What Can We Learn from the Top 10 Data Breaches in 2023?

Just a few months into 2024, it’s already clear that as technology continues to advance, so do the tactics of cybercriminals seeking to exploit vulnerabilities in digital systems. So far this year, hackers are deploying new techniques such as AI-assisted attacks and deep fakes, while also continuing to aggressively exploit traditional vulnerabilities, such as misconfigured systems and poorly trained employees.

We decided to look back at some of the biggest breaches of 2023 to see what lessons they offer that could help organizations become less vulnerable to data theft this year.

Below are some of the high visibility breaches and cyberattacks in 2023 that shed light on the continuing threats. They are listed by number of records exposed and not always the largest in terms of financial losses - but you should read on if you want to find out how significant an attack can be and what to do to avoid the same issues.

1. MOVEit Breach

MOVEit, a widely used file transfer platform, whose primary purpose revolves around securely facilitating the exchange of information, became the target of a sophisticated cyberattack that compromised the data of millions. An exploited SQL injection vulnerability allowed threat actors to escalate privileges and gain unauthorized access to customer environments.   According to state breach notifications, SEC filings, and public disclosures, the breach had affected 1,062 organizations and approximately 65,435,641 individuals. The company behind  MOVEit published details about the critical security loophole and released a patch for it, urging customers to deploy it immediately or take mitigation steps outlined in the company's advisory.

Lessons Learned

The MOVEit incident underscores the challenges organizations face in safeguarding their data. It is not just their own security they need to be concerned about but also the security of their supply chains. Attacks leveraging zero-day vulnerabilities, like this one, are particularly challenging to defend against. To prevent such incidents, “Secure by Design” and “Secure by Default” initiatives could play a pivotal role. The onus is on improving software security, as organizations cannot be solely responsible for defending against attacks targeting vulnerable software.

2. DarkBeam Breach

The breach involving digital protection firm DarkBeam resulted in the exposure of more than 3.8 billion records.  The breach occurred due to an unsecured data visualization interface, allowing unauthorized access to the confidential data it contained. The interface lacked password protection. DarkBeam attributes such data leaks to human error, often occurring when data is left unprotected after maintenance tasks..

Lesson Learned

The breach underscores the ongoing challenge of protecting sensitive data and the need for organizations to remain vigilant, proactive, and transparent in their approach to cybersecurity. By learning from incidents like this and implementing robust security measures, organizations can better safeguard their data and mitigate the risk of data breaches.

3. Real Estate Wealth Network Breach

New York-based Real Estate Wealth Network identified a breach of a non-password protected database containing 1.5 billion records, totaling a massive 1.16 TB in size. This exposed trove of data included sensitive real estate ownership information of millions of individuals, including celebrities, politicians, and personal details.  The database, organized into various folders such as property history, motivated sellers, and tax liens, contained comprehensive details about property owners, sellers, investors, and internal user logging data. Upon discovery of the breach, Real Estate Wealth Network promptly secured the exposed database. However, the duration of the exposure and whether unauthorized parties accessed the data remain unclear, underscoring the need for internal forensic audits to assess the extent of the breach.

Lesson Learned

The breach raises significant concerns regarding privacy and security risks associated with the exposure of real estate ownership information. The leaked data could potentially be exploited for criminal activities such as stalking, harassment, or property fraud. It also highlighted the potential risks posed by property and mortgage fraud, emphasizing the need for property owners to exercise caution in sharing personal information and understanding the potential consequences of semi-public data exposure.

4. Indian Council of Medical Research (ICMR) Breach

Reports emerged in October of a threat actor offering personal information on a staggering 815 million residents in India for sale on the dark web. The data, purportedly exfiltrated from the Indian Council of Medical Research’s (ICMR) COVID-testing database, includes sensitive details such as names, ages, genders, addresses, passport numbers, and Aadhaar (government ID) numbers.

The threat actor responsible for the breach has reportedly shared spreadsheets containing fragments of Aadhaar data as proof of their access to the dataset. Aadhaar, a unique identification system used extensively in India, serves as a cornerstone of digital identity and financial transactions, making it a prime target for exploitation by malicious actors. While the government has refrained from confirming or denying the alleged breach, it initiated an examination into the matter, signaling the seriousness of the situation.

Lesson Learned

The implications of this breach are profound, as cybercriminals now possess the means to orchestrate a wide array of identity fraud attacks, leveraging Aadhaar numbers for digital identity verification, bill payments, and Know Your Customer (KYC) checks.

