2023 Mid-Year Security Breach Summary
Read more about the top eight recent high-profile company data breaches in 2023, including the number of records stolen, what credentials were compromised, and the affected market.
The most common entry point for ransomware continues to be users accidentally clicking malicious links, visiting insecure websites, or engaging with phishing emails, according to 44% of survey respondents worldwide, reported by Veeam in their 2022 Ransomware Trends Report.
According to projections, cybercrime is forecast to cost the global economy $10.5 trillion by 2025, reflecting a 15% increase year on year.
Here are just a few of the biggest-named cyber breaches thus far in 2023.
- Norton Life Lock breach: January 2023
Norton Life Lock sent a notice to their customers in mid-January that over 6,000 of their customer accounts had been breached due to a “stuffing” attack, which is the automatic injection of stolen username and password pairs into websites.
Gen Digital, Norton Life Lock’s parent company, sent notices to accounts they believe could have been compromised and recommended changing passwords and enabling two-factor authentication.
- MailChimp: January 2023
MailChimp, the email marketing platform, suffered a data breach due to a social engineering attack that allowed unauthorized users into an internal customer support tool.
The hackers gained access to employee information and credentials, but the company has since identified and suspended those accounts.
- Google Fi: February 2023
Because Google Fi doesn’t have its own network infrastructure and had to piggyback on T-Mobile’s network, they were affected by their massive data breach, compromising their customers’ phone numbers.
- T-Mobile reports two data breaches in 2023
In January 2023, T-Mobile acknowledged that a hacker was able to obtain customer data, including names, birth dates, and phone numbers, from 37 million accounts.
Then again in May 2023, a hacker again infiltrated systems to steal information such as full names, dates of birth, addresses, contact information, government IDs, social security numbers, and T-Mobile account pins.
The company has not revealed how the hacker managed to access its systems. According to a data breach notification posted to the Maine attorney general’s office, 836 customers were impacted.
- ChatGPT: March 2023
ChatGPT had its first data breach this year, though OpenAI claims the number of users whose data was actually revealed to someone else “is extremely low.”
Officials from OpenAI, ChatGPT’s parent company, said “In the hours before we took ChatGPT offline on Monday, it was possible for some users to see another active user’s first and last name, email address, payment address, the last four digits (only) of a credit card number, and credit card expiration date.”
- Chick-fil-A: March 2023
The popular fast-food joint Chick-fil-A confirmed a data breach of their mobile app that exposed customers’ personal information.
The hacker used email addresses and passwords from a third-party to get into the system and acquire info like membership numbers, names, emails, addresses, and more.
The company says less than 2% of customer data was breached.
- Yum Brands (KFC, Taco Bell, & Pizza Hut): April
Yum Brands, the parent company of popular fast food chains KFC, Taco Bell, and Pizza Hut, announced in April that a cyber attack occurred in January. The company believed the attack to only have directly affected corporate data, however they are now being cautious and notifying employees who may have had their personal data breached.
The attack resulted in the company closing down almost 300 locations in the UK in January and has continued to cost the company money in adding security measures, alerting customers, and brand perception.
Always on alerts for best company security practices
As more internet-connected devices flood the market, more personal devices connect to business data, and hacking becomes more financially motivated, exposures at these touchpoints increase exponentially.
Ensure your business is protected at the enterprise level with strict security measures.
Are you concerned about cybersecurity for your data? Contact us today for an expert consultation.
Photo by Mika Baumeister on Unsplash