September saw several major data breaches, concerning companies such as Microsoft, Sony, and T-Mobile. In this article, you’ll find an overview of the latest data breaches, starting with the most recent.
September 2023: 60k State Department Emails Stolen in Microsoft Breach
On September 27, a Senate staffer briefed by State Department IT officials informed Reuters that Chinese hackers had stolen over 60,000 emails by State Department officials. The breach occurred in July, when a series of errors enabled the Chinese hacker group, identified as Storm-0558, hacked Microsoft and stole a key granting them broad access to Microsoft customer accounts, including those of the U.S. government.
Details continue to emerge concerning this Microsoft breach and its broader impact.
September 2023: Sony Investigates Alleged Hack
On September 25, the hacker group RansomedVC claimed to have stolen 260 GB of proprietary data from Sony — by the hackers’ description, “all of sony systems.” They posted 6,000 files as a sample of the stolen data, including a PowerPoint presentation and source code files.
Another hacker, MajorNelson, claimed credit for the breach on Breached Forums, and stated that “RansomedVCs are scammers who are just trying to scam you and chase influence.”
Sony has stated they are investigating the matter, and has not offered greater detail on the alleged hack. It does not appear any customer data was implicated in this incident.
September 2023: 89 GB of T-Mobile Employee Data Posted to Hacker Forum
On September 21, a trove of stolen data was posted to Breached forums, a popular hacker forum. The 89 gigabyte cache largely pertained to T-Mobile employees, including email addresses and partial Social Security Numbers, as well as some order information pertaining to T-Mobile customers.
This data was tied to an April breach of Connectivity Source, a T-Mobile retailer. T-Mobile itself denied the breach, and does not appear to have been directly hacked as part of this incident.
September 2023: 38 TB of Data Leaked by Microsoft AI Research Division
On September 18, cybersecurity researchers discovered a trove of 38 terabytes of private data, leaked by Microsoft’s AI Research Division. This data, published on GitHub, included sensitive information, including a disk backup of two employee computers that featured passwords, private keys, personal data, and more than 30,000 internal Microsoft Teams messages. By Microsoft’s description, no customer data appears to have been exposed in this breach.
The sensitive data was exposed via a misconfigured Azure cloud storage container. The issue was quickly corrected once the cybersecurity researchers informed Microsoft of the issue.
September 2023: System Error Exposes Data on T-Mobile Customers
In late September, a glitch at T-Mobile exposed customer and payment data pertaining to fewer than 100 customers. Some T-Mobile customers discussed this data leak on Twitter, stating that the T-Mobile app was showing them information on other customers, including phone numbers and billing addresses.
According to T-Mobile, the issue was connected to an overnight technology update and involved very limited account information. Additionally, the company stated that the glitch was quickly corrected.
September 2023: Caesars Entertainment Pays $15 Million Data Ransom
On September 7, Caesars Entertainment reported a data breach involving the theft of its loyalty program customer database. The stolen database included driver’s license information, Social Security numbers, and other sensitive customer data.
After experiencing the cyberattack, Caesars Entertainment paid a $15 million ransom to the hacker group that managed to access its systems. The company stated it took steps to ensure the data was deleted by the attackers, though it admitted it couldn’t guarantee the data was erased.
August 2023: Callaway Breach Exposes Data on 1.1+ Million Customers
On August 29, sporting company Topgolf Callaway confirmed a data breach had occurred earlier in the month. This breach included shipping addresses, account passwords, and more sensitive data pertaining to over 1.1 million customers.
The breach began on August 1, and was discovered on August 16. In response, Callaway reset customer login credentials to force the creation of new passwords. The company also stated the incident has since been contained.
August 2023: New Victims Emerge from MOVEit Attacks
August saw continued fallout from the MOVEit attacks, as more companies and government agencies disclosed that they had been breached in this string of cyberattacks perpetrated by Clop, a Russian ransomware group.
