Recent months have seen a string of data breaches affecting major companies, including Prudential, Verizon, and Bank of America. In this article, you’ll find an overview of the latest data breaches, starting with the most recent.
February 2024: Prudential breached by ALPHV
On February 13, Prudential Financial reported to the Securities and Exchange Commission that they experienced a data breach on February 4. In this disclosure, Prudential reported that they did not believe that customer data was exposed in this incident.
The hacker group ALPHV took credit for this incident, as well as the loanDepot breach reported in January.
February 2024: Verizon breach affects over 63,000 employees
On February 7, Verizon Communications notified the Maine Attorney General that the company experienced a data breach back on September 21, resulting in the theft of sensitive information of over 63,000 employees. The breach included Social Security Numbers and other sensitive information on employees, but it does not appear any Verizon customers were implicated in this incident.
February 2024: Bank of America vendor breached
In early February, Bank of America notified customers of a data breach that occurred at Infosys McCamish, a software vendor for Bank of America. A ransomware group breached Infosys McCamish and stole sensitive personal information, including Social Security Numbers, from 57,028 Bank of America customers.
The breach itself occurred on November 3. Infosys McCamish informed Bank of America of the incident on November 24, and Bank of America disclosed the breach on February 2.
February 2024: Viamedis and Almerys hacks expose 33m French residents
In early February, hackers targeted two French healthcare insurance service providers, Viamedis and Almerys. As a result, 33 million French residents had their sensitive personal information stolen, though financial data is seemingly safe.
Viamedis said the hackers phished and used health professionals’ logins to get into the system. Almerys said that the hackers entered through a portal used by health professionals. Both providers issued complaints with the public prosecutor and an investigation is underway.
January 2024: Microsoft breached by Russian hacker group
On January 12, Microsoft discovered a breach conducted by a Russian SVR foreign intelligence agency group. The incident occurred in November 2023 through a method called “password spraying,” and targeted Microsoft’s corporate email system.
Cozy Bear, the Russian-backed hacker group behind the SolarWinds breach, appears to have been behind this attack. Microsoft disclosed that these hackers compromised credentials on a “legacy” test account, likely with an outdated code, before accessing senior leadership accounts, among others. The hackers’ access was removed on January 13.
Microsoft’s disclosure comes a month after a new ruling that pushes publicly traded companies to disclose breaches that could negatively impact their business.
January 2024: 16.6m loanDepot customers’ information stolen
On January 6, mortgage firm loanDepot fell victim to a ransomware attack in which 16.6 million users’ personal information was stolen. It is unclear exactly what personal information was implicated in the breach, but it is possible sensitive financial information was exposed.
An ongoing investigation has revealed that attackers gained access to data encryption and company systems. The incident was revealed when customers were unable to enter company websites, like MyloanDepot and HELOC, to pay loans. LoanDepot is a major nonbank mortgage lender in the United States with over $140 billion in serviced loans.
January 2024: 35m Customers Implicated in VF Corp Data Breach
On January 18, news broke of a data breach of VF Corporation, the parent company of brands such as Vans, North Face, Timberland, Supreme, and Dickies. Over 35 million customers’ data was stolen in the breach, though VF Corporation has stated that no financial data or passwords were compromised in the breach.
The incident was first detected on December 13 and later disclosed to the SEC.
January 2024: Framework Accountant Phishing Exposes Customer Data
Between January 8 and 11, California laptop production company Framework experienced a breach when its accountant, Keating Consulting Group, fell for a phishing attack. An actor impersonated Framework’s CEO by emailing Keating a spreadsheet with customers’ personally identifiable information associated with Framework purchases.
The obtained data could be used in further phishing attacks to request payment information or redirect to malicious websites aimed at gathering more sensitive data.
December 2023: Extortion Emails Follow Integris Health Cyberattack
On December 24, attackers emailed extortion emails to 2 million patients of Integris Health, Oklahoma’s largest not-for-profit health network. The emails followed a security breach on November 28, 2023. The extortion mails claimed to have stolen sensitive personal information like Social Security Numbers and insurance information. Integris Health has warned recipients against engaging with the emails.
December 2023: 4.5m Patients Implicated in HealthEC Breach
On December 22, healthcare tech firm HealthEC reported a data breach affecting roughly 4.5 million individuals. The stolen data included sensitive personal information, including social security numbers and taxpayer identification numbers, as well as medical records and health insurance information.
