Most Significant Data Breaches of 2023

Breaches & LeaksInformation Security

Become a Media Sonar Insider

.
First Name *
Last Name *
Email *
*
*Required Fields

There is no shortage of cybersecurity statistics that show data breaches continue to grow in frequency and impact. The number of data breaches almost tripled between 2013 and 2022, and there were 20% more breaches in the US in the first nine months of 2023 than in any prior full-year amount. 

The stark reality is that data breaches and information exposures are something that organizations can no longer afford to turn a blind eye to. In this article, we look into the most significant data breaches and record leaks worldwide in 2023. 

biggest data breaches in 2023

January – T-Mobile

37 Million Customers

On January 19, T-Mobile revealed that a cyber attacker had accessed personal information belonging to 37 million customers. T-Mobile clarified that the breach involved only a restricted set of customer account data, encompassing names, addresses, phone numbers, and account numbers.

The security breach transpired in November 2022, but T-Mobile became aware of it on January 5, 2023. Promptly, the company took measures to close the identified vulnerability and initiated an investigation into the matter.

Subsequently, Google informed Google Fi customers that their data was also compromised in this security incident. Other Google services remained unaffected by this particular attack.

February – GoAnywhere

130+ Companies 

On February 1, Fortra informed its customers that hackers had taken advantage of a zero-day exploit in their GoAnywhere MFT file transfer tool. Shortly thereafter, the Clop ransomware group claimed responsibility for utilizing this exploit to infiltrate more than 130 companies that utilized the mentioned tool.

One impacted entity was Community Health Systems, a company overseeing over 1,000 healthcare sites across the United States. In a February 13 SEC filing, the company estimated that the personal information of around 1 million individuals had been exposed in the data breach.

Procter & Gamble was also affected by the breach, though customer data was not compromised in the incident.

March – Verizon

7.5 Million Customers

In March 2023, information belonging to more than 7 million Verizon users was shared on Breached Forums, a widely-known hacker forum. The exposed data comprised contract details, device information, encrypted customer IDs, and additional information. Notably, unencrypted personal data was not part of the disclosed information.

Verizon addressed the issue by attributing it to an external vendor and clarified that it had been resolved in January 2023.

April – Shields Healthcare Group

2.3 Million People

On April 19, Shields Healthcare Group disclosed that a cybercriminal had gained access to their systems and had stolen the personal data of 2.3 million people.

In a statement, Shields explained that the incident traced back to March 2022, when they initially detected suspicious activity on their internal network. Although there were speculations about a breach during that period, the firm’s investigation was concluded last month, exposing the full extent of the damage.

During the breach, the perpetrators had unauthorized access to sensitive data for two weeks. This information encompassed patients’ Social Security numbers, dates of birth, home addresses, healthcare provider details, and medical history. Furthermore, the attackers stole additional data, including billing information, insurance numbers, and other financial details.

May – PharMerica 

5.8 Million Patients

In the latter part of March, the Money Message ransomware group declared that it successfully infiltrated the systems of PharMerica and its parent company, BrightSpring Health Services. They claimed to have accessed databases containing a substantial 4.7 terabytes of data involving the records of over 2 million individuals.

By March 21, PharMerica had ascertained that the compromised information included personal details such as names, addresses, birth dates, Social Security numbers, medication information, and health insurance details.

In May, after completing their investigation, PharMerica and BrightSpring confirmed the full extent of the breach. They reported the data breach to the Maine Attorney General and HHS’ Office for Civil Rights, disclosing that it impacted a total of 5,815,591 individuals.

June – Oregon Driver and Motor Vehicle Services (DMV)

3.5 Million People

On June 1, the State of Oregon became aware of a vulnerability in a third-party software tool called MOVEit, a tool used to transfer data files. When they became aware of the issue, the Oregon Department of Transportation (ODOT) promptly activated its emergency response procedures to secure affected systems and launched an investigation to determine if any of its information was affected.

On June 12, it was confirmed that driver’s licenses and identification card files for approximately 3.5 million Oregon residents were compromised. The public was notified on June 15. 

July – HCA Healthcare

11 Million Patients

US-based healthcare giant HCA Healthcare suffered a data breach impacting 11 million patients. The cyber attack was discovered on July 10, after patients’ personal data was posted online.

In a website statement, HCA confirmed the breach and said the data appears to have been stolen from an external storage location exclusively used to automate the formatting of email messages, such as reminders to patients to book appointments and education on healthcare programs and services. 

The dataset includes personally identifiable information, such as patient names, home addresses, phone numbers, dates of birth, gender, and patient service dates, including locations and appointment details. HCA said the breached data does not include clinical or financial information.

After HCA discovered the unauthorized access and data theft, they disabled access to the third-party storage location and contacted all those impacted by the data breach.

August – Purfood

1.2 million Customers

In August, PurFoods, an American meal delivery service, reported a data breach that exposed the financial and medical information of over 1.2 million customers

The breach occurred on January 16, but it went undetected until July 10. The company determined the breach when it discovered that certain files in its network had been encrypted, indicating a malicious actor had hacked into the system. 

The compromised data included personal details like names, social security numbers, and health insurance member identification numbers of 1,237,681 customers. Additionally, financial information such as account numbers and credit/debit card details, potentially with security codes, access codes, passwords, or PINs, was accessed. There was also a concern that the unauthorized access might have extended to customers’ medical information.

September –  DarkBeam

3.8 Billion Records

On September 18th, the CEO of SecurityDiscovery, Bob Diachenko, alerted DarkBeam that they had been breached. 

The breached data contained 16 collections, each housing 239,635,000 records. This resulted in over 3.8 billion records being exposed. The collection comprised login pairs of email addresses and passwords from previously reported and unreported data breaches. DarkBeam had collected this information to alert its customers in case of a data breach.

October – Indian Council of Medical Research (ICMR)

815 Million Indian Residents

On October 9th, the personal data of 815 million Indian residents was exfiltrated from the ICMR’s Covid-testing database and offered for sale on the dark web by a hacker named “pwn0001”. 

On October 10th, the incident was discovered by the American security company Security. The exfiltrated 90GB of data included full names, ages, genders, addresses, passport numbers, and Aadhaar numbers (12-digit government identification numbers).

November – McLaren Health Care

2.2 Millon People

On November 9, healthcare nonprofit McLaren Health Care in Michigan notified 2.2 million people that they had suffered a data breach. 

According to a notice on the McLaren website, unauthorized access to McLaren systems began on July 28. The company discovered the breach on August 31 and launched an investigation that ended on October 10. 

The data taken included Social Security Numbers (SSN), health insurance information, dates of birth, diagnostic results and treatment information, prescription/medication information, and more. 

Less Publicized Breaches Are Not To Be Ignored

While this article focused on highly publicized breaches involving millions of customers and exposed records, it’s crucial to recognize that a substantial number of breaches occur discreetly within the domain of Small and Medium-sized Businesses (SMBs). Despite the lack of headlines, the impact on SMBs is profound, as their limited resources make recovery more challenging.

There is an urgent and unignorable need for organizations, regardless of size or public visibility, to prioritize and maintain robust security measures to continue growing their business.

Leverage Our Expertise

Media Sonar Digital Risk Assessments provide organizations with an analyst-generated summary of identified risks and exposures.

Join Our Newsletter


Become a Media Sonar Insider

.
First Name *
Last Name *
Email *
*
*Required Fields

More Content

Digital Risk Assessments

Take Action Against Digital Footprint Risks

Follow Us On LinkedIn