The biggest cybersecurity and cyberattack stories of 2023
2023 was a big year for cybersecurity, with significant cyberattacks, data breaches, new threat groups emerging, and, of course, zero-day vulnerabilities.
Inmate, Staff Information Stolen in Rhode Island Prison Data Breach
he Donald W. Wyatt Detention Facility says the data of 2,000 inmates, staff, and vendors was stolen in a cyberattack.
Healthcare software provider data breach impacts 2.7 million
ESO Solutions, a provider of software products for healthcare organizations and fire departments, disclosed that data belonging to 2.7 million patients has been compromised as a result of a ransomware attack.
Snikt! Rhysida dumps more than a terabyte of Insomniac Games’ internal data
The Rhysida ransomware gang publishes 98 per cent of leaked data minutes after the ransom deadline passes – Wolverine game files included.
Xfinity waited to patch critical Citrix Bleed 0-day. Now it’s paying the price
Data for almost 36 million customers now in the hands of unknown hackers.
Vans, Supreme owner VF Corp. says personal data stolen and orders impacted in suspected ransomware attack | TechCrunch
The U.S.-based owner of apparel brands including Vans, Supreme and The North Face says it cannot fulfill customer orders after a cyberattack.
MongoDB says customer data was exposed in a cyberattack
MongoDB is warning that its corporate systems were breached and that customer data was exposed in a cyberattack that was detected by the company earlier this week.
US healthcare giant Norton says hackers stole millions of patients' data during ransomware attack | TechCrunch
Hackers accessed the personal and health data of 2.5 million patients — and employees — during a May ransomware attack.
23andMe changes terms of service amid legal fallout from data breach
Days after a data breach allowed hackers to steal 6.9 million 23andMe users' personal details, the genetic testing company changed its terms of service to prevent customers from formally suing the firm or pursuing class-action lawsuits against it. Why it matters: It's unclear if 23andMe is attempting to retroactively shield itself from lawsuits alleging it acted negligently.
23andMe confirms hackers stole ancestry data on 6.9 million users
Genetic testing company 23andMe revealed that its data breach was much worse than previously reported, hitting about half of its total customers.
Okta reveals additional attackers' activities in October 2023 Breach
Cloud identity and access management solutions provider Okta revealed additional threat actor activity linked to the October 2023 breach.
Medical Transcription Service Data Breach Impacts Multiple Health Systems
Northwell Health and Cook County Health both notified patients of a third-party data breach that originated at Perry Johnson & Associates, a medical transcription vendor. The HHS data breach portal now shows that the Perry Johnson & Associates data breach impacted nearly 9 million individuals, making it one of the largest reported healthcare data breaches this year.
Welltok data breach exposes data of 8.5 million US patients
Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack.
DP World confirms data stolen in cyberattack, no ransomware used
International logistics giant DP World has confirmed that data was stolen during a cyber attack that disrupted its operations in Australia earlier this month. However, no ransomware payloads or encryption was used in the attack.
D-Link confirms data breach after employee phishing attack
Taiwanese networking equipment manufacturer D-Link confirmed a data breach linked to information stolen from its network and put up for sale on BreachForums earlier this month.
Sony confirms data breach impacting thousands in the U.S.
Sony Interactive Entertainment (Sony) has notified current and former employees and their family members about a cybersecurity breach that exposed personal information.
LogicMonitor customers hit by hackers, because of default passwords | TechCrunch
An unknown number of LogicMonitor's customers have been hacked due to the fact that the company set weak default passwords.
Spyware maker LetMeSpy shuts down after hacker deletes server data
A June data breach wiped out the spyware maker's servers
TSMC confirms data breach after LockBit cyberattack on third-party supplier
One of the world's biggest chipmakers confirmed a data breach after the LockBit ransomware gang targeted one of its third-party providers.
New hacking forum leaks data of 478,000 RaidForums members
A database for the notorious RaidForums hacking forums has been leaked online, allowing threat actors and security researchers insight into the people who frequented the forum.
Discord discloses data breach after support agent got hacked
Discord is notifying users of a data breach that occurred after the account of a third-party support agent was compromised.
Toyota: Car location data of 2 million customers exposed for ten years
Toyota Motor Corporation disclosed a data breach on its cloud environment that exposed the car-location information of 2,150,000 customers for ten years, between November 6, 2013, and April 17, 2023.
Stanford University discloses data breach affecting PhD applicants
Stanford University disclosed a data breach after files containing Economics Ph.D. program admission information were downloaded from its website between December 2022 and January 2023.
T-Mobile hacked to steal data of 37 million accounts in API data breach
T-Mobile disclosed a new data breach after a threat actor stole the personal information of 37 million current postpaid and prepaid customer accounts through one of its Application Programming Interfaces (APIs).
Mailchimp says it was hacked — again
This is the second breach to hit Mailchimp in six months. It also appears to be almost identical to a previous incident.
Stanford University discloses data breach affecting PhD applicants
Stanford University disclosed a data breach after files containing Economics Ph.D. program admission information were downloaded from its website between December 2022 and January 2023.
T-Mobile hacked to steal data of 37 million accounts in API data breach
T-Mobile disclosed a new data breach after a threat actor stole the personal information of 37 million current postpaid and prepaid customer accounts through one of its Application Programming Interfaces (APIs).
Mailchimp says it was hacked — again
This is the second breach to hit Mailchimp in six months. It also appears to be almost identical to a previous incident.