Breached!

It's the wild west out there. It seems barely a week will go by without us hearing of another data breach, often egregious. The list of organisations below is a who's who of their industry. The big players are not immune (and most definitely targeted), and in some cases, their 'blast radius' is significant.

This is what 2023 looks like so far (a dumpster fire), and we're only in June:

Twitter: Email addresses belonging to around 235 million Twitter users are being sold on the dark web right now. As of writing this is the largest breach of the year so far. But ... Twitter ... perhaps nothing of value was lost here.

PayPal: A letter sent to PayPal customers in January, says that in December 2022, “unauthorized parties” were able to access PayPal customer accounts using stolen login credentials.

T-Mobile: Data breach, affecting around 37 million postpaid and prepaid customers who've all had their data accessed by hackers.

T-Mobile again: This time affecting around 800 of the telecom provider's customers. According to recent reports, customer contact information, ID cards, and/or social security numbers were scraped from PIN-protected accounts.

T-Mobile ... really? They were also breached in December 2021 and November 2022. Yikes!

T-Mobile: Just kidding.

Apria Healthcare: US healthcare company Apria Healthcare has reported almost 1.9 million customer's personal data may have been exposed.

PharMerica: The US Pharmaceutical giant revealed that an unknown actor accessed its systems in March and extracted personal data pertaining to 5.8 million individuals.

US Government: Personal information pertaining to 237,000 US government employees has reportedly been exposed in a Department of Transport data breach.

But wait, there is more ...

Yum! Brands: They own fast food chains Pizza Hut, KFC, and Taco Bell, has informed a number of individuals that their personal data, names, driver's license, and ID card info was exposed during a ransomware attack. No Pizza or fried chicken was harmed in this attack. No one cares about the Tacos.

ChatGPT: A bug found in ChatGPT's open-source library caused the chatbot to leak the personal data of customers, which included some credit card information and the titles of some chats they initiated. Wait. What? There are bugs in AI?

US House of Representatives: A breach of a Washington DC-based healthcare provider that handles sensitive data belonging to a number of federal legislators and their families may have affected up to 170,000 people. The data was put up for sale online, although the FBI is thought to have already purchased it as part of their investigation!

Activision Data Breach: Makers of the super popular Call of Duty franchise, were breached with sensitive employee data and content schedules exfiltrated from the company's computer systems via a phishing attack.

Atlassian: A hacking group known as “SiegedSec” claims to have broken into the company's systems and extracted data relating to staff as well as floor plans for offices in San Francisco and Sydney. Included in the dataset are names, email addresses, the departments that staff work in, and other information relating to their employment at Atlassian.

Optus Data Breach Extortion Attempt: A man from Sydney has been served a Community Correction Order and 100 hours of community service for leveraging data from a recent Optus data breach to blackmail the company's customers. Initially arrested back in October of last year, the perpetrator sent SMS communications to 92 people saying that their personal information would be sold to other hackers if they didn't pay AU$ 2000.

Weee!: 1.1 million customers of Asian and Hispanic food delivery service Weee! have had their personal information exposed in a data breach. Weee ... and now it's probably in the wild. Sorry.

Sharp HealthCare: Sharp HealthCare, which is the largest healthcare provider in San Diego, California, has notified over 60000 patients that their personal information was exposed during a recent attack on the organisation's website. Social Security numbers, health insurance data, and health records...

JD Sports: As many as 10 million people may have had their personal information accessed by hackers after a data breach.

Closer to Home

In little ole NZ, yeah, we're most certainly not immune either, the Privacy Commissioner's office has opened an investigation into Latitude Financial, and its role in New Zealand's largest data breach.

The breach from March has already exposed 1,037,000 New Zealand driver license numbers, along with details from 34,000 passports.

Approximately 90,000 customers in New Zealand have had their personal banking numbers as well as income and expense information used to assess loan applications exposed.

Cybercrime is prolific. Staying secure online simply can't be assumed, and it should be a huge concern for companies. More and more are falling victim to cyberattacks, phishing scandals and ransomware, leading to data leaks, huge payouts and often lawsuits. Cybercriminals are getting increasingly creative, and as you can see above, anyone can be targeted and there is still a lot to learn around prevention and recovery.

While not all cases of a data breach led to fraud or identity theft, compromised data is still an expensive business for companies and the repercussions stretch further to impact consumer trust and brand reputation, not to mention the mental and financial health of anyone directly involved.

As hackers are now using AI-powered Tools for increasingly sophisticated attacks, IT/security teams are striving more than ever to keep up with the pace of cybercriminals. The need for adequate staff training as well as creating an atmosphere of trust to report any issues has never been greater.