The year 2023 has been marked by an alarming increase in cybersecurity breaches affecting companies of all sizes and industries. As the threat landscape continues to evolve, businesses have become more vulnerable than ever, even those with substantial cybersecurity defenses. In this blog, we will focus on some of the high-profile company data breaches that occurred in 2023 and explore how quickly these breaches were discovered by the affected companies.

Before discussing specific incidents, let’s take a look at the overall data breach statistics for 2023:
Number of data breaches in July 2023: 87
Breached records in July 2023: 146,290,598
Total number of data breaches in 2023 (up to July): 694
Total number of breached records in 2023 (up to July): 612,368,642

Tigo – July 2023:
The video chat platform Tigo suffered a massive data breach, leaking personal data of more than 700,000 users online. The compromised information included names, usernames, genders, email addresses, IP addresses, photos, and private messages. More than 100 million records were compromised in total, making it a significant security incident.

Indonesian Immigration Directorate General – July 2023:
A hacker gained unauthorized access to the Indonesian Immigration Directorate General, compromising passport data of over 34 million Indonesians. The hacker, known as Bjorka, listed the stolen data on the dark web for $10,000. The breach exposed full names, genders, passport numbers, issue and expiry dates, and dates of birth.

Teachers Insurance and Annuity Association of America (TIAA) – July 2023:
In July, the Teachers Insurance and Annuity Association of America faced a security breach that affected an unknown number of individuals. Further details about the breach are yet to be disclosed.

MOVEit: June 2023
In June 2023, the file transfer tool MOVEit experienced a massive hack that impacted over 200 organizations and approximately 17.5 million individuals by July 2023. The attack affected several federal agencies, including the Department of Energy, Department of Agriculture, and Department of Health and Human Services, as well as numerous international targets. The hackers exploited a security vulnerability in MOVEit’s software, and the data breach was discovered after the breach had already occurred. The responsible group, Clop, a Russia-linked ransomware group, claimed responsibility for the attack and threatened to publish stolen information on the dark web.

T-Mobile: May 2023 (and January 2023)
T-Mobile suffered its second data breach of 2023 in May, affecting over 800 customers. This marked the company’s ninth data breach since 2018. The first data breach in January 2023 exposed personal information, including names, emails, and birthdays, of over 37 million customers. Fortunately, T-Mobile identified the breach quickly and contained it within a day. However, these breaches have cost the company hundreds of millions of dollars, and they continue to face challenges in maintaining customer trust.

Yum! Brands (KFC, Taco Bell, & Pizza Hut): April 2023
Yum! Brands, the parent company of popular fast-food chains, experienced a cyber-attack in January 2023, which initially affected only corporate data. However, in April 2023, it was revealed that personal information belonging to employees was also exposed during the incident. The company responded by notifying affected employees and offering complimentary monitoring and protection services. Fortunately, there was no indication that customer information was impacted.

The year 2023 has seen a significant increase in cyber attacks affecting companies across various industries. These attacks have exposed millions of records and sensitive information, leading to financial losses and loss of customer trust. While companies are actively working to strengthen their cybersecurity measures, the threat landscape remains dynamic and requires continuous vigilance.
Companies’ ability to detect and respond swiftly to data breaches is crucial in mitigating the impact on customers and stakeholders. Regular security assessments, proactive vulnerability patching, and employee awareness training are essential components of an effective cybersecurity strategy. As technology continues to advance, staying one step ahead of cybercriminals is an ongoing challenge, and only by remaining vigilant can organizations protect their valuable data and safeguard their reputation.

Reference
https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-attacks-in-2023
https://www.cpomagazine.com/cyber-security/34-million-indonesian-passports-exposed-in-a-massive-immigration-directorate-data-breach/
https://en.wikipedia.org/wiki/2023_MOVEit_data_breach
https://www.securityweek.com/yum-brands-discloses-data-breach-following-ransomware-attack/
https://www.bleepingcomputer.com/news/security/t-mobile-discloses-second-data-breach-since-the-start-of-2023/