The most notable data breaches of 2023… so far

assets/files/images/17_08_23/bigstock-hacker-code-in-laptop-cyber-s-450132043.jpg

As the internet continues to expand, keeping up with its transformation has become increasingly challenging.

The constant need to adapt to technological advances has exposed organisations to data breaches and cyber attacks where cyber criminals primarily target them for financial gain – and sometimes political reasons – where their aim is to extort and ransom their victims for profit.

However, when domain and hosting provider Fasthosts released its State Of The Web report, which revealed that 11% of Brits don't use the internet out of fear for their online safety, it was keen to understand why.
  
Countless data breaches have come to light in 2023, and we’re only halfway through. These have affected hundreds of organisations operating in different sectors across the UK, from small businesses to large corporations, and from the private to public sectors. But who’s most at risk? Fasthosts has compiled the most notable breaches from 2023 (so far), and the three industries currently most at risk. 

Business

In the 2023 cyber security breaches survey released by the British government, it was estimated that across all UK businesses, approximately 2.39 million instances of cyber crime and around 49,000 instances of fraud (as a result of cyber crime) took place in the last 12 months.

Twitter

Starting off the new year the wrong way was Twitter. On January 5th, the email addresses tied to over 235 million accounts – almost half of Twitter’s user base – were posted to an online hacking forum. Described as one of the most significant leaks ever seen, users have been warned that as a result of the hack, they could become victims of hacking, targeted phishing, and doxxing. Not the news you want to hear.

Yum! Brands

On January 8th, Yum! Brands – the parent company of KFC, Pizza Hut, and Taco Bell – were at the receiving end of a cyber attack. In fact, they were forced to close over 300 UK restaurants in order to contain the incident, which involved a threat actor gaining unauthorised access to Yum! Brands’ network. Although they proclaimed that there was no evidence of identity theft or fraud, they made everyone involved aware that they could have been subject to the loss of information such as names, driver’s licence numbers, ID numbers, and other personal identifiers.

PayPal

In January, PayPal was made to send out data breach notifications to just under 35,000 users who had their personal data exposed. The attack involved credential stuffing – the act of using the login credentials collected from a data breach from a separate service provider to attempt to login to a different service – to access the accounts. Although PayPal itself wasn't breached, as an online payment system, the consequences of a breached account could be catastrophic.  

JD Sports

At the end of January, sportswear retailer JD Sports became another cyber victim. The company revealed that information such as name, billing and delivery address, phone numbers, order details, and the last 4 digits of card details were leaked for approximately 10 million customers. The attack also targeted the purchases from their partner companies including Size?, Blacks, Scotts, and Millets.

Zellis 

The Zellis data hack involved a chain system affecting multiple parties. Hackers originally found a weakness in MOVEit, a file sharing system that payroll provider Zellis uses alongside their clients. The information that was stolen related to employees of eight of their largest clients, including BBC, Boots, British Airways, and Aer Lingus. 

Education

As cyber attacks on the educational sector rise, the latest cyber security breaches survey 2023 revealed that all types of education institutions are more likely to have identified cyber security breaches or attacks in the last 12 months than the average UK business. 

14 schools 

In January, it surfaced that 14 UK schools were hit by a cyber attack supposedly revealing 500GB worth of highly confidential data, including SEN information, child passport scans, staff pay scales, and contract details. The hack was reportedly orchestrated by Russian hacker group, Vice Society, who have been targeting public schools across the world, and most recently the UK in late 2022. They’re known to acquire sensitive information to use for double extortion purposes (a ransomware tactic used to ask for money in exchange for the decryption or deletion of data).

University of Manchester

This time targeting the higher-education sector, one of the most recent victims is the University of Manchester, who revealed that they were victims of a cyber attack at the beginning of June. They are still currently unsure as to what data has been accessed, but believe that data is likely to have been copied, as the orchestrator of the attack accessed their systems and threatened the institution with a ‘last warning’ before releasing the data from their 40,000 students and 12,000 staff. 

Government

New research has revealed that nearly eight in 10 providers of frontline healthcare services within the UK have experienced at least one data breach since 2021. 

Capita

Around 90 separate organisations have reported breaches of personal information held by Capita after the payroll outsourcing group suffered a cyber attack. This caused major IT outages for clients, some of which ran crucial services for the NHS, local councils and the military. Capita employs over 50,000 people in the UK and holds £6.5bn worth of public sector contracts with the British government. 

NHS 

On the back of the University of Manchester data breach, a new report has surfaced suggesting that the data from over one million NHS patients may have been compromised from the NHS data used for ‘research purposes’ that was leaked in the University's recent data breach. Some of the reportedly stolen data includes NHS numbers and the first three letters of patients’ postcodes. 
  
The breaches listed here don’t even begin to scratch the surface of what’s happened in the digital world so far this year. As we are becoming increasingly reliant on digital technologies, learning how to manage the potential threats and vulnerabilities is an uphill battle. Tackling these threats involves a collective effort, combining new risk management framework, and educating businesses, staff, and individuals on practising strong internet safety to enhance their defences.

Add a Comment

No messages on this article yet

Editorial: +44 (0)1892 536363
Publisher: +44 (0)208 440 0372
Subscribe FREE to the weekly E-newsletter