The breach itself occurred between July 14 and July 23, 2023. Following an investigation, HealthEC reported the breach in December 2023.
December 2023: Xfinity Discloses Data Breach Affecting Over 35 Million People
On December 18, Xfinity reported a data breach affecting over 35 million customers. The breach itself occurred in October, when hackers exploited a vulnerability in Citrix. The stolen data included sensitive personal information, such as partial Social Security numbers and dates of birth.
December 2023: EasyPark Peports Data Breach Impacting European Customers
On December 10, Swedish app developer EasyPark discovered a data breach, primarily concerning its European customers. The stolen data included personal information such as address, phone number, and partial credit card numbers. In a public statement, EasyPark did not disclose how many individuals were affected, but noted they did not expect the breach to result in unauthorized transactions.
December 2023: ESO Solutions Data Breach Impacts 2.7 Million Patients
In December, news broke of a data breach concerning ESO Solutions, a healthcare and fire department software company. 2.7 million patients’ data, was compromised — including Social Security Numbers and sensitive medical information. ESO has offered 12 months of identity monitoring service coverage through Kroll to all notice recipients.
November 2023: More MOVEit Attack Victims Identified
The fallout from the MOVEit attacks perpetrated by the Russian ransomware group Clop continues, with new information about victims being released in November.
AutoZone – an auto parts retailer – informed US authorities on November 21 that it fell victim to a MOVEit attack on or about August 15. Data on nearly 185,000 people was compromised, and AutoZone has offered free identity and credit monitoring, as well as identity protection, services to impacted individuals. In a release from the Maine Attorney General, full names and Social Security numbers are mentioned as potentially part of the breach.
Welltok – a healthcare organization – initially announced its data breach on October 24, stating the breach occurred on July 26. However, a report to the US Department of Health and Human Services on November 6 provided more information, noting that more than 8.49 million patients were impacted.
Patient data exposed in the Welltok breach includes full names, addresses, emails, and phone numbers. For some patients, Social Security numbers, Medicare ID numbers, Medicaid ID numbers, and some health insurance information were also exposed.
November 2023: Delta Dental of California breach Affects 7 million
On November 27, California Dental insurance provider Delta Dental learned that nearly 7 million were affected in a security breach in May 2023. The company had suffered unauthorized access by threat actors through the MOVEit file transfer software application. Customer financial information, like financial account numbers and credit/debit card numbers, were exposed.
November 2023: Nearly 2 Million Dollar Tree Employees Impacted by Breach
On November 27, Zeroed-In Technologies, a Dollar Tree third-party service provider, formally announced a data breach that impacted more than 1.97 million Dollar Tree and Family Dollar employees. The security incident occurred between August 7 and August 8, and it was discovered on August 31.
Hackers managed to steal employee names, birth dates, and Social Security numbers. Zeroed-In Technologies has notified the impacted individuals and provided instructions on how to receive 12 months of credit monitoring and identity protection services.
November 2023: Hackers Steal Employee Data from US Nuclear Research Lab
The Idaho National Laboratory (INL) – a nuclear research lab – confirmed a data breach impacting current and former employees and their spouses and dependents. According to INL’s data breach page, the organization discovered the breach on November 20. Employee, dependent, and spouse names, birth dates, and other personally identifiable information (PII) were later released by SiegedSec – a hacker group – on hacker forums. The INL is offering credit monitoring and identity protection services to impacted individuals.
November 2023: Mortgage firm LoanCare Warns 1.3 Million People of Breach
On November 19, Fidelity National Financial’s mortgage service LoanCare experienced a breach that exposed 1.3 million individuals. The attack was contained in mid-December but the company has not shared what kind of data was obtained. The company told account holders to keep an eye on unusual account activity and instructed them on enrolling in Kroll’s two-year identity monitoring service.
November 2023: ALPHV/BlackCat Ransomware Attackers File SEC Complaint on Alleged Victim
In an unexpected move, ALPHV/BlackCat – a ransomware group – filed a US Securities and Exchange Commission (SEC) complaint against MeridianLink, which the group said they breached on November 7. The hackers stated that they stole company data and gave the organization 24 hours to pay a ransom to prevent its release. After not receiving a response from MeridianLink, the hackers submitted a complaint to the SEC saying MeridianLink failed to disclose a customer data and operational information-impacting incident within four days, as required.
