data breach case study 2023

The biggest cybersecurity and cyberattack stories of 2023

Lawrence abrams.

January 1, 2024

2023 was a big year for cybersecurity, with significant cyberattacks, data breaches, new threat groups emerging, and, of course, zero-day vulnerabilities.

Some stories, though, were more impactful or popular with our 22 million readers than others.

Below are fourteen of what BleepingComputer believes are the most impactful cybersecurity stories of 2023, with a summary of each.

14. The 23andMe data breach

Genetic testing provider 23andMe suffered credential stuffing attacks that led to a major data breach, exposing the data of 6.9 million users.

The company states that the attackers only breached a small number of accounts during the credential-stuffing attacks. However, the threat actors were able to abuse other features to scrape millions of individuals' data.

The threat actors attempted to sell the stolen data, but after not receiving buyers, leaked the data for 1 million Ashkenazi Jews and 4,011,607 people living in Great Britain on a hacking forum.

In a recent update, 23andMe told BleepingComputer that the breach impacted 6.9 million people — 5.5 million through the DNA Relatives feature and 1.4 million through the Family Tree feature.

This breach has led to multiple class action lawsuits against the company for not adequately protecting data.

13. Hosting firm says it lost all customer data after ransomware attack

Two Danish hosting providers were forced to shut down after a ransomware attack encrypted the majority of customer data, and data restoration was not successful.

"Since we neither can nor wish to meet the financial demands of the criminal hackers for a ransom, CloudNordic's IT team and external experts have been working intensively to assess the damage and determine what could be recovered," reads CloudNordic's statement (machine translated)

"Sadly, it has been impossible to recover more data, and the majority of our customers have consequently lost all their data with us."

12. Anonymous Sudan hacktivists show that DDoS attacks can impact the largest tech firms

A hacktivist group known as Anonymous Sudan took everyone by surprise when their DDoS attacks took down the websites and services of some of the largest tech firms in the world.

The group's attacks gained wide media attention when they successfully took down login pages for Microsoft's services, including Outlook , OneDrive , and the Azure portal .

Over a week later, Microsoft finally confirmed that DDoS attacks caused these outages.

"Beginning in early June 2023, Microsoft identified surges in traffic against some services that temporarily impacted availability," confirmed Microsoft .

"Microsoft promptly opened an investigation and subsequently began tracking ongoing DDoS activity by the threat actor that Microsoft tracks as Storm-1359."

Anonymous Sudan later targeted numerous other websites, including those for ChatGPT , Cloudflare , and U.S. government services.

Anonymous Sudan claiming to attack US government websites

The increasing DDoS attacks and their impact led the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to release an advisory about these incidents.

11. New acoustic attack steals data from keystrokes with 95% accuracy

A team of researchers from British universities trained a deep learning model to steal data from keyboard keystrokes recorded using a microphone with an accuracy of 95%.

When Zoom was used for training the sound classification algorithm, the prediction accuracy dropped to 93%, which is still extremely high.

To mitigate these attacks, the researchers suggest users may try altering typing styles or using randomized passwords. Other defense measures include using software to reproduce keystroke sounds, play white noise, or software-based keystroke audio filters.

10. PayPal accounts breached in large-scale credential stuffing attack

PayPal suffered a credential stuffing attack between December 6 and December 8, 2022, allowing attackers to access 34,942 accounts.

Credential stuffing is an attack where hackers attempt to access an account by trying out username and password pairs sourced from data leaks on various websites.

Hackers had access to account holders' full names, dates of birth, postal addresses, social security numbers, and individual tax identification numbers.

9. Dish Network goes offline after likely cyberattack, employees cut off

American T.V. giant and satellite broadcast provider DISH Network mysteriously went offline earlier this year, with its websites and mobile apps not working for days.

Dish.com website offline amid 'internal system issue'

DISH later confirmed that the outage was caused by a ransomware attack , with BleepingComputer first to report that the Black Basta ransomware gang was behind the attack.

Employees told BleepingComputer that the ransomware gang compromised the company's Windows domain controllers and encrypted VMware ESXi servers and backups.

DISH data breach notifications confirmed that data was stolen in the attack and hinted that a ransom was paid not to release the stolen data.

"We are not aware of any misuse of your information, and we have received confirmation that the extracted data has been deleted," read the data breach notification .

8. GoDaddy: Hackers stole source code, installed malware in multi-year breach

Web hosting giant GoDaddy says it suffered a multi-year breach allowing unknown attackers to steal source code and install malware on its servers.

This breach began in 2021 and allowed the threat actors access to the personal information of 1.2 million Managed WordPress customers, including credentials, and also used the access to redirect websites to other domains.

No threat actors ever claimed responsibility for this attack.

7. MGM Resorts cyberattack shuts down IT systems after cyberattack

MGM Resorts International suffered a massive attack that impacted numerous systems, including its main website, online reservations, and in-casino services, like ATMs, slot machines, and credit card machines.

The BlackCat ransomware operation claimed the attack, whose affiliates said they encrypted over 100 ESXi hypervisors during the incident.

Bloomberg reported that the same group also breached Caesars Entertainment's network , providing a strong hint in a Form 8-K SEC filing that they paid the attackers to prevent a leak of customers' stolen data.

While the attack was significant, it also brought wide attention to a loose-knit group of hackers known as Scattered Spider.

Scattered Spider, also known as 0ktapus , Starfraud, UNC3944 , and Muddled Libra , is adept at social engineering and relies on phishing, multi-factor authentication (MFA) bombing (targeted MFA fatigue), and SIM swapping to gain initial network access on large organizations.

Members of this collective are affiliates of the BlackCat ransomware gang and include young English-speaking members with diverse skill sets who frequent the same hacking forums and Telegram channels.

While many believe this is a cohesive gang, the group is a network of individuals, with different threat actors participating in each attack. This fluid structure is what makes it challenging to track them.

In November, the FBI released an advisory highlighting the group's tactics, techniques, and procedures (TTPs).

Scattered Spider is behind previous attacks on Reddit , MailChimp , Twilio , DoorDash , and Riot Games .

6. Hackers compromise 3CX desktop app in a supply chain attack

3CX was breached by the North Korean Lazarus hacking group to push malware through a supply chain attack using the company's Voice Over Internet Protocol (VOIP) desktop client.

3CX is a VoIP IPBX software development company whose 3CX Phone System is used by more than 350,000 companies worldwide and has over 12 million daily users.

3CX was breached after an employee installed a trojanized version of Trading Technologies' X_TRADER software, which allowed the threat actors to steal corporate credentials and breach the network .

The attackers pushed out a malicious software update that installed a previously unknown information-stealing malware to steal data and credentials stored in Chrome, Edge, Brave, and Firefox user profiles.

5. Barracuda says hacked ESG appliances must be replaced immediately

In May, Barracuda disclosed that some of their Email Security Gateway (ESG) appliances were hacked using a zero-day vulnerability to install malware and steal data.

We later learned that the attacks were linked to Chinese threat actors , who used the vulnerability since 2022 to infect ESG devices with new malware named 'Saltwater,' 'Seaspy,' and 'Seaside.'

CISA later disclosed that Submarine and Whirlpool malware were also used in the attacks to backdoor ESG devices.

What stood out from these attacks is that instead of using a software fix for impacted ESG devices, Barracuda warned customers they must replace their Email Security Gateway (ESG) appliances , which was done free of charge.

"Impacted ESG appliances must be immediately replaced regardless of patch version level," the company warned at the time.

"Barracuda's remediation recommendation at this time is full replacement of the impacted ESG."

This unusual request led many to believe that the threat actors compromised the devices at a low level, making it impossible to ensure they were completely clean.

Mandiant, who was part of the incident response in these attacks, told BleepingComputer that this was recommended out of caution, as Barracuda could not ensure the complete removal of malware.

4. Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide

In February 2023, a massive ransomware campaign targeted exposed VMware ESXi servers worldwide, quickly encrypting the virtual machines for thousands of companies.

Just hours after the attack, victims began reporting in the BleepingComputer's forum that files with vmxf, .vmx, .vmdk, .vmsd, and .nvram, all files associated with VMware ESXi virtual machines, were encrypted.

The ransomware campaign was dubbed ESXiArgs due to an .args file being created for every encrypted file.

The VMware ESXi console home page was modified to show a ransom note demanding 2.0781 bitcoins, worth approximately $49,000 at the time.

3. Brazil seizing Flipper Zero shipments to prevent use in crime

One of BleepingComputer's most-read stories of the year was the news that the Brazilian National Telecommunications Agency seized incoming Flipper Zero purchases for their potential to be used in criminal activity.

Brazilians who purchased the Flipper Zero reported that their shipments were redirected to Brazil's telecommunications agency, Anatel, due to a lack of certification with the country's Radio Frequencies department.

From emails seen by BleepingComputer, Anatel flagged the device as a tool used for criminal purposes.

2. The Operation Triangulation iPhone attacks

In June, researchers from Kaspersky first disclosed a new zero-click iOS attack called " Operation Triangulation " used to install the TriangleDB spyware on iPhones.

Kaspersky discovered the attack on devices within its own network, and Russia's FSB intelligence service accused Apple of providing the NSA with a backdoor. However, the true origins of the attack remain unknown, and there is no proof that the U.S. government is behind the attacks.

The attacks start with the hackers sending a malicious iMessage attachment that, when processed by iOS, automatically triggers a zero-click exploit chain. A zero-click exploit means it does not require interaction from the user to be triggered.

The attacks chained together four zero-day iOS vulnerabilities listed below to install the spyware:

CVE-2023-41990 : A vulnerability in the ADJUST TrueType font instruction allowing remote code execution through a malicious iMessage attachment.
CVE-2023-32434 : An integer overflow issue in XNU's memory mapping syscalls, granting attackers extensive read/write access to the device's physical memory.
CVE-2023-32435 : Used in the Safari exploit to execute shellcode as part of the multi-stage attack.
CVE-2023-38606 : A vulnerability using hardware MMIO registers to bypass the Page Protection Layer (PPL), overriding hardware-based security protections.

Last week, Kaspersky disclosed that the final zero-day vulnerability, CVE-2023-38606, abused an undocumented feature in Apple chips to bypass hardware-based security protections.

While the Operation Triangulation attacks did not impact many devices, it could be one of the most sophisticated iOS attacks seen to date.

While it's still unknown who is behind the attacks, their sophistication has led cybersecurity researchers to believe that a government-sponsored hacking group is behind them.

