10 Major Data Breaches and Cyber Attacks 2023

Written by Mitchell Langley

January 12, 2024

10 Major Data Breaches and Cyber Attacks 2023

Cyber attacks today have become a daily occurrence in today’s hyperconnected world. With more users and devices getting online each day, there is an ever-increasing attack surface for cybercriminals to target. 2023 saw some massive cyberattacks and data breaches that compromised millions of user records and even brought down large organizations.

Here are the most prolific top 10 most recent data breaches and cyberattacks and that occurred in 2023.

Top 10 Most Recent Cyber Attacks 2023

DarkBeam Cyber Attack 2023

The DarkBeam Cyber Attack was a significant cybersecurity incident that occurred in September 2023. The breach was discovered by Bob Diachenko, CEO of SecurityDiscovery, who promptly alerted DarkBeam.

The digital risk protection firm DarkBeam had exposed an Elasticsearch and Kibana interface without protection.

The attack exposed more than 3.8 billion records, making it one of the largest data breaches in recent memory. The records included user emails and passwords from both previously reported and unreported data breaches.

DarkBeam, a top-performing cyber vulnerability and threat management provider, claimed to collect this information to alert its customers in case of a data breach.

Although most of the 3.8 billion exposed data records were from past breaches, Ironically DarkBeam had assembled the information in order to notify its customers through the site if their personal information was impacted by security incidents.

However, the extent of data held by DarkBeam and how it was organized meant that anyone who accessed it could potentially use the information for phishing campaigns.

  • Date of breach: September 18, 2023
  • Ransomware group involved: Unknown
  • Amount of ransom: No ransom was demanded
  • Methods of infiltration: The attackers used an Elasticsearch and Kibana interface to infiltrate DarkBeam’s systems
  • Volume of data stolen: Over 3.8 billion records
  • Type of data stolen: The breached data contained user emails and passwords from both previously reported and unreported data breaches

MOVEit Data Breach (Biggest Supply Chain Cyber Attack 2023)

The MOVEit Data Breach was the most hottest cyber attack news in mid 2023 and its impact can still be felt today as new victims are coming forward.

The MOVEit data breach occurred in May 2023 and is one of the biggest supplychain cyber attacks in 2023. The breach was carried out by a ransomware group known as CL0P known to have committed some of the biggest ransomware attacks.

The CL0P ransomware group exploited a vulnerability in MOVEit, a managed file transfer software, to steal files from organizations through SQL injection on public-facing servers.

The transfers were facilitated through a custom web shell identified as LemurLoot, disguised as ASP.NET files used legitimately by MOVEit.

The breach has impacted tens of millions of people and thousands of companies, including the U.S. Department of Energy, British Airways, pension funds, and more.

The type of data stolen was sensitive personal data. The exact amount of ransom demanded by the group is not specified, but it’s known that the average ransom paid in similar attacks in 2021 exceeded half a million dollars. The financial impact of the breach is still unfolding.

  • Date of breach: May 2023
  • Ransomware group involved: Clop ransomware group
  • Amount of ransom: Unknown
  • Tools used for infiltration: Zero-day vulnerabilities in the MOVEit Transfer software
  • Methods of infiltration: Exploiting zero-day vulnerabilities to gain unauthorized access to the MOVEit Transfer servers and steal sensitive data.
  • Volume of data stolen: Over 77.2 million individuals, 2,620 organizations
  • Type of data stolen: Sensitive personal data stored by organizations using the MOVEit Transfer software
  • Financial impact: Unquantifiable

Here are some of the major reported victims of the MOVEit data breach in 2023:

  • The US Department of Energy
  • Shell company
  • First National Bankers Bank
  • Putnam Investments
  • Datasite
  • Swizz Insurance company ‘OKK’
  • Leggett & Platt
  • Multinational firm PricewaterhouseCoppers(Pwc)
  • Ernst & Young
  • Health Services Ireland
  • BBC
  • British Airways
  • Boots Retail
  • Medibank
  • Colorado Department of Health Care Policy and Financing
  • Bank OZK
  • Unum Group
  • Indiana University Health
  • Missouri Department of Social Services
  • United Bank
  • UMass Chan Medical School
  • Data Media Associates
  • Hillsborough County

GoAnywhere Clop Ransomware Attack

The GoAnywhere Ransomware Attack was discovered in February 2023. The ransomware group Cl0p claimed responsibility for the attack, which exploited a zero-day vulnerability in GoAnywhere MFT, a secure file transfer service by Fortra.