MeridianLink later stated that an incident did occur and that it took immediate action to address the threat. It also said an investigation was ongoing and that it wasn’t yet clear whether consumer information was compromised.
November 2023: McLaren Data Breach Exposes Information on 2.2 Million People
McLaren Health Care – a Michigan-based provider – began informing patients of a data breach on November 9 that exposed sensitive information on approximately 2.2 million patients. Systems were compromised in late July, but the breach wasn’t discovered until August 31. Accessed data includes full names, Social Security numbers, birth dates, personal health information, and more. Credit monitoring and identity protection services are available to impacted individuals.
October 2023: Seiko Confirms 60,000 Records Stolen in BlackCat Breach
On October 25, watchmaker Seiko confirmed a cyberattack by BlackCat ransomware hacker group in July resulted in 60,000 “items of personal data” stolen from Group, Watch, and Instruments departments.
The compromised data included personal data on customers, including names, email addresses, and phone numbers, but not any payment data. Seiko is reaching out to impacted customers directly.
October 2023: Philadelphia Confirms Data Stolen via Email Hack
On October 20, the City of Philadelphia confirmed that personal information was compromised during an email hack between May 26 and July 28. Hackers accessed city email accounts and personal information on individuals – such as names, birth dates, and Social Security numbers. They also accessed sensitive health information, such as diagnosis and treatment information, and limited financial information. The exact number of impacted individuals is still unknown.
October 2023: District of Columbia Voter Roll Accessed During Attack
On October 21, the DC Board of Elections announced that voter records on all DC registered voters were possibly accessed during a cyberattack. The Board of Elections learned of the breach on October 5 when hacker group RansomVC claimed to have accessed 600,000 lines of voter data.
The Board determined full voter rolls were possibly accessed, including driver’s license numbers, dates of birth, and partial Social Security numbers. The Board is contacting every registered voter and working on next steps.
October 2023: Casio Data Stolen in Breach
On October 18, electronics maker Casio announced a data breach that affected its ClassPad web application. Hackers accessed nearly 127,000 pieces of information during the hack, impacting customers across 149 countries but mostly in in Japan.
Casio detected an incident on October 11 when the ClassPad database failed, and they believe hackers accessed customer data on October 12. Exposed customer data includes payment methods, order information, and personally identifiable information.
October 2023: Hackers Steal Data on 4 million 23andMe users
On October 6, 23andMe, a genetic testing company, announced hackers obtained user data after an attack. Hackers used credential stuffing, a technique using usernames, email addresses, and passwords exposed in previous data breaches, to secure access to 23andMe user accounts.
Customer data was compromised in the attack, including display names, birth years, and some genetic ancestry results. In total, data on an estimated 4 million 23andMe users was impacted.
October 2023: Sony Notifies Employees of Data Breach
In early October, Sony notified 6,791 current and former employees that their data had been compromised by a data breach earlier in the year. The attack itself occurred in late May, as part of the MOVEit attacks, which compromised hundreds of companies and government agencies.
Sony stated that they detected the intrusion on June 2, and promptly fixed the situation. It does not appear that any customer data was implicated in this breach.
September 2023: 60k State Department Emails Stolen in Microsoft Breach
On September 27, a Senate staffer briefed by State Department IT officials informed Reuters that Chinese hackers had stolen over 60,000 emails by State Department officials. The breach occurred in July, when a series of errors enabled the Chinese hacker group, identified as Storm-0558, hacked Microsoft and stole a key granting them broad access to Microsoft customer accounts, including those of the U.S. government.
Details continue to emerge concerning this Microsoft breach and its broader impact.
September 2023: Sony Investigates Alleged Hack
On September 25, the hacker group RansomedVC claimed to have stolen 260 GB of proprietary data from Sony — by the hackers’ description, “all of sony systems.” They posted 6,000 files as a sample of the stolen data, including a PowerPoint presentation and source code files.
Another hacker, MajorNelson, claimed credit for the breach on Breached Forums, and stated that “RansomedVCs are scammers who are just trying to scam you and chase influence.”
Sony has stated they are investigating the matter, and has not offered greater detail on the alleged hack. It does not appear any customer data was implicated in this incident.
September 2023: 89 GB of T-Mobile Employee Data Posted to Hacker Forum
On September 21, a trove of stolen data was posted to Breached forums, a popular hacker forum. The 89 gigabyte cache largely pertained to T-Mobile employees, including email addresses and partial Social Security Numbers, as well as some order information pertaining to T-Mobile customers.