IBM was implicated as an attack vector for breaches on several state agencies, including the Colorado Department of Health & Financing, the Colorado Department of Higher Education, and the Missouri Department of Social Services. Stolen data included social security numbers, Medicare and Medicaid ID numbers, and sensitive health data on millions of Americans.
Two more government contractors, Serco and Maximus, disclosed that they, too, had been breached in the MOVEit attacks. Compromised data in these cases included social security numbers and sensitive health data for millions more Americans.
By now, the MOVEit attacks have compromised hundreds of companies and tens of millions of individuals, with more news still coming to light.
August 2023: Proprietary Data Stolen from Seiko
On August 10, Japanese watchmaker Seiko disclosed that they had been targeted in a data breach, for which the BlackCat/ALPHV ransomware group claimed responsibility. The stolen data includes schematics, patented technology, and other proprietary data, but does not appear to include sensitive customer data.
August 2023: Data on 760k Users Stolen From Discord.io
Discord.io, a third-party service for Discord users, suspended operations after a breach exposed data on its 760,000 members. Data, including email addresses, billing addresses, and hashed passwords, was listed for sale on Breached forums.
Discord.io is not owned or operated by Discord itself, and Discord users who have not used Discord.io have not been implicated in this data breach.
July 2023: Cybercrime Forum Gets Breached
BreachForums, a popular destination for ransomware hackers extorting companies and selling stolen data, became the victim of a data breach. On July 26, HaveIBeenPwned announced the breach, including email addresses, private messages, and hashed passwords. The hacker is now ransoming their data with an asking price north of $100,000.
BreachForums was briefly shut down following its founder’s arrest in March 2023. It re-emerged a few months later, and has remained a major marketplace for stolen data.
July 2023: NATO Investigates Data Breach
On July 25, the hacker group SiegedSec claimed on Telegram that they had breached NATO’s Communities of Interest Cooperation Portal. The stolen data appears to include unclassified documents and sensitive data pertaining to users of the web portal.
SiegedSec is a hacktivist group of self-identified “gay furries” targeting government organizations. They described the motive for their attacks as “a retaliation against the countries of NATO for their attacks on human rights,” noting that “Also, its fun to leak documents ^w^.”
July 2023: Chinese Hackers Breach U.S. Agencies Via Microsoft Cloud
On July 11, Microsoft publicly disclosed that a group of Chinese hackers had spied on U.S. government agencies via a vulnerability in Microsoft’s cloud services. The attack was first detected in June, by an unnamed government agency which proceeded to inform Microsoft and the Department of Homeland Security of the incident.
The hacking group in question, deemed “Storm-0558” by Microsoft, appears to be linked to the Chinese government. Their attacks targeted State and Commerce department emails, ahead of U.S. Secretary of State Antony Blinken’s visit to China in June. U.S. officials have stated that sensitive data was not compromised in this email breach.
July 2023: More Victims Emerge from MOVEit Attacks
July saw even more damage from the MOVEit attacks, which have now compromised over 200 companies. New victims include Radisson Hotels; a spokesperson said that “a limited number of guest records” were exposed, but did not detail exactly how many were affected.
The attacks also compromised data pertaining to 43,000 employees of real estate company Jones Lang LaSalle. Several universities were impacted, including the University of Illinois, the University of Colorado, and Johns Hopkins University. Other notable victims include Deutsche Bank, UofL Health, and the New York Department of Education.
All in all, sensitive records pertaining to millions of people have been implicated in this string of attacks. More details continue to emerge, and we will keep this article updated as more information comes to light.
July 2023: Apple Patches Zero-Day Exploit
On July 10, Apple released a batch of Rapid Security Response updates to iOS and macOS. In their notes on the update, they acknowledged that they were “aware of a report that this issue may have been actively exploited,” but did not go into greater detail.
This update is now available, and I would recommend you download it as soon as you have the chance. To ensure your devices are secure, go into your settings, check for updates, and update your device if necessary.