This breach underscores the urgent need for enhanced cybersecurity measures and data protection protocols, particularly in the context of sensitive healthcare databases. Safeguarding personal information and mitigating the risks of data breaches remain paramount priorities for government agencies and healthcare institutions alike.

5. Twitter Breach

Twitter discovered that criminal hackers leaked the email addresses of over 220 million users, marking a significant privacy breach for the social media platform. The perpetrator, known as 'Ryushi', initially demanded a ransom of $200,000 for the stolen data, which went unsatisfied. Subsequently, the information was offered for sale on the Breached hacking forum.  While the breach is limited to email addresses, it still poses significant risks to users' privacy, especially for high-profile individuals who can be easily identified by their email addresses. Cybersecurity experts warn that the leaked data could be exploited by hackers, political activists, and even governments to launch various cyber-attacks, extending beyond traditional cybercrime.

The breach traces back to a vulnerability in Twitter's systems discovered by cyber criminals in 2021, which allowed them to cross-reference email addresses with Twitter IDs. Although Twitter addressed the flaw in January of the following year, the extent of the intrusion remained unknown, paving the way for subsequent hacking incidents in 2023.

Lesson Learned

The Twitter data breach serves as a reminder of the pervasive threat posed by cybercrime and the critical need for organizations and individuals alike to prioritize cybersecurity measures.  Users are cautioned to remain vigilant against phishing attempts and scams leveraging the breach, particularly regarding emails purportedly from Twitter urging password changes. While passwords were not compromised in this breach, users should exercise caution to avoid falling victim to further malicious activity.

6. UK Electoral Commission Data Breach

In August 2023, the UK Electoral Commission, responsible for overseeing elections and regulating political finance, disclosed a significant data breach that impacted approximately 40 million individuals. The breach, detected in October 2022 but originating from August 2021, involved unauthorized access to internal emails, control systems, and copies of electoral registers containing voter data.  The accessed registers contained the names, addresses, and birthdates of UK voters registered between 2014 and 2022, including overseas voters.

Hostile actors exploited vulnerabilities in the Electoral Commission's systems, including unpatched Microsoft Exchange servers. Personal information obtained from the breach could be used for phishing scams, fraud, and other malicious activities, posing serious privacy risks for affected individuals.  In response to the breach, the Electoral Commission collaborated with the National Cyber Security Centre (NCSC), law enforcement agencies, and cybersecurity experts to investigate and enhance its security measures including better securing its IT systems and implementing two-step verification for all customers.

Lessons Learned

This breach underscores the vulnerability of democratic institutions to cyber threats and emphasizes the importance of robust cybersecurity measures, particularly for organizations involved in the electoral process. It serves as a reminder for organizations to prioritize cybersecurity and implement stringent security protocols to safeguard sensitive data and protect against unauthorized access. Additionally, individuals should remain vigilant against potential scams and fraud attempts, especially in the aftermath of data breaches affecting their personal information.

7. T-Mobile Breach

In January 2023, telecommunications giant T-Mobile disclosed a significant data breach affecting approximately 37 million customers. The breach exposed a wide range of sensitive information, including names, dates of birth, Social Security numbers, driver's license numbers, phone numbers, email addresses, and account PINs.  The attackers exploited a vulnerability in T-Mobile's application programming interface (API), allowing them unauthorized access to customer data. Although T-Mobile stated that the attackers did not gain access to call records or personal financial account information, the exposed personally identifiable information (PII) remains highly sensitive and susceptible to identity theft and targeted phishing attacks.

This breach marks the eighth cyberattack T-Mobile has faced since 2018, highlighting ongoing security challenges within the company. In addition to the January breach, T-Mobile experienced another breach in April, affecting a smaller number of customers but exposing even more detailed personal information, including account PINs and government ID details.

In response to the breach, T-Mobile has taken steps to enhance its cybersecurity measures, including implementing additional security protocols and continuously monitoring its systems for potential threats.

Lessons Learned

The breach underscores the persistent cybersecurity risks faced by large corporations, emphasizing the need for robust security measures and proactive threat detection strategies to safeguard customer data.  This breach serves as a reminder for organizations to prioritize cybersecurity and invest in comprehensive security frameworks to protect against evolving cyber threats. Additionally, T-Mobile customers should remain vigilant and take proactive measures to safeguard their personal information, such as regularly monitoring their accounts for suspicious activity and enabling multi-factor authentication whenever possible. 

8. 23andMe Data Breach

In October 2023, genetics testing company 23andMe disclosed a significant data breach, revealing that threat actors had gained unauthorized access to the personal information of millions of its users. The breach affected approximately 9 million user accounts, constituting about half of the company's user base. More than 5.5 million customer records were scraped and leaked, posing serious privacy concerns for affected individuals.