This data was tied to an April breach of Connectivity Source, a T-Mobile retailer. T-Mobile itself denied the breach, and does not appear to have been directly hacked as part of this incident.
September 2023: 38 TB of Data Leaked by Microsoft AI Research Division
On September 18, cybersecurity researchers discovered a trove of 38 terabytes of private data, leaked by Microsoft’s AI Research Division. This data, published on GitHub, included sensitive information, including a disk backup of two employee computers that featured passwords, private keys, personal data, and more than 30,000 internal Microsoft Teams messages. By Microsoft’s description, no customer data appears to have been exposed in this breach.
The sensitive data was exposed via a misconfigured Azure cloud storage container. The issue was quickly corrected once the cybersecurity researchers informed Microsoft of the issue.
September 2023: System Error Exposes Data on T-Mobile Customers
In late September, a glitch at T-Mobile exposed customer and payment data pertaining to fewer than 100 customers. Some T-Mobile customers discussed this data leak on Twitter, stating that the T-Mobile app was showing them information on other customers, including phone numbers and billing addresses.
According to T-Mobile, the issue was connected to an overnight technology update and involved very limited account information. Additionally, the company stated that the glitch was quickly corrected.
September 2023: Caesars Entertainment Pays $15 Million Data Ransom
On September 7, Caesars Entertainment reported a data breach involving the theft of its loyalty program customer database. The stolen database included driver’s license information, Social Security numbers, and other sensitive customer data.
After experiencing the cyberattack, Caesars Entertainment paid a $15 million ransom to the hacker group that managed to access its systems. The company stated it took steps to ensure the data was deleted by the attackers, though it admitted it couldn’t guarantee the data was erased.
August 2023: Callaway Breach Exposes Data on 1.1+ Million Customers
On August 29, sporting company Topgolf Callaway confirmed a data breach had occurred earlier in the month. This breach included shipping addresses, account passwords, and more sensitive data pertaining to over 1.1 million customers.
The breach began on August 1, and was discovered on August 16. In response, Callaway reset customer login credentials to force the creation of new passwords. The company also stated the incident has since been contained.
August 2023: New Victims Emerge from MOVEit Attacks
August saw continued fallout from the MOVEit attacks, as more companies and government agencies disclosed that they had been breached in this string of cyberattacks perpetrated by Clop, a Russian ransomware group.
IBM was implicated as an attack vector for breaches on several state agencies, including the Colorado Department of Health & Financing, the Colorado Department of Higher Education, and the Missouri Department of Social Services. Stolen data included social security numbers, Medicare and Medicaid ID numbers, and sensitive health data on millions of Americans.
Two more government contractors, Serco and Maximus, disclosed that they, too, had been breached in the MOVEit attacks. Compromised data in these cases included social security numbers and sensitive health data for millions more Americans.
By now, the MOVEit attacks have compromised hundreds of companies and tens of millions of individuals, with more news still coming to light.
August 2023: Proprietary Data Stolen from Seiko
On August 10, Japanese watchmaker Seiko disclosed that they had been targeted in a data breach, for which the BlackCat/ALPHV ransomware group claimed responsibility. The stolen data includes schematics, patented technology, and other proprietary data, but does not appear to include sensitive customer data.
August 2023: Data on 760k Users Stolen From Discord.io
Discord.io, a third-party service for Discord users, suspended operations after a breach exposed data on its 760,000 members. Data, including email addresses, billing addresses, and hashed passwords, was listed for sale on Breached forums.
Discord.io is not owned or operated by Discord itself, and Discord users who have not used Discord.io have not been implicated in this data breach.
July 2023: Cybercrime Forum Gets Breached
BreachForums, a popular destination for ransomware hackers extorting companies and selling stolen data, became the victim of a data breach. On July 26, HaveIBeenPwned announced the breach, including email addresses, private messages, and hashed passwords. The hacker is now ransoming their data with an asking price north of $100,000.
BreachForums was briefly shut down following its founder’s arrest in March 2023. It re-emerged a few months later, and has remained a major marketplace for stolen data.
July 2023: NATO Investigates Data Breach
On July 25, the hacker group SiegedSec claimed on Telegram that they had breached NATO’s Communities of Interest Cooperation Portal. The stolen data appears to include unclassified documents and sensitive data pertaining to users of the web portal.