1. The MOVEit Transfer data theft attacks

BleepingComputer was the first to report the widespread data-theft attacks exploiting a zero-day vulnerability in the MOVEit Transfer secure file transfer platform.

MOVEit Transfer is a managed file transfer (MFT) solution developed by Ipswitch, a subsidiary of US-based Progress Software Corporation, that allows the enterprise to securely transfer files between business partners and customers using SFTP, SCP, and HTTP-based uploads.

While the vulnerability was patched in May 2023, the threat actors had already utilized it as a zero-day to breach MOVEit Transfer servers and download the stored data.

The attacks were soon claimed by the Clop ransomware gang , who previously launched similar attacks through zero-day vulnerabilities in Accellion FTA and GoAnywhere .

According to Emsisoft , 2,706 organizations were breached using this vulnerability, exposing the personal data of over 93 million people.

DocGo discloses cyberattack after hackers steal patient health data

Dropbox says hackers stole customer data, auth secrets from eSignature service

Philadelphia Inquirer: Data of over 25,000 people stolen in 2023 breach

Ransomware payments drop to record low of 28% in Q1 2024

United Nations agency investigates ransomware attack, data theft

Cyberattack
Data Breach
Law Enforcement
Previous Article
Next Article

Help us understand the problem. What is going on with this comment?

Abusive or Harmful
Inappropriate content
Strong language

Read our posting guidelinese to learn what content is prohibited.

The 10 Biggest Data Breaches of 2023 (So Far)

The 10 largest breaches during the first half of the year have impacted more than 100 million individuals, according to data from the Identity Theft Resource Center.

The Breaches Pile Up

For anyone in the world of cyber defense or incident response who was hoping to have a slow summer, it’s not looking good. As just one indicator, the number of victims of the MOVEit cyberattack campaign — in which the Russian-speaking cybercriminal group Clop has targeted organizations using Progress’ MOVEit file transfer tool — continues to grow by the day. And some of the confirmed attacks have been known to have a major impact on users’ personal data: Three of the data breaches associated with the MOVEit attacks rank among the 10 biggest data breaches from the first half of 2023, based on the number of impacted individuals in the breaches, according to the nonprofit Identity Theft Resource Center.

[Related: 8 Tech And IT Companies Targeted In The MOVEit Attacks ]

And this may only be the tip of the iceberg, since only 11 of the 148 affected organizations so far have actually disclosed the number of impacted individuals, according to Emsisoft threat analyst Brett Callow. In other words, there may be a lot more fallout to come.

In all, the 10 biggest data breaches from the first half of 2023 have impacted a combined 104 million individuals in total, according to data provided by the Identity Theft Resource Center to CRN. Notably, a number of high-profile breaches with broad impacts did not make the top 10, including the wave of attacks that exploited Fortra’s GoAnywhere file transfer platform earlier this year. For instance, the largest incident from the GoAnywhere campaign — the hack of healthcare benefits and technology firm NationsBenefits — did not rank among the 10 biggest data breaches of the first six months of the year despite the fact that 3 million members were impacted.

Clop has been behind both the GoAnywhere and MOVEit campaigns, security researchers say. And it’s no coincidence that both tools are used for managed file transfers. The technologies enable the ingestion of large volumes of data that can then be moved from point to point, making them an appealing target for data thieves, said Chris Pierson, CEO of BlackCloak and a former member of the U.S. Department of Homeland Security’s Data Privacy and Integrity Advisory Committee .

The fact that the MOVEit campaign has not included encryption of data, as in traditional ransomware attacks, is another key development. As CrowdStrike Head of Intelligence Adam Meyers told CRN earlier this year, many cybercriminals are finding that data extortion attacks are easier and more profitable than ransomware. In the MOVEit campaign, victims are being pressured to pay the hackers in order to be spared from having their data leaked online — rather than to decrypt their data. While “extortion-only” attacks have been found to be less likely to impact smaller businesses, larger organizations should take note of the shift away from traditional ransomware attacks, since it means that simply having data backups may no longer suffice when dealing with cybercriminal groups such as Clop.

The Identity Theft Resource Center provided CRN with information on the 10 largest data breaches in 2023, as of June 26, by number of impacted individuals. (CRN has supplemented the findings with information from breaches that have come to light in recent days.)

What follows are the details on the 10 biggest data breaches of 2023 so far.

10. Oregon Department of Transportation

Number of individuals impacted: 3.5 million

One massive breach in connection with the MOVEit attacks impacted the Oregon Driver and Motor Vehicles division of the Oregon Department of Transportation, and an estimated 3.5 million Oregon residents. “On June 1, 2023 the Oregon Department of Transportation learned we were part of a global hack of the file transfer tool called MOVEit, which we use to send and receive data. We immediately secured our system,” the department said in an advisory. “However, we later learned that data records for Oregon driver’s licenses, permits and ID cards were accessed.”

“If you have an active Oregon driver’s license, permit, or ID card, you should assume your personal information was exposed,” the department said. “We don’t know exactly what data was accessed by the breach, or which individuals were affected, but you should be aware that the personal information that is typically associated with a DMV driver’s license, permit or ID card record—and thus, may have been exposed—would include: Name; Home and mailing address; License or ID number; Last four digits of Social Security number.”

9. Independent Living Systems, LLC

Number of individuals impacted: 4.2 million

Independent Living Systems — a provider of services to managed care organizations — disclosed the breach in March, though it actually occurred in mid-2022. “On July 5, 2022, we experienced an incident involving the inaccessibility of certain computer systems on our network,” the company said in its notification about the incident. “We responded to the incident immediately and began an investigation with the assistance of outside cybersecurity specialists. Through our response efforts, we learned that an unauthorized actor obtained access to certain ILS systems between June 30 and July 5, 2022. During that period, some information stored on the ILS network was acquired by the unauthorized actor, and other information was accessible and potentially viewed.”

A lengthy list of personal data may have been impacted in the breach, according to Independent Living Systems, including: “name, address, date of birth, driver’s license, state identification, Social Security number, financial account information, medical record number, Medicare or Medicaid identification, CIN#, mental or physical treatment/condition information, food delivery information, diagnosis code or diagnosis information, admission/discharge date, prescription information, billing/claims information, patient name, and health insurance information.”

The company has reportedly been facing at least five class-action lawsuits over the breach.

8. TMX Finance Corporate Services Inc.

Number of individuals impacted: 4.8 million

TMX Finance Corporate Services, which offers consumer lending services, disclosed in March that it had identified a breach in February, which may have begun as far back as December 2022. “The investigation confirmed that information may have been acquired between February 3, 2023 - February 14, 2023. We promptly began a review of potentially affected files to determine what information may have been involved in this incident,” the company said in a breach notification. Personal data that may have been impacted for TMX consumers includes name, date of birth, social security number, passport number, driver’s license number and tax ID number, according to the company.

7. PBI Research Services/Berwyn Group - MOVEit Transfer

Number of individuals impacted: 4.92 million

Four major MOVEit-related breaches have stemmed from the hack of third-party vendor PBI Research Services so far. The breaches have affected a total of nearly 5 million individuals so far who are served by two pension systems — the California Public Employees’ Retirement System (CalPERS) and the Tennessee Consolidated Retirement System — and by two insurers, Genworth and Wilton Re.

CalPERS, which is the largest public pension fund in the U.S., disclosed in a news release that the data of 769,000 retirees was compromised. In a quote included in the release, CalPERS CEO Marcie Frost called the PBI breach “inexcusable.” The Tennessee Consolidated Retirement System reported that 171,836 retirees and/or beneficiaries were impacted.

Meanwhile, Wilton Re disclosed in a breach notification that nearly 1.5 million individuals were impacted in the hack of PBI. And in the largest of the three PBI-related breaches from MOVEit, Genworth reported that the breach “included personal information for approximately ~2.5-2.7 million individuals who are either customers or insurance agents.”

6. PharMerica Corporation

Number of individuals impacted: 5.8 million

PharMerica, a provider of pharmacy services across the U.S., disclosed in May that it had been impacted by a breach in March. “The investigation determined that an unknown third party accessed our computer systems from March 12-13, 2023, and that certain personal information may have been obtained from our systems as a part of the incident,” the company said in a breach notification. “On March 21, 2023, we determined that the data contained personal information that included the above-referenced person’s name, address, date of birth, Social Security number, medications and health insurance information.”

5. Louisiana Office of Motor Vehicles - MOVEit Transfer

Number of individuals impacted: 6 million

Another DMV breach in connection with the MOVEit attacks impacted the Louisiana Office of Motor Vehicles and up to 6 million Louisiana residents (it was not immediately known whether there were victim duplicates, the Identity Theft Resource Center noted). In mid-June, the Louisiana governor’s office said in a news release that it “believes that all Louisianans with a state-issued driver’s license, ID, or car registration have likely had the following data exposed to the cyber attackers: Name, Address, Social Security Number, Birthdate, Height, Eye Color, Driver’s License Number, Vehicle Registration Information, Handicap Placard Information.” Clop has claimed that it has deleted government data that was stolen, and the Louisiana governor’s office noted that “the cyber attackers have not contacted state government” adding that “there is no indication at this time that cyber attackers who breached MOVEit have sold, used, shared or released the OMV data obtained from the MOVEit attack.”

4. MCNA Insurance Company

Number of individuals impacted: 8.92 million

Managed Care of North America (MCNA) Insurance Company disclosed in May it became aware that it had been impacted by a breach in March. “Through its investigation, MCNA determined that an unauthorized third party was able to access certain systems and remove copies of some personal information between February 26, 2023 and March 7, 2023,” the company said in a breach notification.

“Personal information that may have been involved included: (1) demographic information to identify and contact you, such as full name, date of birth, address, telephone and email; (2) Social Security number; (3) driver’s license number or government-issued identification number; (4) health insurance information, such as name of plan/insurer/government payor, member/Medicaid/Medicare ID number, plan and/or group number; and (5) information regarding dental/orthodontic care,” the company said.

3. Zacks Investment Research, Inc.

Number of individuals impacted: 8.93 million

Zacks Investment Research disclosed a breach in January impacting 820,000 customers, which reportedly occurred between November 2021 and August 2022. “The specific customer information we believe to have been accessed is limited to name, address, phone number and email address/user name, as well as passwords used from an older database of customers who had signed up for the Zacks Elite product between November 1999 through February 2005. This product was phased out by 2011,” Zacks said in a notification on its site.