The attackers utilized credential-stuffing methods and scraped data from 23andMe's DNA Relatives feature, exploiting vulnerabilities in the company's security protocols. Credential-stuffing methods involved using previously stolen usernames and passwords from other sources and attempting to use them to gain unauthorized access to 23andMe accounts. This involved automated tools that systematically try different combinations of usernames and passwords until a match is found, exploiting the tendency of users to reuse passwords across multiple accounts. This breach exposed sensitive personal information, including names, email addresses, dates of birth, genetic ancestry, and more, potentially putting users at risk of identity theft and other malicious activities.

In response to the breach, 23andMe took immediate action to enhance security measures and protect user data. The company mandated two-step verification for all customers, temporarily disabled certain features within the DNA Relatives tool, and urged users to change their login credentials and enable multi-factor authentication. Additionally, 23andMe launched an investigation with third-party forensic experts to assess the extent of the breach and implement further security enhancements.

Lessons Learned

This breach highlights the need for organizations to implement stringent security measures, such as two-step verification and multi-factor authentication, to mitigate the risk of unauthorized access and data breaches. Furthermore, it serves as a reminder for individuals to exercise caution when sharing personal information online and to regularly update their login credentials to protect against potential security threats. As companies continue to collect and store vast amounts of user data, maintaining robust security protocols remains paramount to safeguarding user privacy and preventing unauthorized access.

9. ChatGPT Breach

In March 2023, OpenAI's AI-driven chatbot, ChatGPT, faced a significant data breach due to a bug in the Redis open-source library, impacting approximately 1.2 million users. The breach allowed certain users to view personal information, including first and last names, email addresses, payment addresses, and the last four digits of credit card numbers, of other ChatGPT Plus subscribers.  The vulnerability stemmed from a server-side change introduced by OpenAI, leading to increased error rates and a surge in requests for cancellations. Consequently, some users were able to see titles from other active users' chat history and even brief descriptions of their conversations.

Upon discovering the breach, OpenAI promptly addressed the bug and temporarily took ChatGPT offline to mitigate the issue. The company also notified affected users and assured them that there was no ongoing risk to their data. Additionally, OpenAI announced a bug bounty program in April to enhance detection capabilities and prevent future incidents.

Lessons Learned

This breach highlights the potential risks associated with AI-driven technologies. It serves as a reminder for organizations to prioritize cybersecurity and implement proactive measures to safeguard user data in an increasingly digital landscape.

10. MGM / Caesars Entertainment

Two of Las Vegas's most prominent hotel and casino chains, MGM Resorts International and Caesars Entertainment, fell victim to ransomware attacks within days of each other in September 2023. For MGM, the breach was facilitated through a combination of LinkedIn research and a vishing attack.  In the vishing attack, the perpetrators impersonated the IT department and contacted an unsuspecting individual, tricking them into divulging their credentials. This allowed the attackers to obtain the necessary access to MGM's systems. The attack wreaked havoc on MGM's operations, forcing the shutdown of critical IT systems, including slot machines, restaurant management systems, and room key cards, leading to significant financial losses estimated at $100 million.  Similarly, Caesars Entertainment also suffered the brunt of the ransomware attack, although the exact cost remains undisclosed. However, the company admitted to paying its extortionists a staggering $15 million to mitigate the damages.

One of the most concerning aspects of these attacks is the reported collaboration between Scattered Spider, a group of young English-speaking hackers, and the Russian-speaking ransomware gang ALPHV. This alliance has raised alarms among security researchers, as it signifies a new and dangerous trend in the cyber threat landscape. The use of social engineering tactics, such as vishing, highlights the evolving tactics employed by cybercriminals to infiltrate even the most secure networks.

Lessons Learned

These incidents serve as a stark reminder of the escalating cyber threats facing organizations, particularly in the hospitality and entertainment industries. They underscore the critical importance of implementing robust cybersecurity measures, including employee training to recognize and thwart social engineering attacks, and maintaining up-to-date defenses to safeguard against ransomware and other cyber threats.

ERMProtect Can Help

We can help your organization implement a robust cybersecurity strategy and mitigate against a breach by conducing penetration testing, risk assessments, and comprehensive security reviews, among other services on our website at www.ermprotect.com. If a breach occurs, our digital forensic experts will investigate to find the root cause, stop the damage, and recommend steps to improve security. For more information, contact Silka Gonzalez at sgonzalez@ermprotect.com or Judy Miller at jmiller@ermprotect.com or call  at 305-447-6750.