SiegedSec is a hacktivist group of self-identified “gay furries” targeting government organizations. They described the motive for their attacks as “a retaliation against the countries of NATO for their attacks on human rights,” noting that “Also, its fun to leak documents ^w^.”
July 2023: Chinese Hackers Breach U.S. Agencies Via Microsoft Cloud
On July 11, Microsoft publicly disclosed that a group of Chinese hackers had spied on U.S. government agencies via a vulnerability in Microsoft’s cloud services. The attack was first detected in June, by an unnamed government agency which proceeded to inform Microsoft and the Department of Homeland Security of the incident.
The hacking group in question, deemed “Storm-0558” by Microsoft, appears to be linked to the Chinese government. Their attacks targeted State and Commerce department emails, ahead of U.S. Secretary of State Antony Blinken’s visit to China in June. U.S. officials have stated that sensitive data was not compromised in this email breach.
July 2023: More Victims Emerge from MOVEit Attacks
July saw even more damage from the MOVEit attacks, which have now compromised over 200 companies. New victims include Radisson Hotels; a spokesperson said that “a limited number of guest records” were exposed, but did not detail exactly how many were affected.
The attacks also compromised data pertaining to 43,000 employees of real estate company Jones Lang LaSalle. Several universities were impacted, including the University of Illinois, the University of Colorado, and Johns Hopkins University. Other notable victims include Deutsche Bank, UofL Health, and the New York Department of Education.
All in all, sensitive records pertaining to millions of people have been implicated in this string of attacks. More details continue to emerge, and we will keep this article updated as more information comes to light.
July 2023: Apple Patches Zero-Day Exploit
On July 10, Apple released a batch of Rapid Security Response updates to iOS and macOS. In their notes on the update, they acknowledged that they were “aware of a report that this issue may have been actively exploited,” but did not go into greater detail.
This update is now available, and I would recommend you download it as soon as you have the chance. To ensure your devices are secure, go into your settings, check for updates, and update your device if necessary.
For more on Apple security breaches, see our complete timeline.
July 2023: Razer Investigates Alleged Data Breach
On July 8, an anonymous hacker posted on an online forum that they had stolen source codes and other data from Razer, a consumer electronics company. The hacker offered to sell this data for $100,000 worth of cryptocurrency.
On July 10, Razer acknowledged that they were investigating this incident.
July 2023: Microsoft Denies Purported Data Breach
On July 2, hacktivist group Anonymous Sudan claimed to have hacked Microsoft and pilfered data pertaining to over 30 million Microsoft accounts. The group provided a sample of the data, but so far it has not been determined where exactly the data came from.
A Microsoft spokesperson said that these claims of a data breach were not legitimate, and stated that Microsoft had seen “no evidence that our customer data has been accessed or compromised.”
June 2023: MOVEit Attacks Compromise 100+ Companies & Government Agencies
In the month of June, a Russia-based ransomware group known as Clop leveraged a zero-day exploit in MOVEit, a file transfer tool, to compromise over 100 companies and government agencies.
The breach hit DMVs in Oregon and Louisiana, affecting over 6 million residents across both states, possibly including drivers’ license and Social Security numbers. Multiple federal agencies were impacted, including the Department of Energy.
The ransomware hackers used the MOVEit exploit to compromise payroll company Zellis, which they then leveraged to breach the BBC, British Airways, and Aer Lingus. They breached Shell, uncovering data on customers who used their electric vehicle charging network. They compromised several financial services companies, including 1st Source Bank, First National Bankers Bank, and Putnam Investments.
Earlier in 2023, the Clop group were responsible the GoAnywhere attacks, in which they compromised over 130 companies.
June 2023: Report Identifies Over 101k Hacked ChatGPT Accounts
A threat intelligence team at Group-IB released a report indicating that over 101,000 ChatGPT credentials were stolen by malware over a 12-month period. These researchers found these accounts on the dark web, available for sale alongside other stolen data.
These accounts were compromised by malware on users’ devices; they were not hacked due to a breach of ChatGPT itself.
June 2023: UPS Alerts Canadian Customers of Phishing Attacks
In late June, UPS alerted many customers in Canada that their data may have been compromised in a string of SMS phishing attacks, conducted from February 2022 to April 2023. The attackers in this case impersonated UPS, and demanded fees to deliver supposed ‘packages’. They enhanced their credibility by hacking into UPS’s package lookup tools so that they could base their phishing texts on actual incoming deliveries.