For more on Apple security breaches, see our complete timeline.
July 2023: Razer Investigates Alleged Data Breach
On July 8, an anonymous hacker posted on an online forum that they had stolen source codes and other data from Razer, a consumer electronics company. The hacker offered to sell this data for $100,000 worth of cryptocurrency.
On July 10, Razer acknowledged that they were investigating this incident.
July 2023: Microsoft Denies Purported Data Breach
On July 2, hacktivist group Anonymous Sudan claimed to have hacked Microsoft and pilfered data pertaining to over 30 million Microsoft accounts. The group provided a sample of the data, but so far it has not been determined where exactly the data came from.
A Microsoft spokesperson said that these claims of a data breach were not legitimate, and stated that Microsoft had seen “no evidence that our customer data has been accessed or compromised.”
June 2023: MOVEit Attacks Compromise 100+ Companies & Government Agencies
In the month of June, a Russia-based ransomware group known as Clop leveraged a zero-day exploit in MOVEit, a file transfer tool, to compromise over 100 companies and government agencies.
The breach hit DMVs in Oregon and Louisiana, affecting over 6 million residents across both states, possibly including drivers’ license and Social Security numbers. Multiple federal agencies were impacted, including the Department of Energy.
The ransomware hackers used the MOVEit exploit to compromise payroll company Zellis, which they then leveraged to breach the BBC, British Airways, and Aer Lingus. They breached Shell, uncovering data on customers who used their electric vehicle charging network. They compromised several financial services companies, including 1st Source Bank, First National Bankers Bank, and Putnam Investments.
Earlier in 2023, the Clop group were responsible the GoAnywhere attacks, in which they compromised over 130 companies.
June 2023: Report Identifies Over 101k Hacked ChatGPT Accounts
A threat intelligence team at Group-IB released a report indicating that over 101,000 ChatGPT credentials were stolen by malware over a 12-month period. These researchers found these accounts on the dark web, available for sale alongside other stolen data.
These accounts were compromised by malware on users’ devices; they were not hacked due to a breach of ChatGPT itself.
June 2023: UPS Alerts Canadian Customers of Phishing Attacks
In late June, UPS alerted many customers in Canada that their data may have been compromised in a string of SMS phishing attacks, conducted from February 2022 to April 2023. The attackers in this case impersonated UPS, and demanded fees to deliver supposed ‘packages’. They enhanced their credibility by hacking into UPS’s package lookup tools so that they could base their phishing texts on actual incoming deliveries.
In their notice to customers, UPS clarified that real texts from UPS only come from SMS number 69877.
June 2023: Hacker Ransoms Confidential Reddit Data
On June 17, the BlackCat ransomware gang threatened to make public 80 GB of confidential data stolen from Reddit in a February cyberattack. This data included account credentials from 2007 and earlier, and Reddit has notified users whose information may have been implicated in the breach.
June 2023: Zacks Data Breach Posted to Hacker Forum
On June 10, breach database Have I Been Pwned added a previously unreported breach of 8.9 million Zacks users, dating to May 2020. Shortly after this breach came to light, the data was posted for sale on a popular hacker forum. This breach included account data, such as passwords, but does not appear to have included credit card numbers or other financial data.
June 2023: Intellihartx Discloses Breach Affecting 489k Patients
On June 8, healthcare collections company Intellihartx notified legal officials that sensitive data pertaining to over 489,000 patients had been compromised in a data breach on partner company Fortra. Stolen data included Social security numbers, dates of birth, and medical records.
This incident was part of the GoAnywhere attacks in February, affecting over 130 companies, largely concentrated in the healthcare sector. These attacks were perpetrated by the Clop group, a Russia-affiliated ransomware gang that also conducted the MOVEit attacks in 2023.
