stolen data, became the victim of a data breach. On July 26, HaveIBeenPwned announced the breach, including email addresses, private messages, and hashed passwords. The hacker is now ransoming their data with an asking price north of $100,000.
BreachForums was briefly shut down following its founder’s arrest in March 2023. It re-emerged a few months later, and has remained a major marketplace for stolen data.
July 2023: NATO Investigates Data Breach
On July 25, the hacker group SiegedSec claimed on Telegram that they had breached NATO’s Communities of Interest Cooperation Portal. The stolen data appears to include unclassified documents and sensitive data pertaining to users of the web portal.
SiegedSec is a hacktivist group of self-identified “gay furries” targeting government organizations. They described the motive for their attacks as “a retaliation against the countries of NATO for their attacks on human rights,” noting that “Also, its fun to leak documents ^w^.”
July 2023: Chinese Hackers Breach U.S. Agencies Via Microsoft Cloud
On July 11, Microsoft publicly disclosed that a group of Chinese hackers had spied on U.S. government agencies via a vulnerability in Microsoft’s cloud services. The attack was first detected in June, by an unnamed government agency which proceeded to inform Microsoft and the Department of Homeland Security of the incident.
The hacking group in question, deemed “Storm-0558” by Microsoft, appears to be linked to the Chinese government. Their attacks targeted State and Commerce department emails, ahead of U.S. Secretary of State Antony Blinken’s visit to China in June. U.S. officials have stated that sensitive data was not compromised in this email breach.
July 2023: More Victims Emerge from MOVEit Attacks
July saw even more damage from the MOVEit attacks , which have now compromised over 200 companies. New victims include Radisson Hotels; a spokesperson said that “a limited number of guest records” were exposed, but did not detail exactly how many were affected.
The attacks also compromised data pertaining to 43,000 employees of real estate company Jones Lang LaSalle. Several universities were impacted, including the University of Illinois, the University of Colorado, and Johns Hopkins University. Other notable victims include Deutsche Bank, UofL Health, and the New York Department of Education.
All in all, sensitive records pertaining to millions of people have been implicated in this string of attacks. More details continue to emerge, and we will keep this article updated as more information comes to light.
July 2023: Apple Patches Zero-Day Exploit
On July 10, Apple released a batch of Rapid Security Response updates to iOS and macOS. In their notes on the update , they acknowledged that they were “aware of a report that this issue may have been actively exploited,” but did not go into greater detail.
This update is now available, and I would recommend you download it as soon as you have the chance. To ensure your devices are secure, go into your settings, check for updates, and update your device if necessary.
For more on Apple security breaches, see our complete timeline .
July 2023: Razer Investigates Alleged Data Breach
On July 8, an anonymous hacker posted on an online forum that they had stolen source codes and other data from Razer, a consumer electronics company. The hacker offered to sell this data for $100,000 worth of cryptocurrency.
On July 10, Razer acknowledged that they were investigating this incident.
July 2023: Microsoft Denies Purported Data Breach
On July 2, hacktivist group Anonymous Sudan claimed to have hacked Microsoft and pilfered data pertaining to over 30 million Microsoft accounts. The group provided a sample of the data, but so far it has not been determined where exactly the data came from.
A Microsoft spokesperson said that these claims of a data breach were not legitimate , and stated that Microsoft had seen “no evidence that our customer data has been accessed or compromised.”
June 2023: MOVEit Attacks Compromise 100+ Companies & Government Agencies
In the month of June, a Russia-based ransomware group known as Clop leveraged a zero-day exploit in MOVEit, a file transfer tool, to compromise over 100 companies and government agencies .
The breach hit DMVs in Oregon and Louisiana, affecting over 6 million residents across both states, possibly including drivers’ license and Social Security numbers. Multiple federal agencies were impacted, including the Department of Energy.
The ransomware hackers used the MOVEit exploit to compromise payroll company Zellis, which they then leveraged to breach the BBC, British Airways, and Aer Lingus. They breached Shell, uncovering data on customers who used their electric vehicle charging network. They compromised several financial services companies, including 1 st Source Bank, First National Bankers Bank, and Putnam Investments.
Earlier in 2023, the Clop group were responsible the GoAnywhere attacks, in which they compromised over 130 companies.
June 2023: Report Identifies Over 101k Hacked ChatGPT Accounts
A threat intelligence team at Group-IB released a report indicating that over 101,000 ChatGPT credentials were stolen by malware over a 12-month period. These researchers found these accounts on the dark web, available for sale alongside other stolen data.
These accounts were compromised by malware on users’ devices; they were not hacked due to a breach of ChatGPT itself.
June 2023: UPS Alerts Canadian Customers of Phishing Attacks
In late June, UPS alerted many customers in Canada that their data may have been compromised in a string of SMS phishing attacks, conducted from February 2022 to April 2023. The attackers in this case impersonated UPS, and demanded fees to deliver supposed ‘packages’. They enhanced their credibility by hacking into UPS’s package lookup tools so that they could base their phishing texts on actual incoming deliveries.
In their notice to customers, UPS clarified that real texts from UPS only come from SMS number 69877.
June 2023: Hacker Ransoms Confidential Reddit Data
On June 17, the BlackCat ransomware gang threatened to make public 80 GB of confidential data stolen from Reddit in a February cyberattack. This data included account credentials from 2007 and earlier, and Reddit has notified users whose information may have been implicated in the breach.
June 2023: Zacks Data Breach Posted to Hacker Forum
On June 10, breach database Have I Been Pwned added a previously unreported breach of 8.9 million Zacks users, dating to May 2020. Shortly after this breach came to light, the data was posted for sale on a popular hacker forum. This breach included account data, such as passwords, but does not appear to have included credit card numbers or other financial data.
June 2023: Intellihartx Discloses Breach Affecting 489k Patients
On June 8, healthcare collections company Intellihartx notified legal officials that sensitive data pertaining to over 489,000 patients had been compromised in a data breach on partner company Fortra. Stolen data included Social security numbers, dates of birth, and medical records.
This incident was part of the GoAnywhere attacks in February, affecting over 130 companies, largely concentrated in the healthcare sector. These attacks were perpetrated by the Clop group, a Russia-affiliated ransomware gang that also conducted the MOVEit attacks in 2023.
May 2023: Apria Notifies 1.8 Million People of 2021 Breach
On September 1, 2021, Apria Healthcare discovered a data breach pertaining to sensitive data on 1.8 million patients and employees. Although HIPAA requires companies to report data breaches within 60 days of discovery, Apria did not inform anyone of the data breach until 18 months later, in May 2023.
The exposed information appears to include Social Security numbers, financial data, and medical records.
May 2023: 237k Federal Employees Exposed in U.S. Department of Transportation Breach
On May 12, the U.S. Department of Transportation notified Congress of a data breach affecting 237,000 current and former government employees. The compromised data pertained to TRANServe, a system for reimbursing commuting costs. So far, it is unclear who perpetrated this attack.
May 2023: PharMerica Discloses Breach Affecting 5.8 Million Patients
On May 12, PharMerica notified over 5.8 million people that their data, including social security numbers and medical information, had been publicly exposed following a ransomware attack. PharMerica discovered the breach in March, but only notified customers two months later, after the hackers published the customer data online.
May 2023: Discord Support Account Compromised
In mid-May, Discord disclosed that an account belonging to a third-party support contractor had been compromised. Through this account, an unknown attacker was able to gain some personal information, such as email addresses. The impact from this attack appears to be very limited, but users should remain wary of phishing attempts .
April 2023: T-Mobile Discloses Second Data Breach of 2023
On April 28, T-Mobile notified 836 customers that their data had been compromised in a breach. Though the scale of this attack was more limited than their January breach , it included highly sensitive data, such as social security numbers, government ID data, and T-Mobile account pins.
April 2023: American Bar Association Discloses Hack Affecting 1.5 Million Members
In mid-April, the American Bar Association notified 1.5 million members that their login credentials, including encrypted password data, had been compromised. The incident happened in March, when an unknown hacker broke into a legacy system pertaining to an old ABA website. Though the data stolen was not up-to-date, it’s one more reason not to reuse old passwords.
April 2023: Yum Brands Admits That Customer Data Was Compromised In Breach
In early April, Yum Brands — the parent company that operates Taco Bell, KFC, and Pizza Hut — acknowledged that personal data, including driver’s license numbers, had been compromised in a January incident. The company first disclosed the breach soon after discovering the incident; but initially, they claimed that only company data had been impacted.
April 2023: MSI Breached by Ransomware Gang
On April 7, computer hardware company MSI confirmed that a ransomware gang had stolen company data, including source code. The ransomware gang, called Money Message, has threatened to make this data public if MSI does not pay them $4 million.
It does not appear that customer data was exposed in this data breach.
April 2023: Uber’s Law Firm Leaks Sensitive Data on Drivers
In April, Uber’s law firm, Genova Burns, informed many Uber drivers that sensitive data, including Social Security numbers and Tax Identification numbers, had been stolen in a data breach of the law firm. Neither Genova Burns nor Uber have disclosed how many drivers were affected by the data breach.
April 2023: Western Digital Confirms Breach
In April, data storage company Western Digital confirmed that hackers had broken into their network on March 26. Following the attack, Western Digital has experienced outages to its cloud storage services, and in May, they notified users that some customer information, such as encrypted passwords and partial credit card numbers, had been exposed in the attack.
March 2023: ChatGPT Bug Exposes User Data
On March 24, OpenAI confirmed that a bug had exposed customer data, including chat history payment information, to other users. This occurred due to a vulnerability in an open source library, which OpenAI has since patched. Following the incident, OpenAI notified affected users and created a bug bounty program to help discover future vulnerabilities.
This is the first reported breach reported involving OpenAI. Should future incidents occur, they will be recorded here and in our article on ChatGPT breaches .
March 2023: ILS Notifies 4.2 Million Customers of Data Breach
On March 14, healthcare provider Independent Living Systems (ILS) notified over 4 million customers of a data breach. The breach apparently occured in June and July of 2022, and included Social Security numbers, driver’s license numbers, medical records, and other highly sensitive data.
March 2023: TMX Finance Notifies 4.8 Million Customers of Data Breach
TMX Finance, which operates under the brands TitleMax, TitleBucks, and InstaLoan, notified 4.8 million customers of a data breach. The breach includes Social Security numbers, passport numbers, financial records, and other highly sensitive data.
The breach itself occurred in early February. TMX disclosed the breach in March, and is now facing a potential class action lawsuit.
March 2023: Ransomware Group Claims to Have Amazon Ring Data
On March 13, a ransomware group called ALPHV claimed on the darkweb that they had breached Ring, Amazon’s doorbell security company. An Amazon spokesperson said that they had “no indications that Ring experienced a Ransomware event,” and in another statement noted that third-party vendor may have experienced a breach.
While it is possible this ransomware group has data pertaining to Ring customers, we have found no other evidence so far that would substantiate a data breach of Amazon Ring .