However, in June, breach database and notification service Have I Been Pwned said it received a database of information belonging to 8.9 million Zacks users from a breach in 2020. In June, Zacks said in an updated notification that “we have confirmed that in association with the prior data breach disclosed by Zacks below, which relates to a smaller subset of customers whose unencrypted passwords were compromised, the unauthorized third parties also gained access to encrypted passwords of zacks.com customers. We have no reason to believe any customer credit card information or any other customer financial information was accessed for any Zacks customer at any time.”

2. PeopleConnect, Inc. - Instant Checkmate & Truthfinder

Number of individuals impacted: 20.2 million

PeopleConnect disclosed in February that a breach impacted its background check services, Instant Checkmate and Truthfinder. “We learned recently that a list, including name, email, telephone number in some instances, as well as securely encrypted passwords and expired and inactive password reset tokens, of TruthFinder subscribers was being discussed and made available in an online forum,” the PeopleConnect said in its initial advisories about the breach.

In an update in March, the company said that “Password field was not in readable form, and these were hashed and encrypted using the ‘scrypt’ algorithm.” Additionally, “the data was stolen or acquired from a cloud storage location maintained and used only by a former service provider with whom we worked during 2019.”

1. T-Mobile

Number of individuals impacted: 37 million

Wireless giant T-Mobile revealed in January that it was actively investigating a data breach that has potentially affected 37 million user accounts. The company said it first identified malicious activity on January 5 when it noticed that a “bad actor” obtained data through a single API without authorization. The breach was contained within a day and no sensitive data, such as customer financial information, was compromised, according to T-Mobile in a filing with the U.S. Securities and Exchange Commission.

The breach, which the company believed began on or around November 25, did surface some “basic customer information,” including names, billing addresses, emails and phone numbers, according to T-Mobile. The carrier added that its systems and policies prevented the most sensitive types of customer information from being accessed.

“No information was obtained for impacted customers that would compromise the safety of customer accounts or finances,” T-Mobile said in the filing.

2023: A Year of Record-Breaking Data Breaches

This past year has been an eye-opening year in the realm of digital security. Data breaches reached an all-time high, leaving a trail of identity theft cases. From corporate giants to public hospitals, cybercriminal activity has continued to snowball across several industries. This has left victims scrambling to understand the extent of the damage and how to help protect themselves against the evolving threat of identity theft .

Here, we review the largest data breaches of 2023, analyze the trends, and review proactive measures to navigate the future of security.

The Breach Landscape in 2023

The Identity Theft Resource Center (ITRC) reported that, in September, data breaches had already surpassed the previous record-high by 14%, with 733 total compromises affecting more than 66 million victims. As the year comes to an end, the total number of breaches is set to completely overshadow the previous annual high set in 2021.

The methods used by cybercriminals in 2023 varied with cyberattacks, physical attacks, and system errors targeting everything from critical infrastructure to manufacturing to healthcare databases. Businesses faced constant threats with phishing scams , malware , and other tactics. But the numbers alone tell only part of the story.

Behind the statistics, a disturbing trend emerged: data theft and extortion-only attacks rose sharply. Hackers shifted their focus from encrypting files and demanding ransoms to simply stealing sensitive information and threatening to expose it, leaving victims with the crippling choice of financial ruin or possible public humiliation. This signals a new era of cybercrime where private data becomes prized currency, putting every email address and credit card number at risk.

Major Breaches of 2023

Casino operator attacks: Casino giants MGM and Caesars were hit by disruptive cyberattacks in September involving concerning tactics such as social engineering . But even more alarming was the reported collaboration behind the attacks: a teen hacker group called Scattered Spider allegedly partnered with the Russian ransomware gang Alphv. This alliance, with young Western hackers using ransomware provided by a notorious Eastern European group, expands the cybercrime landscape in worrying ways. The incident highlights the increasing sophistication and diversity of cyber threats, pushing the boundaries of existing security systems.
Microsoft Cloud Email Breach: A major Microsoft cloud email breach affected U.S. government officials, including Commerce Secretary Gina Raimondo and Ambassador to China Nicholas Burns. Hackers accessed emails from the State Department and Commerce Department, potentially due to flaws in Microsoft’s Azure Active Directory security system. Senator Wyden and security experts criticized Microsoft’s practices, and an investigation is ongoing. Microsoft later revealed further vulnerabilities exploited by the China-linked “Storm-0558” group involving a stolen key stored from a 2021 system crash. This breach highlights concerns about security in cloud email systems and the potential for government officials’ communications to be compromised.
Barracuda Email Security Gateway Attacks: A critical vulnerability in Barracuda’s Email Security Gateway was exploited by cybercriminals, potentially impacting 5% of devices. The attackers targeted government agencies, particularly in the United States. Barracuda strongly advised affected customers to replace their devices due to the severity of the exploit. This incident highlights the necessity of patching security vulnerabilities and replacing compromised equipment.

Consequences and Concerns

The record-breaking number of breaches this year has left the victims to navigate the financial and emotional damage of stolen credit cards, drained bank accounts, and shattered credit scores. But the ramifications extend far beyond individual suffering. Breaches cripple businesses, harming their reputations as well as their finances.

Protecting yourself from the damages of data breaches and identity theft is paramount. IdentityIQ identity theft protection offers top-of-the-line security through a complete suite of safety features, such as 24/7 credit monitoring and fraud alerts, identity theft insurance of up to $1 million underwritten by AIG, full access to a VPN and antivirus software on multiple devices, and more. IdentityIQ is a top choice for protecting you and your family.

Bottom Line

This past year hosted eye-opening data breaches and identity theft incidents. Rampant data breaches jeopardized personal and corporate security alike. The evolving tactics of cybercriminals, from ransomware to data theft and extortion, demonstrate the urgency of fortifying personal information. While the statistics paint a grim picture, proactive measures can still help to protect finances and private information. By prioritizing safety best practices such as regular software updates, exercising caution online, and employing a robust identity theft protection service, you can help be less susceptible to digital threats.

IdentityIQ comprehensive protection continues to become a preferred choice by those seeking safety for themselves and their families. With features to educate you on personal safety , services to help prevent identity theft and data breaches, and complete support to help you recover in the case of identity theft, IdentityIQ can help you remain safe and worry-free.

Share This Story, Choose Your Platform!

Report: 2.6 billion personal records compromised by data breaches in past two years — underscoring need for end‑to‑end encryption

Text of this article

December 7, 2023

An Apple-commissioned study shows that threats to consumer data stored in the cloud have grown dramatically since the last report was published in December 2022

Today Apple published an independent study conducted by Massachusetts Institute of Technology professor Dr. Stuart Madnick that found clear and compelling proof that data breaches have become an epidemic, threatening sensitive and personal consumer data the world over. The total number of data breaches more than tripled between 2013 and 2022 — exposing 2.6 billion personal records in the past two years alone — and has continued to get worse in 2023. The findings underscore that strong protections against data breaches in the cloud, like end-to-end encryption, have only grown more essential since last year’s report and the launch of Advanced Data Protection for iCloud.

This year’s study, “ The Continued Threat to Personal Data: Key Factors Behind the 2023 Increase ,” demonstrates threats that had already reached historic levels — as shown in last year’s report, " The Rising Threat to Consumer Data in the Cloud " — continue to rise. Increasingly, companies across the technology industry are addressing these threats by implementing end-to-end encryption, as Apple did with last year’s launch of Advanced Data Protection for iCloud.

With Advanced Data Protection for iCloud, which uses end-to-end encryption to provide Apple’s highest level of cloud data security, users have the choice to further protect important iCloud data even in the case of a data breach. iCloud already protects 14 sensitive data categories using end-to-end encryption by default, including passwords in iCloud Keychain and Health data. For users who enable Advanced Data Protection for iCloud, the total number of data categories protected using end-to-end encryption rises to 23, including iCloud Backup, Notes, and Photos.

“Bad actors continue to pour enormous amounts of time and resources into finding more creative and effective ways to steal consumer data, and we won’t rest in our efforts to stop them,” said Craig Federighi, Apple’s senior vice president of Software Engineering. “As threats to consumer data grow, we’ll keep finding ways to fight back on behalf of our users by adding even more powerful protections.”

As shown in this year’s report, the increasing digitalization of users’ personal and professional lives has fueled a dramatic rise in data breaches. Each year, thousands of data breaches expose the personal information of hundreds of millions of consumers. Hackers are evolving their methods and finding more ways to defeat security practices that once held them back. Consequently, even organizations with the strongest possible security practices are vulnerable to threats in a way that wasn’t true just a few years ago.

The report also shows that even when consumers take all the right steps to secure their sensitive data, it’s still at risk of being compromised by hackers if it’s stored in a readable form by organizations they entrust it with. For instance, when attempting to infiltrate companies with robust security practices, hackers often start by targeting a different organization with relatively weak security that has a technical business relationship with the ultimate target. They then steal credentials or information that helps them target employees or systems at the organization that is their primary objective.

As threats to user data continue to grow more frequent and sophisticated, Apple’s long track record of engineering powerful and innovative features make its products the most secure on the market. With Lockdown Mode, Apple developed a protection for those who may be targeted by extreme threats like mercenary spyware because of who they are or what they do. Apple’s Advanced Data Protection for iCloud is another feature the company has developed to protect users against growing threats to their data, keeping most user data in iCloud protected even in the case of a data breach in the cloud.

The report illustrates that the historic threats to user data that saw the number of data breaches nearly triple between 2013 and 2022, compromising 2.6 billion records over the course of two years, are only getting worse in 2023. In the U.S. alone, there were nearly 20 percent more breaches in just the first nine months of 2023 than in any prior year. The target for cybercriminals was very clear, with a 2023 survey finding that over 80 percent of breaches involved data stored in the cloud. This is after attacks targeting cloud infrastructure nearly doubled from 2021 to 2022.

This is due in part to the increased targeting of consumer data by ransomware gangs and coordinated campaigns that compromised vendors or their products to target customers. The threat of ransomware has only grown in 2023, as shown by the fact that there were nearly 70 percent more attacks reported through September 2023 than in the first three quarters of 2022. In fact, experts found that there were more ransomware attacks through September 2023 than in all of 2022 combined. This has led to alarming trends in the U.S. and abroad, with more than double the accounts getting breached in the first half of 2023 compared to the first half of 2022 in the U.K., Australia, and Canada combined.