May 2023: Apria Notifies 1.8 Million People of 2021 Breach
On September 1, 2021, Apria Healthcare discovered a data breach pertaining to sensitive data on 1.8 million patients and employees. Although HIPAA requires companies to report data breaches within 60 days of discovery, Apria did not inform anyone of the data breach until 18 months later, in May 2023.
The exposed information appears to include Social Security numbers, financial data, and medical records.
May 2023: 237k Federal Employees Exposed in U.S. Department of Transportation Breach
On May 12, the U.S. Department of Transportation notified Congress of a data breach affecting 237,000 current and former government employees. The compromised data pertained to TRANServe, a system for reimbursing commuting costs. So far, it is unclear who perpetrated this attack.
May 2023: PharMerica Discloses Breach Affecting 5.8 Million Patients
On May 12, PharMerica notified over 5.8 million people that their data, including social security numbers and medical information, had been publicly exposed following a ransomware attack. PharMerica discovered the breach in March, but only notified customers two months later, after the hackers published the customer data online.
May 2023: Discord Support Account Compromised
In mid-May, Discord disclosed that an account belonging to a third-party support contractor had been compromised. Through this account, an unknown attacker was able to gain some personal information, such as email addresses. The impact from this attack appears to be very limited, but users should remain wary of phishing attempts.
April 2023: T-Mobile Discloses Second Data Breach of 2023
On April 28, T-Mobile notified 836 customers that their data had been compromised in a breach. Though the scale of this attack was more limited than their January breach, it included highly sensitive data, such as social security numbers, government ID data, and T-Mobile account pins.
April 2023: American Bar Association Discloses Hack Affecting 1.5 Million Members
In mid-April, the American Bar Association notified 1.5 million members that their login credentials, including encrypted password data, had been compromised. The incident happened in March, when an unknown hacker broke into a legacy system pertaining to an old ABA website. Though the data stolen was not up-to-date, it’s one more reason not to reuse old passwords.
April 2023: Yum Brands Admits That Customer Data Was Compromised In Breach
In early April, Yum Brands — the parent company that operates Taco Bell, KFC, and Pizza Hut — acknowledged that personal data, including driver’s license numbers, had been compromised in a January incident. The company first disclosed the breach soon after discovering the incident; but initially, they claimed that only company data had been impacted.
April 2023: MSI Breached by Ransomware Gang
On April 7, computer hardware company MSI confirmed that a ransomware gang had stolen company data, including source code. The ransomware gang, called Money Message, has threatened to make this data public if MSI does not pay them $4 million.
It does not appear that customer data was exposed in this data breach.
April 2023: Uber’s Law Firm Leaks Sensitive Data on Drivers
In April, Uber’s law firm, Genova Burns, informed many Uber drivers that sensitive data, including Social Security numbers and Tax Identification numbers, had been stolen in a data breach of the law firm. Neither Genova Burns nor Uber have disclosed how many drivers were affected by the data breach.
April 2023: Western Digital Confirms Breach
In April, data storage company Western Digital confirmed that hackers had broken into their network on March 26. Following the attack, Western Digital has experienced outages to its cloud storage services, and in May, they notified users that some customer information, such as encrypted passwords and partial credit card numbers, had been exposed in the attack.
March 2023: ChatGPT Bug Exposes User Data
On March 24, OpenAI confirmed that a bug had exposed customer data, including chat history payment information, to other users. This occurred due to a vulnerability in an open source library, which OpenAI has since patched. Following the incident, OpenAI notified affected users and created a bug bounty program to help discover future vulnerabilities.
This is the first reported breach reported involving OpenAI. Should future incidents occur, they will be recorded here and in our article on ChatGPT breaches.
March 2023: ILS Notifies 4.2 Million Customers of Data Breach
On March 14, healthcare provider Independent Living Systems (ILS) notified over 4 million customers of a data breach. The breach apparently occured in June and July of 2022, and included Social Security numbers, driver’s license numbers, medical records, and other highly sensitive data.
