Biggest Cybersecurity Attacks in 2023

In the evolving landscape of cyber threats, 2023 marked yet another year rife with high-profile security breaches and attacks. From ransomware incursions to sophisticated data exfiltration, these incidents have shaped the discourse around cybersecurity and propelled organizations and individuals into a realm of heightened vigilance and awareness.

Biggest Cybersecurity Attacks in 2023

1. Twitter Breach : A criminal hacker named ‘Ryushi’ leaked over 400 million users’ email addresses. Although no other personal information was compromised, the exposure of email addresses can still pose significant privacy risks. Email addresses can easily identify many individuals, especially if linked to their name or business. This breach has heightened concerns, particularly for high-profile individuals who might be targeted for phishing or privacy invasions.

2. JD Sports Incident : JD Sports confirmed a breach affecting approximately 10 million customers. The compromised data included names, billing and delivery addresses, phone numbers, order details, and the last four digits of payment cards. Customers who purchased from certain JD Sports brands between November 2018 and October 2020 were impacted. The company apologized to affected customers and advised vigilance against potential scam emails, calls, and texts.

3. CentraState Medical Center’s Security Breach: In this incident, the Freehold, NJ, hospital failed to protect the sensitive personal data of 617,000 patients due to a ransomware attack in December 2022. The breach compromised a significant cache of personal information, including patients’ names, dates of birth, addresses, Social Security numbers, health insurance details, medical record numbers, and patient account numbers. Upon detecting the attack on December 29, the hospital initiated an investigation to ascertain the nature and extent of the breach.

4. Latitude Financial: In March 2023, more than 14 million records were compromised in Latitude Financial, a Melbourne-based financial services company, affecting customers in Australia and New Zealand. Cybercriminals stole a wide range of data, including nearly 8 million driver’s licenses, 53,000 passport numbers, and numerous financial statements. Initially, Latitude Financial reported only 300,000 affected individuals, revealing a poor understanding of the breach’s scope. This incident raised concerns about the company’s response, potentially impacting customer trust.

5. Shields Health Care Group: In April 2023, Shields Health Care Group, a Massachusetts-based medical services provider, experienced a significant data breach affecting 2.3 million individuals. Unauthorized individuals acquired access to sensitive data, including social security numbers, birth dates, addresses, medical records, billing information, and insurance identification numbers. Shields immediately took measures to secure its systems and investigate the breach, emphasizing its commitment to enhancing data security.

6. NCB Management: NCB Management is a debt collection services provider where cybercriminals accessed credit card data from nearly one million Bank of America past-due accounts. The breach exposed extensive personal information such as names, addresses, contact details, social security numbers, and financial account details. While Bank of America reported the incident to authorities, details regarding the bank’s involvement beyond affected customers remain unclear. This breach has raised concerns about potential scams due to the compromised sensitive data.

7. MOVEit Vulnerability (Ongoing Impact): The MOVEit vulnerability, exploited by the Cl0p gang through a zero-day SQL injection in Progress Software’s MOVEit Transfer, has led to numerous breaches impacting various organizations. The fallout continues to affect numerous entities, including the French unemployment agency Pôle emploi (originally reported with 10 million breached records) and over 1,000 organizations, affecting over 60 million individuals. Other affected entities include Maximus, Microsoft’s Nuance, the National Student Clearinghouse, and more.

8. Electoral Commission (UK): The UK’s Electoral Commission suffered a cyber attack in which hostile actors gained access to the electoral registers, affecting around 40 million individuals. The attack, detected in October 2022 but reported publicly on August 8, 2023, compromised personal data like names, addresses, and dates of birth. An audit failure in its cyber essentials certification and running an unpatched Microsoft Exchange Server highlighted security shortcomings.

9. Tigo (China): Tigo, a popular Chinese video chat platform, experienced a data breach that impacted over 700,000 individuals. The compromised data included names, usernames, genders, email addresses, IP addresses, and private messages. Troy Hunt reported the breach after failing to contact Tigo. The breach poses severe data privacy concerns due to potential misuse and lack of encryption over a secure connection.

10. Indonesian Immigration Directorate General: A hacktivist accessed the Indonesian Immigration Directorate General’s database and exposed passport data belonging to more than 34 million Indonesians. The stolen data contained full names, genders, passport numbers, issue and expiry dates, and dates of birth. Offered for sale on the dark web, this incident raises concerns about the security of sensitive government data.

11. Teachers Insurance and Annuity Association of America (TIAA): Affected by the MOVEit vulnerability, TIAA notified the Maine Attorney General about the breach on July 14, 2023, disclosing data compromise for 2,630,717 of its clients’ consumers. However, whether this number represents the total affected or a subset is still being determined. The breach originated from an attack on its vendor, Pension Benefit Information, leading to compromised client data.

12. ICMR Indian Council of Medical Research: This breach occurred on October 9, 2023, impacting 815 million Indian residents. The stolen data included victims’ names, ages, genders, addresses, passport numbers, and Aadhaar numbers. The breach involved data from the ICMR’s Covid-testing database and was offered for sale on the dark web.

13. 23andMe: On October 2, 2023, 23andMe, a genetics and research company, experienced a breach involving 20 million records. Credential stuffing attacks led to data leaks of genetic profiles and personal data of UK and German residents, adding to the 1 million data packs of Ashkenazi Jews previously leaked.

14. Redcliffe Labs: This breach, discovered around October 25, 2023, affected 12,347,297 medical records (7 TB) from Redcliffe Labs, a medical diagnostic company in India. A security researcher found a non-password-protected database containing extensive medical records, but it remains unclear if the data was criminally exfiltrated.

15. DarkBeam: While not detailed in the latest section, the DarkBeam breach, discovered on September 18, 2023, exposed a massive 3.8 billion records. DarkBeam left an unprotected Elasticsearch and Kibana interface, resulting in vast data exposure, primarily sourced from previous breaches. Despite the data originating from other breaches, the sheer volume poses a significant risk for potential phishing campaigns and identity-related scams.

Final Thoughts

Looking back on the cyber landscape of 2023, specific persistent trends in cybersecurity remain evident. Ransomware remained a lucrative avenue for hackers, underscoring the importance of secure backups, updated software, and employee training against social engineering. Phishing and social engineering continued as primary entry points for cyber attacks, while advanced machine learning was used in threat detection. Lessons learned included vetting third-party software providers post-MOVEit breaches and the critical need for well-documented response protocols to contain breaches swiftly and minimize fallout.

TRAINING CALENDAR of Upcoming Batches For Security+ SY0-701

Remaining vigilant and aware is essential to minimize the risk of cyber attacks. For comprehensive knowledge on mitigating such threats, consider exploring InfosecTrain’s CompTIA Security+ and CEH training courses, which offer extensive learning in cybersecurity.

TRAINING CALENDAR of Upcoming Batches For CEH v12

AUTHOR
Pooja Rawat ( )

“ My name is Pooja Rawat. I have done my B.tech in Instrumentation engineering. My hobbies are reading novels and gardening. I like to learn new things and challenges. Currently I am working as a Cyber security Research analyst in Infosectrain. “