Unless you have been living under a rock, it shouldn’t be news that cyber attacks and data breaches continue to grow in frequency and impact. The number of data breaches almost tripled between 2013 and 2022. Furthermore, in the United States alone, there were 20% more breaches in the first nine months of 2023 than in any previous 12-month period!
Organizations must acknowledge the harsh reality of data breaches and information exposure. Ignoring the issue will only lead to disaster and further losses. Awareness is the first step toward securing your organization’s sensitive information. Here is a look at the most significant data breaches globally in 2023.
January – T-Mobile (37 Million Customers)
T-Mobile has reported that an unauthorized individual gained access to the personal data of 37 million customers. The breach was limited to certain customer account information, including names, addresses, phone numbers, and account numbers.
February – GoAnywhere (130+ Companies)
Fortra has informed its customers that their GoAnywhere MFT tool was hacked by a zero-day exploit. The Clop ransomware group is responsible for the attack, which affected more than 130 companies that used the same tool.
March – Verizon (7.5 Million Customers)
Breached Forums, a well-known hacker forum, leaked details of over 7 million Verizon users. The information included contract details, device information, encrypted customer IDs, and some additional data. It’s important to note that none of the personal data was unencrypted.
April – Shields Healthcare Group (2.3 Million People)
Shields Healthcare Group has reported a security breach that resulted in the theft of personal data belonging to 2.3 million individuals by a cyber criminal.
May – PharMerica (5.8 Million Patients)
The cyber crime group known as Money Message Ransomware announced that they had hacked into the systems of PharMerica and its parent company, BrightSpring Health Services. They obtained access to 4.7 terabytes from databases that held sensitive information. The breach was reported to the Maine Attorney General and HHS’ Office for Civil Rights, stating that it had affected as many as 5,815,591 people.
June – Oregon Driver and Motor Vehicle Services (DMV) (3.5 Million People)
In June, Oregon discovered that a third-party software called MOVEit had a vulnerability. This software was used to transfer data files, including driver’s licenses and identification card files of around 3.5 million Oregon residents.
July – HCA Healthcare (11 Million Patients)
US-based healthcare giant HCA Healthcare suffered a data breach impacting 11 million patients. The cyber attack was discovered, after patients’ personal data was posted online.
August – Purfoods (1.2 Million Customers)
In August, PurFoods, an American meal delivery service, reported a data breach that exposed the financial and medical information of over 1.2 million customers.
September – DarkBeam (3.8 Billion Records)
The CEO of SecurityDiscovery, Bob Diachenko, alerted DarkBeam that they had been breached. The breached data contained 16 collections, each housing 239,635,000 records. This resulted in over 3.8 billion records being exposed.
October – Indian Council of Medical Research (815 Million People)
The personal data of 815 million Indian residents was stolen from the ICMR’s Covid-testing database and offered for sale on the dark web by a hacker named “pwn0001”. They got away with 90GB of data, including full names, ages, genders, addresses, passport numbers, and Aadhaar numbers (12-digit government identification numbers).
November – McLaren Health Care (2.2 Millon People)
The healthcare nonprofit McLaren Health Care in Michigan notified 2.2 million people that they had suffered a data breach. The data taken included Social Security Numbers (SSN), health insurance information, dates of birth, diagnostic results and treatment information, prescription/medication information, and more.
December – ???
Just because you’re small doesn’t mean you are not a target.
It is important to note that many data breaches happen in Small and Medium-sized Businesses (SMBs) and local governments. They do not receive as much attention as the highly publicized breaches involving millions of customers and exposed records. These smaller entities have limited resources, which makes it more difficult for them to recover from the impact of such breaches. Despite the lack of headlines, the impact on them is profound.
Is ensuring the safety and security of your organization a top priority for you? If yes, then Commonwealth Sentinel can be your partner in risk reduction and ensuring the well-being of everyone involved. We provide a range of comprehensive services, including software and hardware solutions, training, and policy implementation to achieve complete peace of mind. If you want to learn more about our services, sign up for a free cyber security consultation or contact us at (502) 320-9885.