Top 5 Security Breach Incidents of 2023

List of Data Breaches and Cyber Attacks in 2023 – 8,214,886,660 records breached

Top data breach stats for 2023:

Number of incidents in 2023: 2,814.
Number of breached records in 2023: 8,214,886,660.

In the digital age, protecting sensitive information is paramount, yet 2023 witnessed a staggering 2,814 incidents resulting in over 8 billion records being breached. Let’s delve into some of the most notable breaches of the year, highlighting the importance of cybersecurity and vigilance in safeguarding data.

1. Unprotected Real Estate Wealth Network: more than 1.5 billion records exposed

Data breached: 1,523,776,691 records.

In a startling revelation by security maven Jeremiah Fowler, an unprotected database belonging to Real Estate Wealth Network spilled over 1.5 billion records. This breach laid bare sensitive property ownership data, impacting countless individuals, including high-profile personalities. The property owners allegedly included numerous celebrities, whose street address; purchase price and date; mortgage company; mortgage loan amount; tax ID numbers; taxes owed, paid or due; and other information was available. The incident sounds a clarion call for heightened security fortifications to safeguard personal information.

2. ICMR Indian Council of Medical Research: 815,000,000 breached records

Date of breach: 9 October 2023

Incident details: The personal data of 815 million Indian residents, apparently exfiltrated from the ICMR’s Covid-testing database, was offered for sale on the dark web earlier this month. According to the security company Resecurity, which discovered the listing, the data included victims’ name, age, gender, address, passport number and Aadhaar number (a 12-digit government identification number).

3. Kid Security: More than 300 million records exposed

The popular parental control app Kid Security, which allows parents to monitor and control their children’s online safety, exposed user activity logs to the Internet for more than a month via misconfigured Elasticsearch and Logstash instances. The security researcher Bob Diachenko of SecurityDiscovery first identified the exposed information in mid-September. According to CyberNews, more than 300 million data records were compromised, including 21,000 telephone numbers and 31,000 email addresses. Some payment card data was also exposed. It also appears that the data was accessed: The Readme bot “partially destroyed” the open instance, injecting a ransom note with a bitcoin wallet address to send a payment to in exchange for the files.

Data breached: more than 300 million records.

4.MOVEit
In September, victims of the MOVEit breach are still coming forward, among which the most significant – at least in terms of the number of individual victims – was Better Outcomes Registry & Network, which discovered that “personal health information of approximately 3.4 million people – mostly those seeking pregnancy care and newborns who were born in Ontario between January 2010 and May 2023” had been compromised. Other recently identified MOVEit victims include:
§ Microsoft’s healthcare technology company Nuance, which issued a breach notice on behalf of 13 healthcare organisations;
§ The National Student Clearinghouse, which issued a data breach notification on behalf of 900 schools; and
§ CareSource – a Medicaid and Medicare plan provider – which reported that information relating to 212,193 people was exposed. The scale of the MOVEit breach remains unquantified, but some estimates now put the number of affected organisations at over 2,000 and the number of individual victims at over 60 million. It’s likely that we’ll continue to see breach disclosures related to MOVEit Transfer in the weeks and months to come.

5. Twitter :
In January 2023, Twitter is in the middle of yet another PR disaster after a criminal hacker leaked more than 220 million users’ email addresses.
The fraudster, who goes by the name ‘Ryushi’, initially demanded $200,000 (about £166,000) to hand over or delete the stolen information. A week later – after presumably being rebuffed by Twitter – the hacker put the data up for sale on the hacking forum Breached. Although it appears that no personal information beyond email addresses was compromised, the incident poses significant privacy risks.
For instance, many people can be easily identified by their email address – particularly if they use their name or the name of their business. This could be particularly troublesome for celebrities and other high-profile figures. The cyber crime intelligence firm Hudson Rock says it was the first to raise the alarm about the sale of the data.
Alon Gal, the organisation’s co-founder, believes that the damage could extend beyond simple cyber crime. “This database is going to be used by hackers, political hacktivists and of course governments to harm our privacy even further,” he said.

Conclusion:
As cyber threats continue to evolve, organizations must prioritize cybersecurity to safeguard sensitive data and protect user privacy. Implementing robust security measures, conducting regular audits, and staying informed about emerging threats are essential steps in mitigating the risk of data breaches. By prioritizing cybersecurity, businesses can instill trust and confidence in their customers while mitigating the financial and reputational damage associated with breaches.

Blog By: Priyanka Rana