The vulnerability, tracked as CVE-2023-0669, is a remote code execution (RCE) flaw. The flaw was exploited by sending a post request to the endpoint at /goanywhere/lic/accept.

The attack affected several large organizations, including Hitachi Energy, Proctor and Gamble, and Rubrik. Interestingly, Cl0p did not follow a double extortion method for these attacks, nor did it appear to leave a locker. The exact ransoms demanded of Cl0p’s victims in this campaign have been unknown.

Despite the vulnerability being patched quickly after it was made public, many firms failed to promptly apply updates following security disclosures. This led to a rise in attacks, and many businesses may still be vulnerable. The financial impact of the breach is still unfolding.

  • Date of breach: May 2023
  • Ransomware group involved: Clop ransomware group
  • Amount of ransom: Unknown
  • Tools used for infiltration: Zero-day vulnerabilities in the GoAnywhere MFT secure file transfer tool
  • Methods of infiltration: Exploiting zero-day vulnerabilities to gain unauthorized access to the GoAnywhere MFT servers and steal sensitive data
  • Volume of data stolen: Data from 130 organizations
  • Type of data stolen: Sensitive personal data stored by organizations using the GoAnywhere MFT software
  • Financial impact: Unquantifiable at this moment

UK Electoral Commission Data Breach 2023

The UK Electoral Commission Attack was a complex cyber-attack that potentially affected millions of voters. The attack was discovered in October 2022, but the hostile actors had gained access to copies of the electoral registers as far back as August 2021.

The data accessed included the names and addresses of people in the UK who registered to vote between 2014 and 2022. The commission’s email system was also accessed during the attack.

The attackers were able to access full copies of the electoral registers, held by the commission for research purposes and to enable permissibility checks on political donations. However, the data of anonymous voters whose details are private for safety reasons and the addresses of overseas voters were not accessible to the intruders.

The commission estimates the register for each year contains the details of around 40 million people. The personal data held on the registers – name and address – did not itself present a “high risk” to individuals, although it is possible it could be combined with other public information to “identify and profile individuals”.

The commission has not disclosed the exact identity of the hostile actors involved in the attack.

  • Date of breach: October 2022
  • Ransomware group involved: Not identified
  • Amount of ransom: None
  • Methods of infiltration: Exploiting zero-day vulnerability to gain unauthorized access to the Electoral Commission’s systems
  • Volume of data stolen: Copies of the electoral registers from August 2021, which included the names and addresses of people in the UK who registered to vote between 2014 and 2022. The data of people who qualified to register anonymously was not accessed
  • Type of data stolen: Names and addresses of people in the UK who registered to vote between 2014 and 2022
  • Financial impact: Unknown

MGM Resorts Cyber Attack 2023

The MGM Resorts Cyber Attack was a significant cybersecurity incident that occurred in September 2023. The attack was carried out by a group known as Scattered Spider, which is known for its sophisticated social engineering attacks.

The attackers gained unauthorized access to personal information of some of MGM Resorts’ customers on September 11, 2023. The affected information included names, contact information, gender, date of birth, and driver’s license numbers. For a limited number of customers, Social Security numbers and/or passport numbers were also affected.

The attack led to disruptions in MGM Resorts’ operations, including issues with slot machines and online room booking systems. Some systems were shut down due to the cybersecurity issue, but the firm stated that its facilities remained operational. The financial impact of the breach is expected to exceed $100 million.

