Last year, we witnessed several high-profile cyber attacks that not only disrupted major businesses but also raised critical questions about digital security and the measures needed to safeguard against such threats.
In this blog post, we’ll delve into some of the biggest cyber attacks and data breaches of 2023, exploring the details of each incident and looking at potential prevention strategies.
Royal Mail – January 2023
What Happened?
Royal Mail suffered a ransomware attack by LockBit, significantly impacting its international shipping business. The attack caused prolonged disruption to operations, with a more substantial impact on international services compared to domestic. This cyber incident led to a notable decline in the company’s international revenue and parcel volume.
Insights on Prevention
While specific prevention strategies were not detailed in the sources, such large-scale ransomware attacks highlight the importance of robust cyber security measures, including frequent backups, employee training on phishing and social engineering attacks, and the implementation of advanced threat detection and response systems.
Yum! Brands (KFC, Taco Bell, & Pizza Hut) – January 2023
What Happened?
Yum! Brands faced a ransomware attack in January, initially impacting corporate data. However, employee personal information was later identified as exposed. The attack led to the closure of nearly 300 UK locations for the company.
Insights on Prevention
Not much information was given on this, but its important to know that advanced technical solutions like firewalls and antivirus software are crucial for larger businesses.
Mailchimp – January 2023
What Happened?
Mailchimp faced its third data breach in a year due to a social engineering attack, compromising customer accounts. The response was prompt, with affected accounts suspended and customers notified within 24 hours. Previous incidents were linked to phishing campaigns.
Insights on Prevention
Emphasising employee training and Multi-Factor Authentication (MFA) is key. A thorough understanding of potential threats allows individuals to prevent security breaches in your organisation.
Chick-fil-A – February 2023
What Happened?
Chick-fil-A confirmed a data breach affecting 71,000 of customers via its mobile app. The automated credential stuffing attack, occurring from December 2022 to February 2023, exposed names, emails, partial bank details and other details. Chick-fil-A urged affected users to reset passwords and provided steps if fraud was suspected.
Insights on Prevention
Preventing automated bot attacks on customer accounts requires detecting and identifying unusual login locations, as well as enforcing lockout policies to restrict the number of logins that can be made. MFA is also a key factor and possibly could have prevented the entire attack if enforced.
ChatGPT – March 2023
What Happened?
In March 2023, ChatGPT, developed by OpenAI, faced a nine-hour data breach exposing 1.2% of ChatGPT Plus subscribers’ data. The incident resulted from a bug which led to information leakage. OpenAI responded with fixes and launched a bug bounty program. The breach raised privacy concerns, leading to Italy’s watchdog banning ChatGPT and questioning OpenAI’s data practices.
Insights on Prevention
Prior to deployment, comprehensive code audits and testing may have found and corrected the bug. Stricter access controls and improved user verification processes could have also lessened the impact.
Latitude Financial Data Breach – March 2023
What Happened?
Latitude Financial, a major non-bank lender in Australia and New Zealand, suffered a significant cyber attack in mid-March. The breach initially reported compromised 103,000 identification documents and 225,000 customer records. However, this number was later updated to the staggering amount of personal data of 14 million customers. The breach was attributed to cyber attackers gaining employee login credentials through a successful attack on a third-party vendor.
Insights on Prevention
The Latitude Financial breach highlights the critical importance of securing data, especially when it is no longer operationally needed. Best practices include securely retiring information, warehousing data in a secure location, and limiting access with strong authentication measures.
MOVEit Hack – May 2023
What Happened?
The MOVEit Transfer software, a managed file transfer service, experienced a massive exploitation in 2023, marking it as the largest hack of the year. Over 1,000 organisations were affected, with more than 60 million individuals impacted. The attack, attributed to the Clop ransomware and extortion gang, exploited a zero-day vulnerability in MOVEit Transfer. Financial services, healthcare, IT organisations, and government entities were among the most affected sectors.
Insights on Prevention
To prevent similar breaches, organisations should restrict access to data, provide cyber security education, use security software, implement MFA, and keep backups separate from production networks. It also emphasises the importance of choosing third-party vendors with robust cyber security and continuously updating and maintaining their security measures.
Tesla Data Breach – May 2023
What Happened?
Tesla experienced a significant data breach involving the leakage of sensitive information of over 75,000 employees. This breach was attributed to insider wrongdoing by two former employees who shared confidential data, including personal and financial information, with the German newspaper Handelsblatt. The leaked data spanned from 2015 to 2022, including 23,000 internal documents and covering various details like Social Security Numbers, work information, and complaints about Tesla’s Full Self-Driving features.
Insights on Prevention
To prevent similar breaches, Tesla and other organisations need to prioritise cyber security, particularly against insider threats. Advanced data analytics play a crucial role in identifying unusual patterns and behaviours that could indicate unauthorised access or data transfers. Additionally, maintaining a complete inventory of apps and tightening system access controls are essential to prevent recurrence of such breaches.
