SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Over 340 million accounts compromised in data breaches
Mon, 29th May 2023

More than 340 million people have been affected by business data breaches already in the first four months of 2023, according to new research by the Independent Advisor. 

The biggest breach to have happened this year is Twitter at the start of the year, impacting 235 million user accounts.

The figures come from a new Company Data Breach Tracker launched by the Independent Advisor, a regularly updated, month by month timeline of the latest company data breaches and hacks happening in 2023. 

Providing an overview of the impact data breaches have on businesses and their customers, the key overall insights of company data breaches in 2023 include:

Number of people affected in 2023: 346,758,345 
2023's biggest breach: Twitter with allegedly 235 million emails leaked 
UK's biggest breach: 10 million, JD Sports customers exposed 
US's biggest breach: T-mobile with 37 million customers affected 
Data leaks caused by threat actors: 275,630,000 
Number of potential records compromised in: April: 1,920,000 March: 31,413,302 February: 25,342,580 January: 288,082,463

Staying secure online is a huge concern for companies in 2023. More and more fall victim to cyberattacks, phishing scandals and ransomware leading to data leaks, huge payouts and often lawsuits. Tracking the key details of these corporate attacks, the guide breaks each down by date, company, company info, attack type, and the amount of accounts affected.

The largest attack of 2023 so far was on social media platform Twitter at the very start of the year. 235 million Twitter users and their associated email addresses were leaked to an online hacking forum.

The next largest was on mobile telecomm company T-Mobile, with the hacker gaining access to customer data from 37 million accounts, including names, birth dates, and phone numbers.

The third was PeopleConnect-owned background check services TruthFinder and Instant Checkmate. Hackers leaked a 2019 backup database containing information of 20.22 million users including their PII, encrypted passwords and expired or inactive password reset tokens.

The causes of the breaches have also been highlighted with threat actors being the largest at 289,700,000. The next largest cause is hacking at 32,303,580, followed by third party data exposure at 11,354,000, and then human error at 382,466.

"Like it or not, cybercrime is prolific. With an estimated 8,000 cyberattacks per year, staying secure online simply cant be assumed or left as an afterthought," says researcher Camille Dubuis-Welch.

"It is clear that cybercriminals are getting increasingly creative, that anyone can be targeted and that there is still a lot to learn around prevention and recovery.

"While not all cases of a data breach lead to fraud or identity theft, compromised data is still an expensive business for companies and the repercussions stretch further to impact consumer trust and brand reputation, not to mention the mental and financial health of anyone directly involved."

As hackers are now using AI-powered Tools for increasingly sophisticated attacks, IT/security teams are striving more than ever to keep up with the pace of cybercriminals. The need for adequate staff training as well as creating an atmosphere of trust to report any issues has never been greater. 

How to protect their data against these types of attack:

  • Rigorous training of staff to help recognise phishing emails and malicious activity is a must.
  • Forging a sense of trust with employees is worthwhile too, so that should someone realise they opened a file or clicked a link they shouldn't have, they will be comfortable reporting the incident over ignoring it, which could lead to an aggravated outcome. 
  • Set up secure VPNs across all devices (laptop, mobile, tablet, etc). Note that the most protected options will usually be payable, but for many its a small price to pay for peace of mind and better security. 
  • Turning on 2FA where you can and updating passwords regularly with a mix of uppercase and lowercase letters, special characters, and numbers that don't relate to your personal information or replicated across multiple log-ins. 
  • Use online tools like Secure Password Generator to help.

Data is often stolen by hacking, which is someone gaining unauthorised access, usually electronically, to a system. Phishing is a type of social engineering attack whereby seemingly innocuous emails will be sent to victims containing links that may install ransomware or allow a bad actor access to systems. Phishing can also be used to lure people into entering personal information, leading to data theft or fraud.

Bad/threat actors refers to anyone who causes harm in the digital sphere; they are slightly different to hackers in that they may not necessarily have technical skills to hack a system but will exploit a vulnerable server, eventually leading to a data breach or another other type of cybercrime.

Other factors that commonly lead to a data breach include malware damaging software that infects devices with viruses ransomware and spyware. which can then corrupt files and compromise data.