  • Date of breach: September 11, 2023
  • Ransomware group involved: Scattered Spider
  • Amount of ransom: Unknown
  • Tools used for infiltration: Zero-day vulnerability in the Exchange Server
  • Methods of infiltration: Social engineering tactics to gain access to MGM’s internal systems
  • Volume of data stolen: Personal information of 10 million MGM’s customers
  • Type of data stolen: Personal information
  • Financial impact: Estimated $100 million

Johnson Controls Ransomware Attack

The Johnson Controls Ransomware Attack occurred in September 2023. The attack was carried out by a group known as Dark Angels, which encrypted devices and disrupted internal and partners’ operations.

The company’s operations were disrupted after a cybersecurity incident affected parts of its information technology infrastructure.

The company initiated its incident response plan, launched an investigation with external cybersecurity experts, and started coordinating with insurers.

This was a classic case of double cyber extortion which is one of the most damaging types of cyber attacks.

The Department of Homeland Security (DHS) is investigating if the data breach compromised sensitive physical security information.

The DHS is also investigating whether the ransomware attack leaked any personally identifiable information. The financial impact of the breach is still unfolding.

  • Date of breach: September 27, 2023.
  • Ransomware group involved: Dark Angels ransomware group.
  • Amount of ransom: The attackers demanded a ransom of $51 million in exchange for a decryptor and to delete stolen data.
  • Tools used for infiltration: A misconfigured firewall setting in Johnson Controls’ cloud computing system.
  • Methods of infiltration: Social engineering tactics to gain access to Johnson Controls’ internal system.
  • Volume of data stolen: The attackers claimed to have stolen over 27 terabytes of corporate data while encrypting VMWare ESXi virtual machines.
  • Type of data stolen: Sensitive corporate data.
  • Financial impact: Unknown at this time.

23andMe Data Breach 2023

The 23andMe Data Breach was a significant cybersecurity incident that occurred in October 2023. The cyber attack news spread out in December.

23andMe’s ongoing analysis of the files stolen by the unauthorized individual revealed that approximately 6.9 million users had ancestry data stolen after hackers accessed thousands of accounts by likely reusing previously leaked passwords.

The data accessed included names, contact information, gender, date of birth, and driver’s license numbers. For a limited number of customers, Social Security numbers and/or passport numbers were also affected.

The company has not clarified why it did not disclose these exact numbers when announcing the cyberattack. According to TechCrunch, these new numbers suggest that nearly half of 23andMe’s 14 million users were hacked.

  • Date of breach: October 6, 2023.
  • Ransomware group involved: Golem
  • Amount of ransom: No ransom was demanded, seller intended to sell data on darkweb.
  • Tools used for infiltration: The attacker exploited a misconfigured firewall in 23andMe’s cloud computing system.
  • Methods of infiltration: The attacker used social engineering tactics using brute force and credential stuffing to gain access to 23andMe’s internal systems.
  • Volume of data stolen: The breach exposed personal information of approximately 6.9 million individuals.
  • Type of data stolen: The stolen data included names, addresses, phone numbers, email addresses, dates of birth, and self-reported income of 23andMe customers and applicants.
  • Financial impact: Unknown.

T-Mobile Cyber Attack 2023

The T-Mobile Cyber Attack 2023 was a significant cybersecurity incident that affected the company twice in the same year. The first attack started on November 25, 2022, and was discovered by T-Mobile on January 5, 2023.

This breach affected approximately 37 million current customer accounts. The data stolen included customer name, billing address, email, phone number, date of birth, T-Mobile account number, as well as information on the number of customer lines and plan features.

The second attack started on February 24 and lasted until March 30, affecting 836 customers. The information obtained for each customer varied but may have included full name, contact information, account number and associated phone numbers, T-Mobile account PIN, social security number, government ID, date of birth, balance due, internal codes that T-Mobile uses to service customer accounts, and the number of lines.

Account PINs, which customers use to swap out SIM cards and authorize other important changes to their accounts, were reset once T-Mobile discovered the breach on March.