March 2023: AT&T Customer Data Exposed Following Attack on Vendor
In March, AT&T notified roughly 9 million customers that their data had been compromised following an attack on a third-party vendor. AT&T described the exposed data as “Customer Proprietary Network Information,” including data on customers’ wireless plans and payment amounts. According to AT&T, sensitive personal or financial information was not exposed in the attack.
March 2023: Congress Members’ Data Exposed in DC Health Link Breach
On March 8, thousands of U.S. lawmakers and government employees were notified that their sensitive data may have been exposed in a breach on DC Health Link, a health insurance provider for Congress.
By then, the data had already been posted for sale on Breached Forums. Capitol Police stated that they were working with the FBI to investigate the incident.
March 2023: Data on 7.5 Million Verizon Customers Exposed on Hacker Forum
In March 2023 , records on over 7 million Verizon users were posted to Breached Forums, a popular hacker forum. The data included contract information, device information, encrypted customer IDs, and more — but it does not appear that unencrypted personal data was included in the leak.
In response, Verizon stated that the issue stemmed from an outside vendor and had been resolved in January of 2023.
February 2023: U.S. Marshals Service Discloses Data Breach
On February 27, U.S. law enforcement officials acknowledged that the U.S. Marshals Service discovered a data breach and ransomware attack on February 17. A spokesperson said that the leaked data included “returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees.”
According to the USMS, data pertaining to the witness protection program was not implicated in the attack. An investigation is still ongoing.
February 2023: Activision Data Breach Comes to Light
On February 21, Activision acknowledged that they suffered a data breach in December 2022, after a hacker tricked an employee via an SMS phishing attack . According to one source , the hacker gained access to the Slack account of an HR employee, as well as data such as email addresses, phone numbers, and salaries of Activision employees. The data also included a release calendar of upcoming games, but does not appear to have contained any source code or customer data.
Activision did not inform anyone of the breach at the time, and only acknowledged the breach after the security research group vx-underground brought it to light on Twitter.
February 2023: Pepsi Bottling Ventures Exposed in Malware Attack
In February 2023, Pepsi Bottling Ventures filed a security incident notice acknowledging that they had experienced a malware attack on December 23, 2022, and discovered the breach on January 10. Stolen data apparently includes personal information, such as social security numbers and login credentials, but it is unclear whether this information pertains to customers or to employees.
It is also unclear if PepsiCo was affected by the breach. Pepsi Bottling Ventures is the largest bottler of Pepsi in the United States, but they are a distinct company from PepsiCo itself.
February 2023: 3.3 Million Patients Exposed in Heritage Provider Network Breach
In February, the California-based Heritage Provider Network disclosed to patients that they had suffered a ransomware attack on December 1. Over 3 million patients’ data was exposed in the leak, including social security numbers, medical records, and other highly sensitive information.
Since this disclosure, several class action lawsuits have been filed against Heritage Provider Network and its partners.
February 2023: Over 130 Companies Implicated in GoAnywhere Attacks
On February 1, Fortra disclosed to its customers that hackers had exploited a zero-day exploit on their GoAnywhere MFT file transfer tool. Several days later, the Clop ransomware group claimed credit for using this exploit to breach over 130 companies that had used the tool in question.
Among the companies affected was Community Health Systems, which operates over 1,000 healthcare sites across the United States. In an SEC filing on February 13, the company estimated that personal information pertaining to roughly 1 million people had been exposed in the data breach.
The breach also affected Procter & Gamble, though customer data was not implicated in the leak.
January 2023: PeopleConnect Data on 20 Million Customers Posted to Hacker Forum
On January 21, a hacker publicly posted data pertaining to InstantCheckMate and TruthFinder, two popular background check services owned by PeopleConnect. This data included records on over 20 million customers, and was apparently lifted from a backup file dating to 2019.
January 2023: T-Mobile Discloses Data Breach Affecting 37 Million Customers
On January 19, T-Mobile disclosed that a cyberattacker stole personal data pertaining to 37 million customers. T-Mobile said the breach only included “a limited set of customer account data,” though it included names, addresses, phone numbers, account numbers, and more.
This incident occurred in November 2022. T-Mobile detected the breach on January 5, 2023, after which they quickly shut down the vulnerability in question and launched an investigation into the incident.
Following the incident, Google notified Google Fi customers that their data was also implicated in this breach. Other Google services were not affected by this attack.
January 2023: No Fly List Leaks Over Unsecured Server
On January 19, a Swiss hacker under the alias ‘maia arson crimew’ reported that she had accessed a 2019 version of the No Fly List, in the form of a CSV file containing over 1.5 million names. By her account, she found the file on an exposed server belonging to a regional airline, CommuteAir.
The hacker has not disclosed this information publicly, though she has shared it selectively with journalists, human rights organizations, and “other part[ies] with legitimate interest.” TSA and CommuteAir have both released statements that they are investigating the incident.
January 2023: Paypal Reports Credential Stuffing Attack
On January 19, Paypal sent out data breach notifications to nearly 35,000 customers whose accounts had been improperly accessed. This incident was a credential stuffing attack, in which the hacker leveraged passwords and other data that had been exposed in prior incidents involving other services.
This is a case example of why you should not reuse passwords. If you use the same password across multiple websites, an attacker that steals your password in one data breach (or finds it on the darkweb) can then use across any account that uses the same login credentials.
January 2023: Norton LifeLock Warns Customers of Credential Stuffing Attack
In mid-January, Gen Digital, the parent company of Norton LifeLock, sent out notices to users warning of a credential stuffing account, in which a hacker breaks into users’ accounts via credentials found or purchased on the darkweb.
Gen Digital detected the attack after noting “an unusually large volume” of failed login attempts on December 12. By their accout, they have notified some 6,450 users who may have been affected.
January 2023: Mailchimp Discloses Social Engineering Attack
On January 11, Mailchimp detected a social engineering attack in which a hacker tricked an employee into giving away their account credentials. They proceeded to access 133 user accounts. Mailchimp proceeded to shut down the attack and alert their users that may have been affected.
January 2023: Database of Over 200m Twitter Users Goes Public
Following a string of ransom attempts and leaks, a trove of data on over 200 million Twitter users circulated among hackers in December 2022, and was published in full on BreachForums on January 4th. This data includes email addresses, names, and usernames, but does not appear to include passwords or other highly sensitive data.
This data was originally scraped by exploiting an API vulnerability that was exposed from June 2021 to January 2022. This vulnerability was exploited repeatedly by different hacker, and resulted in multiple ransomware attempts and leaks in the latter half of 2022. Most recently, a hacker known as Ryushi attempted to ransom the data for $200,000 in late December.
Some reports have pegged the number of compromised accounts as high as 400 million, but after removing duplicates, the final number appears close to 210 million. It does include data on a number of high-profile accounts, such as those of Alexandria Ocasio-Cortez, Donald Trump Jr, and Mark Cuban.
That wraps our timeline of the most recent data breaches. For more, check out our data breach timelines for 2022 and 2021 . You can also see here for the biggest breaches of 2022 .
About the Author
Michael x. heiligenstein.
Michael X. Heiligenstein is the founder and editor-in-chief of the Firewall Times. He has six years of experience in online publishing and marketing. Before founding the Firewall Times, he was Vice President of SEO at Fit Small Business, a website devoted to helping small business owners. He graduated from the University of Virginia with a degree in English and History.
To revisit this article, visit My Profile, then View saved stories .
- Backchannel
- Newsletters
- WIRED Insider
- WIRED Consulting
Lily Hay Newman
The Worst Hacks and Breaches of 2022 So Far
Whether the first six months of 2022 have felt interminable or fleeting—or both—massive hacks, data breaches, digital scams, and ransomware attacks continued apace throughout the first half of this complicated year. With the Covid-19 pandemic, economic instability, geopolitical unrest, and bitter human rights disputes grinding on around the world, cybersecurity vulnerabilities and digital attacks have proved to be thoroughly enmeshed in all aspects of life.
With another six months left in the year, though, there's more still to come. Here are the biggest digital security debacles that have played out so far.
For years, Russia has aggressively and recklessly mounted digital attacks against Ukraine, causing blackouts , attempting to skew elections, stealing data, and releasing destructive malware to rampage across the country—and the world. After invading Ukraine in February, though, the digital dynamic between the two countries has changed as Russia struggles to support a massive and costly kinetic war and Ukraine mounts resistance on every front it can think of. This has meant that while Russia has continued to pummel Ukrainian institutions and infrastructure with cyberattacks, Ukraine has also been hacking back with surprising success. Ukraine formed a volunteer “IT Army” at the beginning of the war, which has focused on mounting DDoS attacks and disruptive hacks against Russian institutions and services to cause as much chaos as possible . Hacktivists from around the world have also turned their attention—and digital firepower—toward the conflict. And as Ukraine launches other types of hacks against Russia, including attacks utilizing custom malware, Russia has suffered data breaches and service disruptions at an unprecedented scale .
The digital extortion gang Lapsus$ went on an extreme hacking bender in the first months of 2022. The group emerged in December and began stealing source code and other valuable data from increasingly prominent and sensitive companies—including Nvidia, Samsung, and Ubisoft—before leaking it in apparent extortion attempts. The spree reached its zenith in March when the group announced that it had breached and leaked portions of Microsoft Bing and Cortana source code and compromised a contractor with access to the internal systems of the ubiquitous authentication service Okta . The attackers, who appeared to be based in the United Kingdom and South America, largely relied on phishing attacks to gain access to targets’ systems. At the end of March, British police arrested seven people believed to have associations with the group and charged two at the beginning of April. Lapsus$ seemed to briefly continue to operate following the arrests but then became dormant.
In one of the most disruptive ransomware attacks to date, Russia-linked cybercrime gang Conti brought Costa Rica to a screeching halt in April—and the disruptions would last for months. The group's attack on the country's Ministry of Finance paralyzed Costa Rica's import/export businesses, causing losses of tens of millions of dollars a day. So serious was the attack that Costa Rica's president declared a “national emergency”—the first country to do so because of a ransomware attack—and one security expert described Conti's campaign as “unprecedented.” A second attack in late May, this one on the Costa Rican Social Security Fund, was attributed to the Conti-linked HIVE ransomware and caused widespread disruptions to the country's health care system. While Conti's attack on Costa Rica is historic, some believe that it was meant as a diversion while the gang attempts to rebrand to evade sanctions against Russia over its war with Ukraine.
As the cryptocurrency ecosystem has evolved, tools and utilities for storing, converting, and otherwise managing it have developed at breakneck speed. Such rapid expansion has come with its share of oversights and missteps, though. And cybercriminals have been eager to capitalize on these mistakes, frequently stealing vast troves of cryptocurrency worth tens or hundreds of millions of dollars. At the end of March, for example, North Korea's Lazarus Group memorably stole what at the time was $540 million worth of Ethereum and USDC stablecoin from the popular Ronin blockchain “bridge.” Meanwhile, in February, attackers exploited a flaw in the Wormhole bridge to grab what was then about $321 million worth of Wormhole's Ethereum variant. And in April, attackers targeted the stablecoin protocol Beanstalk, granting themselves a “flash loan” to steal about $182 million worth of cryptocurrency at the time.
Health care providers and hospitals have long been a favorite target of ransomware actors, who look to create maximum urgency to entice victims to pay up in the hopes of restoring their digital systems. But health care data breaches have also continued in 2022 as criminals pool data they can monetize through identity theft and other types of financial fraud. In June, the Massachusetts-based service provider Shields Health Care Group disclosed that it suffered a data breach throughout much of March impacting roughly 2 million people in the United States. The stolen data included names, Social Security numbers, birth dates, addresses, and billing information, as well as medical information like diagnoses and medical record indicators. In Texas, patients of Baptist Health System and Resolute Health Hospital announced a similar breach in June that exposed similar data, including Social Security numbers and sensitive patient medical information. Both Kaiser Permanente and Yuma Regional Medical Center in Arizona also disclosed data breaches in June.
At the beginning of June, the US Cybersecurity and Infrastructure Security Agency warned that Chinese government-backed hackers had breached a number of sensitive victims worldwide, including “major telecommunications companies.” They did so, according to CISA, by targeting known router vulnerabilities and bugs in other network equipment, including those made by Cisco and Fortinet among other vendors. The warning did not identify any specific victims, but it hinted at alarm over the findings and a need for organizations to step up their digital defenses, especially when handling massive quantities of sensitive user data. “The advisory details the targeting and compromise of major telecommunications companies and network service providers,” CISA wrote. “Over the last few years, a series of high-severity vulnerabilities for network devices provided cyber actors with the ability to regularly exploit and gain access to vulnerable infrastructure devices. In addition, these devices are often overlooked.”
Separately, hackers likely conducting Chinese espionage breached News Corp in an intrusion that was discovered by the company on January 20. Attackers accessed journalists' emails and other documents as part of the breach. News Corp owns a number of high-profile news outlets, including The Wall Street Journal and its parent, Dow Jones, the New York Post , and several publications in Australia.
Just days after a consequential US Supreme Court decision at the end of June pertaining to concealed-carry permit laws, an unrelated data breach potentially exposed the information of everyone who applied for a concealed-carry permit in California between 2011 and 2021. The incident impacted data including names, ages, addresses, and license types. The breach occurred after a misconfiguration in the California Department of Justice 2022 Firearms Dashboard Portal exposed data that should not have been publicly accessible. "This unauthorized release of personal information is unacceptable and falls far short of my expectations for this department," state attorney general Rob Bonta said in a statement. "The California Department of Justice is entrusted to protect Californians and their data. We acknowledge the stress this may cause those individuals whose information was exposed. I am deeply disturbed and angered."
Reece Rogers
Steven Levy
Brenda Stolyar
You Might Also Like …
Navigate election season with our WIRED Politics Lab newsletter and podcast
A hacker took down North Korea’s internet . Now he’s taking off his mask
Blowing the whistle on sexual harassment and assault in Antarctica
This woman will decide which babies are born
Upgrading your Mac? Here’s what you should spend your money on
Andy Greenberg
Jordan Pearson
Brian Barrett
Dan Goodin, Ars Technica
Stephen Clark, Ars Technica
Dell Cameron
Matt Burgess
Watch CBS News
What customers should know about AT&T's massive data breach
By Khristopher J. Brooks
Edited By Anne Marie Lee
Updated on: April 11, 2024 / 3:23 PM EDT / CBS News
Millions of current and former AT&T customers learned over the weekend that hackers have likely stolen their personal information and are sharing it on the dark web .
AT&T on Saturday said it doesn't know if the massive data breach "originated from AT&T or one of its vendors," but that it has "launched a robust investigation" into what caused the incident. The data breach is the latest cyberattack AT&T has experienced since a leak in January of 2023 , that affected 9 million users. By contrast, Saturday's much larger breach impacts 73 million current and former AT&T account holders. AT&T has seen several data breaches over the years that range in size and impact.
The data breach prompted an Ohio man to file a class-action lawsuit against AT&T, accusing the telecommunications giant of negligence and breach of contract. Lawyers representing Alex Petroski of Summit County, Ohio, argued that the cyberattack could have been avoided and that AT&T's security failed to protect customer data.
Until more details of AT&T's investigation arise, here's what customers should know about the most recent data breach.
How many people were impacted by the AT&T data breach?
AT&T said the breach on Saturday affects about 7.6 million current and 65.4 million former AT&T customers.
What type of information was taken from AT&T?
AT&T said Saturday that a dataset found on the dark web contains information such as Social Security and passcodes. Unlike passwords, passcodes are numerical PINS that are typically four-digits long. Full names, email addresses, mailing addresses, phone numbers, dates of birth and AT&T account numbers may have also been compromised, the company said. The impacted data is from 2019 or earlier and does not appear to include financial information or call history, it added.
Was my information affected by the AT&T data breach?
Consumers impacted by this breach should be receiving an email or letter directly from AT&T about the incident. The email notices began going out on Saturday, an AT&T spokesperson confirmed .
What has AT&T done so far to help customers?
Beyond notifying customers, AT&T said that it had already reset the passcodes of current users. The company also said it would pay for credit-monitoring services where applicable.
What's the latest with AT&T's investigation into the breach?
AT&T hasn't disclosed details about its investigation into the data breach, but it is likely to be time-consuming and costly, according to Kevin Powers, the founding director of the Master of Science in Cybersecurity Policy and Governance Programs at Boston College.
The company will most likely bring in outside computer forensics specialists who will work with its on-site IT staff to determine exactly when and how the hackers got into the customer account information system, Powers said. But identifying the hackers' path of entry will be a big challenge for such a large company.
"You don't know where it came in from," Powers told CBS MoneyWatch, referring to the source of the breach. "It potentially could be from a customer or it could have been done from one of their outside contractors or someone else along their supply chain."
In addition, AT&T will have to scrub any malware out of the software that runs its customer account system, while also keeping the system running for customers who weren't impacted, he said. All these steps will have to be shared with lawyers, the outside consultants, and likely officials from the Federal Trade Commission.
What's the best way to protect my personal information?
Start by freezing your credit reports at all three major agencies — Equifax, Experience and TransUnion. Then sign up for 24-7 credit monitoring and enable two-factor authentication on your AT&T account, said WalletHub CEO Odysseas Papadimitriou, a former senior director at Capital One.
If you receive a notice about a breach, it's a good idea to change your password and monitor your account activity for any suspicious transactions. The Federal Trade Commission offers free credit freezes and fraud alerts that consumers can set up to help protect themselves from identity theft and other malicious activity.
—The Associated Press contributed to this report.
Khristopher J. Brooks is a reporter for CBS MoneyWatch. He previously worked as a reporter for the Omaha World-Herald, Newsday and the Florida Times-Union. His reporting primarily focuses on the U.S. housing market, the business of sports and bankruptcy.
More from CBS News
"Roaring Kitty" trader returns, causing GameStop shares to jump more than 70%
9 credit card debt settlement mistakes to avoid
Backcountry skier killed after buried by avalanche in Idaho
4 signs to invest in gold right now
Data breaches in the first half of 2021 exposed 18.8 billion records
Risk Based Security released their 2021 Mid Year Data Breach QuickView Report , revealing significant shifts in the data breach landscape despite 2021 breaches declining by 24%. There were 1,767 publicly reported breaches in the first six months of 2021, which exposed a total of 18.8 billion records. However, the decline of reported data breaches does not mean security has improved over the pandemic.
“Ransomware attacks continue at an alarming pace, inflicting serious damage on the victim organizations that rely on their services,” commented Inga Goddijn, Executive Vice President at Risk Based Security. “The slow pace of reporting brought on by lengthy incident investigations has not improved, and attackers continue to find new opportunities to take advantage of changing circumstances.”
The 2021 Mid Year Data Breach QuickView Report also revisits the trends observed during the pandemic, highlighting what was temporary and which represented more permanent change.
“Analyzing breach activity has become especially interesting and important over the past two years,” commented Inga Goddijn, Executive Vice President at Risk Based Security. “While some trends remain largely untouched, new trends are emerging. The method of how attackers monetize their efforts has diversified, and at the same time, preventable errors are outpacing hackers when it comes to the amount of data exposed. The amount of data compromised remains stubbornly high and with another sizable Q2 breach yet to be confirmed, it is possible that the number will climb over 19 billion in the near future.”
The 2021 Mid Year Data Breach QuickView Report covers data breaches publicly disclosed between January 1, 2021, and June 30, 2021.
Share This Story
Restricted Content
You must have JavaScript enabled to enjoy a limited number of articles over the next 30 days.
Related Articles
Data breach reports down 52% in the first half of 2020; Number of records exposed increase to 27 billion
Over 40 billion records were exposed in 2021
Over 22 billion records exposed in 2021
Get our new emagazine delivered to your inbox every month., stay in the know on the latest enterprise risk and security industry trends..
Copyright ©2024. All Rights Reserved BNP Media.
Design, CMS, Hosting & Web Development :: ePublishing
- Our Company Overview
- Diversity and Inclusion
- History and Timeline
- The Verizon Story
- Headquarters & Contact Info
- Verizon Fact Sheet
- Innovation Labs
- Broadband & Fiber
- Internet of Things
- Managed Security
- Verizon Ventures
- Code of Conduct
- Management Governance
- Open Internet
- Retiree Information
- State Government Affairs
- Supplier Diversity
- News Center
- Networks & Platforms
- Products & Plans
- Responsible Business
- Public Safety
- Inside Verizon
- News Releases
- Media Contacts
- B-roll and images
- Emergency resource center
- Welcome V Team
- Responsibility Overview
- Verizon Innovative Learning
- Verizon Innovative Learning HQ
- Small Business Program
- Sustainability
- Reskilling Program
- Employee Volunteers
- Giving and Grants
- Employee Giving
- Accessibility
- Account Security
- Privacy Policy
- Digital Parenting 101
- Young children 3-8
- Preteens 9-12
- Teenagers 13-18
- Meet the editorial team
- Investor Relations overview
- SEC Filings
- Annual Reports
- Quarterly Earnings
- Stock Information
- Dividend History
- Tax Information
- Fixed Income
- Asset-backed Securitization
- Board of Directors
- Board Committees
- Cost Basis Calculator
- Shareowner FAQs
- Human Rights at Verizon
- Investor Events & Webcasts
- Investor News
- Investor Calendar
- Email Alerts
- Contact Investor Relations
- Menu All News Networks & Platforms Products & Plans Responsible Business Public Safety Inside Verizon Financial Noticias News Releases Media Contacts B-roll and images Verizon Fact Sheet RSS Feeds Emergency Resources Cable Facts
Full Transparency
2024 Data Breach Investigations Report: Vulnerability exploitation boom threatens cybersecurity
What you need to know:
Vulnerability exploitation surged by nearly 3X (180%) last year.
Ransomware and the meteoric rise of extortion techniques accounted for a third (32%) of all breaches.
More than two-thirds (68%) of breaches involve a non-malicious human element.
30,458 security incidents and 10,626 confirmed breaches were analyzed in 2023—a two-fold increase over 2022.