UK Public Sector Cyber Attacks – July 2023
What Happened?
The UK’s public sector, including the NHS, faced a series of cyber attacks in 2023. The largest NHS trust, Barts Health NHS Trust, was targeted by the ALPHV ransomware gang, also known as BlackCat, which claimed to have stolen 70 terabytes of sensitive data. This incident was part of a larger wave of attacks on the UK public sector, including a previous ransomware attack on the University of Manchester that compromised NHS data of 1.1 million patients.
Insights on Prevention
To mitigate similar risks, UK senior executives emphasise the importance of addressing cloud-based threats, as they are expected to significantly impact organisations. Strategies include increasing cyber security budgets, focusing on the risks associated with digital transformation, and incorporating cyber threats into organisational resilience plans.
UK Electoral Commission – August 2023
What Happened?
The Electoral Commission, publicly disclosed a cyber attack on their systems, revealing unauthorised access by threat actors since August 2021. The breach affected their email system, control systems, and electoral registers, with potential exposure of personal data such as names, addresses, email addresses, and contact numbers. The compromised registers spanned from 2014 to 2022 for Great Britain, 2018 for Northern Ireland, and included overseas voters. The personal data compromised was of low risk, according to the Information Commissioner’s Office risk assessment.
Insights on Prevention
The Electoral Commission was using an unpatched version of Microsoft Exchange Server vulnerable to ProxyNotShell attacks during the cyber incident. This highlights the significance of keeping software up to date to prevent known vulnerabilities. The Cyber Essentials scheme, a government-backed framework supported by the National Cyber Security Centre, advocates five fundamental cyber security controls, including patch management, to safeguard against approximately 80% of common cyber threats. Implementing these controls, particularly keeping software updated, is crucial for enhancing resilience against potential attacks.
Sony – September 2023
What Happened?
Sony experienced a cyber attack with over 3.14 GB of data allegedly leaked. The extortion group RansomedVC initially claimed responsibility, stating they had compromised all of Sony’s systems and stolen 260 GB of data, which they intended to sell for $2.5 million. However, another threat actor, MajorNelson, later claimed responsibility and refuted RansomedVC’s claims, releasing a 2.4 GB compressed archive containing Sony’s credentials, internal system files, certificates, a device emulator, security policies, and more. The authenticity of the data and the responsible party remains unverified.
Insights on Prevention
While specific prevention strategies for this incident are not detailed, it highlights the importance of robust cyber security measures to protect against data breaches and extortion attempts. Companies are advised to implement strong security protocols, regular system audits, and employee training to recognise and respond to potential cyber threats.
ICMR Indian Council of Medical Research – October 2023
What Happened?
India’s largest data breach (and the biggest on this list) exposed the personal details of 81.5 million citizens. Resecurity discovered the breach after the data was put up for sale on the Dark Web. Leaked data included national identification numbers, passport number, names, addresses and many other details.
Insights on Prevention
The attack was found to have been caused by improper network segmentation, although not much detail has been given at this time. However, strengthening access controls, enhancing detection systems, educating employees on phishing risks, keeping systems updated, reinforcing firewalls, implementing encryption, and developing an effective incident response plan are key in mitigating damage caused by digital attacks.
23andMe – October 2023
What Happened?
23andMe detected unauthorised access to approximately 14,000 user accounts, constituting less than 0.1% of their customers, due to credential stuffing. The threat actor used compromised accounts to access DNA Relatives profiles (around 5.5 million) and Family Tree feature profiles (approximately 1.4 million). Immediate actions taken included notifying affected customers, requiring password resets, and implementing two-step verification.
Insights on Prevention
Promoting advanced authentication measures like MFA earlier and regularly reminding users to enable MFA, alongside conducting periodic security checkups, could have bolstered account security and mitigated the impact of credential stuffing attacks. Continuous monitoring and proactive measures to identify and address potential vulnerabilities in their systems would have also played a crucial role in preventing unauthorised access.
DP World Australia – November 2023
What Happened?
DP World Australia, a major port operator managing about 40% of Australia’s import and export goods, faced a significant cyber attack which crippled its operations at container terminals in Melbourne, Sydney, Brisbane, and Perth. The company had to disconnect its ports from the internet to prevent unauthorised access, causing delays in container transport.
Insights on Prevention
The incident underlines the necessity for robust cyber security measures in critical infrastructure sectors like port operations. Preventative steps include regular system audits, implementing advanced security protocols, employee training on cyber threats, and possibly real-time monitoring for unusual network activities. The incident also highlights the importance of having contingency plans to maintain operations during cyber disruptions.
As we’ve explored some of the most significant cyber attacks of 2023, it’s clear that the threat landscape is constantly evolving, and staying ahead of these threats is more critical than ever. Whether you’re looking to bolster your defences against potential cyber attacks, or need expert guidance to navigate the aftermath of a breach, 3B Data Security is here to help.
Find out more about our range of services and how we can help keep your organisation cyber secure.