  • Date of breach: Around November 25, 2022
  • Ransomware group involved: Not specified
  • Ransom amount: Not specified
  • Infiltration tools: T-Mobile’s Application Programming Interfaces (APIs)
  • Infiltration methods: Exploitation of the API
  • Data volume stolen: Approx. 37 million customer accounts
  • Data type stolen: Customer name, billing address, email, phone number, date of birth, T-Mobile account number, customer lines info, plan features
  • Financial impact: Significant, exact amount not specified

Rapid Reset — The Largest Cyber Attack in Internet History

The Rapid Reset attack, was a Distributed Denial of Service (DDoS) attack that exploited the HTTP/2 Rapid Reset Zero-Day vulnerability.

This attack, which occurred in October 2023, targeted multiple internet infrastructure companies. The attackers exploited the HTTP/2 protocol’s concurrent stream processing to overwhelm servers with an unprecedented volume of requests.

The scale of the Rapid Reset attack was staggering. Google reported peak request rates exceeding 398 million requests per second, while Cloudflare observed a peak of more than 201 million requests per second. These numbers were nearly three times larger than any previous DDoS attack recorded.

Upon the discovery of this vulnerability, tech giants Google, Amazon Web Services (AWS), and Cloudflare swiftly coordinated their efforts to mitigate the attack. Despite the patches issued by various software vendors, managing the intricacies of this Zero-Day highlighted the complexity of modern cybersecurity threats.

  • Date of breach: October 2023
  • Ransomware group involved: Not specified
  • Amount of ransom: N/A
  • Tools used for infiltration: HTTP/2 protocol’s concurrent stream processing
  • Methods of infiltration: Opening a multitude of streams and canceling each request
  • Volume of data stolen: N/A
  • Type of data stolen: N/A
  • Financial impact: N/A 

Dori Media Group Cyber Attack

The Dori Media Group Cyber Attack was a significant cybersecurity incident that occurred in October 2023. The attack was carried out by a group known as Malek Team, which claimed to have destroyed more than 100 TB of data from the company. The exact impact of the breach on the company’s operations and the type of data compromised is not specified.

  • Date of Breach: December 2023
  • Ransomware Group Involved: MalekTeam
  • Volume of Data Stolen: Over 100 TB
  • Ransom Amount: Not specified
  • Infiltration Tools: Not specified
  • Infiltration Methods: Not specified
  • Type of Data: Not specified
  • Financial Impact: Not specified

Conclusion

The frequency and scale of recent cyberattacks witnessed in 2023 demonstrate how serious an issue cybersecurity has become. With more of our lives and data moving online every day, there are growing risks from both sophisticated cybercriminal groups and opportunistic attackers.

While some of the largest cyber attacks 2023 compromised millions of user records, even smaller organizations were not spared from being targeted. The financial and reputational losses incurred by companies have been massive. Most concerning is the risk these security breaches pose to users, with personal details being stolen that enable identity theft and fraud.

Looking ahead, cybersecurity needs to become a bigger priority for both technology companies and individuals. Stronger authentication, encryption, access controls and monitoring cyber security trends will help curb the impact of future breaches. However, eliminating vulnerabilities completely may not be realistic given the dynamic threat landscape.

Increased cooperation between governments, law enforcement and the private sector will also be important to curb the activities of cybercriminal networks and beef up our cyber shields. Users must also become more cautious about sharing personal information online and avoid phishing attempts. Only with diligence on all fronts can we hope to curb the growing tide of cyberattacks.

Related Articles

Daixin Ransomware Claims Omni Hotels Cyberattack

Daixin Ransomware Claims Omni Hotels Cyberattack

The Daixin Team ransomware gang has taken responsibility for a recent cyberattack on Omni Hotels & Resorts and is currently issuing threats to publish sensitive customer information unless a ransom is paid. This development comes after the hotel chain experienced...

Stay Up to Date With The Latest News & Updates

Join Our Newsletter

 

Subscribe To Our Newsletter

Sign up to our weekly newsletter summarizing everything thats happened in data security, storage, and backup and disaster recovery

You have Successfully Subscribed!