Company Data Breaches: Four Months Into 2023, More Than 340 Million Accounts Compromised
May 2023 by Advisor
Exclusive new research by the Independent Advisor shows that over 340 million people have been affected by business data breaches already in the first four months of 2023. The biggest breach to have happened this year is Twitter at the start of the year, impacting 235 million user accounts.
The figures come from a new Company Data Breach Tracker launched by the Independent Advisor, a regularly updated, month by month timeline of the latest company data breaches and hacks happening in 2023. Providing an overview of the impact data breaches have on businesses and their customers, here are the key overall insights of company data breaches in 2023:
• Number of people affected in 2023: 346,758,345
• 2023’s biggest breach: Twitter with allegedly 235 million emails leaked
• UK’s biggest breach: 10 million JD Sports customers exposed
• US’s biggest breach: T-mobile with 37 million customers affected
• Data leaks caused by threat actors: 275,630,000
• Number of potential records compromised in:
o April: 1,920,000
o March: 31,413,302
o February: 25,342,580
o January: 288,082,463
Staying secure online is a huge concern for companies in 2023. More and more fall victim to cyberattacks, phishing scandals and ransomware leading to data leaks, huge payouts and often lawsuits. Tracking the key details of these corporate attacks, the guide breaks each down by date, company, company info, attack type, and the amount of accounts affected.
The three largest company breaches of 2023 so far are:
1. Company: Twitter
Attack type: Data leak (threat actor)
Affected: 235 million
Description: The largest attack of 2023 so far was on social media platform Twitter at the very start of the year. 235 million Twitter users and their associated email addresses were leaked to an online hacking forum, selling for around $2.
2. Company: T-Mobile
Attack type: Bad actor, hack
Affected/data leaked: 37 million
Description: The next largest was on mobile telecomm company T-Mobile, with the hacker gaining access to customer data from 37 million accounts, including names, birth dates, and phone numbers
3. Company: TruthFinder and Instant Checkmate
Attack type: Cyberattack
Affected: 20.22 million
Description: The third was PeopleConnect-owned background check services TruthFinder and Instant Checkmate. Hackers leaked a 2019 backup database containing information of 20.22 million users including their PII, encrypted passwords and expired or inactive password reset tokens.
The causes of the breaches have also been highlighted with threat actors being the largest at 289,700,000. The next largest cause is hacking at 32,303,580, followed by third party data exposure at 11,354,000, and then human error at 382,466.
Lead writer and researcher Camille Dubuis-Welch states:
"Like it or not, cybercrime is prolific. With an estimated 8,000 cyberattacks per year, staying secure online simply can’t be assumed or left as an afterthought. It’s clear that cybercriminals are getting increasingly creative, that anyone can be targeted and that there is still a lot to learn around prevention and recovery.
While not all cases of a data breach lead to fraud or identity theft, compromised data is still an expensive business for companies and the repercussions stretch further to impact consumer trust and brand reputation, not to mention the mental and financial health of anyone directly involved."
As hackers are now using AI-powered Tools for increasingly sophisticated attacks, IT/security teams are striving more than ever to keep up with the pace of cybercriminals. The need for adequate staff training as well as creating an atmosphere of trust to report any issues has never been greater. Here’s some of the advice for businesses on how to protect their data against these types of attack:
• Rigorous training of staff to help recognise phishing emails and malicious activity is a must
• Forging a sense of trust with employees is worthwhile too, so that should someone realise they opened a file or clicked a link they shouldn’t have, they will be comfortable reporting the incident over ignoring it which could lead to an aggravated outcome.
• Set up secure VPNs across all devices (laptop, mobile, tablet, etc). Note that the most protected options will usually be payable, but for many it’s a small price to pay for peace of mind and better security
• Turning on 2FA where you can and updating passwords regularly with a mix of uppercase and lowercase letters, special characters, and numbers that don’t relate to your personal information or replicated across multiple log-ins. Use online tools like Secure Password Generator to help.
• Data is often stolen by hacking which is someone gaining unauthorised access, usually electronically, to a system. Phishing is a type of social engineering attack whereby seemingly innocuous emails will be sent to victims containing links that may install ransomware or allow a bad actor access to systems. Phishing can also be used to lure people into entering personal information, leading to data theft or fraud.
• Bad/threat actors refers to anyone who causes harm in the digital sphere; they are slightly different to hackers in that they may not necessarily have technical skills to hack a system but will exploit a vulnerable server, eventually leading to a data breach or another other type of cybercrime.
• Other factors that commonly lead to a data breach include malware – damaging software that infects devices with viruses – ransomware and spyware. which can then corrupt files and compromise data.