Verizon security by the numbers: 4,200+ networks managed globally, 34 trillion raw logs processed/year, and 9 security operation centers around the globe.
BASKING RIDGE, NJ – Verizon Business today released the findings of its 17th-annual Data Breach Investigations Report (DBIR), which analyzed a record-high 30,458 security incidents and 10,626 confirmed breaches in 2023—a two-fold increase over 2022.
The exploitation of vulnerabilities as an initial point of entry almost tripled from the previous year, accounting for 14% of all breaches. This spike was driven primarily by the increasing frequency of attacks targeting vulnerabilities on unpatched systems and devices (zero-day vulnerabilities) by ransomware actors. The MOVEit software breach was one of the largest drivers of these cyberattacks, first in the education sector and later spreading to finance and insurance industries.
“The exploitation of zero-day vulnerabilities by ransomware actors remains a persistent threat to safeguarding enterprises,” said Chris Novak, Sr. Director of Cybersecurity Consulting, Verizon Business.
In a possible relief to some anxieties, the rise of artificial intelligence (AI) was less of a culprit vs challenges in large-scale vulnerability management. “While the adoption of artificial intelligence to gain access to valuable corporate assets is a concern on the horizon, a failure to patch basic vulnerabilities has threat actors not needing to advance their approach,” Novak said.
Analysis of the Cybersecurity Infrastructure and Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalog revealed that on average it takes organizations 55 days to remediate 50% of critical vulnerabilities following the availability of patches. Meanwhile, the median time for detecting the mass exploitations of the CISA KEV on the internet is five days.
“This year’s DBIR findings reflect the evolving landscape that today’s CISO’s must navigate-- balancing the need to address vulnerabilities quicker than ever before while investing in the continued employee education as it relates to ransomware and cybersecurity hygiene,” said Craig Robinson, Research Vice President, Security Services at IDC. “The breadth and depth of the incidents examined in this report provides a window into how breaches are occurring, and despite the low-level of complexity are still proving to be incredibly costly for enterprises.”
Last year, 15% of breaches involved a third party, including data custodians, third-party software vulnerabilities, and other direct or indirect supply chain issues. This metric—new for the 2024 DBIR— shows a 68% increase from the previous period described in the 2023 DBIR.
The human element continues to be the front door for cybercriminals
Most breaches (68%), whether they include a third party or not, involve a non-malicious human element, which refers to a person making an error or falling prey to a social engineering attack. This percentage is about the same as last year. One potential countervailing force is the improvement of reporting practices: 20% of users identified and reported phishing in simulation engagements, and 11% of users who clicked the email also reported it.
“The persistence of the human element in breaches shows that there is still plenty of room for improvement with regard to cybersecurity training, but the increase in self-reporting indicates a culture change that destigmatizes human error and may serve to shine a light on the importance of cybersecurity awareness among the general workforce,” Novak added.
Other key findings from this year’s report include:
32% of all breaches involved some type of extortion technique, including ransomware
Over the past two years, roughly a quarter (between 24% and 25%) of financially motivated incidents involved pretexting
Over the past 10 years, the Use of stolen credentials has appeared in almost one-third (31%) of all breaches
Half of the reaches in EMEA are internal
Espionage attacks continue to dominate in APAC region
View the 2024 Data Breach Investigation Report ( DBIR ):
For more information on ways to help defend against zero-day vulnerabilities and other cyber threats, visit here .
Related Articles
The Verizon Business 2024 DBIR revealed that almost half of the breaches (49%) in EMEA are initiated internally, suggesting high incidences of privilege misuse and other human errors.
The Verizon Business 2024 Data Breach Investigation Report (DBIR) found that 25% of attacks in APAC are motivated by espionage - significantly greater than in Europe and North America.
- Verizon.com
- Mobile Plans
- Mobile Devices
- Home Services
- Small and Medium Business
- Enterprise Solutions
- Verizon Connect
- Public Sector
- Partner Solutions
- Mobile Online Support
- Home Online Support
- Contact Customer Support
- Sign in to your Account
- Store Locator
- Account Security & Fraud Claims
- The Relay Blog
- The Verizon Story & Museum
- Fiber Optics
- Multi-Access Edge Compute (MEC)
- Welcome to the #NetworkLife
- Life at Verizon
- Culture & Diversity
- Search Open Roles
- Careers Site Map
- facebook-official
- California Privacy Notice
- Health Privacy Notice
- Terms & Conditions
- Important Consumer Information
- About Our Ads
A newsletter briefing on cybersecurity news and policy.
The largest cyberattack of its kind recently happened. Here’s how.
with research by David DiMolfetta
Welcome to The Cybersecurity 202! Hey, there’s a Washington Post Live event that I’ll be participating in tomorrow morning along with some of my other Post colleagues and the cyber experts we’ll be interviewing. Please join us.
Was this forwarded to you? Sign up here.
Below: A Navy officer admits to transmitting sensitive military data, and Google announces a major authentication update. First:
A massive DDoS attack shines a spotlight on vulnerabilities in core parts of the internet
A trio of internet giants revealed on Tuesday that they had fought off an “unprecedented” distributed denial-of-service (DDoS) attack — used to disrupt the availability of systems like websites and services — that registered as the biggest on record, by far.
Cloudflare, Google and Amazon Web Services (AWS) said the attack relied on a previously undisclosed vulnerability in a key piece of internet architecture.
And it was massive.
“For a sense of scale, this two minute attack generated more requests than the total number of article views reported by Wikipedia during the entire month of September 2023,” Google wrote in a blog post.
News of the attack comes as maintainers of a foundational open-source internet tool announced severe vulnerabilities, and as four federal agencies published guidance on the security of open-source software (OSS).
HTTP/2 ‘Rapid Reset’
The attack, known as HTTP/2 “Rapid Reset,” abuses a weakness in the HTTP/2 protocol. HTTP stands for Hypertext Transfer Protocol and is used to load webpages. HTTP/2 was a revision of an earlier version, meant to make pages load faster, among other improvements.
“The DDoS events AWS detected were a type of HTTP/2 request flood, which occurs when a high volume of illegitimate web requests overwhelms a web server’s ability to respond to legitimate client requests,” Tom Scholl , vice president and distinguished engineer at the company, and Mark Ryland , AWS’s director of the office of chief information security officer, wrote in a blog post .
(Amazon founder Jeff Bezos owns The Washington Post. Interim CEO Patty Stonesifer sits on Amazon’s board.)
“Because the attack abuses an underlying weakness in the HTTP/2 protocol, we believe any vendor that has implemented HTTP/2 will be subject to the attack,” Cloudflare engineers Lucas Pardue and Julian Desgats wrote. “This included every modern web server.”
The novel nature of the vulnerability allowed for some interesting attack numbers. Cloudflare said it was three and a half times bigger than its previous biggest attack on record, while Google said it was seven and half times larger than the previous record.
- “Concerning is the fact that the attacker was able to generate such an attack with a botnet of merely 20,000 machines,” Cloudflare’s engineers wrote . “There are botnets today that are made up of hundreds of thousands or millions of machines.”
- “Given that the entire web typically sees only between 1-3 billion requests per second, it's not inconceivable that using this method could focus an entire web’s worth of requests on a small number of targets,” they continued.
There’s been no attribution for who was behind the attack.
For the most in-depth technical breakdowns of the attack, check out the Cloudflare blog post and this second Google blog post .
Open source
News of the vulnerabilities put an additional bit of recent focus on vulnerabilities in some of the internet’s building blocks.
Tuesday’s Cybersecurity 202 had the news about two vulnerabilities to curl, the aforementioned open-source tool. One of them is “probably the worst curl security flaw in a long time,” lead developer Daniel Stenberg said.
The Cybersecurity and Infrastructure Security Agency, FBI and Treasury Department also published guidance on Tuesday about securing open-source software for operational technology (OT) and a subset of that called industrial control systems (ICS), which are most heavily relied upon in sectors like energy and manufacturing. Those sectors need special systems to detect or cause changes in physical processes.
“Critical infrastructure organizations using OT/ICS face heightened cybersecurity and safety concerns due to the potentially far-reaching impacts of incidents and associated life safety implications, particularly to connected infrastructure,” the agencies explained in a news release. “Applying generally applicable cyber hygiene practices, such as routinely updating software, can be challenging for organizations using OSS in OT and ICS applications.”
The agencies produced the guidance in conjunction with the CISA’s Joint Cyber Defense Collective, designed to bring cyber defenders from industry and elsewhere together to share and act on information.
Navy officer admits taking bribes to share military data with China
U.S. Navy Petty Officer Wenheng “Thomas” Zhao on Tuesday pleaded guilty to accepting $15,000 in bribes from a Chinese intelligence officer in exchange for transmitting U.S. military information that was unclassified, Reuters ’s Andrew Goudsward reports .
Zhao, a 26-year-old who worked on Naval Base Ventura County in California, “admitted sending his Chinese handler plans for U.S. military exercises in the Indo-Pacific region, operational orders and electrical diagrams and blueprints for a radar system on a U.S. military base in Okinawa, Japan, according to court documents and U.S. officials,” Goudsward writes. He was arrested in August and faces up to 20 years in prison.
- Zhao took at least 14 separate payments, according to a Justice Department release . He admitted to transmitting plans for a maritime training exercise, as well as operational orders, electrical diagrams and blueprints.
- “Zhao further admitted to using sophisticated encrypted communication methods to transmit the information, destroying evidence and concealing his relationship with the intelligence officer,” the department said.
- “Officer Zhao betrayed his country and the men and women of the U.S. Navy by accepting bribes from a foreign adversary,” said U.S. Attorney Martin Estrada for the Central District of California. A lawyer for Zhao did not immediately return a request for comment from Reuters.
The Hamas-Israel cyber dynamic puts disinformation on the top shelf
Cybersecurity coverage of the Israel-Hamas war has focused heavily on disinformation dynamics while direct hacking activities appear to have taken a less prevalent seat.
Elon Musk ’s X, formally known as Twitter, has shown how the conflict’s disinformation can spread.
E.U. Digital Commissioner Thierry Breton warned Musk in a letter posted Tuesday that his platform may be violating disinformation rules that X and several other large entities are required to adhere to after parts of a new European digital law took effect this year.
- “We have, from qualified sources, reports about potentially illegal content circulating on your service, despite flags from relevant authorities,” Breton said , citing instances of reported fake images and facts, as well as repurposed old footage.
- Musk pushed back , asking for a list of violations. Breton replied saying that Musk is “well aware” of specifics and reiterated that officials were available to assist with compliance.
- Musk promoted the accounts @WarMonitors and @sentdefender on Sunday to his 150 million followers, which gained some 11 million views in three hours before he later deleted the post. The pair of accounts have been criticized for previously promoting false information.
As for broader hacking dynamics, the United States has not yet detected major cyberattacks between Israel and Hamas, the Wall Street Journal ’s Warren P. Strobel reports , citing National Security Agency Cybersecurity Director Rob Joyce . Hacktivist groups have taken part in the war, and denial-of-service attacks from various groups have knocked Israeli websites offline but were not long-lasting.
- How Hamas worked around Israel’s historically powerful signals intelligence apparatus continues to remain somewhat of a mystery, though reports from Bloomberg News on Tuesday suggest the group took a less electronic approach in their planning.
- Our national security colleagues reported Tuesday that Iranian allies provided logistical aid and weaponry to Hamas, and had been helping plan this weekend’s assault for at least the past year.
Google makes passkeys default login setting for users
Google announced Tuesday it would make a password replacement functionality, known as “passkeys,” the default login method for users on its platforms, WIRED ’s Lily Hay Newman reports .
Passkeys are digital credentials stored in a user’s computer that provide an alternative authentication method which doesn’t force the user to remember their password to accounts. The tool is designed as a less hackable alternative to passwords by relying on encrypted code stored on devices.
Google in a blog post did not give specific figures on passkey adoption but noted that accounts have adopted the login methods on platforms like YouTube or Maps.
- “Password-based authentication is so ubiquitous in digital systems that it isn’t easy to replace. But passwords have inherent security problems because they can be guessed and stolen,” Newman writes, later adding: “Passkeys are specifically designed to address these issues and dramatically reduce the risk of phishing attacks by instead relying on a scheme that manages cryptographic keys stored on your devices for account authentication.”
Big Tech companies over the past year have been moving ahead to adopt non-password authentication and give some users the ability to elect those methods for logging in. Proponents of technology say it is safer and lowers firms’ security costs, though some argue the adoption costs for small businesses or platforms may pose a hindrance.
“Passwordless is something we set out to achieve 10-plus years ago, and we’re thrilled to not only see us already on the next step of the journey with passkeys by offering them by default, but also to see the great feedback from users who have made the switch,” Google identity and security group product manager Christiaan Brand told WIRED.
Government scan
Neuberger provides details on ratings effort to determine security of pipeline, rail sectors (Inside Cybersecurity)
FBI looks to build diverse workforce to meet cyber needs (MeriTalk)
SEC probes Twitter security lapse before Elon Musk took over (Bloomberg News)
Securing the ballot
North Carolina Republicans override governor’s veto on key election law (Patrick Marley)
Industry report
IT staff take as long as 1 month to fix security flaws (Axios)
National security watch
Hamas got around Israel’s surveillance prowess by going dark (Bloomberg News)
U.S. surging cyber support to Israel (Politico Pro)
Global cyberspace
How to limit graphic social media images from the Israel-Hamas war (Shira Ovide)
Savvy Israel-linked hacking group reemerges amid Gaza fighting (CyberScoop)
Nation-state hacker group targeting Taiwan, US, Vietnam and Pacific Islands (The Record)
Israel freezes crypto accounts seeking Hamas donations, police say (Reuters)
Philippine Statistics Authority probing alleged data breach (Bloomberg News)
- The Institute of World Politics holds a seminar on cybersecurity intelligence at 6 p.m.
- Your newsletter host, CISA executive director Brendan Wales and others participate in a Washington Post Live event featuring your newsletter host tomorrow at 9 a.m.
- State Department CISO Donna Bennett speaks with Billington CyberSecurity tomorrow at 12:30 p.m.
- FCC Commissioner Nathan Simington speaks with the Hudson Institute on security threats of Chinese telecom equipment in U.S. networks tomorrow at 2 p.m.
Secure log off
Product tester. pic.twitter.com/g5RoP9nMN0 — cats with jobs 🛠 (@CatWorkers) October 10, 2023
Thanks for reading. See you tomorrow.
- SUGGESTED TOPICS
- The Magazine
- Newsletters
- Managing Yourself
- Managing Teams
- Work-life Balance
- The Big Idea
- Data & Visuals
- Reading Lists
- Case Selections
- HBR Learning
- Topic Feeds
- Account Settings
- Email Preferences
Why Data Breaches Spiked in 2023
- Stuart Madnick
And what companies can do to better secure users’ personal information.
In spite of recent efforts to beef up cybersecurity, data breaches — in which hackers steal personal data — continue to increase year-on-year: there was a 20% increase in data breaches from 2022 to 2023. There are three primary reasons behind this increased theft of personal data: (1) cloud misconfiguration, (2) new types of ransomware attacks, and (3) increased exploitation of vendor systems. Fortunately, there are ways to reduce the impact of each of these factors.
For many years, organizations have struggled to protect themselves from cyberattacks: companies, universities, and government agencies have expended enormous amounts of resources to secure themselves. But in spite of those efforts, data breaches — in which hackers steal personal data — continue to increase year-on-year: there was a 20% increase in data breaches from 2022 to 2023 . Some of the trends around this uptick are disturbing. For example, globally, there were twice the number of victims in 2023 compared to 2022, and in the Middle East, ransomware gang activity increased by 77% in that same timeframe.
- Stuart Madnick is the John Norris Maguire (1960) Professor of Information Technologies in the MIT Sloan School of Management, Professor of Engineering Systems in the MIT School of Engineering, and Director of Cybersecurity at MIT Sloan (CAMS): the Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity. He has been active in the cybersecurity field since co-authoring the book Computer Security in 1979.
Partner Center
Cyberattack hits Ascension hospitals' computer networks: 'It's affecting everything'
Ascension hospitals in Michigan and across the U.S. were hit Wednesday by a cyberattack that disrupted its computer network which continued to affect its clinical operations Thursday morning, leading the nonprofit, St. Louis-based health system to urge its business partners to sever online connections to its system.
"We detected unusual activity on select technology network systems, which we now believe is due to a cyber security event," Ascension said in a statement posted on its website . "At this time we continue to investigate the situation. We responded immediately, initiated our investigation and activated our remediation efforts. Access to some systems have been interrupted as this process continues.
"Our care teams are trained for these kinds of disruptions and have initiated procedures to ensure patient care delivery continues to be safe and as minimally impacted as possible. There has been a disruption to clinical operations, and we continue to assess the impact and duration of the disruption."
With computers offline, 'It's like the 1980s or 1990s'
Employees noticed the computer network problems about 7 a.m. Wednesday, said three workers who spoke on the condition of anonymity out of fear of job repercussions.
"There was a security concern, so they shut down the system," one physician told the Free Press. "It's affecting everything."
Another Ascension Michigan doctor said: "We have no access to medical records, no access to labs, no access to radiology or X-rays, no ability to place orders.
"We have to write everything on paper. It's like the 1980s or 1990s. You go to the X-ray room to look at the X-rays on film, you call the lab they tell you what the results are over the phone. So it's just much more cumbersome, but we do have training for these moments."
A nurse told the Free Press on Wednesday evening that Ascension hospitals were still accepting patients by ambulance who were medically unstable and in need of lifesaving treatment. But those who were more stable and could be taken to other nearby hospitals for care were diverted because of the computer network outage.
"I just hope it doesn't last very long because certainly patient care will be negatively impacted," a physician said. "The data that shows that during computer network downtime, your risk of an adverse event goes up."
More: Increasingly common, health care cyberattacks now even target patients with ransom
More: More than 1 million Michiganders affected by Welltok cyberattack
Ascension said it is working with Mandiant , a cybersecurity consulting company, to investigate and help determine what information, if any, was compromised in the cyberattack.
"Should we determine that any sensitive information was affected, we will notify and support those individuals in accordance with all relevant regulatory and legal guidelines," Ascension said in a statement.
Attack comes as Ascension aims to spin off Michigan hospitals
A Catholic health system, Ascension has 140 hospitals and 40 senior care facilities across 19 states and the District of Columbia. It reported in May that it had 134,000 employees.
In Michigan, the health system operates 15 acute-care hospitals, but is in the midst of trying to close deals that would split off eight of its southeastern Michigan hospitals and combine them with Detroit-based Henry Ford Health. Additionally, three of its hospitals in mid-Michigan and northeastern Michigan, along with a stand-alone emergency center and nursing home, are to be acquired by Midland-based MyMichigan Health.
If those deals are completed, only the following Ascension Michigan hospitals will remain as part of the health system's national holdings:
- Ascension Allegan Hospital in Allegan
- Ascension Borgess Hospital in Kalamazoo
- Ascension Borgess-Lee Hospital in Dowagiac
- Ascension Borgess-Pipp Hospital in Plainwell
Breaches threaten protected health information, more
Cyberattacks are becoming increasingly common in health care, often affecting protected health information along with other data, such as account numbers, Social Security numbers, phone numbers and addresses.
In April, Cherry Street Services Inc., also known as Cherry Health, alerted 180,747 Michigan residents that their personal information had been compromised in a ransomware attack that occurred on Dec. 21.
"Third-party forensic experts were retained to assist in an investigation of the nature and scope of the breach," said Danny Wimmer, press secretary for state Attorney General Dana Nessel. "While unable to pinpoint (the) root cause of the breach, through the investigation Cherry was able to discern the types of data compromised: full name, address, date of birth, phone number, health insurance information, patient ID number, provider name, service date, diagnosis/treatment information, prescription information, financial account information and/or Social Security Numbers, and the identity of the persons impacted."
That's not all.
More than 1 million Michiganders were affected by a cybersecurity breach at Welltok Inc., a software company contracted to provide communication services for Corewell Health's southeastern Michigan properties along with a healthy lifestyle portal for Priority Health, an insurance plan owned by Corewell. Though the breach occurred in May 2023, it wasn't until November 2023 that people were notified.
A ransomware attack took down the computer network at McLaren Health Care's 14 Michigan hospitals in late August and early September 2023, affecting about 2.5 million patients. The health system acknowledged that it also could have leaked some patient data onto the dark web. A ransomware gang known as BlackCat/AlphV claimed responsibility for the cyberattack, posting online that it stole 6 terabytes of McLaren's data.
And in late August 2023, the University of Michigan shut down its campus computer network after a hacker got access to the personal information of students and applicants, alumni and donors, employees and contractors, as well as the personal health information of research study participants, and patients of the University Health Service and the School of Dentistry.
Contact Kristen Shamus: [email protected]. Subscribe to the Free Press .
Secure Your Business. Try Electric For Free
High-profile company data breaches.
The rate of cybersecurity breaches at large and small companies alike reached alarming levels. With high-profile attacks targeting healthcare, finance, retail, government, manufacturing, and energy, it’s clear that the threat landscape has evolved significantly in recent years.
According to projections , cybercrime is forecast to cost the global economy $10.5 trillion by 2025, reflecting a 15% yearly increase. Businesses have never been more vulnerable; even large enterprises with substantial cybersecurity defenses can fall victim. Lessons learned from these attacks can help smaller businesses prepare their security strategy for any eventuality.
This article discusses some of the most notable company data breaches in 2023 and 2024, their causes, impacts, and what you should do to remain protected.
Recent High-Profile Company Data Breaches
American express: march 2024.
An undisclosed number of American Express customers were notified of a potential breach of their data at the beginning of March 2024. In a statement, American Express announced the incident stemmed from unauthorized access to a third-party merchant processor, rather than their own internal systems.
Customers were informed that their names, account numbers, and card details may have been compromised in the breach, and were urged to monitor their accounts for fraudulent activity over the following 12 to 24 months. American Express users have also been encouraged to enable real-time notifications to alert them to unusual purchases or transactions.
