Cyber Nightmares: 8 of the Biggest Data Leaks and Hacks of 2023

Data leaks and hacks.

It’s that not-so-wonderful time of the year when we look at the most significant data leaks, breaches, and hacks in 2023.

This year, data leaks remain a consistent threat to our data, with an average cost of $4.35 million.

This article looks at some of the most significant cyberattacks that happened throughout the year, what caused them, how the business reacted, and valuable tips on protecting yourself from the cyber world’s biggest threat.

Data leaks and hacks in America, 2023

The United States again tops the list of countries with the highest average data leak cost, at over $9 million. The companies that were impacted the most this year were healthcare, at number one, followed by finance, pharmaceuticals, energy, and industrial sectors being targeted, primarily by ransomware gangs.

So, let’s look at the four biggest data leaks of 2023 that happened to our friends across the pond.

T Mobile

T Mobile wins the “we really have no idea why we can’t prevent data leaks” award because they have been the victim of a data leak not once, not twice, but thrice!

T Mobile is one of the major telecommunications providers in the United States, offering various services to customers and businesses ranging from mobile phone plans to WiFi.

January 2023

It all started in November 2022, when a threat actor accessed the personal data of 37 million customers. Fast forward to January 19, 2023, T Mobile filed a report to a government agency saying the hackers stole names, addresses, emails, phone numbers, and account numbers because of this breach. But this wasn’t the end for T Mobile...

February 2023

T Mobile’s second attack occurred between February and March. Although not as devastating, over 800 customers were still affected by the data leak. T Mobile issued notification letters to its customers explaining that a threat actor managed to gain access to full names, dates of birth, government IDs, and T Mobile account pins.

In response, T Mobile reset the account pins of affected users and offered customers impacted by the breach two years of identity theft monitoring services to ensure the details stolen were not used by threat actors for fraud or other forms of identity theft.

After the second data leak of the year, T Mobile acknowledged it must continue to increase its security efforts to keep customer data safe and is actively working towards improving its security...

September 2023

And then September arrived. The September data leak happened when a T Mobile employee leaked 90GB of T Mobile’s employee data (primarily email addresses, sales data, and partial security numbers) and posted it on a popular hacking forum.

T-Mobile issued a statement clarifying that the attack was unrelated to them and no employee data was exposed.

Even so, this is T Mobile’s tenth data leak since 2018, affecting over 100 million users. Despite this, T Mobile continues to offer its services, so we must protect our mobile phones and their data and make informed decisions when choosing a company that handles our private information.

Chat GPT

Ahhh, the rise of AI. It’s hard to browse anywhere online without seeing AI discussions/arguments. Are the machines coming to take our jobs? Should we start preparing for judgment day and rise against OpenAI?

Probably not. Not yet, anyway. There are still some creases to iron out for AI technology; it is still vulnerable to bugs, as shown in March of this year.

On March 24, Skynet, I mean Open AI, confirmed that a bug in the platform’s source code resulted in user’s sensitive information being exposed in a data leak due to a vulnerability in a database OpenAI uses to store information. From there, threat actors could view users’ chat histories and the last four digits of credit card numbers from Chat GPT Plus subscribers.

OpenAI states the number of users affected was very low and has since fixed the vulnerability in the software shortly after it was discovered. Customers whose payment information may have been exposed because of the data leak were notified.

Internxt is a cloud storage service based on encryption and privacy.

Reddit

Black cats are a Halloween staple due to old superstitions that they bring bad luck. Unfortunately for Reddit, this superstition came to fruition in June 2023, when they were targeted by the infamous ransomware group BlackCat.

Interestingly, the spark that caused this cyberattack happened when Reddit announced that it would start charging for using its API. With these new changes, Reddit could generate and sell user data to advertisers, profiting from their user’s data and content without their consent.

In response to these changes, BlackCat stole 80GB of Reddit data containing users' credentials as far back as 2007. In a post on the dark web, hackers threatened to release the data online unless the company paid a $4.5 million ransom and withdrew the API charges.

Reddit declined to say whether it plans to pay the ransom, but BlackCat says they are “very confident” that they won't.

Despite its popularity, it seems as though Reddit is no different from other tech companies looking to profit from its users and steal your data for their monetary gain. If this breach has taught us anything, we should choose a company that protects our data rather than monetizing it.

Caesers

Et tu, Brute?

One company that did decide to bite the bullet after becoming a victim of a ransomware attack was casino operator, Caeser’s. The hacker group behind this attack, Roasted 0ktopus, stole driver’s license information, Social Security numbers, and other sensitive data from Caeser’s customer loyalty database.

After initially demanding $30 million, the two parties agreed on a ransom payment and Caesar’s paid the group $15 million. Caeser’s assured the public that they had taken the necessary measures to ensure the group deleted the data they stole.

However, the danger of ransomware is that even after the group receives the payment, they can still release the data on the dark web or elsewhere. How far can you really trust cyber criminals to keep their word?

European Data Leaks

It is time to venture over to Europe, a land filled with Royals, sun, sea, and laws that help companies respond to threats and reduce the impact of cyberattacks.

Despite our strict privacy regulations, us humble Europeans are not safe from cyberattacks, not even the King of England.

