2023’s Biggest Breaches—So Far

With cybercrime emerging as a top 10 global threat, Zero Trust becomes critical in the fight for data security.

If you’re sleeping really well these days, it’s probably best you put off reading the 2023 World Economic Forum’s (WEF) Global Risks Report. Alongside our cost of living crisis and ecosystem collapse, a new menace inched its way into this year’s top ten planetary threats: cybercrime. Societies have quickly become dependent on new technologies for critical functions, but the protocols governing them have not kept pace. 

Attempts to disrupt essential resources and infrastructure (everything from the public water supply to space communications) will continue to become commonplace. And the costs are staggering, with projections set to hit $10.5 trillion by 2025. This year has seen almost 500 million consumer data records stolen, compromised, or lost—-and we’re barely halfway to 2024.

Weapons of Choice 

This year, social engineering cyberattacks topped the list with Business Email Compromise (BEC) attacks almost doubling—becoming more and more lucrative for cybercriminals. The three primary ways in which attackers gained entry last year were stolen credentials, phishing, and exploitation of vulnerabilities.

Basic Web Application Attacks were among the most prevalent attacks in the financial sector, which means bad actors are succeeding very well with not-so-complex attacks. Businesses operating e-commerce platforms should beware: credit card data was the target of 37% of breaches in the retail sector. Cybercriminals are becoming adept at embedding malicious code within a site’s credit card processing page and making off with customers’ payment data—all without actually disabling the website. Compliance with the Payment Card Industry (PCI) Data Security Standard is more crucial than ever in preventing this rise in abuse of customer’s sensitive information.

Healthcare vertical continues to be highly targeted by bad actors, seeing a rise in confirmed data theft, risking both fraud and the loss of their systems—with life-threatening consequences. Without reliable, tested backups, these facilities need to rely on prevention and early detection. 

Top Breaches So Far

Here are the less-than-desirable events making headlines this year, and steps you can take to prevent and root out similar threats—wherever they’re hiding.

January

Twitter suffered the largest breach of 2023 so far.  A criminal hacker allegedly leaked 235 million emails, now circulating on hacker forums and cybercrime marketplaces. These datasets originated from a Twitter API vulnerability exploited in 2021. Although the flaw was fixed the following year, threat actors have recently distributed the collected data for free or offered it for sale, for as little as $2. 

Steps to take: unsecured APIs that developers design are often out-of-sight—and unfortunately stay out-of-mind. It’s critical that companies have centralized, deep-grained visibility into API usage and access patterns, so admins can detect and respond to threats in real-time. To ensure only authorized users and applications can interact with APIs, companies need to shift from static access controls to modernized, automated identity and access management (IAM) capabilities that can govern user identities at scale.

February

TruthFinder and Instant Checkmate are two prominent subscription-based background check services operated by PeopleConnect. These services are widely used by employers in the United States to gather comprehensive information about job applicants, including their experience, education, criminal records, and online conduct. Earlier this year, PeopleConnect faced a data breach impacting a staggering 20.22 million customers. 

PeopleConnect’s research showed that the data breach came from within the company’s systems when an employee intentionally either sold the information to a hacker or had access to the deep net on their own. The stolen data, discovered on a data breach forum, consisted of customers’ full names, email addresses, phone numbers, hashed passwords, and password reset tokens.

Steps to take: insider threats, whether malicious or accidental, can be devastating. Monitoring systems and access controls that detect unusual employee activities, patterns, or behaviors may not be enough. It’s essential that companies remove all but the most essential privileged accounts—and closely monitor and record that privileged activity to detect unauthorized access to sensitive data.

March 

March 2023 was a record-breaking month, measuring 459 attacks, an increase of 91% from the previous month and 62% compared to March 2022.

AT&T had to inform approximately 9 million customers that their personal data had been exposed in a third-party data breach. A marketing vendor experienced a security incident, which led to the data exposure.The telecom giant confirmed that the breached records included names, wireless account numbers, phone numbers, and email addresses. Fortunately, AT&T believes that more sensitive information, such as payment card numbers, Social Security numbers, and passwords were unaffected. Another actor known as IntelBroker claimed to have discovered insecure cloud storage belonging to a third-party vendor, which contained 37 million AT&T client records.