Change Healthcare: March 2024
Change Healthcare was hit by an extensive ransomware attack in February 2024, leading to lasting network interruptions that prevented pharmacies from processing patient prescriptions.
UnitedHealth Group, the parent company of Change Healthcare, announced a “suspected nation-state associated cyber security threat actor had gained access to some of the Change Healthcare information technology systems.” BlackCat has since claimed credit for the attack, stating they accessed 6 TB of data that “relates to all Change Health clients that have sensitive data being processed by the company.”
Early reports suggest the group has been paid a $22 million ransom, though this has not been confirmed by UnitedHealth Group. The far-reaching implications of the attack have gone on to attract federal scrutiny, with the Office for Civil Rights opening an investigation into the breach.
Fujitsu: March 2024
In March 2024, Fujitsu confirmed the presence of malware on its corporate network, which may have left customer information vulnerable to hackers. In its initial statement, the company declined to disclose the number of affected users or the nature of the data that may have been compromised.
Upon discovering the malware, Fujitsu says it “immediately disconnected the affected business computers… Additionally, we are currently continuing to investigate the circumstances surrounding the malware’s intrusion and whether information has been leaked.”
International Monetary Fund: March 2024
The International Monetary Fund (IMF) confirmed a cyber incident was detected in February 2024 in which 11 email accounts were compromised. In a brief statement , the organization said they worked with cybersecurity experts to investigate the breach and re-secure the affected accounts. It concluded:
“The IMF takes prevention of, and defense against, cyber incidents very seriously and, like all organizations, operates under the assumption that cyber incidents will unfortunately occur. The IMF has a robust cybersecurity program in place to respond quickly and effectively to such incidents.”
Roku: March 2024
Roku, a television streaming platform used by 80 million customers, experienced a cyber attack affecting 15,000 account holders early this year. The company claimed hackers had “likely obtained certain usernames and passwords of consumers from third-party sources… It appears likely that the same username/password combinations had been used as login information for such third-party services as well as certain individual Roku accounts.”
The attack highlights the dangers of password reuse across multiple platforms, as Roku customers were locked out of their accounts and attackers attempted to fraudulently purchase streaming subscriptions. Roku assured customers that their social security numbers, full account numbers, and personal information remained uncompromised in the attack, but urged users to reset their accounts and passwords.
U-Haul: February 2024
U-Haul began informing 67,000 customers of a data breach in February 2024, although the data in question is believed to have been compromised in December 2023. Unauthorized access to a reservation tracking system allowed attackers to view US and Canadian customers’ names, dates of birth, and driver’s license numbers. No financial information was accessed, however.
U-Haul stated that legitimate credentials were used to access their system, but they did not reveal how the attackers acquired the login details. The company has since changed customers’ passwords and offered free identity protection services to affected users.
Mother of All Breaches: January 2024
In data security, we encounter not just a breach but a significant data leak, dubbed the “Mother of all Breaches” (MOAB), unveiling a colossal 12 terabytes of information and 26 billion records. Cybersecurity researcher and owner at Security Discovery , Bob Dyachenko, and the Cybernews team discovered this massive compilation includes data from previous breaches and leaks, potentially featuring new, unpublished information.
The leaked data encompasses usernames, passwords, and sensitive information spanning various sources like Tencent, Weibo, Twitter, MySpace, Wattpad, LinkedIn, Adobe, Canva, MyFitnessPal, and government sites like Alabama.gov . Despite some data possibly being outdated, experts stress the substantial risk of credential-stuffing attacks, phishing schemes, and unauthorized account access.
Taking precautions is crucial: individuals should change passwords, enable two-factor authentication, and stay vigilant against phishing attempts. While some data may be from past breaches, regular security upkeep minimizes the need for extensive password updates. Cybernews offers a searchable list of affected sites for reference .
The responsible party remains unknown, underscoring the imperative for enhanced data protection measures and stricter regulations to secure personal information. In the face of such threats, utilizing safety tools and ensuring IT management becomes paramount — consider trying our free IT management platform today!
23andMe: December 2023
DNA testing company 23andMe was subjected to a large-scale breach this year, in which the data of 6.9 million users was leaked. In a statement , the company confirmed that 5.5 million of these users had DNA Relatives enabled, which connects members with similar genetic profiles. A further 1.4 million users had their family trees accessed.
The attack was initiated by a threat actor who employed “credential stuffing” to log into accounts using data leaked in other security breaches. This initial hack provided access to 14,000 accounts, which quickly escalated via the DNA Relatives feature.
23andMe has urged users to reset their passwords and is enforcing a previously optional multi-factor authentication for new and existing users.
Samsung: November 2023
A vulnerability in an unnamed third-party app led to a breach of Samsung customer information in November of this year.
UK-based users who made online purchases in 2020 were affected by the breach, with personal information such as names, phone numbers, emails, and residential addresses accessed in the attack.
TechCrunch reports this is the third data breach at the tech company in the last two years. In September 2022, Samsung issued a notice that its U.S. systems had been subject to an attack. In March of the same year, another breach was confirmed at the hands of Lapsus$ hackers.
Walmart: October 2023
Over 85,000 people were affected by a cyber attack on Walmart this year, with protected health information likely to be among the compromised data.
Walmart issued data breach letters to impacted customers in October and filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights but has yet to make further details publicly available.
The 2023 cyber attack is the latest in a long history of breaches at the retailer. Most recently, in 2021, a website vulnerability was exploited to access customer information, while a third-party vendor was investigated in 2019 for viewing internal emails without authorization.
MGM Grand: September 2023
In early September, MGM Resorts International experienced a significant cyberattack that disrupted its operations, highlighting the digital vulnerabilities even large corporations face. The attack, attributed to the Scattered Spider group and ransomware by ALPHV (BlackCat), cost MGM an estimated $80 million in revenue over five days. Social engineering played a pivotal role, emphasizing the need for robust cybersecurity measures.
Key takeaways for businesses from the MGM cyber attack include the importance of layered cybersecurity defenses , regular security audits and updates, incident response plans, employee training and awareness, and third-party risk management. Businesses must adopt a comprehensive approach to cybersecurity, as relying on a single security measure is insufficient against modern threats.
Regular audits and updates are vital to staying ahead of evolving threats, while a well-defined incident response plan can mitigate the impact of a breach. Employee training and awareness programs help prevent human errors, and assessing third-party cybersecurity risks is crucial.
Cybersecurity advice for businesses and IT departments from Electric’s Chief Information Security Officer (CISO), Aaron Shierlaw , on getting buy-in for cybersecurity controls: “ Keep your leadership informed of current cyber security trends and attacks. Most recently, major Las Vegas casinos were victims of social engineering attacks, which makes an excellent case for investing in better cybersecurity controls .”
A presentation slide that our CISO used to brief our execs on the MGM and Caesars breaches.
DuoLingo: August 2023
Over 2.5 million DuoLingo users saw their information posted to a hacking forum in August of this year after the data was initially offered for sale in January.
The source of the attack is believed to be an exposed application programming interface (API). Researchers had previously flagged the language learning app’s vulnerability on Twitter (now X), but the security gap remained in place a number of months later.
In a statement , DuoLingo said: “These records were obtained by data scraping public profile information. We have no indication that our systems were compromised. We take data privacy and security seriously and are continuing to investigate this matter to determine if further action is needed to protect our learners.”
PBI & MOVEit: June 2023
The mass hack of file transfer tool, MOVEit, impacted more than 200 organizations and up to 17.5 million individuals as of July 2023. Multiple federal agencies were affected, including the Department of Energy, Department of Agriculture, and Department of Health and Human Services. It’s believed the majority of schools across the U.S were also targeted.
MOVEit is owned by Pension Benefit Information (PBI), a provider of audit, research, and address location services. As the implications of the attack continue to emerge, further breaches have been confirmed at Shell, Siemens Energy, Schneider Electric, First Merchants Bank, City National Bank, and a number of international targets.
Now a far-reaching incident, the attack originated with a security vulnerability in MOVEit’s software. While MOVEit patched the flaw once identified, hackers had already gained access to hordes of sensitive data. Clop, a Russia-linked ransomware group, claims responsibility for the breaches and has threatened to publish stolen information.
Microsoft: May 2023
Microsoft reported that China-based hackers gained access to customer email accounts by forging authentication tokens this year. The attack affected approximately 25 organizations, including government agencies.
An investigation found that Microsoft’s advanced security measures were likely compromised during a system crash in 2021. Sensitive data was briefly moved from a secure production environment to a debugging environment, at which time an engineer’s corporate account was accessed.
As cybersecurity experts, Malwarebytes state, “the attack is a great example of just how advanced and persistent Advanced Persistent Threat (APT) actors can be, and why what Microsoft calls an “‘assume breach mindset” is so important in modern security.”
T-Mobile: May 2023 (and January 2023)
It was announced in May that T-Mobile suffered its second data breach of 2023 after a hack revealed the PINs, full names, and phone numbers of over 800 customers.
This is the company’s ninth data breach since 2018 and second this year. In early January 2023, T-Mobile discovered that a malicious actor gained access to their systems last November and stole personal information – including names, emails, and birthdays – from over 37 million customers . Once they identified the data breach, they were able to track down the source and contain it within a day.
T-Mobile claims they may “incur significant expenses” from this data breach, which will be on top of the $350 million they agreed to pay customers in a settlement related to an August 2021 data breach. Not only has T-Mobile lost hundreds of millions of dollars because of security vulnerabilities, they have also lost customers’ trust after multiple breaches of personal information.
Yum! Brands (KFC, Taco Bell, & Pizza Hut): April 2023
Yum! Brands, the parent company of popular fast food chains KFC, Taco Bell, and Pizza Hut, announced in April of 2023 that a cyber attack had occurred in January. They initially believed the attack only directly affected corporate data. However, out of caution, they are now notifying employees who may have had their data breached.
In a statement provided to Electric, a representative from Yum! says, “In the course of our forensic review and investigation, we identified some personal information belonging to employees was exposed during the January 2023 cybersecurity incident. We are in the process of sending individual notifications and are offering complimentary monitoring and protection services. We have no indication that customer information was impacted.”
The attack resulted in the company closing down almost 300 locations in the UK in January and has continued to cost the company money in additional security measures, customer communications, and brand perception.
PharMerica: March 2023
Almost 6 million individuals were affected by the large-scale hack of PharMerica earlier this year. One of the leading providers of pharmacy services in the U.S., PharMerica, confirmed sensitive patient information was accessed as part of a wider attack on its parent company, BrightSpring Health Services.
Ransomware group Money Message claimed credit for the attack. Along with personal information, the group accessed patient details such as medications and health insurance information.
In a statement , PharMerica said they are “committed to maintaining the privacy and security of the information entrusted to it. PharMerica has taken, and is taking, additional steps, including changes in its processes and procedures, to help reduce the likelihood of a similar event from happening in the future.”
Discord: March 2023
Discord, the social media and instant messaging platform, suffered a breach this year due to security vulnerabilities at a third-party service provider. When a customer support agent’s account was compromised, hackers were able to access their support ticket queue, customer messages, and user email addresses.
While the attack occurred in March, the incident was not disclosed until May. A small number of customers then waited until August to find out which personally identifying information was impacted.
In a separate attack, Discord.io was also targeted in August 2023. The unaffiliated custom invite service for Discord saw their database breached via a vulnerability in the website’s code. Over 760,000 users were affected in the breach.
Eye4Fraud: March 2023
Eye4Fraud, a provider of fraud protection for ecommerce merchants, was impacted by a significant hack in March of this year. In a statement , the company said a backup file containing limited customer information was accessed:
“We provide fraud protection services for ecommerce merchants, who provide us with limited information about transactions. We do not collect sensitive personal information about individuals like account passwords or full payment card numbers in the course of providing our services.”
However, it’s believed approximately 16 million online shoppers’ accounts were potentially exposed as part of the attack.
ChatGPT: March 2023
ChatGPT has been subject to public discourse because of its revolutionary AI capabilities, but the company faced a setback in late March when they announced a data breach. Officials from OpenAI, ChatGPT’s parent company, said: “In the hours before we took ChatGPT offline on Monday, it was possible for some users to see another active user’s first and last name, email address, payment address, the last four digits (only) of a credit card number, and credit card expiration date. Full credit card numbers were not exposed at any time” ( via CMSWire ).
The company is handling the aftermath by notifying impacted users, confirming their emails, and adding additional security measures. Many Americans are skeptical of ChatGPT and AI in general, and this data breach is likely to further diminish trust.
Chick-fil-A: March 2023
Popular fast-food joint Chick-fil-A has confirmed a data breach of their mobile app that exposed customers’ personal information. The company noticed unusual login activity, investigated the anomaly, and determined the cyber attack happened within the first few months of 2023. The hacker used email addresses and passwords from a third-party to access the system and acquire data including membership numbers, names, emails, addresses, and more.
Although less than 2% of customer data was breached, Chick-fil-A is already taking measures to prevent future cyber attacks. The restaurant announced they would increase online security and monitoring and also reimburse any accounts that suffered from the attack. If you think your account was affected, here is how you can secure your account and get reimbursed for any unauthorized transactions.
NCB Management Services: February 2023
NCB Management Services, a debt collection company, experienced a system compromise earlier this year that resulted in the exposure of masses of financial data. Over 1 million people were believed to be affected by the hack across a number of associated financial institutions.
Bank of America account holders were among the first to be notified that their personal information had been stolen, including addresses, phone numbers, email addresses, birth dates, and Social Security numbers. Credit card and account numbers were also accessed. A short time later, Capital One also confirmed 16,500 of their customers were impacted by the breach.
Unconfirmed reports suggest NCB paid a ransom to the attackers, after the company filed breach notification letters stating they had “obtained assurances that the unauthorized third party no longer has access to any of NCB’s data”.
Activision: February 2023
The video game publisher behind the Call of Duty franchise, Activision, confirmed on February 19th that they had suffered a data breach in December. The hacker used an SMS phishing attack on an HR employee to gain access to employee data, including their emails, cell phone numbers, salaries, and work locations.
Activision claims that the attack was addressed swiftly, and the hackers didn’t obtain sufficient data to warrant alerting their employees directly after the data breach. However, a security research group investigated the breach and reported that the hacker had also gained access to the gaming company’s 2023 release schedule, along with sensitive employee info. Under California law, if 500 or more employees’ data is breached, the company must alert those affected.
Google Fi: February 2023
Google Fi’s high-profile data breach comes as a consequence of the T-Mobile data breach earlier in 2023 (discussed above). Because Google doesn’t have its network infrastructure, they piggyback on T-Mobile’s network and were affected by their massive data breach, compromising their customers’ phone numbers .
Even with just stolen phone numbers, cybercriminals can continue to wreak havoc, especially through smishing attacks that trick users into clicking dangerous SMS links. If you are a Google Fi user, be extra careful of suspicious messages in 2023.
Verizon: January 2023
Verizon customer details were discovered on an online forum in January of this year, with approximately 7.5 million wireless subscribers affected. The leaked data included the devices, reward systems, and subscription services used by customers, as well as their first names.
The telecom company released a statement clarifying that the material was recirculated data from a previous breach. As with many other incidents on this list, they indicated that the attack originated with a now-terminated third-party vendor.
Despite the fact the leaked data was linked to a past breach, the re-posting of customer data on a new forum highlights the long-term implications of such an attack and the importance of preventing similar incidents.
Twitter: January 2023
Twitter – the social media platform now known as X – suffered a breach connected to users’ email addresses in late 2021. While the issue was identified and fixed in 2022, the email records were published on a hacker forum in the first week of 2023.
Details of 235 million Twitter accounts and the email addresses associated with them were made public in the leak. According to the Washington Post , this posed a particular threat of “exposure, arrest or violence against people who used Twitter to criticize governments or powerful individuals, and it could open up others to extortion.”
Unfortunately, the 2023 incident is the latest in a long history of breaches at the social media giant. In August 2022, Twitter’s former head of security warned of “egregious deficiencies” in the platform’s cybersecurity practices.
MailChimp: January 2023
MailChimp, the email marketing platform, alerted customers to a data breach in January. The incident was the result of a social engineering attack that allowed unauthorized users into an internal customer support tool.
The hackers gained access to employee information and credentials, but the company has since identified and suspended those accounts. In response to the data breach, MailChimp has said: “Our investigation into the matter is ongoing and includes identifying measures to further protect our platform”, according to Bleeping Computer .
This is MailChimp’s first attack of 2023, but they also had data breaches in April and August of 2022. For businesses of all sizes, it’s important to know what to do after a data breach to prevent further attacks in the future.
Norton Life Lock: January 2023
Norton Life Lock notified their customers in mid-January that over 6,000 accounts had been breached in recent weeks due to a “stuffing” attack. Stuffing attacks are when previously compromised passwords are used to hack into accounts that use a shared password, another reason why multi-factor authentication is so important.
Gen Digital, Norton Life Lock’s parent company, sent the notice to accounts they believe could have been compromised and recommended changing passwords and enabling two-factor authentication.
Watch Now: Leadership Series – Post-Data Breach: Navigating a Response Plan
Data breaches in small businesses are on the rise. 61% of SMBs experienced at least one cyber attack in the past year, and 40% endured eight or more hours of downtime as a result. Watch this on-demand webinar to learn how to handle a data breach and establish a response plan.
Companies with the Most Data Breaches in 2023
Some of the most high-profile company data breaches are notorious for their frequency as well as the damage caused.
Facebook is one of the most popular websites in the world today. However, the company has faced numerous privacy issues over the years. Their most recent attack occurred in 2021, affecting 533 million users. Before that, Facebook was also hacked in 2018 and 2014, leaving 2.2 billion and 50 million people impacted, respectively.
Yahoo is another infamous victim of back-to-back cybersecurity incidents. The company was hacked in 2013 and 2014, leaving 1 billion and 500 million people affected, respectively. Their most recent attack in 2017 impacted 32 million users.
Other companies that have experienced repeat data breaches in the recent past include Amazon, Twitter, Microsoft, Uber, AOL, Dropbox, eBay, and more.
Given the high profile coverage of cyber attacks, why do so many companies continue to fall victim to hackers, sometimes on multiple occasions? Here are some of the common causes of data breaches to look out for:
- Old vulnerabilities: It’s not uncommon for a hacker to leave a secret window that they can use to access a company’s systems again after a successful first attempt. Failing to patch these vulnerabilities can lead to a second attack.
- Human error: Employees using weak passwords may expose a company’s systems to subsequent attacks. Other common human errors include employees clicking on malicious links and visiting phishing sites. Unless you perform follow-up security training following an initial breach, employees can repeat previous mistakes that leave your business vulnerable.
- Malware: Hackers use malicious software such as viruses, ransomware, Trojans, spyware, adware, etc., to steal confidential information from an organization’s network system. If a company fails to step up monitoring protocols after its first breach, there is nothing to stop repeat attacks from occurring.
- Weak passwords: Weak passwords or passwords that are re-used on multiple websites leave businesses vulnerable to cyber attack. Password guessing is now a highly automated process that takes hackers a matter of seconds when weak passwords are used.
- Stolen information: As seen in some of the examples above, information stolen in data breaches is often re-used to commit new attacks against fresh targets. Make sure to enforce good password hygiene and multi-factor authentication to minimize the risk of stolen information being used to access your business data.
- Privilege misuse / improper permission management: Businesses should enforce a policy of least privilege when it comes to sensitive information. This approach ensures employees only have access to the data they need to do their job, while confidential information is protected with robust permission management.
- Lost devices: Unencrypted devices are a goldmine of information if they fall into the wrong hands. To avoid cybersecurity breaches as a result of lost or stolen devices, implement a Mobile Device Management solution that allows you to remotely lock and wipe employee devices.
How Common are Data Breaches?
Data breaches are becoming increasingly common. In one recent study – the Verizon 2023 Data Breach Investigations Report – an analysis of data breaches across multiple industries between November 1, 2021 and October 31, 2022 identified:
- 6,248 incidents of denial of service, which disrupt critical business operations
- 3,966 incidents of system intrusion, including ransomware
- 2,091 incidents of lost or stolen assets, such as employee devices
- 1,700 incidents of social engineering attacks, including phishing or pretexting
- 1,404 incidents of basic web application attacks, typically driven by weak passwords and stolen credentials
- 602 incidents of miscellaneous errors, most often resulting from employee mistakes
- 406 incidents of privilege misuse, where employees commit breaches or fraudulent transactions
In total, the report analyzed 16,312 security incidents, of which 5,199 were confirmed data breaches. For businesses of all sizes, this frequency in attacks should be cause for concern – and reason to enforce strong security measures.
Data Breach vs Cyber Attack
Given the interchangeable nature of certain cybersecurity terms, you may be wondering if there is a difference between a data breach and a cyber attack. The key distinction is that not all cyber attacks result in a data breach.
Certain cyber attacks aim to cause business disruption, financial loss, and reputational damage by shutting down key operational systems. However, the majority of cyber attacks aim to steal some form of data – whether personal customer details or financial information. When a cyber attack results in unauthorized access to data, it is considered a data breach.
Data Leak vs Data Breach
Similarly, there is a small but important difference between a data leak and a data breach. In a data breach, sensitive data is accessed without authorization by a hacker or threat actor. In a data leak, confidential data is inadvertently exposed to the public through human error or security vulnerabilities.
How Can Companies Protect Against Hackers?
While the prevalence of cyber attacks is on the rise, there are steps that companies can take to protect their most valuable assets from hackers. Follow these cybersecurity best practices to keep your business safe:
- User access management: ensure you have visibility and control over who has access to your most sensitive data. Only grant employees access to the resources they need to do their job.
- Password management: enforce the use of strong passwords along with multi-factor authentication to prevent unauthorized access to business apps, databases, and confidential resources. Electric’s very own Aaron Shierlaw, CISO, says “ to enhance data security and protect sensitive information, implement a policy to limit the usage of third-party applications associated with Google accounts. This proactive measure minimizes potential vulnerabilities and safeguards our systems from unauthorized access or data breaches .”
- Endpoint protection: integrate your solutions for malware detection, network security, and breach prevention for a robust, cohesive security infrastructure.
- Mobile Device Management: an MDM solution keeps your company’s devices secure, no matter where they are used. Remotely roll out patches and upgrades across your entire device inventory, and retain the ability to lock and wipe devices if they are lost or stolen.
- Employee training: employee awareness is key to preventing cyber attacks. Conduct regular training so your teams are equipped to identify suspicious activity, attempted phishing, and other types of social engineering attacks. Aaron Shierlaw, CISO at Electric, says “ simulating phishing tests is another good way of keeping your employees on alert. Typically, if they engage with the phishing test, they are required to complete a brief training exercise. “
It doesn’t matter if you’re a small business or a large corporation; in 2023, every modern company is at heightened risk of cyber attack. To keep your data secure, you need a comprehensive cybersecurity solution. At Electric, we help businesses protect their most valuable asset from threat actors. Get in touch to learn more about our unified IT security at the device, application, and network levels.
Jessica Farrelly
Jessica is a content writer with more than 8 years of experience covering SaaS and the tech industry. She has worked with both B2B and B2C publications across North America, Europe, and APAC and currently writes about IT Solutions or Electric.
Learn how Electric can help you with IT management, employee onboarding/offboarding, security, and more!
Related Blog Posts
5 common mistakes with security awareness training.
An Environmentally-Friendly Approach to Device Shipments
Why Seamless IT & HR is Critical for People Teams
- International edition
- Australia edition
- Europe edition
MoD contractor hacked by China failed to report breach for months
Exclusive: Defence ministry was told in recent days that staff details accessed but sources say SSCL knew in February
The IT company targeted in a Chinese hack that accessed the data of hundreds of thousands of Ministry of Defence staff failed to report the breach for months, the Guardian can reveal.
The UK defence secretary, Grant Shapps, told MPs on Tuesday that Shared Services Connected Ltd (SSCL) had been breached by a malign actor and “state involvement” could not be ruled out.
Shapps said the payroll records of about 270,000 current and former military personnel, including their home addresses, had been accessed . China has not been openly named by the government as the culprit.
The MoD was told of the hack in recent days but a number of sources said SSCL, an arm of the French tech company Sopra Steria, became aware of the breach in February.
Sopra Steria did not respond to requests for comment.
One Whitehall insider did not comment on the timeframe but said that concern about SSCL being “slow to respond” was one of the issues being examined in an official inquiry into the hack.
It can also be revealed that SSCL was awarded a contract worth more than £500,000 in April to monitor the MoD’s own cybersecurity – several weeks after it was hacked. Officials now believe this contract could be revoked.
The payroll data that was hacked reflects only a fraction of the work SSCL does for the government.
Sopra Steria and SSCL are understood to have other undisclosed government cybersecurity contracts, according to Whitehall sources. However, these are deemed so sensitive that they have never been publicly disclosed. The Cabinet Office declined to comment on the detail of contracts, citing security restrictions.
The cybersecurity arm of the UK’s intelligence services, the National Cyber Security Centre, has warned of a growing threat to the country’s businesses and critical national infrastructure from hostile states. Chinese and Russian state-sponsored actors were highlighted among attackers using a range of routes to try to hide malicious activity on networks containing sensitive information.
Whitehall worries over a lack of transparency by SSCL have raised concerns that there could be a wider compromise of its systems. Sopra Steria is one of a handful of strategic suppliers to the government, with work ranging from administering pensions to wider payments systems for government departments and agencies.
Shapps told parliament that the government had “not only ordered a full review of its [SSCL’s] work within the MoD, but gone further and requested from the Cabinet Office a full review of its work across government, and that is under way”. He added that specialists had been brought in to carry out a “forensic investigation” of how the breach happened.
after newsletter promotion
Earlier this week, a spokesperson for the Cabinet Office said: “An independently audited, comprehensive security review of the contractor’s operations is under way and appropriate steps will be taken based on its findings.”
SSCL was part-owned by the government until October last year when it sold its 25% stake to Sopra Steria for £82m . SSCL was aware of being a “magnet” for cyber-attacks, sources said. A public warning about identity theft has been on the website of its parent company, Sopra Steria, for at least three years, according to an examination of the page’s history.
The hack was first internally detected in February, sources said, with concerns about potentially successful phishing attacks on the company dating back to December 2019.
SSCL and its parent company hold a total of £1.6bn in government contracts. These include a range of highly sensitive functions such as Home Office recruitment and online testing for officers, according to information from contracts gathered by the data company Tussell.
The Chinese embassy has said China was not responsible for the hack. A spokesperson said: “We urge the relevant parties in the UK to stop spreading false information, stop fabricating so-called China threat narratives, and stop their anti-China political farce.”
- Ministry of Defence
- Data and computer security
Most viewed
IMAGES
VIDEO
COMMENTS
Below, we've compiled a list of significant, recent data breaches (and a couple of important data leaks) that have taken place since January 1, 2022, dated to the day they were first reported in ...
By Kevin Collier. Fallout from a ransomware attack on the country's largest health care payment processor is "the most serious incident of its kind leveled against a U.S. health care ...
June 15, 2023, 10:12 AM PDT / Updated June 15, 2023, 2:24 PM PDT. By Kevin Collier. Several U.S. agencies have been hacked as part of a broader cyberattack that has hit dozens of companies and ...
Hospital operator Ascension reported disruptions to its clinical operations on Wednesday due to a suspected cybersecurity incident and advised business partners to temporarily disconnect from its ...
CNN —. A major US health care system said Thursday that it is diverting ambulances from "several" of its hospitals following a cyberattack this week. The cyberattack on Ascension, a St ...
Millions of people in Louisiana and Oregon have had their data compromised in the sprawling cyberattack that has also hit the US federal government, state agencies said late Thursday.. The breach ...
The report illustrates that the historic threats to user data that saw the number of data breaches nearly triple between 2013 and 2022, compromising 2.6 billion records over the course of two years, are only getting worse in 2023. In the U.S. alone, there were nearly 20 percent more breaches in just the first nine months of 2023 than in any ...
The Identity Theft Research Center (ITRC) has reported an increase of 17% in the number of recorded data breaches during 2021 in comparison to 2020. However, an entrenched lack of transparency ...
Sept. 15, 2022. Uber discovered its computer network had been breached on Thursday, leading the company to take several of its internal communications and engineering systems offline as it ...
News Corp. News Corp is one of the biggest news organizations in the world, so it's no surprise that hackers are eager to breach its security - and in February 2022, News Corp admitted server ...
SolarWinds — the company that was hit by a devastating security breach last year — similarly provides IT management software to many Fortune 500 firms and government agencies.
Latest data breach news. Read about the latest data breaches, who and what was impacted, and how these security incidents could have been prevented. This is one of the biggest issues in both government and corporate information security today. The Daily Swig covers data leaks from all sectors, and we always aim to bring you the inside line on ...
This is the first reported breach reported involving OpenAI. Should future incidents occur, they will be recorded here and in our article on ChatGPT breaches. March 2023: ILS Notifies 4.2 Million Customers of Data Breach. On March 14, healthcare provider Independent Living Systems (ILS) notified over 4 million customers of a data breach. The ...
Lapsus$ Group's Extortion Spree. The digital extortion gang Lapsus$ went on an extreme hacking bender in the first months of 2022. The group emerged in December and began stealing source code and ...
The data breach is the latest cyberattack AT&T has experienced since a leak in January of 2023, that affected 9 million users. By contrast, Saturday's much larger breach impacts 73 million current ...
This year's DBIR represented the largest number of tracked breaches seen in the history of Verizon's report by far, Hylender said. Verizon examined 10,626 confirmed breaches of 30,458 incidents, which represents about twice the previous report. He chalked it up partially to new contributors joining the report this year.
The breaches reported to HHS are categorized by type, with hacking being by far the most prevalent. ... The move to remote work in recent years and most recently because of the Covid-19 pandemic ...
Cerebral: 3,179,835 Individuals Impacted. Online mental healthcare platform Cerebral notified more than 3.1 million users of a data breach that stemmed from its use of tracking pixels. As ...
Risk Based Security released their 2021 Mid Year Data Breach QuickView Report, revealing significant shifts in the data breach landscape despite 2021 breaches declining by 24%. There were 1,767 publicly reported breaches in the first six months of 2021 which exposed a total of 18.8 billion records. However, the decline of reported data breaches does not mean security has improved over the ...
Since 2005, the Identity Theft Resource Center has tracked publicly reported data breaches in the United States. What began as a collection of basic information has grown into a database of more than 18.8K tracked data compromises, impacting over 12B victims and exposing 19.8B records. Now in its 18th year, the ITRC's 2023 Data Breach Report ...
BASKING RIDGE, NJ - Verizon Business today released the findings of its 17th-annual Data Breach Investigations Report (DBIR), which analyzed a record-high 30,458 security incidents and 10,626 confirmed breaches in 2023—a two-fold increase over 2022.
The largest cyberattack of its kind recently happened. ... than the total number of article views reported by Wikipedia during the entire month of September 2023," Google wrote in a blog post ...
In spite of recent efforts to beef up cybersecurity, data breaches — in which hackers steal personal data — continue to increase year-on-year: there was a 20% increase in data breaches from ...
Electronics Arts. Hackers broke into the systems of Electronic Arts, one of the world's biggest video game publishers, and stole source code used in company games. The company made the ...
Detroit Free Press. 0:03. 1:23. Ascension hospitals in Michigan and across the U.S. were hit Wednesday by a cyberattack that disrupted its computer network which continued to affect its clinical ...
There was no letup in healthcare data breaches as the year drew to a close, with December seeing the second-highest number of data breaches of the year. 74 large healthcare data breaches were reported in December, bringing the year's total up to 725 breaches - a new record. Another unwanted record was set in December. 2023 was the worst ever year for breached healthcare records - 133 ...
Data breaches are becoming increasingly common. In one recent study - the Verizon 2023 Data Breach Investigations Report - an analysis of data breaches across multiple industries between November 1, 2021 and October 31, 2022 identified: 6,248 incidents of denial of service, which disrupt critical business operations
Lawrence General Hospital in Massachusetts has reported a data security incident in which unauthorized individuals potentially accessed a limited amount of patient information. A security breach was identified on September 19, 2020 which disrupted its IT systems. The investigation revealed an unauthorized individual gained access to its systems ...
Last modified on Fri 10 May 2024 21.30 EDT. The IT company targeted in a Chinese hack that accessed the data of hundreds of thousands of Ministry of Defence staff failed to report the breach for ...
May 1, 2024. 6. minute read. On April 24th, we became aware of unauthorized access to the Dropbox Sign (formerly HelloSign) production environment. Upon further investigation, we discovered that a threat actor had accessed Dropbox Sign customer information. We believe that this incident was isolated to Dropbox Sign infrastructure, and did not ...