The Biggest Data Breaches of 2023

Last modified: March 24, 2023

BREACHES

0 M

RECORDS LEAKED

BREACHES

0 M

RECORDS LEAKED

Follow @paulsparrows

Connect on Linkedin

Similarly to what I have done in 2022 and 2021, I am collecting the main mega breaches (that is breaches with more than one million records stolen by the attackers and possibly leaked). The information is derived from the cyber attacks timelines that I published, normally, on a bi-weekly basis.

For the sake of readability, the size of the bubbles in the corresponding diagram are in logarithmic scale.

Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Geo	Link	Tags	Records Raw	Records
04/01/2023	During 2021	During November 2022	StayMad	Twitter	A threat actor released a data set consisting of 200 million Twitter profiles for approximately $2.	API vulnerability	Information and communication	CC	US		StayMad, Twitter	200,00	200.000.000,00
10/01/2023	-	9/1/2023	?	Undisclosed marketing provider in Japan	The Japanese customers of two large insurance companies, Aflac and Zurich, have their personal information leaked after the breach of a third-party service provider. it is unclear if the breaches are related and the service provider is the same.	Vulnerability in a file transfer server	Finance and insurance	CC	JP		Aflac, Zurich	2,10	2.100.000,00
19/01/2023	Since 25/11/2022	5/1/2023	?	T-Mobile	T-Mobile discloses a new data breach after a threat actor stole the personal information of 37 million current postpaid and prepaid customer accounts through one of its Application Programming Interfaces (APIs).	API Vulnerability	Information and communication	CC	US		T-Mobile	37,00	37.000.000,00
24/01/2023	-	24/1/2023	?	DuoLingo	Language learning platform DuoLingo says it is investigating a post on a hacking forum offering information on 2.6 million customer accounts for $1,500.	Misconfiguration	Education	CC	US		DuoLingo	2,60	2.600.000,00
30/01/2023	.	26/1/2023	?	CommuteAir	A U.S. No Fly list with over 1.5 million records of banned flyers and upwards of 250,000 'selectees' is shared publicly on a hacking forum.	Misconfiguration	Transportation and storage	CC	US		CommuteAir	1,75	1.750.000,00
01/02/2023	01/12/2022	08/12/2022	?	Heritage Provider Network	Multiple medical groups in the Heritage Provider Network in California suffer a ransomware attack, exposing sensitive patient information to cybercriminals.	Malware	Human health and social work	CC	US		Heritage Provider Network, ransomware, Regal Medical Group, Lakeside Medical Organization, A Medical Group, ADOC Acquisition Co ,A Medical Group Inc. & Greater Covina Medical Group	3,30	3.300.000,00
03/02/2023	-	21/02/2023	?	PeopleConnect	PeopleConnect, the owners of the TruthFinder and Instant Checkmate background check services, confirm they suffered a data breach after hackers leaked a 2019 backup database containing the info of 20 millions of customers.	Inadvertent leak	Professional, scientific and technical	CC	US		PeopleConnect, TruthFinder, Instant Checkmate	20,00	20.000.000,00
08/02/2023	During February 2023	06/02/2023	IntelBroker	Weee!	The Weee! Asian and Hispanic food delivery service suffers a data breach exposing the personal information of 1.1 million customers.	Unknown	Accomodation and food service	CC	US		Weee!	1,10	1.100.000,00
10/02/2023	-	06/01/2023	IntelBroker	AT&T	A threat actor named IntelBroker claims to have found a third-party vendor’s unsecured cloud storage containing 37 million AT&T client records. The threat actor shares a sample of 5 million records.	Misconfiguration	Information and communication	CC	US		IntelBroker, AT&T	37,00	37.000.000,00
10/02/2023	-	27/01/2023	IntelBroker	Verizon	IntelBroker leaks a database, allegedly from Verizon, for free, containing 7.5 million clients’ records, only first names, device types (Apple or Android), and service plans. Verizon verified that the data leak was legitimate and originated from a vendor which creates videos to assist clients.	Unknown	Information and communication	CC	US		IntelBroker, Verizon	7,50	7.500.000,00
13/02/2023	-	-	?	Community Health Systems	Community Health Systems estimates that 1 million patients have been impacted by the GoAnywhere breach.	CVE-2023-0669 Vulnerability	Human health and social work	CC	US		Community Health Systems, GoAnywhere, CVE-2023-0669	1,10	1.100.000,00
16/02/2023	Between 28/10/2021 and 31/10/2021	-	?	MySejahtera	The personal information of three millions of MySejahtera users is exposed after an account authorised for vaccine administration stole data from three million vaccine recipients.	Account Takeover	Human health and social work	CC	MY		MySejahtera	3,00	3.000.000,00
20/02/2023	During December 2022	20/02/2023	UNIT82	RailYatri	RailYatri, a popular Indian train ticket booking platform, suffers a massive data breach that exposes the personal information of over 31 million (31,062,673) users/travellers.	Unknown	Transportation and storage	CC	IN		RailYatri, UNIT82	31,00	31.000.000,00
01/03/2023	28/02/2023	28/02/2023	?	Unknown target(s)	Researchers from Cyble reveal that the carding marketplace known as BidenCash has leaked online a free database of 2,165,700 debit and credit cards in celebration of its first anniversary.	Unknown	Finance and insurance	CC	>1		Cyble, BidenCash	2,17	2.165.700,00
06/03/2023	During Januay 2023	-	?	Undisclosed marketing vendor	AT&T notifies roughly 9 million customers that some of their information was exposed after a marketing vendor was hacked in January.	Unknown	Administration and support service	Cyber Crime	US		AT&T	9,00	9,00
08/03/2023	-	-	Kernelware	HDB Financial Services	A hacker using the alias Kernelware leaks 7.5 GB of customer data with over 72 million entries belonging to HDB Financial Services, a subsidiary of India’s largest private bank, HDFC Bank.	Unknown	Finance and insurance	CC	IN		Kernelware, HDB Financial Services, HDFC Bank	72,00	72.000.000,00
14/03/2023	Between 30/06/2022 and 05/07/2022	05/07/2022	?	Independent Living Systems (ILS)	Independent Living Systems (ILS), a Miami-based healthcare administration and managed care solutions provider, discloses a data breach that exposed the personal information of 4,226,508 individuals.	Unknown	Human health and social work	Cyber Crime	US		Independent Living Systems, ILS	4,23	4.226.508,00
Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Geo	Link	Tags	Records Raw	Records

Enjoy the data, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

2022 Cyber Attacks Statistics
And finally I have aggregated all the data collected in 2022 from the cyber attacks timelines. In the past year I have collected 3074 events...
Leaky Buckets in 2022
Similarly to what I have done in 2021, I am now collecting the incidents due to cloud misconfigurations and leading to the exposure of data.
The Biggest Data Breaches of 2021
With this new project I am going to track the biggest data breaches of 2021 extracted from my cyber attack timelines.
2020 Cyber Attacks Statistics
As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.
Cloud-Native Threats in 2021
I am starting a new project to track cloud-native threats, similarly to what I have done in 2020, with an interactive timeline. As soon as I collect more data I will start to generate some statistics.