In their notice to customers, UPS clarified that real texts from UPS only come from SMS number 69877.
June 2023: Hacker Ransoms Confidential Reddit Data
On June 17, the BlackCat ransomware gang threatened to make public 80 GB of confidential data stolen from Reddit in a February cyberattack. This data included account credentials from 2007 and earlier, and Reddit has notified users whose information may have been implicated in the breach.
June 2023: Zacks Data Breach Posted to Hacker Forum
On June 10, breach database Have I Been Pwned added a previously unreported breach of 8.9 million Zacks users, dating to May 2020. Shortly after this breach came to light, the data was posted for sale on a popular hacker forum. This breach included account data, such as passwords, but does not appear to have included credit card numbers or other financial data.
June 2023: Intellihartx Discloses Breach Affecting 489k Patients
On June 8, healthcare collections company Intellihartx notified legal officials that sensitive data pertaining to over 489,000 patients had been compromised in a data breach on partner company Fortra. Stolen data included Social security numbers, dates of birth, and medical records.
This incident was part of the GoAnywhere attacks in February, affecting over 130 companies, largely concentrated in the healthcare sector. These attacks were perpetrated by the Clop group, a Russia-affiliated ransomware gang that also conducted the MOVEit attacks in 2023.
May 2023: Apria Notifies 1.8 Million People of 2021 Breach
On September 1, 2021, Apria Healthcare discovered a data breach pertaining to sensitive data on 1.8 million patients and employees. Although HIPAA requires companies to report data breaches within 60 days of discovery, Apria did not inform anyone of the data breach until 18 months later, in May 2023.
The exposed information appears to include Social Security numbers, financial data, and medical records.
May 2023: 237k Federal Employees Exposed in U.S. Department of Transportation Breach
On May 12, the U.S. Department of Transportation notified Congress of a data breach affecting 237,000 current and former government employees. The compromised data pertained to TRANServe, a system for reimbursing commuting costs. So far, it is unclear who perpetrated this attack.
May 2023: PharMerica Discloses Breach Affecting 5.8 Million Patients
On May 12, PharMerica notified over 5.8 million people that their data, including social security numbers and medical information, had been publicly exposed following a ransomware attack. PharMerica discovered the breach in March, but only notified customers two months later, after the hackers published the customer data online.
May 2023: Discord Support Account Compromised
In mid-May, Discord disclosed that an account belonging to a third-party support contractor had been compromised. Through this account, an unknown attacker was able to gain some personal information, such as email addresses. The impact from this attack appears to be very limited, but users should remain wary of phishing attempts.
April 2023: T-Mobile Discloses Second Data Breach of 2023
On April 28, T-Mobile notified 836 customers that their data had been compromised in a breach. Though the scale of this attack was more limited than their January breach, it included highly sensitive data, such as social security numbers, government ID data, and T-Mobile account pins.
April 2023: American Bar Association Discloses Hack Affecting 1.5 Million Members
In mid-April, the American Bar Association notified 1.5 million members that their login credentials, including encrypted password data, had been compromised. The incident happened in March, when an unknown hacker broke into a legacy system pertaining to an old ABA website. Though the data stolen was not up-to-date, it’s one more reason not to reuse old passwords.
April 2023: Yum Brands Admits That Customer Data Was Compromised In Breach
In early April, Yum Brands — the parent company that operates Taco Bell, KFC, and Pizza Hut — acknowledged that personal data, including driver’s license numbers, had been compromised in a January incident. The company first disclosed the breach soon after discovering the incident; but initially, they claimed that only company data had been impacted.
April 2023: MSI Breached by Ransomware Gang
On April 7, computer hardware company MSI confirmed that a ransomware gang had stolen company data, including source code. The ransomware gang, called Money Message, has threatened to make this data public if MSI does not pay them $4 million.
It does not appear that customer data was exposed in this data breach.
April 2023: Uber’s Law Firm Leaks Sensitive Data on Drivers
In April, Uber’s law firm, Genova Burns, informed many Uber drivers that sensitive data, including Social Security numbers and Tax Identification numbers, had been stolen in a data breach of the law firm. Neither Genova Burns nor Uber have disclosed how many drivers were affected by the data breach.