March 2023: TMX Finance Notifies 4.8 Million Customers of Data Breach
TMX Finance, which operates under the brands TitleMax, TitleBucks, and InstaLoan, notified 4.8 million customers of a data breach. The breach includes Social Security numbers, passport numbers, financial records, and other highly sensitive data.
The breach itself occurred in early February. TMX disclosed the breach in March, and is now facing a potential class action lawsuit.
March 2023: Ransomware Group Claims to Have Amazon Ring Data
On March 13, a ransomware group called ALPHV claimed on the darkweb that they had breached Ring, Amazon’s doorbell security company. An Amazon spokesperson said that they had “no indications that Ring experienced a Ransomware event,” and in another statement noted that third-party vendor may have experienced a breach.
While it is possible this ransomware group has data pertaining to Ring customers, we have found no other evidence so far that would substantiate a data breach of Amazon Ring.
March 2023: AT&T Customer Data Exposed Following Attack on Vendor
In March, AT&T notified roughly 9 million customers that their data had been compromised following an attack on a third-party vendor. AT&T described the exposed data as “Customer Proprietary Network Information,” including data on customers’ wireless plans and payment amounts. According to AT&T, sensitive personal or financial information was not exposed in the attack.
March 2023: Congress Members’ Data Exposed in DC Health Link Breach
On March 8, thousands of U.S. lawmakers and government employees were notified that their sensitive data may have been exposed in a breach on DC Health Link, a health insurance provider for Congress.
By then, the data had already been posted for sale on Breached Forums. Capitol Police stated that they were working with the FBI to investigate the incident.
March 2023: Data on 7.5 Million Verizon Customers Exposed on Hacker Forum
In March 2023, records on over 7 million Verizon users were posted to Breached Forums, a popular hacker forum. The data included contract information, device information, encrypted customer IDs, and more — but it does not appear that unencrypted personal data was included in the leak.
In response, Verizon stated that the issue stemmed from an outside vendor and had been resolved in January of 2023.
February 2023: U.S. Marshals Service Discloses Data Breach
On February 27, U.S. law enforcement officials acknowledged that the U.S. Marshals Service discovered a data breach and ransomware attack on February 17. A spokesperson said that the leaked data included “returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees.”
According to the USMS, data pertaining to the witness protection program was not implicated in the attack. An investigation is still ongoing.
February 2023: Activision Data Breach Comes to Light
On February 21, Activision acknowledged that they suffered a data breach in December 2022, after a hacker tricked an employee via an SMS phishing attack. According to one source, the hacker gained access to the Slack account of an HR employee, as well as data such as email addresses, phone numbers, and salaries of Activision employees. The data also included a release calendar of upcoming games, but does not appear to have contained any source code or customer data.
Activision did not inform anyone of the breach at the time, and only acknowledged the breach after the security research group vx-underground brought it to light on Twitter.
February 2023: Pepsi Bottling Ventures Exposed in Malware Attack
In February 2023, Pepsi Bottling Ventures filed a security incident notice acknowledging that they had experienced a malware attack on December 23, 2022, and discovered the breach on January 10. Stolen data apparently includes personal information, such as social security numbers and login credentials, but it is unclear whether this information pertains to customers or to employees.
It is also unclear if PepsiCo was affected by the breach. Pepsi Bottling Ventures is the largest bottler of Pepsi in the United States, but they are a distinct company from PepsiCo itself.
February 2023: 3.3 Million Patients Exposed in Heritage Provider Network Breach
In February, the California-based Heritage Provider Network disclosed to patients that they had suffered a ransomware attack on December 1. Over 3 million patients’ data was exposed in the leak, including social security numbers, medical records, and other highly sensitive information.
Since this disclosure, several class action lawsuits have been filed against Heritage Provider Network and its partners.
February 2023: Over 130 Companies Implicated in GoAnywhere Attacks
On February 1, Fortra disclosed to its customers that hackers had exploited a zero-day exploit on their GoAnywhere MFT file transfer tool. Several days later, the Clop ransomware group claimed credit for using this exploit to breach over 130 companies that had used the tool in question.
