More Than 340 Million User Accounts Breached So Far This Year

Uploaded on 2023-06-09 in NEWS-Cybersecurity News, FREE TO VIEW

Exclusive new research shows that over 340 million people have been affected by business data breaches already in the first four months of 2023. The biggest breach that happened this year so far was at Twitter around the time of Elon Musk's takeover which impacted 235 million user accounts.

These figures come from a new Company Data Breach Tracker launched by by the Independent  Advisor  who produce a regularly updated, month by month timeline of the latest company data breaches and hacks happening in 2023. 

Providing an overview of the impact data breaches have on businesses and their customers, here are the key overall insights of company data breaches in 2023:

  • Number of people affected in 2023: 346,758,345
  • 2023’s biggest breach: Twitter with allegedly 235 million emails leaked
  • ·UK’s biggest breach: 10 million JD Sports customers exposed
  • US’s biggest breach: T-mobile with 37 million customers affected
  •  Data leaks caused by threat actors: 275,630,000
  • Number of potential records compromised in:
  • January: 288,082,463
  • February: 25,342,580 
  • March: 31,413,302
  • April: 1,920,000

Staying secure online is a huge concern for companies in 2023. More and more fall victim to cyber  attacks, phishing and ransomware leading to data leaks, huge payouts and often lawsuits.

Tracking the key details of these corporate attacks, the guide breaks each down by date, company, company info, attack type, and the amount of accounts affected. The three largest company breaches of 2023 so far were:   

Company: Twitter
Attack type: Data leak (threat actor)
Affected: 235 million
Description: The largest attack of 2023 so far was on social media platform Twitter at the very start of the year. 235 million Twitter users and their associated email addresses were leaked to an online hacking forum, selling for around 2$.    

Company: T-Mobile
Attack type: Bad actor, hack
Affected/data leaked: 37 million
Description: The next largest was on mobile telecom company T-Mobile, with the hacker gaining access to customer data from 37 million accounts, including names, birth dates, and phone numbers

Company: TruthFinder and Instant Checkmate
Attack type: Cyber attack
Affected: 20.22 million
Description: The third was PeopleConnect-owned background check services TruthFinder and Instant Checkmate. Hackers leaked a 2019 backup database containing information of 20.22 million users including their PII, encrypted passwords and expired or inactive password reset tokens.

The causes of the breaches have also been highlighted with threat actors accounting for 289,700,000. The next largest cause is hacking at 32,303,580, followed by third party data exposure at 11,354,000, and then human error at 382,466. 

With an estimated 8,000 cyber attacks per year, the ability of Internet users to stay safe online simply can’t be taken for granted and as cyber criminals grow more skillful, almost anyone can become a victim. While not all cases of a data breach lead to fraud or identity theft, compromised data is an expensive business for companies and the repercussions stretch further to impact consumer trust and brand reputation, in addition to economic loss.

With hackers now using cutting edge AI-powered tools for increasingly sophisticated attacks, cyber security teams are having to work doubly hard to keep pace with cyber criminals. The need for adequate staff training as well as creating awareness and the trust to report any issues has never been greater. 

Advice for businesses on how to protect their data against these types of attack include the following basis measures:- 

  • Training of staff to help recognise phishing emails and malicious activity.
  • Generating trust with employees , so that should someone realise they opened a file or clicked a link by mistake, they will be comfortable reporting the incident without fear of being blamed.
  • Setting up secure VPNs across all devices (laptop, mobile, tablet,) for users in all locations. 
  • Turning on Two Factor Authentication (2FA)  to verify identity
  • Regularly updating passwords.

Data is often stolen by hackers when they succeed in gaining unauthorised online network access. Phishing is the most common form of attack when a seemingly innocuous email is sent to victims containing links that may install ransomware or allow a bad actor access to systems. Phishing can also be used to lure people into entering personal information, leading to data theft or fraud.

Threat actors are slightly different from hackers in that they may not necessarily have technical skills to hack a system but will exploit a vulnerable server, eventually leading to a data breach or another other type of cybercrime. Other factors that commonly lead to a data breach include malware, damaging software that infects devices with viruses, ransomware and spyware. which can then corrupt files and compromise data.

You Might Also Read: 

Take Practical Measures To Avoid An Attack:

____________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« A House Of Cards
XDR vs. SIEM: Do You Need One or Both? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Zimperium

Zimperium

Zimperium offers enterprise class protection for mobile devices against the next generation of advanced mobile attacks.

National Authority Against Electronic Attacks (NAAEA) - Greece

National Authority Against Electronic Attacks (NAAEA) - Greece

The National Authority Against Electronic Attacks (NAAEA) is the national computer emergency response team of Greece.

National Institute of Information and Communications Technology (NICT)

National Institute of Information and Communications Technology (NICT)

NICT is Japan’s sole National Research and Development Agency specializing in the field of information and communications technology.

Office of the Government Chief Information Officer (OGCIO) - Hong Kong

Office of the Government Chief Information Officer (OGCIO) - Hong Kong

OGCIO supports the development of community-wide information technology infrastructure and setting of technical and professional standards to strengthen Hong Kong’s position as a world digital city.

CI-CERT

CI-CERT

CI-CERT is the national Computer Incident Response Team for Cote d'Ivoire.

DCX Technology

DCX Technology

Recognized as a leader in security services, DXC Technology help clients prevent potential attack pathways, reduce cyber risk and improve threat detection and incident response.

LoughTec

LoughTec

LoughTec secure, manage and connect IT infrastructure for businesses and organisations throughout the UK and Republic of Ireland.

PROW Information Technology

PROW Information Technology

PROW is at the forefront of the technology and digital revolution with a focus and mastery in the cybersecurity, information security and data management realms.

Protect AI

Protect AI

Protect AI is a cybersecurity company focused on AI & ML systems. Through innovative security products and thought leadership in MLSecOps, we help our customers build a safer AI powered world.

WinMagic

WinMagic

At WinMagic, we’re dedicated to making authentication and encryption solutions that protect data without causing user friction so that everyone can work freely and securely.

Eventus Security

Eventus Security

Eventus, are a team of highly skilled professionals who are committed to deliver excellence in next generation cyber security services and customized solutions for your enterprise.

Evo Security

Evo Security

Evo Security is an Identity and Access Management company focused exclusively on serving MSPs, MSSPs and their SMB and Mid-Market customers.

Borwell

Borwell

Borwell delivers software and IT solutions to the UK MoD and to UK Government departments, which are secure by design.

CLEAR

CLEAR

With more than 17 million members and a growing network of partners across the world, CLEAR's identity platform is transforming the way people live, work, and travel.

Alpha Echo

Alpha Echo

Specialising in security advice and enterprise-wide Cyberworthiness, Alpha Echo helps Australia deliver on cyber outcomes at a military grade level.

Lyvoc

Lyvoc

Lyvoc is a premier cybersecurity integration partner renowned for its expertise in supporting its clients to accelerate and secure their digital transformation.