April 2023: Western Digital Confirms Breach
In April, data storage company Western Digital confirmed that hackers had broken into their network on March 26. Following the attack, Western Digital has experienced outages to its cloud storage services, and in May, they notified users that some customer information, such as encrypted passwords and partial credit card numbers, had been exposed in the attack.
March 2023: ChatGPT Bug Exposes User Data
On March 24, OpenAI confirmed that a bug had exposed customer data, including chat history payment information, to other users. This occurred due to a vulnerability in an open source library, which OpenAI has since patched. Following the incident, OpenAI notified affected users and created a bug bounty program to help discover future vulnerabilities.
This is the first reported breach reported involving OpenAI. Should future incidents occur, they will be recorded here and in our article on ChatGPT breaches.
March 2023: ILS Notifies 4.2 Million Customers of Data Breach
On March 14, healthcare provider Independent Living Systems (ILS) notified over 4 million customers of a data breach. The breach apparently occured in June and July of 2022, and included Social Security numbers, driver’s license numbers, medical records, and other highly sensitive data.
March 2023: TMX Finance Notifies 4.8 Million Customers of Data Breach
TMX Finance, which operates under the brands TitleMax, TitleBucks, and InstaLoan, notified 4.8 million customers of a data breach. The breach includes Social Security numbers, passport numbers, financial records, and other highly sensitive data.
The breach itself occurred in early February. TMX disclosed the breach in March, and is now facing a potential class action lawsuit.
March 2023: Ransomware Group Claims to Have Amazon Ring Data
On March 13, a ransomware group called ALPHV claimed on the darkweb that they had breached Ring, Amazon’s doorbell security company. An Amazon spokesperson said that they had “no indications that Ring experienced a Ransomware event,” and in another statement noted that third-party vendor may have experienced a breach.
While it is possible this ransomware group has data pertaining to Ring customers, we have found no other evidence so far that would substantiate a data breach of Amazon Ring.
March 2023: AT&T Customer Data Exposed Following Attack on Vendor
In March, AT&T notified roughly 9 million customers that their data had been compromised following an attack on a third-party vendor. AT&T described the exposed data as “Customer Proprietary Network Information,” including data on customers’ wireless plans and payment amounts. According to AT&T, sensitive personal or financial information was not exposed in the attack.
March 2023: Congress Members’ Data Exposed in DC Health Link Breach
On March 8, thousands of U.S. lawmakers and government employees were notified that their sensitive data may have been exposed in a breach on DC Health Link, a health insurance provider for Congress.
By then, the data had already been posted for sale on Breached Forums. Capitol Police stated that they were working with the FBI to investigate the incident.
March 2023: Data on 7.5 Million Verizon Customers Exposed on Hacker Forum
In March 2023, records on over 7 million Verizon users were posted to Breached Forums, a popular hacker forum. The data included contract information, device information, encrypted customer IDs, and more — but it does not appear that unencrypted personal data was included in the leak.
In response, Verizon stated that the issue stemmed from an outside vendor and had been resolved in January of 2023.
February 2023: U.S. Marshals Service Discloses Data Breach
On February 27, U.S. law enforcement officials acknowledged that the U.S. Marshals Service discovered a data breach and ransomware attack on February 17. A spokesperson said that the leaked data included “returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees.”
According to the USMS, data pertaining to the witness protection program was not implicated in the attack. An investigation is still ongoing.
February 2023: Activision Data Breach Comes to Light
On February 21, Activision acknowledged that they suffered a data breach in December 2022, after a hacker tricked an employee via an SMS phishing attack. According to one source, the hacker gained access to the Slack account of an HR employee, as well as data such as email addresses, phone numbers, and salaries of Activision employees. The data also included a release calendar of upcoming games, but does not appear to have contained any source code or customer data.
Activision did not inform anyone of the breach at the time, and only acknowledged the breach after the security research group vx-underground brought it to light on Twitter.
February 2023: Pepsi Bottling Ventures Exposed in Malware Attack
In February 2023, Pepsi Bottling Ventures filed a security incident notice acknowledging that they had experienced a malware attack on December 23, 2022, and discovered the breach on January 10. Stolen data apparently includes personal information, such as social security numbers and login credentials, but it is unclear whether this information pertains to customers or to employees.
It is also unclear if PepsiCo was affected by the breach. Pepsi Bottling Ventures is the largest bottler of Pepsi in the United States, but they are a distinct company from PepsiCo itself.