Among the companies affected was Community Health Systems, which operates over 1,000 healthcare sites across the United States. In an SEC filing on February 13, the company estimated that personal information pertaining to roughly 1 million people had been exposed in the data breach.
The breach also affected Procter & Gamble, though customer data was not implicated in the leak.
January 2023: PeopleConnect Data on 20 Million Customers Posted to Hacker Forum
On January 21, a hacker publicly posted data pertaining to InstantCheckMate and TruthFinder, two popular background check services owned by PeopleConnect. This data included records on over 20 million customers, and was apparently lifted from a backup file dating to 2019.
January 2023: T-Mobile Discloses Data Breach Affecting 37 Million Customers
On January 19, T-Mobile disclosed that a cyberattacker stole personal data pertaining to 37 million customers. T-Mobile said the breach only included “a limited set of customer account data,” though it included names, addresses, phone numbers, account numbers, and more.
This incident occurred in November 2022. T-Mobile detected the breach on January 5, 2023, after which they quickly shut down the vulnerability in question and launched an investigation into the incident.
Following the incident, Google notified Google Fi customers that their data was also implicated in this breach. Other Google services were not affected by this attack.
January 2023: No Fly List Leaks Over Unsecured Server
On January 19, a Swiss hacker under the alias ‘maia arson crimew’ reported that she had accessed a 2019 version of the No Fly List, in the form of a CSV file containing over 1.5 million names. By her account, she found the file on an exposed server belonging to a regional airline, CommuteAir.
The hacker has not disclosed this information publicly, though she has shared it selectively with journalists, human rights organizations, and “other part[ies] with legitimate interest.” TSA and CommuteAir have both released statements that they are investigating the incident.
January 2023: Paypal Reports Credential Stuffing Attack
On January 19, Paypal sent out data breach notifications to nearly 35,000 customers whose accounts had been improperly accessed. This incident was a credential stuffing attack, in which the hacker leveraged passwords and other data that had been exposed in prior incidents involving other services.
This is a case example of why you should not reuse passwords. If you use the same password across multiple websites, an attacker that steals your password in one data breach (or finds it on the darkweb) can then use across any account that uses the same login credentials.
January 2023: Norton LifeLock Warns Customers of Credential Stuffing Attack
In mid-January, Gen Digital, the parent company of Norton LifeLock, sent out notices to users warning of a credential stuffing account, in which a hacker breaks into users’ accounts via credentials found or purchased on the darkweb.
Gen Digital detected the attack after noting “an unusually large volume” of failed login attempts on December 12. By their accout, they have notified some 6,450 users who may have been affected.
January 2023: Mailchimp Discloses Social Engineering Attack
On January 11, Mailchimp detected a social engineering attack in which a hacker tricked an employee into giving away their account credentials. They proceeded to access 133 user accounts. Mailchimp proceeded to shut down the attack and alert their users that may have been affected.
January 2023: Database of Over 200m Twitter Users Goes Public
Following a string of ransom attempts and leaks, a trove of data on over 200 million Twitter users circulated among hackers in December 2022, and was published in full on BreachForums on January 4th. This data includes email addresses, names, and usernames, but does not appear to include passwords or other highly sensitive data.
This data was originally scraped by exploiting an API vulnerability that was exposed from June 2021 to January 2022. This vulnerability was exploited repeatedly by different hacker, and resulted in multiple ransomware attempts and leaks in the latter half of 2022. Most recently, a hacker known as Ryushi attempted to ransom the data for $200,000 in late December.
Some reports have pegged the number of compromised accounts as high as 400 million, but after removing duplicates, the final number appears close to 210 million. It does include data on a number of high-profile accounts, such as those of Alexandria Ocasio-Cortez, Donald Trump Jr, and Mark Cuban.