The Royal Family, United Kingdom

October 1st was the start of Cyber Awareness Month, but unfortunately for the British Royals, the month dedicated to cybersecurity started with a Distributed Denial of Service (DDoS) attack on the Royal UK website.

The attack caused the royal website to be down for an hour. The attack did not last long, and the website was back up and running the same day. However, visitors had to pass extra security steps before accessing the website, and the website was back to business as usual by Monday.

Although not the most significant attack of 2023, it's one example of the many politically motivated attacks that are becoming more common, as the Russian group, Killnet, took responsibility for this and other DDoS attacks on countries that support Ukraine.

DDoS attacks may shut down a website as a distraction to distract security teams and use the opportunity to steal more data, introduce malware, or as an opportunity for ransomware.

In this case, no data leak happened, and the attack could just be a statement from hacking groups. Nevertheless, it shows that not even the King of England himself is safe from cyber threats.

Seville Town Hall, Spain

Seville town hall was the victim of a cyberattack in September, which officials attributed to the cybercrime gang LockBit. LockBit specializes in ransomware attacks and previously targeted the British Royal Mail postal service.  

As Spain’s fourth largest city, Seville’s town hall holds the personal records of over 600,000 residents. Officials identified the start of the attack on Monday, September 4th, thinking it was a system failure before it became clear it was an attack on the town hall’s data.

Once it became clear it was a cyberattack, 4,000 municipal computers were shut down, leaving police, firefighters, and other government workers to work offline as a precautionary safety measure. In contrast, experts from the National Cryptology Centre and the Spanish telecommunication group, Telefonica, worked to resolve the problem.

Internxt is a cloud storage service based on encryption and privacy.

A representative of digital transformation, Juan Bueno, said in a press conference that no personal information was leaked from the attack, and they will not pay LockBit the one million euro ransom they asked for. Instead, Bueno says they are looking to invest money in securing data for a more secure future online.

Deutsche Leasing, Germany

Deutsche Leasing company is owned by 350 German savings banks and is considered one of Europe’s top 5 leasing providers. In May, they reported a cyberattack on their IT system, causing them to shut down access to the system to prevent data leaks.

The motivations or group behind the attack remain unknown, as no ransom was demanded, however, the data at risk from the attack includes customer and employee names and contact details, passport numbers, tax IDs, CVs, and even bank details.

In response to the data leak, Deutsche Leasing released an in-depth statement of the measures they took to respond to the crisis, including hiring IT forensic analysis experts and commissioning a service provider who scans the dark web to detect data released online by cybercriminals.

In the meantime, Deutsche Leasing encouraged their clients to follow all the excellent conduct we have come to know and love to protect ourselves online, and they emphasized the importance of changing their passwords, setting up multi-factor authentication, and being aware of spam or other fraudulent activities.

MOVEit, Global

MOVEit is a Managed File Transfer (MFT) system used by thousands of organizations across the globe to secure the transfer of sensitive data between partners, customers, users, and systems.

In May 2023, a zero-day vulnerability in the file transferred service kick-started not only the largest data leak of 2023 — but one of the largest in history, with the total number of victims standing at a grand total of...

60,144,069

So far.

The critical vulnerability in the MOVEit software allowed the ransomware and extortion gang, Clop, to access the servers, steal customer data, and orchestrate attacks globally to steal data from major companies, including Shell, British Airways, and the United States Department of Energy.

Although the vulnerability was fixed, the extortion gang Clop is still succeeding in hacking and stealing data. Recently, the French government and unemployment aid office, Pôle emploi, was the victim of a data leak impacting an estimated 10 million people.

The exposed information was limited to full names and social security numbers. The breach did not affect other sensitive information, such as passwords or financial information.

In reaction to the data leak, Pôle emploi clarified that they are continuing to implement additional protection measures and that customers can confidently access their online portal but should remain vigilant of unsolicited communications from unknown sources.

Internxt is a cloud storage service based on encryption and privacy.

How can you avoid data leaks and hacks happening to you?

Taking part in Cyber Awareness Month is an important step to prevent data leaks. 2023’s theme for Cyber Awareness is “Secure Our World,” which demonstrates that cybersecurity doesn’t have to be difficult, and the following simple steps could save your accounts from ransomware gangs:

Week 1. Protect your passwords

Check if your email has leaked on the dark web with Dark Web Monitor and change your passwords to ensure your email and other accounts are secure.

Your passwords are your first and most essential line of defense for your accounts. Use a password generator to create unique passwords resistant to brute force attacks and other hacking software.

Week 2. Turn on Multi-Factor Authentication

Use MFA for all accounts possible, especially those linked to financial information or government accounts. As technology grows, several authentication methods are available, so if a hacker manages to crack your password, they won’t be able to bypass MFA.

Week 3. Recognize and report phishing

Verify the email addresses from senders you don’t know, and never share any personal information via email. If possible, use an encrypted email for secure communication when sharing documents.

Week 4. Update Software

Hackers will target out-of-date software because it has vulnerabilities they can expose, making it easy for them to install malware and steal information. Keep up to date with your device settings to keep an eye out for new updates, and learn the basics of cybersecurity to stay one step ahead of cybercriminals.

A wise man (probably) once said cybersecurity is a journey, not a destination. We must all strive for a future based on privacy and security and help spread the message to keep us all safe from future horror stories.