February 2023: 3.3 Million Patients Exposed in Heritage Provider Network Breach
In February, the California-based Heritage Provider Network disclosed to patients that they had suffered a ransomware attack on December 1. Over 3 million patients’ data was exposed in the leak, including social security numbers, medical records, and other highly sensitive information.
Since this disclosure, several class action lawsuits have been filed against Heritage Provider Network and its partners.
February 2023: Over 130 Companies Implicated in GoAnywhere Attacks
On February 1, Fortra disclosed to its customers that hackers had exploited a zero-day exploit on their GoAnywhere MFT file transfer tool. Several days later, the Clop ransomware group claimed credit for using this exploit to breach over 130 companies that had used the tool in question.
Among the companies affected was Community Health Systems, which operates over 1,000 healthcare sites across the United States. In an SEC filing on February 13, the company estimated that personal information pertaining to roughly 1 million people had been exposed in the data breach.
The breach also affected Procter & Gamble, though customer data was not implicated in the leak.
January 2023: PeopleConnect Data on 20 Million Customers Posted to Hacker Forum
On January 21, a hacker publicly posted data pertaining to InstantCheckMate and TruthFinder, two popular background check services owned by PeopleConnect. This data included records on over 20 million customers, and was apparently lifted from a backup file dating to 2019.
January 2023: T-Mobile Discloses Data Breach Affecting 37 Million Customers
On January 19, T-Mobile disclosed that a cyberattacker stole personal data pertaining to 37 million customers. T-Mobile said the breach only included “a limited set of customer account data,” though it included names, addresses, phone numbers, account numbers, and more.
This incident occurred in November 2022. T-Mobile detected the breach on January 5, 2023, after which they quickly shut down the vulnerability in question and launched an investigation into the incident.
Following the incident, Google notified Google Fi customers that their data was also implicated in this breach. Other Google services were not affected by this attack.
January 2023: No Fly List Leaks Over Unsecured Server
On January 19, a Swiss hacker under the alias ‘maia arson crimew’ reported that she had accessed a 2019 version of the No Fly List, in the form of a CSV file containing over 1.5 million names. By her account, she found the file on an exposed server belonging to a regional airline, CommuteAir.
The hacker has not disclosed this information publicly, though she has shared it selectively with journalists, human rights organizations, and “other part[ies] with legitimate interest.” TSA and CommuteAir have both released statements that they are investigating the incident.
January 2023: Paypal Reports Credential Stuffing Attack
On January 19, Paypal sent out data breach notifications to nearly 35,000 customers whose accounts had been improperly accessed. This incident was a credential stuffing attack, in which the hacker leveraged passwords and other data that had been exposed in prior incidents involving other services.
This is a case example of why you should not reuse passwords. If you use the same password across multiple websites, an attacker that steals your password in one data breach (or finds it on the darkweb) can then use across any account that uses the same login credentials.
January 2023: Norton LifeLock Warns Customers of Credential Stuffing Attack
In mid-January, Gen Digital, the parent company of Norton LifeLock, sent out notices to users warning of a credential stuffing account, in which a hacker breaks into users’ accounts via credentials found or purchased on the darkweb.
Gen Digital detected the attack after noting “an unusually large volume” of failed login attempts on December 12. By their accout, they have notified some 6,450 users who may have been affected.
January 2023: Mailchimp Discloses Social Engineering Attack
On January 11, Mailchimp detected a social engineering attack in which a hacker tricked an employee into giving away their account credentials. They proceeded to access 133 user accounts. Mailchimp proceeded to shut down the attack and alert their users that may have been affected.
January 2023: Database of Over 200m Twitter Users Goes Public
Following a string of ransom attempts and leaks, a trove of data on over 200 million Twitter users circulated among hackers in December 2022, and was published in full on BreachForums on January 4th. This data includes email addresses, names, and usernames, but does not appear to include passwords or other highly sensitive data.
This data was originally scraped by exploiting an API vulnerability that was exposed from June 2021 to January 2022. This vulnerability was exploited repeatedly by different hacker, and resulted in multiple ransomware attempts and leaks in the latter half of 2022. Most recently, a hacker known as Ryushi attempted to ransom the data for $200,000 in late December.
Some reports have pegged the number of compromised accounts as high as 400 million, but after removing duplicates, the final number appears close to 210 million. It does include data on a number of high-profile accounts, such as those of Alexandria Ocasio-Cortez, Donald Trump Jr, and Mark Cuban.