Press Contacts

Scott Radcliffe

[email protected]

Apple Media Helpline

[email protected]

Images in this article

“The Continued Threat to Personal Data: Key Factors Behind the 2023 Increase”

The Cost of a Data Breach 2023 global survey found that extensively using artificial intelligence (AI) and automation benefited organizations by saving nearly USD 1.8 million in data breach costs and accelerated data breach identification and containment by over 100 days, on average. While the survey shows almost all organizations use or want to use AI for cybersecurity operations, only 28% of them use AI extensively, meaning most organizations (72%) have not broadly or fully deployed it enough to realize its significant benefits.

According to a separate 2023 Global Security Operations Center Study , SOC professionals say they waste nearly 33% of their time each day investigating and validating false positives. Additionally, manual investigation of threats slows down their overall threat response times (80% of respondents), with 38% saying manual investigation slows them down “a lot.”

Other security challenges that organizations face include the following:

A cyber skills gap and capacity restraints from stretched teams and employee turnover.
Budget constraints for cybersecurity and perception that their organization is sufficiently protected.
Under-deployed tools and solutions that do the minimal that’s “good enough” or that face other barriers like the risk aversion to fully automating processes that could have unintended consequences.

The findings in these studies paint a tremendously strained situation for most security operations teams. Clearly, organizations today need new technologies and approaches to stay ahead of attackers and the latest threats.

The need for a more proactive cybersecurity approach using AI and automation

Fortunately, there are solutions that have shown real benefits to help overcome these challenges. However, AI and automation are often used in a limited fashion or only in certain security tools. Threats and data breaches are missed or become more severe because teams, data and tools operate in siloes. Consequently, many organizations can’t apply AI and automation more widely to better detect, investigate and respond to threats across the full incident lifecycle.

The newly launched IBM Security QRadar Suite offers AI, machine learning (ML) and automation capabilities across its integrated threat detection and response portfolio , which includes EDR , log management and observability, SIEM and SOAR. As one of the most established threat management solutions available, QRadar’s mature AI/ML technology delivers accuracy, effectiveness and transparency to help eliminate bias and blind spots. QRadar EDR and QRadar SIEM use these advanced capabilities to help analysts quickly detect new threats with greater accuracy and contextualize and triage security alerts more effectively.

To offer a more unified analyst experience, the QRadar suite integrates core security technologies for seamless workflows and shared insights, using threat intelligence reports for pattern recognition and threat visibility. Let’s take a closer look at QRadar EDR and QRadar SIEM to show how AI, ML and automation are used.

Near real-time endpoint security to prevent and remediate more threats

QRadar EDR’s Cyber Assistant feature is an AI-powered alert management system that uses machine learning to autonomously handle alerts, thus reducing analysts’ workloads. The Cyber Assistant learns from analyst decisions, then retains the intellectual capital and learned behaviors to make recommendations and help reduce false positives. QRadar EDR’s Cyber Assistant has helped reduce the number of false positives by 90%, on average. [1]

This continuously-learning AI can detect and respond autonomously in near real-time to previously unseen threats and helps even the most inexperienced analyst with guided remediation and automated alert handling. In doing so, it frees up precious time for analysts to focus on higher-level analyses, threat hunting and other important security tasks.

With QRadar EDR, security analysts can leverage attack visualization storyboards to make quick and informed decisions. This AI-powered approach can remediate both known and unknown endpoint threats with easy-to-use intelligent automation that requires little-to-no human interaction. Automated alert management helps analysts focus on threats that matter, to help put security staff back in control and safeguard business continuity.

An exponential boost to your threat detection and investigation efforts

To augment your organization’s strained security expertise and resources and increase their impact, QRadar SIEM’s built-in features and add-ons use advanced machine learning models and AI to uncover those hard-to-detect threats and covert user and network behavior. QRadar’s ML models use root-cause analysis automation and integration to make connections for threat and risk insights, showing interrelationships that stretched teams might miss due to turnover, inexperience and the increased sophistication and volume of threats. It can determine root cause analysis and the orchestrate next steps based on the knowledge the models have trained on and built based on the threats your organization has faced. It gives you the information you need to reduce mean time to detect (MTTD) and mean time to respond (MTTR) , with a quicker, more decisive escalation process.

Advanced analytics help detect known and unknown threats to drive consistent and faster investigations every time and empower your security analysts to make data-driven decisions. By conducting automatic data mining of threat research and intelligence, QRadar enables security analysts to conduct more thorough, consistent investigations in a fraction of the time fully manual investigations take. This spans identifying affected assets, checking indicators of compromise (IOCs) against threat intelligence feeds, correlating historical incidents and data and enriching security data. This frees up your analysts to focus more of their time and expertise on strategic threat investigations, threat hunting and correlating threat intelligence to investigations to provide a more comprehensive view of each threat. In a commissioned study conducted by Forrester Consulting, The Total Economic Impact TM of IBM Security QRadar SIEM estimated that QRadar SIEM reduced analyst time spent investigating incidents by a value of USD 2.8 million. [2]

Using existing data in QRadar SIEM, the User Behavior Analytics app (UBA) leverages ML and automation to establish the risk profiles for users inside your network so you can react more quickly to suspicious activity, whether from identity theft, hacking, phishing or malware so you can better detect and predict threats to your organization. UBA’s Machine Learning Analytics add-on extends the capabilities of QRadar by adding use cases for ML analytics. With ML analytics models, your organization can gain additional insight into user behavior with predictive modeling and baselines of what is normal for a user. The ML app helps your system to learn the expected behavior of the users in your network.

As attackers become more sophisticated in their techniques, IOC and signature-based threat detection is no longer adequate on its own. Organizations must also be able to detect subtle changes in network behavior using advanced analytics that may indicate existing unknown threats while minimizing false positives. QRadar’s Network Threat Analytics app leverages network visibility to power innovative machine learning analytics that help automatically uncover threats in your environment that otherwise may go unnoticed. It learns the typical behavior on your network and then compares your real-time incoming traffic to expected behaviors through network baselines. Unusual network activity is identified and then monitored to provide the latest insights and detections. The feature also provides visualizations with analytic overlays for your network traffic, enabling your security team to save time by quickly understanding, investigating and responding to unusual behavior across the network.

Learn more about IBM Security QRadar Suite

While the challenges and complexities that cybersecurity teams face today are truly daunting and real, organizations have options that can help them stay ahead of attackers. More and more enterprises are experiencing the benefits of embracing threat detection and response solutions that incorporate proven AI, ML and automation capabilities that assist their analyst across the incident lifecycle. Relying on traditional tools and processes is no longer enough to protect against attackers that are growing more sophisticated and organized by the day.

Learn more about how the IBM Security QRadar Suite of threat detection and response products that leverage AI and automation in addition to many other capabilities for SIEM, EDR, SOAR and others by requesting a live demo.

[1] This reduction is based on data collected internally by IBM for nine different clients spread evenly across Europe, Middle East and Asia Pacific from July 2022 to December 2022. Actual performance and results may vary depending on specific configurations and operating conditions.

[2] The Total Economic Impact TM of IBM Security QRadar SIEM is a commissioned study conducted by Forrester Consulting on behalf of IBM, April 2023. Based on projected results of a composite organization modeled from four interviewed IBM customers. Actual results will vary based on client configurations and conditions and, therefore, generally expected results cannot be provided.

More from Cybersecurity

Data privacy examples.

9 min read - An online retailer always gets users' explicit consent before sharing customer data with its partners. A navigation app anonymizes activity data before analyzing it for travel trends. A school asks parents to verify their identities before giving out student information. These are just some examples of how organizations support data privacy, the principle that people should have control of their personal data, including who can see it, who can collect it, and how it can be used. One cannot overstate…

How to prevent prompt injection attacks

8 min read - Large language models (LLMs) may be the biggest technological breakthrough of the decade. They are also vulnerable to prompt injections, a significant security flaw with no apparent fix. As generative AI applications become increasingly ingrained in enterprise IT environments, organizations must find ways to combat this pernicious cyberattack. While researchers have not yet found a way to completely prevent prompt injections, there are ways of mitigating the risk. What are prompt injection attacks, and why are they a problem? Prompt…

IBM Tech Now: March 25, 2024

< 1 min read - Welcome IBM Tech Now, our video web series featuring the latest and greatest news and announcements in the world of technology. Make sure you subscribe to our YouTube channel to be notified every time a new IBM Tech Now video is published. IBM Tech Now: Episode 95 On this episode, we're covering the following topics: IBM X-Force Cyber Range Combating deepfakes Stay plugged in You can check out the IBM Blog Announcements for a full rundown of all news, announcements,…

IBM Newsletters

Analysing the Twilio data breach of 2023: A case study in insider risk and social engineering

In mid-2023, Twilio, a major player in cloud communications, suffered a significant data breach. Malicious actors exploited human vulnerabilities through smishing and vishing attacks, deceiving Twilio employees into sharing their login credentials. This breach not only compromised 209 customer accounts and 93 Authy end users but also underlined the ever-increasing sophistication of social engineering tactics.

In-Depth Analysis

Social Engineering Tactics : The attackers' use of smishing and vishing represents a trend towards more personalised and believable phishing methods. By impersonating Twilio's IT administrators, the attackers successfully bypassed traditional security measures, demonstrating the need for enhanced employee awareness and training in identifying such threats.

Scope and Scale of Impact : Though the breach affected a relatively small fraction of Twilio’s customer base, its implications are far-reaching. The compromise of sensitive customer data can lead to loss of trust, legal consequences, and potential financial exploitation of affected individuals.

Financial and Reputational Costs

Direct Financial Costs : Immediate costs include the investigation, remediation, legal fees, and potential fines. Long-term costs could involve enhanced security measures and increased insurance premiums.

Reputational Damage : Perhaps more damaging than the financial cost is the reputational hit. In a sector where trust is paramount, a breach can lead to a loss of customer confidence, potentially affecting market share and investor sentiment.

The Role of Insider Risk Monitoring

In the context of the Twilio data breach, a more robust insider risk monitoring framework could have played a crucial role in prevention. This involves several key strategies:

Behavioural Analysis : This involves scrutinising employee actions to detect deviations from normal patterns. For instance, an employee accessing high-value data at unusual hours might indicate a security risk.
Anomaly Detection : Leveraging AI and machine learning to automatically identify anomalies in data access or user behaviour across various platforms.
Correlating Activity Across Applications and Systems : By integrating data from multiple sources, organisations can gain a holistic view of user activities. This correlation helps in pinpointing suspicious behaviour patterns that might be overlooked when viewing systems in isolation.