Steps to take: to reduce your risk of a breach, strong role-based access controls can limit access to systems and resources based on a user’s role. It’s also important to be aware of the security measures your third-party vendors employ, and to negotiate better ones if they are not up to your company’s standardS.

April

Sometimes a company can do everything right and still face a breach. Shields Health Care Group, a Massachusetts-based medical services provider, experienced the largest data leak in April 2023. A cybercriminal gained unauthorized access to their systems, compromising personal data belonging to 2.3 million individuals. The breach exposed sensitive information, including Social Security numbers, dates of birth, addresses, healthcare provider details, healthcare history, billing information, and insurance numbers. Shields has taken measures to enhance data security and protect their patients’ information.

Steps to take: in addition to performing regular internal audits of your IT infrastructure and networks, moving to a Zero Trust approach with identity as your security perimeter is the best way to limit an attacker’s ability to hack into sensitive systems. By granting only the access they need to complete their jobs, companies limit the damage done if a user becomes compromised or malicious.

May

May saw a 97% increase from last year and a 2,156% increase from April 2023. Headlining the list was a data breach traced to Luxottica, a major player in the eyewear industry. Reportedly 74.4 million unique email addresses and 2.6 million unique domain email addresses were posted for free on a hacking forum.

Researchers believe the breach was related to a 2021 hack of one of Luxottica’s partners that exposed the personal information of 70 million customers. A third-party exposed the data via a publicly accessible storage container, which contained 500+ parquet files. Parquet offers data storage services for a large volume of complex data.

Steps to take: once again, as businesses increasingly rely on third parties, it’s imperative that they prioritize Least Privilege or Zero standing privilege principles. This ensures that all users (including non-employees) and systems are granted only the minimum access privileges necessary to perform their tasks. This restricts unauthorized access and reduces the potential impact if a data breach does occur. In addition, a cloud-native identity governance platform with built-in cloud security posture management can detect misconfigured clouds that put you at risk.

June

This month, Healthcare management firm Intellihartx confirmed that Russia-linked ransomware group Clop (which almost exclusively targets the healthcare sector) stole the medical details of over half a million patients, including social security numbers. The breach stemmed from a breach of one of its third-party vendors, Fortra, which experienced a day-zero vulnerability in its remote access software.

Steps to take: a converged, cloud-native Third-Party Access Governance can help you manage and reduce vendor risk through delegated administration, automation, self-service access requests, and distributed access reviews and certifications.

How You Can Stay Out of The Fray  

Data and cyber insecurity is a growing global threat, and our collective privacy remains in peril. Companies are on the front lines and need solutions that simplify the management of user identities and access to critical systems, applications, and data. Saviynt can help.

With Saviynt Enterprise Identity Cloud (EIC), organizations can enforce strong authentication, role-based access control (RBAC), and least privilege principles—all from one platform. In fact, Saviynt is the only converged cloud identity platform that provides intelligent access and governance for any app, any identity, any cloud.

Here are some critical features you gain: 

• Strengthened Zero Trust Strategy with just-in-time privilege elevation and time-bound access that expires automatically—for all human or machine identities.
• Access Request and Certification provide a streamlined process for users to request access to resources while ensuring that these requests go through appropriate approval workflows. 

• Compliance and Risk Management keeps you safe by monitoring and enforcing compliance with regulatory requirements and industry standards, reducing risks through access reviews, segregation of duties (SoD) analysis, and risk scoring.

• Cloud Privileged Access Management (CPAM) reduces the risk of privileged account misuse and unauthorized activities.

• Intelligent Analytics can detect anomalies and analyze user behavior patterns so you can identify suspicious activities and launch a timely response. Organizations can exchange data with their other security tools, like SIEM platforms, to enhance threat detection capabilities.

• Third-Party Access Governance (TPAG) improves onboarding efficiency, lifecycle management, and keeps your data safe from the complex supply chain identities that make up a large percentage of today’s workforce.