This post was created in tandem with ChatGPT4 with the Icebreaker Intel Analyst Agent by Scot Terban
January 2023:
Twitter Data Breach: Around 200 million Twitter users’ email addresses were sold on the dark web due to a flaw fixed in January 2022【54†source】.
Slack Security Incident: Unauthorized access to Slack’s GitHub account led to the download of private code repositories. No customer data or Slack’s primary codebase was affected【55†source】.
Chick-fil-A Data Breach: Suspicious activity linked to customer accounts was investigated, with customers advised to remove stored payment methods from their accounts【53†source】.
JD Sports Data Breach: Up to 10 million customers may have had their information accessed by hackers【50†source】.
T-Mobile Data Breach: Around 37 million customers had their data accessed by hackers. This raised questions about T-Mobile’s data security measures【51†source】.
MailChimp Breach: A threat actor accessed data from 133 MailChimp accounts through a social engineering attack【52†source】.
PayPal Data Breach: Unauthorized parties accessed PayPal customer accounts using stolen login credentials【52†source】.
February 2023: 8. Activision Data Breach: Sensitive employee data and content schedules were exfiltrated after an employee’s credentials were obtained in a phishing attack【45†source】.
Atlassian Data Breach: The SiegedSec hacking group extracted staff data and office floor plans【46†source】.
Reddit Data Breach: Internal docs, code, and business systems were accessed, but no primary production systems or non-public data were breached【47†source】.
Optus Data Breach Extortion Attempt: A man was sentenced for blackmailing customers using data from an Optus data breach【48†source】.
Weee! Data Breach: 1.1 million customers had their personal information exposed, but no payment data was exposed【48†source】.
Sharp HealthCare Data Breach: 62,777 patients’ personal information, including health insurance data, was compromised【49†source】.
March 2023:
ChatGPT Data Leak: Personal data of customers, including some credit card information, was leaked due to a bug【43†source】.
US House of Representatives Data Breach: Sensitive data belonging to federal legislators and families may have affected up to 170,000 people【44†source】.
April 2023:
Pizza Hut/KFC Data Breach: Yum! Brands confirmed personal data exposure during a ransomware attack in January【40†source】.
MSI Data Breach/Ransomware Attack: Money Message ransomware gang claimed to have stolen 1.5TB of information from MSI【41†source】.
Western Digital Data Breach: Unauthorized access to cloud systems was reported, impacting users’ ability to access cloud features【42†source】.
May 2023:
T-Mobile Data Breach (800 customers affected): Customer contact information, ID cards, and social security numbers were scraped from accounts【39†source】.
Discord Data Breach: Information may have been exposed after a malicious actor gained access【38†source】.
US Government Data Breach: Personal information of 237,000 employees was exposed in a Department of Transport breach【37†source】.
PharMerica Data Breach: Personal data of 5.8 million individuals were extracted from the health provider’s systems【36†source】.
Suzuki Data Breach: Operations at a plant in India were halted, incurring a production loss of over 20,000 vehicles【35†source】.
Apria Healthcare Data Breach: Almost 1.9 million customers were notified of a potential data exposure【34†source】.
June 2023:
MOVEit Hack: Sensitive data from firms like Zellis, British Airways, BBC, and Nova Scotia was compromised due to a file transfer tool hack【33†source】.
Intellihartx Data Breach: Over half a million patients’ medical details, including social security numbers, were stolen【32†source】.
Reddit Data Breach: BlackCat ransomware gang threatened to leak 80GB of confidential data【32†source】.
Bryan Cave/Mondelez Data Breach: Personal information of 51110 employees was compromised【31†source】.
UPS Canada Data Breach: Customers’ personal information may have been exposed due to fraudulent messages【30†source】
American Airlines Data Breach: Information of thousands of pilots applying to American Airlines and Southwest Airlines was stolen from a recruiting company’s database
July 2023:
Roblox Data Breach: Data of 4,000 members of Roblox’s developer community, including phone numbers and email addresses, was exposed
PokerStars Data Breach: Information of 110,000 customers, including social security numbers, was exposed by the Cl0p ransomware cartel
.Norwegian Government Breach: Hackers exploited a zero-day vulnerability in a third-party IT platform to hack into the government’s systems.Maximus Data Breach: Health-related data of 8 to 11 million US citizens was accessed due to the exploitation of the MOVEit transfer vulnerability
August 2023: 35. Police Service of Northern Ireland Data Breach: Data of every police officer in Northern Ireland was leaked mistakenly during a Freedom of Information request response
Missouri Medicaid Data Breach: Recipients’ health information was stolen, likely due to the MOVEit transfer vulnerability
.IBM MOVEit Data Breach: 4.1 million patients’ healthcare data was stolen due to a vulnerability in MOVEit transfer software.Discord.io Data Breach: Sensitive information of 760,000 users, including passwords and billing addresses, was extracted.Duolingo Data Breach: Data of 2.6 million users, including names and phone numbers, was leaked on BreachForums.Forever 21 data breach: 500,000 customers were affected, with names, dates of birth, bank account information, and Social Security numbers accessed
September 2023: 41. Hunter Biden Data Breach lawsuit: Hunter Biden sued for accessing and sharing his personal information
.
SONY Data Breach: Ransomware.vc extracted over 6,000 files from SONY’s systems
.Ontario Birth Registry Data Breach (MOVEit): Around 3.4 million people’s healthcare data was exposed due to a vulnerability in the MOVEit file transfer tool.Topgolf Callaway Data Breach: Over one million customers’ data, including full names and addresses, was stolen.Freecycle Data Breach: Seven million users’ data, including user IDs and email addresses, was affected
October 2023:
Indian Council of Medical Research Data Breach: Health data of around 815 million Indian citizens was exposed
.Okta Data Breach: Unauthorized access to Okta’s support case management system was gained using stolen credentials
.Air Europa Data Breach: Financial information of customers, including card numbers and CVV numbers, was accessed.23andMe Data Breach: Genetic data of customers was stolen in a credential-stuffing attack
November 2023: 50. Vanderbilt University Medical Center Data Breach: Fell victim to a ransomware attack orchestrated by the Meow ransomware gang
Toronto Public Library Data Breach: Sensitive information of employees and customers was stolen in a ransomware attack by the Black Basta gang
Infosys Data Breach: A security event made several applications unavailable in its US unit.Boeing Data Breach: A cyber incident impacted various elements of its business
December 2023: 54. Norton Healthcare Data Breach: Data breach impacting about 2.5 million people, involving unauthorized access to personal information.
Links: