20 December 2023

Top cybersecurity data breaches in 2023


Despite advancements in digital infrastructure, data breaches persist, posing substantial threats to both government and private organisations. Safeguarding the data of millions of citizens and users is a humongous task. Governments around the world, along with corporations, struggle to ensure that user data is kept safe. However, no security is fool-proof as evidenced by reports of data leaks around the world.

MOVEit cyberattack

In May 2023, a ransomware gang abused a zero-day exploit to compromise the security of over 2,000 organisations worldwide according to a report from Emisoft. These included New York City’s public school system, British Airways and BBC.

Threat actors used an exploit in Progress Software’s enterprise file transfer protocol, MOVEit transfer, to steal data from government, public, and business organisations.

The company released a patch for the vulnerability after the damage was done. IBM was sued as its servers were breached. The attack and its fallout also prompted the U.S. Securities and Exchange Commission (SEC) to require public companies to issue disclosures within four days of discovering a cybersecurity incident.

Aadhaar data breach of 815 million citizens, India

In October, Resecurity, an American cyber security company, said that the personally identifiable information of 815 million Indian citizens, including Aadhaar numbers and passport details, were being sold on the dark web.

While threat actors declined to specify how they obtained the data - without which the source of the data leak is difficult to ascertain - threat actors claimed they had access to a 1.8 terabyte data leak impacting an unnamed “India internal law enforcement agency”.

17,000 WordPress sites hacked

Over 17,000 WordPress websites fell victim to a campaign that exploited known flaws in premium theme plugins. The attack campaign utilised a flaw to inject Linux backdoors into websites to redirect visitors to fake tech support pages, phony lottery winnings, and push notification scams; these were likely part of scams or sold as a service to scammers.

The attack was reportedly active since 2017 and affected nearly one million WordPress sites. The attack campaign came in waves - six waves to be precise - all of which used unique tactics to avoid detection.

Targeted themes on WordPress included Newspaper and Newsmag, putting a substantial number of websites at risk.

Boeing data leaked after ransomware attack

Internal data from Boeing, one of the world’s largest defence and space contractors, was published online by a cybercrime gang which extorts its victims by stealing and releasing data unless a ransom is paid.

Cybercriminals, in October, said they had obtained “a tremendous amount” of sensitive data from the aerospace giant and would dump it online if Boeing didn’t pay a ransom by November 2.

After the deadline, hackers published the data on their website, with Boeing confirming that “elements” of the company’s parts and distribution business had experienced a cybersecurity incident. The company further said that while it was “confident” that the event did not pose a threat to aircraft or flight safety, it declined to comment on whether defence information or other sensitive data had been obtained by hackers.

Genetics testing company suffers data breach

In October, Genetics testing company 23andMe sent emails to several customers to inform them of a breach into the “DNA Relatives” feature that allowed them to compare ancestry information with users worldwide.

The email from the company came after a hacker advertised millions of “pieces of data” stolen from the company’s online forum. The company later confirmed that customers’ data was being sold by hackers. The company attributed the data leak to a credential stuffing attack.
Other noteworthy data leaks in India

The year 2023 also witnessed some major breaches in data security in India. Early in the year, train ticketing platform RailYatri confirmed that it suffered a data breach in December 2022, shortly after the Railway Ministry denied that user data being sold on the dark web was leaked from the Railways’ side.

Earlier in the year, an alleged leak in the CoWIN portal was reported, when a bot on the messaging platform Telegram was returning the personal data of Indian citizens. The data reportedly contained details including names, Aadhaar and passport numbers of individuals who registered with the COVID-19 vaccine network for vaccination purposes.

While the Health Ministry denied reports of a data breach, and said the allegations were “mischievous in nature,” it added that the Indian Computer Emergency Response Team (CERT-In) was reviewing existing security infrastructure of the portal. Later that month, a man and a juvenile were apprehended in Bihar for their involvement in the alleged data leak.

Despite denials and reviews by relevant authorities, these events underscore the persistent challenges in securing sensitive information.

No comments: