The Independent Advisor has just launched a new Company Data Breach Tracker for 2023.
A regularly updated, month by month timeline of the latest company data breaches and hacks happening in 2023, it also tracks the overall business breach statistics for the year.
Almost 340 million people have been affected through business data breaches already in the first four months of 2023, staying secure online is a huge concern for companies.
More and more fall victim to cyberattacks, phishing scandals and ransomware leading to data leaks, huge payouts and often lawsuits.
The new guide is an overview highlighting the impact data breaches have on businesses and their customers. Here are the key overall insights of company data breaches in 2023:
- Number of people affected in 2023: 339,137,463
- 2023’s biggest breach: Twitter with allegedly 235 million emails leaked
- UK’s biggest breach: 10 million JD Sports customers exposed
- US’s biggest breach: T-mobile with 37 million customers affected
- Data leaks caused by threat actors: 275,630,000
- Number of potential records compromised in:
- March: 27,235,000
- January: 288,082,463
The new guide tracks the key details of these corporate attacks, breaking them down by date, company, company info, attack type, and the amount of accounts affected. The three most notable company breaches of 2023 so far are:
1. Company: Twitter
Company info: Large social media company based in US
Date: 4th January
Attack type: Data leak (threat actor)
Affected: 235 million|
Description: The largest attack of 2023 so far was on social media platform Twitter at the very start of the year. 235 million Twitter users and their associated email addresses were leaked to an online hacking forum, selling for around $2.
2. Company: T-Mobile
Company info: Large telecommunications company based in US
Date: 20th January
Attack type: Bad actor, hack
Affected/data leaked: 37 million
Description: The next largest was on mobile telecom company T-Mobile, with the hacker gaining access to customer data from 37 million accounts, including names, birth dates, and phone numbers.
3. Company: TruthFinder and Instant Checkmate
Company info: Large subscription-based background check services based in US
Date: 3rd February
Attack type: Cyberattack
Affected: 20.22 million
Description: The third was PeopleConnect-owned background check services TruthFinder and Instant Checkmate. Hackers leaked a 2019 backup database containing information of 20.22 million users including their PII, encrypted passwords and expired or inactive password reset tokens.
Commenting on the tracker, Camille Dubuis-Welch, Lead writer and researcher states:
“Like it or not, cybercrime is prolific. With an estimated 8,000 cyberattacks per year, staying secure online simply can’t be assumed or left as an afterthought. It’s clear that cybercriminals are getting increasingly creative, that anyone can be targeted and that there is still a lot to learn around prevention and recovery.
While not all cases of a data breach lead to fraud or identity theft, compromised data is still an expensive business for companies and the repercussions stretch further to impact consumer trust and brand reputation, not to mention the mental and financial health of anyone directly involved.”
With the advent of AI-powered tools that hackers are using for increasingly sophisticated attacks, security teams should strive to keep up with the pace of cybercriminals.
The guide also offers helpful advice for businesses on how to protect their data against these types of attack:
- Rigorous training of staff to help recognise phishing emails and malicious activity is a must
- Forging a sense of trust with employees is worthwhile too, so that should someone realise they opened a file or clicked a link they shouldn’t have, they will be comfortable reporting the incident over ignoring it which could lead to an aggravated outcome.
- Set up secure VPNs across all devices (laptop, mobile, tablet, etc). Note that the most protected options will usually be payable, but for many it’s a small price to pay for peace of mind and better security
- Turning on 2FA where you can and updating passwords regularly with a mix of uppercase and lowercase letters, special characters, and numbers that don’t relate to your personal information or replicated across multiple log-ins. Use online tools like Secure Password Generator to help.
We learned from the Company Data Breach Tracker 2023 that data is often stolen by hacking which is someone gaining unauthorised access, usually electronically, to a system.
Phishing is a type of social engineering attack whereby seemingly innocuous emails will be sent to victims containing links that may install ransomware or allow a bad actor access to systems.
Phishing can also be used to lure people into entering personal information, leading to data theft or fraud.
Also, bad/threat actors refers to anyone who causes harm in the digital sphere; they are slightly different to hackers in that they may not necessarily have technical skills to hack a system but will exploit a vulnerable server, eventually leading to a data breach or another other type of cybercrime.
Other factors that commonly lead to a data breach include malware – damaging software that infects devices with viruses – ransomware and spyware. which can then corrupt files and compromise data.