Stay Secure or Be Sorry: Inside the Data Breaches 2023 Sag
Examining the data breach tsunami.
In the landscape of escalating cybersecurity threats, 2023 saw cybercriminals intensifying their efforts. Exploiting well-known file-transfer platforms, they set their sights on vulnerable organizations, resulting in a surge in data breaches.
Hackers, armed with ever-growing competency, exploited vulnerabilities in file-transfer tools, penetrating thousands of organizations’ defensive structures.
Ransomware groups maintained their uncompromising stance, holding victims to ransom. Entities with strained resources, especially hospitals found themselves increasingly in the crosshairs.
An October 2023 report by the U.S. Department of Health and Human Services unveiled that healthcare breaches had affected over 88 million people. This figure represented a staggering 60% increase from the last year, and it failed to account for breaches in the concluding two months of the year.
While we have attempted to catalog the most destructive data breaches of 2023, elements in the cyber underworld might unfold further.
Royal Mail
The year 2023 kicked off with a severe security crisis for Royal Mail, the UK’s prominent postal service provider, as it became the bullseye of a ransomware attack. Royal Mail publically confirmed this cybersecurity breach on January 17, which threw the company into a months-long operational disruption, halting all outbound mail and parcel services.
The infamous Russian-linked LockBit ransomware gang is credited for this digital siege. Their actions caused more than just operational chaos; they managed to pilfer crucial data and flaunt it on a concealed dark web forum. The pilfered data varied broadly, extending from technical paperwork, HR and employee disciplinary records to private details such as payroll information, overtime disbursements, and even the COVID-19 vaccination status of a staff member.
The final scale and repercussions of these data breaches in 2023 are yet to be fully realized and continue to be evaluated.
Fortra GoAnywhere
At the beginning of the year 2023, a problem in Fortra’s GoAnywhere-managed software caused a lot of trouble for businesses. This problem, known as a ‘zero-day vulnerability’, resulted in attacks from cybercriminals on more than 130 companies. These criminals took advantage of the problem before Fortra could fix it.
Not long after, the well-known Clop ransomware group started affecting more people. They targeted over 130 organizations, stealing large amounts of data from them.
Victims included a variety of businesses — NationBenefits, which offers tech services to 20 million people in the U.S., Brightline, which focuses on online coaching for children, Canadian financial company Investissement Québec, Swiss energy company Hitachi Energy, and even the City of Toronto.
Adding to the issue was a report released by TechCrunch in March. The report showed that many victims did not know their data had been stolen until they received blackmail demands. This startling truth was made even more worrying by statements from Fortra, the makers of GoAnywhere. They claimed that these organizations weren’t part of the data breaches in 2023, but the facts told a different story.
Capita
In April 2023, the significant UK outsourcing giant Capita fell victim to a ruthless cyber-attack that sent shockwaves through its extensive client base. Notable organizations such as the National Health Service and the U.K. Department for Work and Pensions were embroiled in the turbulent aftermath of this data breach.
The extent of the breach unfolded over several months as Capita’s clients discovered leaks of their sensitive stolen data bit by bit, long after the initial security breach had taken place.
One such client, the Universities Superannuation Scheme — UK’s largest private pension provider — confirmed in May that almost 470,000 of its members’ data had been accessed without authorization due to this data breach in 2023.
This single incident was not the end of Capita’s data woes. A shocking report revealed that Capita had been inadvertently allowing public access to an enormous amount of its files, totaling 655 gigabytes in size, on the internet as a result of its digital lapse since 2016.
3CX
In 2023, a data breach occurred at 3CX, a company that builds software-based phone systems used by over 600,000 organizations and 12 million daily users worldwide. The company fell victim to secret hacking maneuvers by Labyrinth Chollima, a subdivision of the infamous Lazarus Group. This North Korean cybercrime unit is notorious for silent, unseen attacks targeted at cryptocurrency platforms.
The hackers infiltrated the company by planting malware into the developing 3CX client software, intending to target its broad customer base. It remains unclear how many customers were actually targeted in this ambitious supply-chain assault.
What is known, from Mandiant, a subsidiary of Google Cloud, is that this data breach was the result of yet another supply-chain attack. The intruders made their way into 3CX’s systems through a malware-infected version of X_Trader’s financial software present on an employee’s laptop.
MOVEit Transfer
The year 2023 saw the largest and most damaging cyber intrusion, targeting MOVEit Transfer, a commonly used file-transfer tool chosen by businesses for secure sharing. The aftershock of this breach, which began in May and continues to emerge, was quite staggering.
At that time, Progress Software highlighted a critical zero-day vulnerability in MOVEit Transfer, which the infamous Clop gang exploited. This resulted in a second wave of huge hacks that year, leading to theft of sensitive information belonging to thousands of MOVEit Transfer customers.
As per the latest figures, the MOVEit Transfer data breach has already impacted more than 2,600 organizations, resulting in unauthorized access to the personal data of about 84 million individuals.
Among victims, the Oregon Department of Transportation fell prey with 3.5 million records stolen, followed by the Colorado Department of Health Care Policy and Financing losing four million records, and Maximus, a U.S. government services contracting giant, seeing the theft of 11 million records.
Microsoft
In September of the year, cyber intruders supported by China acquired a crucial Microsoft email signing key. This treasure trove gave the hackers silent access to a multitude of mailboxes, several of which were owned by federal government agencies. Microsoft fingered these digital felons as members of a newly exposed espionage faction tagged as Storm-0558. The confiscation of non-confidential email data from these accounts was confirmed by the U.S. cybersecurity agency, CISA.
However, the tale had holes that Microsoft’s post-analysis could not fill. Microsoft provided no firm evidence on how the primary infiltration happened, nor any hints as to how their universal access key was purloined by the hackers.
Microsoft underwent significant critique for their management of the event, leading the data breach of 2023 to be considered the heaviest loss of unclassified government data, outdoing the Russian-led SolarWinds cyber-espionage act of 2020.
CitrixBleed
As we welcomed the month of October, we were hit with another wave of rampant hacks attributed to a high-risk flaw buried within Citrix NetScaler systems. This glitch, referred to as “CitrixBleed” in the cyber realm, served as the digital backdoor for cyber invaders to penetrate a broad range of sectors, from healthcare and retail to manufacturing.
The echoes of these digital breaches are still reverberating while the full-fledged situation is continually emerging. LockBit, the cyber-ransom gang behind these onslaughts, claims a successful strike on a plethora of prestigious organizations, all possible due to the CitrixBleed bug. This loophole was their ticket to siphon off sensitive data, including session cookies, usernames, and passwords from the compromised Citrix NetScaler systems, allowing continuous intrusions into vulnerable networks.
Titans across sectors became the highlight of this cyber assault’s arcing impact, namely aerospace giant Boeing, law supremacy Allen & Overy, and the Industrial and Commercial Bank of China. They stand testament to the extensive reach and devastating effects of the data breach in 2023, executed by this Russia-associated hacking group.
23andMe
The year’s end was marked by a disconcerting disclosure — Genetic testing enterprise 23andMe the theft of genealogy data corresponding to approximately half of their customers, an approximated number of 7 million individuals. This admission didn’t arrive on swift wings, it surfaced several weeks after the primary disclosure in October — user genetic data stolen and flaunted on a notorious cybercrime forum.
Initially, the narrative spun by 23andMe insinuated that the perpetrators leveraged user passwords from other data incursions to illegally gain access to customer accounts. However, the gravity of the situation soon revealed that those who utilized the DNA Relatives feature, allowing users to connect with biological relatives, were also affected by the breach.
Post the complete revelation of the data breach in 2023, 23andMe revamped its terms of service — seemingly to barricade any impending legal actions brought forth by the victims. These modifications were met with a bitter critique by legal experts who labeled the move as “self-serving” and “cynical”.
The one respite from this distressing situation was the alert it raised across similar DNA and genetics testing businesses to strengthen their user account security; a ringing precaution set off by the tumultuous aftermath of the 23andMe data breach.
The wave of cyberattacks in 2023 shows why we must beef up our digital defenses. We need to regularly update our systems, teach our employees about online safety, use strong, unique passwords, and have strict contracts about data security with any outside companies we work with. We can also make our security stronger with methods such as multi-factor authentication and end-to-end encryption.
Being ready for a data breach is crucial. We need a workable plan in case of an incident, regular backups of our data, and constant network watchfulness to spot threats quickly. We could also consider buying insurance against ransomware attacks.
Staying safe online is never-ending work. This is an investment we make to keep our organization safe and to keep the trust of our customers. The recent data breaches remind us how much of a priority cybersecurity should be.
Ready to Streamline Compliance?
Building a secure foundation for your startup is crucial, but navigating the complexities of achieving compliance can be a hassle, especially for a small teams.
SecureSlate offers a simpler solution:
- Affordable: Expensive compliance software shouldn’t be the barrier. Our affordable plans start at just $99/month.
- Focus on Your Business, Not Paperwork: Automate tedious tasks and free up your team to focus on innovation and growth.
- Gain Confidence and Credibility: Our platform guides you through the process, ensuring you meet all essential requirements, giving you peace of mind.
Get Started in Just 3 Minutes
It only takes 3 minutes to sign up and see how our platform can streamline your compliance journey.
