Top 5 data breaches and cyberattacks in 2023 (so far)
Explore the top five data breaches and cyberattacks of 2023, revealing alarming trends in global cybersecurity. This comprehensive overview presents key insights on affected industries, GDPR fines, and discusses notable incidents involving companies like JD Sports, T-Mobile, and Yum! Brands.
Many clues in the last few years suggested that the frequency and volume of data breaches in 2023 would exceed our expectations. 2023 has been rife with cyberattacks, the worst of which have caused significant damage to enterprises.
The global average cost of a data breach in 2022 was $4.35 million, a record high. 83% of surveyed organizations in 2022 had suffered multiple data breaches. The US, Middle East, Canada, UK, Germany, Japan, and France were the countries that suffered the highest average costs of a data breach. Healthcare, finance, pharmaceuticals, technology, and energy were the biggest hit industries. All signs pointed to the fact that data breaches in 2023 will be even more dangerous.
Worrisome cybersecurity trends will continue in 2023. Enterprises employ various prevention strategies against cyberattacks, but threat actors worldwide are also sharpening their tools and refining their attack methods. There have been many different types of cyberattacks from notable hackers and hacker groups in 2023.
The global cybersecurity market is working hard to solve the pandemic of cybercrime. It is set to reach a value of $266.2 billion by 2027, growing at a compound annual growth rate of 8.9% over five years. However, attackers continue to find ways to breach organizations' defenses. Before delving into the top 5 data breaches in 2023, let's briefly explore the overall cybersecurity numbers for the first half of the year.
An overview of data breaches in 2023
Researchers from The Independent have uncovered that more than 346 million records have been compromised due to data breaches in 2023. Cybercrime peaked early in 2023, with over 288 million records compromised in January alone. The following months were less devastating but still featured many data privacy incidents. 25.3 million records were compromised in February, 31.4 million in March, and 17.3 million in May.
The telecom, healthcare, and finance industry were noteworthy victims of data breaches in 2023. Records compromised by telecom providers exceeded 47 million. Almost 29 million records were compromised in the healthcare industry. The finance sector followed with a relatively meager 365,000 compromised records.
Hacking was responsible for 49.2 million instances of data leaks in 2023. Third-party data exposure was responsible for more than 11 million data breaches, human error accounted for around 380,000 breaches, and threat actors caused a whopping 290 million data leaks.
There has been a collective €1.6 billion in GDPR fines handed out to companies for "non-compliance with general data processing principles," €431 million for "insufficient legal basis for data processing," and €379 million for "insufficient organizational measures to ensure information security."
These fines for GDPR violations in 2023 indicate that certain companies' cybersecurity postures and practices weren't up to the mark. The repercussions for some were catastrophic.
1. JD Sports
The British sports-fashion retail company JD Sports suffered a data breach in January that may have compromised personal information, including addresses, email IDs, phone numbers, and partial bank card information, of more than 10 million customers. JD Sports are working with expert cybersecurity teams to unravel how the cyberattack occurred. JD Sports customers have been warned to stay vigilant and watch out for phishing scams.
The multi-million-dollar security initiative of the telecommunications giant T-Mobile wasn't enough to prevent a massive data breach in January. This data breach affected 37 million T-Mobile customers. In Form 8-K, T-Mobile stated that a bad actor exfiltrated data via a single API without authorization. T-Mobile noticed the data breach on January 5th, but the initial attack had begun as early as November 2022. That was all the time needed to cause significant damage.
3. Yum! Brands
A ransomware attack at the beginning of 2023 forced Yum! Brands, the owner of Pizza Hut, KFC, and Taco Bell, to shut down around 300 restaurants across the UK for a day. Their SEC report confirms data exfiltration but Yum! Brands are confident that no customer data was stolen or used for identity theft and fraud.
4. Latitude Financial Services
The Australian company Latitude Financial Services suffered a severe data breach in March. The initial report was that the data of more than 300,000 customers were stolen. An updated statement revealed that the actual number of affected customers was around 14 million. Stolen data included 53,000 passport numbers and thousands of names, addresses, phone numbers, and other personal details. This data breach cost Latitude Financial Services between AU$95 million and AU$105 million.
Cybersecurity has joined a growing list of ChatGPT-related concerns. Information-stealing malware has stolen more than 100,000 ChatGPT accounts in the last year. Compromised ChatGPT credentials were found in logs in illegal marketplaces on the dark web. In May 2023, there was a record-breaking 26,802 available logs with ChatGPT credentials. The info-stealing malware Raccoon was responsible for 78,348 compromised hosts with ChatGPT access, and the Vidar and Redline malware was responsible for 12,984 and 6,773, respectively.
There have been numerous devastating data breaches in 2023. The data breach that JD Sports, T-Mobile, Yum! Brands, ChatGPT, and Latitude Financial Services suffered are just the tip of the iceberg.
Cyberattacks have affected small businesses, multinational companies, governments, and everyone in between. The impact of data breaches can stagger the operations of some businesses and ultimately end others. Enterprises need to prioritize cyber risk assessments, cybersecurity response measures, data protection regulations, post-breach remediation plans, and cybersecurity best practices to minimize the impact of these evolving threats.
The story of cybercrime in 2023 is alarming but not without hope. Robust enterprise cybersecurity, paired with innovative security strategies, can go a long way in fighting off various threat actors, reducing the attack surface of enterprises, and, most importantly, protecting customers who trust organizations with their most sensitive and personal data.