The year 2023 has seen a steep rise in different cybersecurity attacks and data breaches, and it doesn’t seem to cease any time soon. Statistics have frightening and alarming figures about data breaches that one can not fathom in their ordinary senses. Numbers have indicated that the average total cost of data breaches in 2022 was $4.35 million, according to IBM, and the overall cost of a data breach market is expected to reach $10.5 trillion by 2025. With this, we’ll see the latest major data breaches and how to protect yourself against them.
Latest Major Data Breaches and How to Protect Yourself
Every day, hundreds of companies across the globe are targeted by different methods leveraged by cybercriminals; not all are mentioned here. However, this list provides an idea of the impact caused to the organization, its customers, and clients and how to protect yourself. Without wasting any more time, hang on to know more.
Okta Data Breach August 2023
The Okta data breach affected 134 customers, enabling hackers to steal session tokens that can hijack customer logins. By accessing the customer support system of Okta, all the tickets pertaining to their clients were exposed in the attack. Based on the investigation, Okta confirmed that an employee’s credentials were stolen which were saved on a work device.
Affected Users: The stolen HAR files containing session tokens affected Okta’s current and former 134 client base.
How to Protect Yourself?
In the event of a data breach, it is best to alert the organization immediately to avoid severe impacts. Employees must be educated about keeping their personal logins separate from official devices with sensitive data. Additionally, keeping transparent responses to the clients and stakeholders about the incident investigation is critical.
Boeing Data Breach by LockBit 3.0 Ransomware Group November 2023
Around 50 GB of data was exposed by the Lockbit 3.0 ransomware group after Boeing failed to respond to the ransom demands. Based on the data exposed by the group, various sensitive logins were found to be compromised, along with corporate emails. The group has been active since 2020, with over three versions released, and stands to be a highly organized group of cybercriminals with the most victims.
How to Protect Yourself?
In case of a ransomware attack, paying ransom is never an option. If the systems are disrupted from their normal functioning, restoring through a backup as soon as possible and having an incident response team in place is essential. A good EDR (Endpoint Detection and Response Solution) can alert the latest malware samples in the network and quarantine them before contamination.
Uber Data Breach September 2023
Uber had multiple series of data breaches since 2022. Initially, a hacker had purchased compromised credentials from a dark web marketplace of an Uber employee and further social engineered to bypass multi-factor authentication. Taking advantage of the privileges gained, the hacker managed to steal the digital infrastructure of Uber and claimed to be the perpetrator of the breach on Uber’s Slack channel. In 2023, all the driver’s databases of Uber were compromised due to a third-party vendor breach.
Affected Users: Driver’s PII information such as names, email addresses, and phone numbers.
How to Protect Yourself?
An important takeaway is that if an organization has suffered an incident recently, it doesn’t necessarily imply that it’ll not be targeted in the future. Such organizations steadily stay on the radar of cybercriminals, enabling them to hunt for more vulnerabilities. Organizations should ensure regular log monitoring and investigation of anomalies. Two more threat mitigation actions to be followed are frequent vulnerability assessments and employee awareness of sharing personal information.
LastPass Data Breach August 2023
LastPass was targeted, causing massive security incidents in August and November 2022. Also, LastPass was allegedly linked with an enormous cryptocurrency heist that has been operational since December 2022. This was allegedly achieved by a security vulnerability in one of the developer’s devices working for LastPass. This device contained a vulnerable third-party software package. By February 2023, the company disclosed encrypted vaults being stolen from specific users over 25 million users.
Affected Users: Employees and customer base of LastPass.
How to Protect Yourself?
A data breach incident might be a starting point for a bigger heist. Thus, employees and customers should regularly practice cyber hygiene to keep devastating risks at bay. All the devices must be periodically checked for any backdoor or malware presence. Additionally, all the software must be updated to their recent versions to mitigate any security vulnerability.
Airbus Data Breach September 2023
Dark web forums recently surfaced with claims where hackers have mentioned breaching Airbus. This indirectly affected their vendors, such as Rockwell Collins and Thales. This hacker was part of an extortion group who have wildly targeted other companies, such as the FBI. While advertising the data of Airbus, the hacker claimed to have compromised Turkish airline access, which gave privileges to Airbus.
Affected Users: Customers had their personally identifiable information exposed in this breach.
How to Protect Yourself?
This data breach incident is an alarming reminder to check with frequent vendor security updates. Companies should ensure that any malicious activity should be reported on time, and regular password resetting policies should be stringently implemented.
MGM Data Breach October 2023
A famous group called Scattered Spider, associated with the notorious ransomware group BlackCat/AlphV, claimed to have hacked MGM in October 2023. The attackers could steal SSNs (Social Security Numbers) in this massive casino hack. Additionally, various digital systems, such as hotel key cards and websites, were offline due to unreasonable disruptions.
The attackers further explained that they exploited the publicly available information to conduct a social engineering attack on the company, leading to the most massive campaign in history.
Cost of Breach: $100 Million
Affected Users: Having accounts before March 2019 with MGM casinos.
How to Protect Yourself?
Users should not reveal their sensitive data anywhere online to safeguard them from social engineering attacks. Every call, message, and email sent should be verified for legitimacy by the sender.
Attachments and links from untrusted sources should not be clicked and downloaded, as they may contain malicious software intended to spread and disrupt the network. Additionally, employees should be aware of the standard phishing techniques to reduce the risk.
Taking Every Incident Into Account
Here we are concluding the article on the latest significant data breaches and how to protect yourself; it can be quite summarized that hackers have made every attempt to shake organizations regarding finance and reputation. They are also heavily penalized and sued for legal actions depending on the laws of different regions due to compliance failure or breach of customer privacy.
The data breaches listed above are just a few examples of the many that have occurred in 2023. The proper steps taken by individuals can help mitigate the risk of being compromised.
Following are some steps one can follow to be safe from cyber attacks:
- Identify, Avoid, and Report Social Engineering Attempts
- Run Regular Scans on all the internet-connected devices
- Identify a website’s and email’s legitimacy
- Use safety policies
- Never Ignore Anomalies
We hope you liked this article and find it informative. Do let us know what you think in the comments.
Author Bio: This article has been written by Rishika Desai, B.Tech Computer Engineering graduate with 9.57 CGPA from Vishwakarma Institute of Information Technology (VIIT), Pune. Currently works as Cyber Threat Researcher at CloudSEK. She is a good dancer, poet and a writer. Animal love engulfs her heart and content writing comprises her present. You can follow Rishika on Twitter at @ich_rish99.