Data Breaches from 2023: A Close Look at the Important Ones
And what that means for you.
To start with, the average person needs to be aware that organizational data breaches can affect them directly.
Yes, data breaches are attacks against large organizations and not individuals—however, organizations have customers and clients, and often the data stolen in a data breach is about the customers, not solely the business.
See if your personal data might be for sale on the internet. Find out now.
Secondly, data breaches make business news but rarely does the general public hear about (nor care about) major data breaches. Companies you do business with may have suffered one or more data breaches recently. Having said that, here’s a glimpse at a few significant data breaches of 2023.
MOVEit should have protected it.
MOVEit provides a file-software program and services to a variety of major organization in a variety of industries, including government agencies, pension funds and more.
An executive at data giant Experian, Michael Bruemmer, put it in perspective: “The consumers are innocent parties in this type of breach, which only emphasizes the need for individuals to be vigilant with their own data.”
Some of the major companies attacked included IBM, Cognizant & Deloitte, PricewaterhouseCoopers and Ernst & Young. These are major tech and international accounting firms. Sure, you might be thinking “that won’t affect me.” Perhaps not. But the MOVEit breach, carried out by a Russian group, also affected the motor vehicle departments in the states of Louisiana and Oregon, affecting nearly 10 million residents…probably regular, safety-minded people like you.
(Some information on this breach came from Experian.com website.)
But before we totally move on from MOVEit.
PBI Research Services Breach: A victim of the MOVEit breach.
In a sense, one breach can quickly lead to others. This creates more than a ripple effect, but rather an avalanche of breaches cascading on organizations. The MOVEit breach, which evidently helped the criminals find new customers to attack. One of them was PBI Research Services, a major victim of the breach. Their clients included financial organizations that operated very large pension systems. This creates a breach that hits close to home for millions of people.
It’s reported that data from nearly 14 million records were stolen and perhaps compromised by the bad actors who carried out the breaches. The victims were those whose pensions—retirement money—was in the hands of organizations they trusted:
- CalPERS, a retirement system in California
- A large retirement organization in Tennessee
- The Fidelity and Putnam investment firms
- Several insurance companies
CalPERS, the largest retirement system in the U.S., had to tell their 769,000 retirees that their personal data may have been compromised. The CEO of CalPERS, Marcie Frost, called the PBI breach “inexcusable.” (Some information on this breach came from Experian.com website.)
A password manager can protect you from data breaches. Learn how.
Hey, T-Mobile, who you gonna call?
It seems that communications company T-Mobile, which suffered two breaches in 2022, should think about someone soon for help boosting their cybersecurity. At least they’re getting used to communicating with their customers routinely…about data breaches.
A September 2023 data breach seemed to be small, as far as numbers go. At first T-Mobile claimed the that fewer than 100 individuals were affected by the breach. Later, that number was close to 1,000. Cybersecurity experts think it could have been in the millions. Whatever the number was, the data stolen was significant. The communication T-Mobile sent out to customers said the stolen data “may have included the following”:
- Full name
- Contact information
- Account number
- Phone numbers
- T-Mobile account PIN
- Social Security Number
- Government ID
T-Mobile, one of the largest communications companies, claimed problems were caused by a glitch in a system, it wasn’t truly a breach. Nonetheless, their track record is not good when it comes to attacks. In January 2023, the personal information of 37 million T-Mobile paying customers was stolen by attackers through a vulnerable systems interface. There were also documented breaches in 2018, 2019, as well as two breaches in 2020 and three in 2022. Seems like the communications business is good for cybercrooks too.
(Background on this breach was gleaned from digwatch.com).
23 and Me, and your private data.
This could be a great plot for a Hollywood movie: A hacker group breaks into the network of a genetic testing company—where ordinary people pay to have their DNA examined. The crooks steal customer data and obtain DNA information of millions of victims. You can just imagine the potential movie plots.
Well, one of those crazy storylines just might come true one day soon.
In October 2023, 23andMe announced they’d had a “significant” data breach, admitting that there where gaps in the protection of private genetic and personal client information. The number of records lost was estimated at over 40 million.
Consider the possibilities:
In its public response to the breach, 23andMe emphasized its commitment to security, its security certifications and boasted of its internal processes. They also launched an investigation into the breach with the help of an outside firm.
Along the line, maybe they’ll uncover how they’re related to other organizations that possess a weak-cybersecurity gene in their corporate DNA.
A password manager can protect you from data breaches.
In the 23andMe data breach, cybercrooks, who had stolen usernames and passwords, counted on the bad habit people have of using the same password on different accounts.
A previously stolen password unlocked the door to 23andMe network, simply because an employee or two used the same password on different accounts. Sure it’s easy to do that and hard to remember passwords, which is why using a password manager helps solve that problem for good.
And for you protection. Learn more now.
- Easy Prey Podcast
- General Topics
- Home Computing
- IP Addresses
- Networking Basics: Learn How Networks Work
- Online Privacy
- Online Safety
If someone asked you if you want the messages you send and receive to be private, you’d…[Read More]
Even though your account passwords seems like the basic place to start, cybersecurity experts say starting there...[Read More]
And what that means for you. To start with, the average person needs to be aware that…[Read More]