In the Twilio incident, such proactive monitoring could have detected irregular access patterns or unauthorised attempts to access sensitive data, potentially averting the breach. This approach emphasises the importance of not just defending against external threats but also vigilantly monitoring internal activities.

Mitigating the Risk

Had Twilio implemented more rigorous insider risk monitoring, the breach might have been mitigated or even prevented. This includes real-time detection of suspicious activities and immediate response mechanisms.

The Twilio data breach serves as a stark reminder of the evolving nature of cyber threats and the importance of insider risk management. It highlights the need for organisations to adopt a multi-layered security approach that includes robust employee training, insider risk monitoring, and rapid response protocols. As cyber threats continue to evolve, so must our strategies to combat them, with a focus on both technological and human elements of cybersecurity.

Christopher McNaughton

Strategic Advisor, ShadowSight

Who is Christopher McNaughton

Chris is a proficient problem solver with a strategic aptitude for anticipating and addressing potential business issues, particularly in areas such as Insider Threat, Data Governance, Digital Forensics, Workplace Investigations, and Cyber Security. He thrives on turning intricate challenges into opportunities for increased efficiency, offering pragmatic solutions derived from a practical and realistic approach.

Starting his career as a law enforcement Detective, Chris transitioned to multinational organisations where he specialised and excelled in Cyber Security, proving his authority in the field. Even under demanding circumstances, his commitment to delivering exceptional results remains unwavering, underpinned by his extraordinary ability to understand both cyber and business problems swiftly, along with a deep emphasis on active listening.

What is ShadowSight

ShadowSight is an innovative insider risk staff monitoring tool that proactively guards your business against internal threats and safeguards vital data from unauthorised access and malicious activities. We offer a seamless integration with your current systems, boosting regulatory compliance while providing unparalleled visibility into non-compliant activities to reinforce a secure digital environment. By prioritising actionable intelligence, ShadowSight not only mitigates insider threats but also fosters a culture of proactive risk management, significantly simplifying your compliance process without the overwhelming burden of false positives.

#insiderthreat

#employeemonitoring

#datalossprevention

#dataleakage

#insiderriskmanagement

T-Mobile discloses its second data breach so far this year

A hacker gained access to the personal information of hundreds of t-mobile customers between february and march..

By Jess Weatherbed , a news writer focused on creative industries, computing, and internet culture. Jess started her career at TechRadar, covering news and hardware reviews.

Share this story

T-Mobile has experienced another data breach, reporting that personal information belonging to hundreds of account holders was exposed in an attack between late February and March 2023. The company disclosed in notification letters issued to impacted customers on April 28th that a hacker managed to access information such as full names, dates of birth, addresses, contact information, government IDs, social security numbers, and T-Mobile account pins.

The company has not revealed how the hacker managed to access its systems. According to a data breach notification posted to the Maine attorney general’s office , 836 customers were impacted before T-Mobile discovered the breach on March 27th.

T-Mobile has reset the account pins of the users impacted by the security breach

In the disclosure letter ( first spotted by Bleeping Computer ), T-Mobile claims that no personal financial information or call records were accessed in the breach and says it has proactively reset the account pins of affected users — which customers use to verify their identity in order to make account changes. The company is also offering impacted customers two years of free credit monitoring and identity theft detection services.

“While we have a number of safeguards in place to alert us to unauthorized access such as this from happening, we recognize that we must continue to make improvements to stay ahead of bad actors,” said T-Mobile in the letter to its impacted account holders. “We take these issues seriously. We apologize that this happened and are furthering efforts to enhance security of your information.”

This is now the ninth data breach that T-Mobile has disclosed since 2018 , the second breach alone this year after reporting that data from 37 million accounts was leaked between November 2022 and January 2023. The number of impacted users in the latest incident pales in comparison, but the information obtained could be used to facilitate identity theft. Previous breaches have also been reported in January , August , and December of 2021.

Verizon, AT&T, and T-Mobile’s ‘unlimited’ plans just got a $10M slap on the wrist

The beginning and end of the ipad, android in the time of ai, gaze upon dell’s leaked qualcomm x elite-powered laptops, apple apologizes for ipad ‘crush’ ad that ‘missed the mark’.

More from Mobile

The best Presidents Day deals you can already get

Android 15’s first developer preview has arrived

OnePlus 12R on a green background with back panel facing up surrounded by blue translucent squares.

The OnePlus 12R is a $500 phone with flagship tendencies

iPhone 15 Pro and Pro Max arranged on a metal background.

Yep, Apple’s breaking iPhone web apps in the EU

Skip to Main Menu
Skip to Main Content
Skip to Footer

2024 CISO Survey for Third-Party Cyber Risk Priorities is out! Download the full survey >>

Third-Party Data Breaches in 2023: The Main Takeaways

Table of contents.

Increasing numbers leading brands this past year such as T-Mobile appearing in headlines again as having been a victim of a data breach. This time, the breach impacted 37 million customers. But this was the eighth data breach the company had suffered in the last five years . Although the most recent attack wasn’t from a third-party, these attacks frequently occur when cybercriminals identify vulnerabilities within these vendors to target their intended victims. Here’s a list of the top five third-party data breaches of 2023, with a detailed definition of what constitutes a third-party data breach.

How is a Third-Party Data Breach Determined?

Many data breaches occurred in 2023; some were investigated and the source of the breach disclosed. Others were not. For some, the source of the breach remains a mystery. In addition, many data breaches occur that do not originate from a third-party. For example, the Chick-fil-A data breach that affected more than 71,000 users was a result of a months-long, automated credential stuffing attack.

Our definition of a third-party data breach must meet the following criteria:

Data was compromised or stolen from a third-party. Instead of using a third-party to access data, many hackers simply access data through a vulnerability or misconfiguration in an organization’s system or IT infrastructure and sell it on the dark web. While these have the potential to be major data breaches, they cannot be classified as third-party data breaches. For example, Kid Security suffered a data breach when it was exposed via misconfigurations in their ElasticSearch and Logstash instances, compromising more than 300 million users. However, it was not a third-party data breach.
The third-party is located outside of the organization’s IT environment. Many services and systems, such as APIs, can be integrated into a company’s IT infrastructure and compromised via cyber attacks. The T-Mobile data breach that affected 37 million customers earlier this year was a result of a compromised API. Since we do not know whether or not this is as an internal or external API, however, we cannot classify this breach as a third-party data breach.
The data was confidential and/or sensitive accessed via unauthorized methods. Not all data is confidential or sensitive. A significant amount of data is public and available on the internet and other open sources. For example, malicious actors scraped public data of over 600 million LinkedIn users in March, selling it on the dark web. Even though this data was publicly available on LinkedIn, it is important to remember that it can easily be leveraged to find additional targets for a cyberattack. However, this LinkedIn incident cannot be classified as a data leak.

5 Top Data Breaches in 2023

Now that we’ve given you a few examples of what isn’t a third-party data breach, we can list a few of the top third-party data breaches from this year.

1. The Dollar Tree

The discount store retailer was one of the major data breaches this year, affecting almost two million records of current and former employees and their families . The data includes personal information such as names, dates of birth and social security numbers that were breached through a malicious attack via Zeroed-in Technologies, a third-party HR analytics service.

2. Oregon and Louisiana Departments of Motor Vehicles

These DMV data breaches affected nearly ten million users this year. The data was exposed through a zero-day vulnerability in MOVEit, which the organization was using to store data at the time. Since the security incident was exploited through a system managed by the file transfer service, it is considered a third-party data breach.

3. Wilton Reassurance

This was another instance of a data breach originating from the MOVEit supply chain attack . The life insurance and reassurance company was affected through PBI Research Services, a service that delivers death notifications to the organization. PBI is a third-party of MOVEit and a fourth party of Wilton Reassurance, making this technically a fourth-party data breach that exposed the confidential information of nearly 1.5 million consumers.

The identity management services provider was hit by a data breach that affected its current and past employees and their relatives through its third-party Rightway Healthcare, a vendor used by Okta’s employees to help them navigate better healthcare providers. Although the company announced that the breach had a limited impact on only its Okta employees and relatives, it occurred after several significant cybersecurity attacks on the company. This included a malicious actor that succeeded in gaining stolen credentials to access its customer support case management system, a supply chain attack that ultimately had the potential to impact its entire customer base of more than 18,000.

5. Intellihartx

The patient payment balances and collections company breach reported that nearly 500,000 customers were affected by the breach that occurred from the exploitation of their third-party GoAnywhere transfer file service. Data included not only names, addresses and birth dates but also medical data and social security numbers. Other high-profile companies affected by the GoAnywhere attack include Hitachi, Saks Fifth Avenue and Atos.

Major Takeaways from Third-Party Data Breaches in 2023

Organizations can examine these cyber attacks to determine trends and gain insights. Several lessons from these third-party data breaches include:

Third parties offer better opportunities for attackers than having to target a company directly. Larger organizations may have protections in place for phishing, credential stuffing, and other low-risk, low-cost attack methods. In contrast, the third parties of these organizations may be significantly easier to exploit since they may not have invested the same time and resources in these cybersecurity defenses. They may also not have a culture of cybersecurity awareness in place among their employees or may have only started to put better security practices in place.
Attack surfaces are increasing, making digital supply chains more complex. If you don’t have a detailed understanding of your digital supply chain and the relationship you have with each vendor, it’s impossible to classify your risk. Organizations should consider using advanced third-party security management tools not only to identify and map their third parties in their ecosystem but fourth, fifth and n-th parties as well.
Understanding the criticality of your third, fourth and n-th parties is critical. Although it’s best to know about a breach as soon as possible, it’s even more important to understand the relationship the vendor has with your organization. Depending on the level of criticality of the vendor, your organization will want to put a remediation plan in place.

How Panorays Helps You Manage Third-Party Risk

Panorays’ AI-powered third-party risk management combines an extended attack surface assessment together with cybersecurity questionnaires to give you an accurate cyber rating of your supplier security posture . The cyber rating is based on the continual discovery of hundreds of millions of assets used to develop AI models that are highly accurate due to continual feedback from suppliers. AI is also used to generate the cybersecurity questionnaires, both on the evaluator’s end to validate responses with vendor documents, and on the supplier’s end with automated completions of responses based on similar questions asked in the past. With these cybersecurity questionnaires, you’ll also be able to determine the level of compliance of your vendors with various standards and regulations such as GDPR, PCI-DSS and HIPAA, using either a customizable questionnaire or predetermined templates used for SIG and CAIQ evaluation.

