Similarly to what I have done in 2022 and 2021, I am collecting the main mega breaches (that is breaches with more than one million records stolen by the attackers and possibly leaked). The information is derived from the cyber attacks timelines that I published, normally, on a bi-weekly basis.
For the sake of readability, the size of the bubbles in the corresponding diagram are in logarithmic scale.
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Geo
Link
Tags
Records Raw
Records
04/01/2023
During 2021
During November 2022
StayMad
Twitter
A threat actor released a data set consisting of 200 million Twitter profiles for approximately $2.
API vulnerability
Information and communication
CC
US
StayMad, Twitter
200,00
200.000.000,00
10/01/2023
-
9/1/2023
?
Undisclosed marketing provider in Japan
The Japanese customers of two large insurance companies, Aflac and Zurich, have their personal information leaked after the breach of a third-party service provider. it is unclear if the breaches are related and the service provider is the same.
Vulnerability in a file transfer server
Finance and insurance
CC
JP
Aflac, Zurich
2,10
2.100.000,00
19/01/2023
Since 25/11/2022
5/1/2023
?
T-Mobile
T-Mobile discloses a new data breach after a threat actor stole the personal information of 37 million current postpaid and prepaid customer accounts through one of its Application Programming Interfaces (APIs).
API Vulnerability
Information and communication
CC
US
T-Mobile
37,00
37.000.000,00
24/01/2023
-
24/1/2023
?
DuoLingo
Language learning platform DuoLingo says it is investigating a post on a hacking forum offering information on 2.6 million customer accounts for $1,500.
Misconfiguration
Education
CC
US
DuoLingo
2,60
2.600.000,00
30/01/2023
.
26/1/2023
?
CommuteAir
A U.S. No Fly list with over 1.5 million records of banned flyers and upwards of 250,000 'selectees' is shared publicly on a hacking forum.
Misconfiguration
Transportation and storage
CC
US
CommuteAir
1,75
1.750.000,00
01/02/2023
01/12/2022
08/12/2022
?
Heritage Provider Network
Multiple medical groups in the Heritage Provider Network in California suffer a ransomware attack, exposing sensitive patient information to cybercriminals.
Malware
Human health and social work
CC
US
Heritage Provider Network, ransomware, Regal Medical Group, Lakeside Medical Organization, A Medical Group, ADOC Acquisition Co ,A Medical Group Inc. & Greater Covina Medical Group
3,30
3.300.000,00
03/02/2023
-
21/02/2023
?
PeopleConnect
PeopleConnect, the owners of the TruthFinder and Instant Checkmate background check services, confirm they suffered a data breach after hackers leaked a 2019 backup database containing the info of 20 millions of customers.
Inadvertent leak
Professional, scientific and technical
CC
US
PeopleConnect, TruthFinder, Instant Checkmate
20,00
20.000.000,00
08/02/2023
During February 2023
06/02/2023
IntelBroker
Weee!
The Weee! Asian and Hispanic food delivery service suffers a data breach exposing the personal information of 1.1 million customers.
Unknown
Accomodation and food service
CC
US
Weee!
1,10
1.100.000,00
10/02/2023
-
06/01/2023
IntelBroker
AT&T
A threat actor named IntelBroker claims to have found a third-party vendor’s unsecured cloud storage containing 37 million AT&T client records. The threat actor shares a sample of 5 million records.
Misconfiguration
Information and communication
CC
US
IntelBroker, AT&T
37,00
37.000.000,00
10/02/2023
-
27/01/2023
IntelBroker
Verizon
IntelBroker leaks a database, allegedly from Verizon, for free, containing 7.5 million clients’ records, only first names, device types (Apple or Android), and service plans. Verizon verified that the data leak was legitimate and originated from a vendor which creates videos to assist clients.
Unknown
Information and communication
CC
US
IntelBroker, Verizon
7,50
7.500.000,00
13/02/2023
-
-
?
Community Health Systems
Community Health Systems estimates that 1 million patients have been impacted by the GoAnywhere breach.
CVE-2023-0669 Vulnerability
Human health and social work
CC
US
Community Health Systems, GoAnywhere, CVE-2023-0669
1,10
1.100.000,00
16/02/2023
Between 28/10/2021 and 31/10/2021
-
?
MySejahtera
The personal information of three millions of MySejahtera users is exposed after an account authorised for vaccine administration stole data from three million vaccine recipients.
Account Takeover
Human health and social work
CC
MY
MySejahtera
3,00
3.000.000,00
20/02/2023
During December 2022
20/02/2023
UNIT82
RailYatri
RailYatri, a popular Indian train ticket booking platform, suffers a massive data breach that exposes the personal information of over 31 million (31,062,673) users/travellers.
Unknown
Transportation and storage
CC
IN
RailYatri, UNIT82
31,00
31.000.000,00
01/03/2023
28/02/2023
28/02/2023
?
Unknown target(s)
Researchers from Cyble reveal that the carding marketplace known as BidenCash has leaked online a free database of 2,165,700 debit and credit cards in celebration of its first anniversary.
Unknown
Finance and insurance
CC
>1
Cyble, BidenCash
2,17
2.165.700,00
06/03/2023
During Januay 2023
-
?
Undisclosed marketing vendor
AT&T notifies roughly 9 million customers that some of their information was exposed after a marketing vendor was hacked in January.
Unknown
Administration and support service
Cyber Crime
US
AT&T
9,00
9,00
08/03/2023
-
-
Kernelware
HDB Financial Services
A hacker using the alias Kernelware leaks 7.5 GB of customer data with over 72 million entries belonging to HDB Financial Services, a subsidiary of India’s largest private bank, HDFC Bank.
Unknown
Finance and insurance
CC
IN
Kernelware, HDB Financial Services, HDFC Bank
72,00
72.000.000,00
14/03/2023
Between 30/06/2022 and 05/07/2022
05/07/2022
?
Independent Living Systems (ILS)
Independent Living Systems (ILS), a Miami-based healthcare administration and managed care solutions provider, discloses a data breach that exposed the personal information of 4,226,508 individuals.
Unknown
Human health and social work
Cyber Crime
US
Independent Living Systems, ILS
4,23
4.226.508,00
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Geo
Link
Tags
Records Raw
Records
Enjoy the data, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.
I am starting a new project to track cloud-native threats, similarly to what I have done in 2020, with an interactive timeline. As soon as I collect more data I will start to generate some statistics.