Its attack surface assessment maps and identifies your third, fourth and n-th party suppliers, agencies, service providers, subsidiaries, contractors and vendors – including Shadow IT – in your digital supply chain, along with their level of criticality. Armed with this information, you’ll then determine which remediation path to pursue.

Want to learn more about how you can manage third-party risk across your extended attack surface? Get a demo today.

A third-party data breach occurs when:

It was breached by a third party. Not all breaches occur as a result of a third party, some are a result of misconfigurations, vulnerabilities, and different types of cyber attacks, such as phishing and credential stuffing.
The third party must exist in a separate IT environment from the organization. Many services an organization uses, such as data storage, can exist in either internal or external environments. Exploited vulnerabilities within an internal system that lead to exposed data, for example, are not considered a third-party data breach.
It compromises confidential or sensitive data. Data that is public or available in open source methods cannot be considered a data breach if aggregated and exposed publicly.

The biggest data breach of 2023 was MOVEit, which compromised the data of 60 million individuals and over a thousand high-profile organizations, including the BBC, British Airways, Boots; U.S universities such as Harvard, Stanford and Johns Hopkins; and even governmental organizations such Security and Exchange Commission. The Russian ransomware gang Clop claimed responsibility for the attack. File transfer services such as MOVEit are an attractive target for cybercriminals since they are tasked with storing and transferring large volumes of highly sensitive and personal data from leading organizations across different industries.

Data breaches occur through a number of attack vectors, including (but not limited to) phishing attacks, business email compromise, malware, social engineering attacks and malicious insiders. Many times, a vulnerability is exploited by a third party, allowing a malicious actor to then gain unauthorized access to an organization’s data or systems and expose it. The vast majority of data breaches are a result of human error, such as the use of weak passwords or a misconfiguration.

Dov Goldman - VP of Risk Strategy @ Panorays

Subscribe to our blog

The Bank of America 2024 Data Breach and Third-Party Risk

Attack Surface Management vs. Vulnerability Management

The Dangers of Data Leakage: How to Keep Your Data Secure

The fastest and easiest way to do business together, securely.

Security update: Getting the most out of security risk dashboards – A guide for MSPs and MSSPs

What are you looking for?

CheckRed Editorial

Case Study – The Okta Breach of October 2023

The Okta breach of October 20, 2023, can be considered a wake-up call in the world of cybersecurity. This case study will delve into the incident, which saw attackers compromise Okta’s customer support system and gain access to sensitive HAR files, containing session tokens and cookies.

The breach highlights the ever-present threat to online security and the importance of understanding its nuances. Studying this incident is crucial for raising awareness about the evolving tactics employed by cybercriminals and the vulnerabilities that exist even within robust security systems.

Examining the Okta breach can offer valuable lessons and insights to better protect our digital identities and vital business information. This case study will explore the incident of the breach and try to grasp the role SSPM can play in preventing or mitigating similar risks.

Okta – A Brief Background

Okta is a prominent identity management service provider. Okta has long been a stalwart in the cybersecurity landscape. Renowned for its commitment to securing the digital identities of individuals and businesses, Okta holds a trusted position in the industry landscape that it caters to.

As one of the established leaders in identity management, Okta is recognized for its innovative solutions that safeguard user access to systems, applications, and data. The company’s reputation for offering robust security measures has made it a go-to choice for numerous organizations looking to fortify their online defenses.

The Okta Breach Incident

On October 20, 2023, Okta found itself at the center of a cybersecurity storm when its customer support system was breached . Attackers, using stolen credentials, infiltrated the support system and gained access to HTTP Archive (HAR) files uploaded by Okta’s customers. These files contained a wealth of sensitive data, including session tokens and cookies.

The breach posed a significant threat as it allowed the attackers to target Okta’s customer base with the potential to gain control of their identity management systems and connected applications. The attackers, enabled by the stolen HAR files, leveraged highly privileged accounts, aiming to compromise Identity Provider (IdP) instances and associated applications.

This incident must be taken into account as a stark reminder of the evolving and persistent nature of cyber threats. The breach highlights the critical importance of understanding the tactics used by attackers and the vulnerabilities that can be exploited, even within organizations recognized for their cybersecurity prowess.

Attack Tactics

The attackers behind the Okta breach skillfully utilized stolen HAR files to infiltrate Okta’s customer base. These files, originally intended for support session browser recordings, contained a hidden treasure trove of session tokens and cookies. With this stolen information, the attackers embarked on a sequence of actions aimed at compromising Okta customer accounts.

First, they employed a session from one of the pilfered HAR files to gain entry into a customer’s Okta tenant, using either the console or the API. Once inside, they activated inactive user accounts or created new ones. Subsequently, the attackers tampered with Multi-Factor Authentication (MFA) settings, adding their own controlled tokens into the mix.

After these initial steps, the attackers switched to previously inactive accounts. Their final move involved attempting to disable MFA on other IT and security accounts. Notably, the traffic used in these actions frequently originated from Browsec VPN egress points, a commonly used tool for anonymizing online activities.

Detection and Confirmation

The breach was first identified by BeyondTrust, a security solutions provider, which detected the attack leveraging the stolen HAR files on October 2, 2023. They promptly alerted Okta to the breach.

However, the path from detection to confirmation was not immediate. It took Okta more than two weeks, with Okta’s confirmation of the breach only arriving on October 19, 2023. This delay between detection and confirmation highlights the challenges and complexities in recognizing and responding to cyber threats, even for security-aware organizations. It also emphasizes the need for swift action and continuous monitoring in the realm of cybersecurity.

Impact on Cloudflare

The Okta breach extended its sinister reach to Cloudflare’s systems, presenting a clear example of how such incidents can have a domino effect. The attackers employed an authentication token stolen from Okta’s support system to pivot into Cloudflare’s Okta instance. This gave them an open session with administrative privileges within Cloudflare.

In response, Cloudflare took swift and proactive measures to contain the situation. Their Security Incident Response Team (SIRT) detected the breach in real time and initiated immediate containment procedures. This prompt action significantly minimized the impact on Cloudflare’s systems, ensuring that customer data remained secure.

The Role of SSPM in the Context of the Breach

SaaS Security Posture Management (SSPM) plays a pivotal role in safeguarding organizations against cyber threats. It provides a holistic approach to secure SaaS environments. These tools can alert organizations to specific risks, potential security incidents, or anomalous activities detected within their SaaS instances. By continuously monitoring activities and providing alerts, SSPM solutions add an extra layer of protection, helping organizations identify and mitigate potential security risks. In the context of the Okta breach, understanding the capabilities of SSPM is critical for organizations looking to prevent similar attacks and maintain a robust security posture in the ever-evolving landscape of cybersecurity.

In conclusion, the Okta breach highlights the importance of vigilance in safeguarding identity and access management systems. Choosing the right SSPM solution is crucial in ensuring a proactive defense against security threats. CheckRed is one such SSPM solution that excels in comprehensively and continuously monitoring and securing SaaS applications like Okta . Its robust capabilities enable organizations to maintain the highest level of security.

See Check Red in Action

Dive into the future with our interactive demo and explore the possibilities.

Back to Resources

Mother of All Breaches – 26 Billion Records Leaked!

Case Study – Discussing ServiceNow’s New Misconfiguration

Data exposure in Salesforce Community websites

Check Red Freemium

Try complete cloud protection for free

Related Resources

08 February 2024

20 November 2023

21 August 2023

Global News

Data breaches increased throughout 2023.

Chainarong Prasertthai / iStock / Getty Images Plus via Getty Images

With advancing technology, companies must always be prepared for the potential of a data breach. Threat actors often work nonstop while trying to gain access to sensitive company data, meaning security leaders need to work around the clock to keep themselves safe. Data breaches in 2023 were analyzed in a recent report by the Identity Theft Resource Center.

According to this report, U.S. data compromises surpassed 3,000 over the course of 2023. The total number of data breaches, exposures, leaks and “unspecified events” reached 3,205, impacting an estimated 353,027,892 victims, including those affected by multiple compromises. The 2023 compromises represent a 78% increase over the previous year and a 72% increase from the previous all-time high number of compromises set in 2021.

More than 9% of the U.S. publicly traded companies issued a data breach notice in 2023, according to the report. Public companies accounted for 40% of all data compromise victims. Publicly traded companies withheld information about an attack in 47% of notices compared to 46% of private companies, government agencies, education institutions and nonprofit organizations.

Physical breaches are down 65% since 2018. The estimated number of victims impacted represents a 16% decrease 2022, when more than half of the total annual victim count was related to three breaches announced late in the previous year. Three industries reported more than double the number of compromises compared to 2022: healthcare, financial services and transportation. Healthcare led all industries in terms of the number of reported compromises in each of the past five years, but utilities companies led in the estimated number of victims in 2023.

Find out more here .

Share This Story

Taelor Daugherty is the Associate Editor at Security magazine. Daugherty covers news affecting enterprise security leaders, from industry events to physical & cybersecurity threats and mitigation tactics. She is also responsible for coordinating and publishing web exclusives, multimedia content, social media posts, and a number of eMagazine departments. Daugherty graduated in 2022 with a BA in English Literature from Agnes Scott College.

Restricted Content

You must have JavaScript enabled to enjoy a limited number of articles over the next 30 days.

Dispelling the Dangerous Myth of Data Breach Fatigue; cyber security news

Experian’s Data Breach Preparedness Study: Increased Investments in Security Aren’t Stopping Breaches

Material cybersecurity breaches increased 25% in 2021

How Data Breaches Can Make Hectic Holiday Travel a Nightmare

Get our new emagazine delivered to your inbox every month., stay in the know on the latest enterprise risk and security industry trends..

Design, CMS, Hosting & Web Development :: ePublishing

Giving Back
Civil Rights & Employment
Complex Tort Litigation
Consumer Protection
Employee Benefits / ERISA
Ethics & Fiduciary Counseling
Human Rights
Public Client
Securities Litigation & Investor Protection
Whistleblower
News & Insights

Try our advanced people search

Current Cases

MOVEit Data Breach Litigation

Status Current Case

Practice area Consumer Protection

Court U.S. District Court, District of Massachusetts

Case number 1:23-md-03083

On January 22, 2024, the Honorable Allison D. Burroughs of the United States District Court for the District of Massachusetts appointed Cohen Milstein’s Douglas J. McNamara as one of five co-leads to oversee this multidistrict litigation (MDL) involving dozens of class actions from around the country regarding a massive data breach which impacted more than 2,500 organizations and more than 67 million individuals worldwide.

The data breach, which was discovered in May 2023, was linked to Progress Software Corp.’s file-sharing software, MOVEit Transfer, which is used by thousands of organizations around the world to move large amounts of often-sensitive data over the internet. Allegedly starting as early as 2021, a ransomware group known as Clop (aka C10p) hacked the MOVEit servers, stealing customers’ sensitive data stored within. Affected entities include hospitals, banks, businesses, governments, pension funds, universities, among others.

Plaintiffs in the MDL accuse Progress of failing to reasonably secure consumers’ personal information.

Case Background

Progress Software sells MOVEit Transfer, an “On-Premises” Managed File Transfer (MFT) software designed for “for secure collaboration and automated file transfers of sensitive data in compliance with SLAs, governance and data protection regulations” which can “[a]ssure the secure and compliant transfer of protected data.”

Progress also sells “MOVEit Cloud: Managed File Transfer as-a-Service” which it describes as a “trusted and proven SaaS solution,” that “provides full security, reliability and compliance with the convenience of a cloud-based service,” allowing customers to enjoy “best in class security….”

Progress’s MOVEit Transfer and MOVEit Cloud servers contained Personally Identifiable Information (PII) and Protected Health Information (PHI) (collectively, “Personal Information” of individuals, including Plaintiffs and Class members. According to the Federal Trade Commission (FTC), PII is “information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other information that is linked or linkable to a specific individual.” PHI is deemed private under the Healthcare Insurance Portability and Accountability Act of 1996 (HIPAA), 42 U.S.C. §§ 1320d, et seq., as well as multiple state statutes. According to the U.S. Department of Health & Human Services (HHS), PHI “is information, including demographic data,” that relates to: “the individual’s past, present or future physical or mental health or condition,” “the provision of health care to the individual,” or “the past, present, or future payment for the provision of health care to the individual,” and that “identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual.” “Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, SSN).”

As alleged in Plaintiffs complaint, filed on October 20, 2023, Plaintiffs’ personal data was accessed and exposed by an unauthorized third-party in a data breach concerning Progress’s MOVEit Transfer and MOVEit Cloud software, which Progress first learned of on May 28, 2023.

The Data Breach began when, according to a U.S. Cybersecurity and Infrastructure Agency (“CISA”) and FBI alert, “the CL0P Ransomware Gang, also known as TA505, began exploiting a previously unknown structured query language (SQL) injection vulnerability (CVE 2023-34362) in Progress Software’s managed file transfer solution known as MOVEit Transfer beginning in May 2023. Internet-facing MOVEit Transfer web applications were infected with a specific malware used by CL0P, which was then used to steal data from underlying MOVEit Transfer databases.”

Shortly after the discovery of the breach, Progress reported it to customers on May 30, 2023, and reported it to the SEC and its investors on June 5, 2023. Over the course of the next few weeks, Progress allegedly continued to keep customers and investors apprised of further detailed code review to uncover additional vulnerabilities that could potentially be used by a bad actor to stage and exploit MOVEit Transfer and MOVEit Cloud further and alerted them to such risks and potential exploitation, and apprised them that certain customers had indeed reported of being exploited.

According to Emsisoft Ltd., an anti-malware and anti-virus software company, 2,546 organizations were impacted by the Data Breach as of October 11, 2023, including the records of approximately 64.5 million individuals, where the United States accounts for 84.1% of known impacted organizations.

Emsisoft noted that some organizations were impacted through using “a vendor which used a contractor which used a subcontractor which used MOVEit” while other organizations have had MOVEit exposure via multiple vendors.” Emsisoft also noted “significant potential for the stolen data to be used in spear phishing, BEC scams, etc., meaning that this one crime could act as an enabler for many other crimes.”

CL0P has previously attacked file transfer platforms in similar attacks against Accellion File Transfer Appliances (FTA) in 2020 and 2021, SolarWinds Servers in 2021, and Fortrar/Linoma GoAnywhere MFT servers in 2023.

Progress’s failure to reasonably secure consumers’ Personal Information including PII and PHI from the foreseeable risk of its being stolen through its vulnerable MOVEit software, as exploited by CL0P, caused the Data Breach.

Douglas J. McNamara
Claire L. Torchiana
Blake R. Miller
Cohen Milstein Appointed to MOVEit Data Breach Litigation Leadership Team

Our Company Overview
Diversity and Inclusion
History and Timeline
The Verizon Story
Headquarters & Contact Info
Verizon Fact Sheet
Innovation Labs
Broadband & Fiber
Internet of Things
Managed Security
Verizon Ventures
Code of Conduct
Management Governance
Open Internet
Retiree Information
State Government Affairs
Supplier Diversity
News Center
Networks & Platforms
Products & Plans
Responsible Business
Public Safety
Inside Verizon
News Releases
Media Contacts
B-roll and images
Emergency resource center
Welcome V Team
Responsibility Overview
Verizon Innovative Learning
Verizon Innovative Learning HQ
Small Business Program
Sustainability
Reskilling Program
Employee Volunteers
Giving and Grants
Employee Giving
Accessibility
Account Security
Privacy Policy
Digital Parenting 101
Young children 3-8
Preteens 9-12
Teenagers 13-18
Meet the editorial team
Investor Relations overview
SEC Filings
Annual Reports
Quarterly Earnings
Stock Information
Dividend History
Tax Information
Fixed Income
Asset-backed Securitization
Board of Directors
Board Committees
Cost Basis Calculator
Shareowner FAQs
Human Rights at Verizon
Investor Events & Webcasts
Investor News
Investor Calendar
Email Alerts
Contact Investor Relations

Menu All News Networks & Platforms Products & Plans Responsible Business Public Safety Inside Verizon Financial Noticias News Releases Media Contacts B-roll and images Verizon Fact Sheet RSS Feeds Emergency Resources Cable Facts

Full Transparency

2024 Data Breach Investigations Report: Vulnerability exploitation boom threatens cybersecurity

Breaking down the 2024 Verizon Data Breach Investigations Report

What you need to know:

Vulnerability exploitation surged by nearly 3X (180%) last year.

Ransomware and the meteoric rise of extortion techniques accounted for a third (32%) of all breaches.

More than two-thirds (68%) of breaches involve a non-malicious human element.

30,458 security incidents and 10,626 confirmed breaches were analyzed in 2023—a two-fold increase over 2022.

Verizon security by the numbers: 4,200+ networks managed globally, 34 trillion raw logs processed/year, and 9 security operation centers around the globe.

BASKING RIDGE, NJ – Verizon Business today released the findings of its 17th-annual Data Breach Investigations Report (DBIR), which analyzed a record-high 30,458 security incidents and 10,626 confirmed breaches in 2023—a two-fold increase over 2022.

The exploitation of vulnerabilities as an initial point of entry almost tripled from the previous year, accounting for 14% of all breaches. This spike was driven primarily by the increasing frequency of attacks targeting vulnerabilities on unpatched systems and devices (zero-day vulnerabilities) by ransomware actors. The MOVEit software breach was one of the largest drivers of these cyberattacks, first in the education sector and later spreading to finance and insurance industries.

“The exploitation of zero-day vulnerabilities by ransomware actors remains a persistent threat to safeguarding enterprises,” said Chris Novak, Sr. Director of Cybersecurity Consulting, Verizon Business.

In a possible relief to some anxieties, the rise of artificial intelligence (AI) was less of a culprit vs challenges in large-scale vulnerability management. “While the adoption of artificial intelligence to gain access to valuable corporate assets is a concern on the horizon, a failure to patch basic vulnerabilities has threat actors not needing to advance their approach,” Novak said.

Analysis of the Cybersecurity Infrastructure and Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalog revealed that on average it takes organizations 55 days to remediate 50% of critical vulnerabilities following the availability of patches. Meanwhile, the median time for detecting the mass exploitations of the CISA KEV on the internet is five days.

“This year’s DBIR findings reflect the evolving landscape that today’s CISO’s must navigate-- balancing the need to address vulnerabilities quicker than ever before while investing in the continued employee education as it relates to ransomware and cybersecurity hygiene,” said Craig Robinson, Research Vice President, Security Services at IDC. “The breadth and depth of the incidents examined in this report provides a window into how breaches are occurring, and despite the low-level of complexity are still proving to be incredibly costly for enterprises.”

Last year, 15% of breaches involved a third party, including data custodians, third-party software vulnerabilities, and other direct or indirect supply chain issues. This metric—new for the 2024 DBIR— shows a 68% increase from the previous period described in the 2023 DBIR.

The human element continues to be the front door for cybercriminals

Most breaches (68%), whether they include a third party or not, involve a non-malicious human element, which refers to a person making an error or falling prey to a social engineering attack. This percentage is about the same as last year. One potential countervailing force is the improvement of reporting practices: 20% of users identified and reported phishing in simulation engagements, and 11% of users who clicked the email also reported it.

“The persistence of the human element in breaches shows that there is still plenty of room for improvement with regard to cybersecurity training, but the increase in self-reporting indicates a culture change that destigmatizes human error and may serve to shine a light on the importance of cybersecurity awareness among the general workforce,” Novak added.

Other key findings from this year’s report include:

32% of all breaches involved some type of extortion technique, including ransomware

Over the past two years, roughly a quarter (between 24% and 25%) of financially motivated incidents involved pretexting

Over the past 10 years, the Use of stolen credentials has appeared in almost one-third (31%) of all breaches

Half of the reaches in EMEA are internal

Espionage attacks continue to dominate in APAC region

View the 2024 Data Breach Investigation Report ( DBIR ):

For more information on ways to help defend against zero-day vulnerabilities and other cyber threats, visit here .

The Verizon Business 2024 DBIR revealed that almost half of the breaches (49%) in EMEA are initiated internally, suggesting high incidences of privilege misuse and other human errors.

The Verizon Business 2024 Data Breach Investigation Report (DBIR) found that 25% of attacks in APAC are motivated by espionage - significantly greater than in Europe and North America.

Verizon.com
Mobile Plans
Mobile Devices
Home Services
Small and Medium Business
Enterprise Solutions
Verizon Connect
Public Sector
Partner Solutions
Mobile Online Support
Home Online Support
Contact Customer Support
Sign in to your Account
Store Locator
Account Security & Fraud Claims
The Relay Blog
The Verizon Story & Museum
Fiber Optics
Multi-Access Edge Compute (MEC)
Welcome to the #NetworkLife
Life at Verizon
Culture & Diversity
Search Open Roles
Careers Site Map

facebook-official
California Privacy Notice
Health Privacy Notice
Terms & Conditions
Important Consumer Information
About Our Ads

IMAGES

Data Breaches in March 2023
Key Findings from the 2023 Cost of a Data Breach Report
Data breaches have seen a huge rise in 2023 so far
A Data Breach Case Study & Protection Guide
25 Alarming Data Breach Statistics [2023]: Frequency Of Exposed Records
The True Cost of a Data Breach for Your Business

VIDEO

Cyber Attacks and Data Breaches Case Studies
Biggest Data Breaches of JUNE 2023: 14 MILLION Records Breached
Biggest Data Breaches of JULY 2023: 146 MILLION Records Breached
Breaking Records: The Soaring Cost of Data Breaches in 2023!
The Rising Cost of Data Breaches: Insights from IBM's 2023 Report
Biggest Data Breaches of MAY 2023: 98 MILLION Records Breached

COMMENTS

The biggest cybersecurity and cyberattack stories of 2023
Below are fourteen of what BleepingComputer believes are the most impactful cybersecurity stories of 2023, with a summary of each. 14. The 23andMe data breach. Genetic testing provider 23andMe ...
The 10 Biggest Data Breaches of 2023 (So Far)
What follows are the details on the 10 biggest data breaches of 2023 so far. Number of individuals impacted: 3.5 million. One massive breach in connection with the MOVEit attacks the Oregon Driver ...
2023: A Year of Record-Breaking Data Breaches
The Breach Landscape in 2023. The Identity Theft Resource Center (ITRC) reported that, in September, data breaches had already surpassed the previous record-high by 14%, with 733 total compromises affecting more than 66 million victims. As the year comes to an end, the total number of breaches is set to completely overshadow the previous annual ...
Cost of a data breach 2023
The global average cost of a data breach in 2023 was USD 4.45 million, a 15% increase over 3 years. 51% of organizations are planning to increase security investments as a result of a breach, including incident response (IR) planning and testing, employee training, and threat detection and response tools. The average savings for organizations ...
Report: 2.6B records compromised by data breaches, underscoring need
The total number of data breaches more than tripled between 2013 and 2022 — exposing 2.6 billion personal records in the past two years alone — and has continued to get worse in 2023. The findings underscore that strong protections against data breaches in the cloud, like end-to-end encryption, have only grown more essential since last year ...
Cost of a Data Breach Report 2023
The average cost of a data breach reached an all-time high in 2023 of USD 4.45 million. This represents a 2.3% increase from the 2022 cost of USD 4.35 million. Taking a long-term view, the average cost has increased 15.3% from USD 3.86 million in the 2020 report. Security AI and automation were shown to be important investments for reducing ...
Research shows extensive use of AI contains data breaches faster ...
The Cost of a Data Breach 2023 global survey found that extensively using artificial intelligence (AI) and automation benefited organizations by saving nearly USD 1.8 million in data breach costs and accelerated data breach identification and containment by over 100 days, on average. While the survey shows almost all organizations use or want to use AI for cybersecurity operations, only 28% of ...
Top 5 Data Breaches in 2023
Top 5 Data Breaches of 2023. 1. May - MOVEit File Transfer Breach Compromises Millions. A cybercriminal group called CL0P Ransomware Gang mounted a zero-day attack of Progress Software's file transfer tool, MOVEit. Because MOVEit is a widely used tool, the ramifications of this supply-chain attack were sweeping.
Analysing the Twilio data breach of 2023: A case study in insider risk
The Twilio data breach serves as a stark reminder of the evolving nature of cyber threats and the importance of insider risk management. It highlights the need for organisations to adopt a multi-layered security approach that includes robust employee training, insider risk monitoring, and rapid response protocols.
T-Mobile discloses its second data breach of 2023
May 2, 2023, 7:10 AM PDT. Illustration by Alex Castro / The Verge. T-Mobile has experienced another data breach, reporting that personal information belonging to hundreds of account holders was ...
ITRC: Data Compromises Reach All-time High in 2023
ITRC: Data Compromises Reach All-time High in 2023. Posted By Steve Alder on Feb 6, 2024. There was a huge increase in data compromises in 2023 but a fall in the number of individuals affected by those incidents, according to the Identity Theft Resource Center's (ITRC) 2023 Data Breach Report.. There was a 78% increase in publicly reported data compromises in 2023 with 3,205 incidents ...
Third-Party Data Breaches in 2023: The Main Takeaways
Case Studies Read how Panorays helped customers enable and streamline business Reports & Whitepapers ... The biggest data breach of 2023 was MOVEit, which compromised the data of 60 million individuals and over a thousand high-profile organizations, including the BBC, British Airways, Boots; U.S universities such as Harvard, Stanford and Johns ...
List of Data Breaches and Cyber Attacks in 2023
Welcome to our 2023 data breaches and cyber attacks page, where you can find an overview of the year's top security incidents, as well as links to individual blogs about each month's security news. ... In each case, the victim has reported that it was breached through the GoAnywhere MFT remote code execution vulnerability. The attacks have ...
Analysing the Twilio data breach of 2023: A case study in ...
The Breach In mid-2023, Twilio, a major player in cloud communications, suffered a significant data breach. Malicious actors exploited human vulnerabilities through smishing and vishing attacks ...
Case Study
The Okta breach of October 20, 2023, can be considered a wake-up call in the world of cybersecurity. This case study will delve into the incident, which saw attackers compromise Okta's customer support system and gain access to sensitive HAR files, containing session tokens and cookies. The breach highlights the ever-present threat to online ...
Data breaches increased throughout 2023
Threat actors often work nonstop while trying to gain access to sensitive company data, meaning security leaders need to work around the clock to keep themselves safe. Data breaches in 2023 were analyzed in a recent report by the Identity Theft Resource Center. According to this report, U.S. data compromises surpassed 3,000 over the course of 2023.
Equifax data breach FAQ: What happened, who was affected, what ...
143 million: Number of consumers whose data was potentially affected by the breach. $125: The most you can expect to get in compensation if your data was exfiltrated from Equifax's systems. $1.4 ...
PDF A Case Study of the Capital One Data Breach
1. This case study containing a detailed analysis to identify and understand the technical modus operandi of the attack, as well as what conditions allowed a breach and the related regulations; 2. Technical assessment of the main regulations related to the case study; 3.
IBM Report: Average cost of a data breach in India touched INR 179
INDIA, Bengaluru, July 25, 2023 -- IBM (NYSE: IBM) Security today released its annual Cost of a Data Breach Report, 1 showing the average cost of a data breach in India reached INR 179 million in 2023 - an all-time high for the report and almost a 28% increase since 2020. Detection and escalation costs jumped 45% over this same time frame, representing the highest portion of breach costs ...
NHS data breach: trusts shared patient details with Facebook without
Sat 27 May 2023 13.34 EDT. Last modified on Tue 30 May 2023 03.21 EDT. NHS trusts are sharing intimate details about patients' medical conditions, appointments and treatments with Facebook ...
PDF Case Studies 2018
8 DATA PROTECTION COIION CAE TUDIE Access Request Complaints CASE STUDY 1 Late response to an access request (Applicable law — GDPR and Data Protection Act 2018) The General Data Protection Regulation (GDPR) places timelines on data controllers to respond
MOVEit Data Breach Litigation
As alleged in Plaintiffs complaint, filed on October 20, 2023, Plaintiffs' personal data was accessed and exposed by an unauthorized third-party in a data breach concerning Progress's MOVEit Transfer and MOVEit Cloud software, which Progress first learned of on May 28, 2023. The Data Breach began when, according to a U.S. Cybersecurity and ...
Third-Party Data Breaches Rose 49% in 2023, Reaching Record Level, New
PHOENIX, May 08, 2024--Prevalent Inc. published its 2024 Third-Party Risk Management Study today, finding that 61% of companies experienced a third-party data breach or cybersecurity incident last ...
7 Data Breach Case Studies Involving Human Error
Veeam data breach—Customer records compromised by unprotected database Near the end of August 2018, the Shodan search engine indexed an Amazon-hosted IP. Bob Diachenko, director of cyber risk research at Hacken.io, came across the IP on 5 September and quickly determined that the IP resolved to a database left unprotected by the lack of a ...
13 Biggest Data Breaches in Australia [Updated 2024]
Date: March 2023. Impact: 14 million customers. Latitude, the Australian personal loan and financial service provider, was affected by a data breach that impacted over 14 million people from Australia and New Zealand.Although the initial disclosure stated that only 328,000 individual customers were affected, that number quickly grew to 14 million after further investigation.
2024 Data Breach Investigations Report: Vulnerability ...
Last year, 15% of breaches involved a third party, including data custodians, third-party software vulnerabilities, and other direct or indirect supply chain issues. This metric—new for the 2024 DBIR— shows a 68% increase from the previous period described in the 2023 DBIR. The human element continues to be the front door for cybercriminals
Top 7 data breach incidents in India
Top 7 data breaches in India. Air India data breach. In February 2021, hackers broke into Air India's database to steal the personal information of 4.5 million Air India customers. The data compromise happened on the heels of another data breach at Akasa Air. After the incident, Air India sent emails to the affected passengers that the ...
Third-Party Data Breaches Rose 49% in 2023, Reaching Record Level, New
Prevalent Inc. published its 2024 Third-Party Risk Management Study today, finding that 61% of companies experienced a third-party data breach or cybersecurity incident last year.Breaches rose 20 points - or 49% - year over year, increasing threefold since 2021. "What stands out in our report isn't only the number of breaches, which is the highest we've tracked, but also the scale," said ...
Third-Party Data Breaches Rose 49% in 2023, Reaching Record Level, New
Sixty-one percent of companies reported a third-party data breach or cybersecurity incident last year, representing a 3X increase since 2021. Prevalent Inc. published its 2024 Third-Party Risk Management Study today, finding that 61% of companies experienced a third-party data breach or cybersecurity incident last year.Breaches rose 20 points — or 49% — year over year, increasing threefold ...
Decision of the Day: Suit Against ABA Over 2023 Data Security Breach Is
Decision of the Day: Suit Against ABA Over 2023 Data Security Breach Is Dismissed for Failure to State Claim. This ruling was selected and summarized by the New York Law Journal's decision editors.