Skip to main content Skip to footer

The Largest Business Data Breaches in 2023 (So Far)

Recently, we discussed some of the worst data breaches in healthcare for 2023. Unfortunately, the world of cybersecurity continues to be cursed to live in interesting times. Businesses in the United States and around the world remain juicy targets for cybercriminals looking to steal personal data, ransom valuable information, or simply cause havoc. Today, we'll cover some of the largest data breaches of the year for private enterprises thus far. We'll also discuss solutions to this pressing issue, ranging from new security techniques to safe and reliable enterprise PCs.

MOVEit

As of the time of writing, the MOVEit data breach is the largest of the year, with over 60 million known individuals affected across over 1000 different organizations around the world. MOVEit Transfer is a managed file transfer service designed to move large amounts of sensitive data over the Internet, and is used by both private and public entities. Shell, Siemens Energy, City National Bank, Radisson Hotels, and the U.S. Department of Energy are just a few of MOVEit's clients.

They're also just a few of the victims of MOVEit's data breach. The Russian hacker group Clop exploited a zero-day vulnerability to raid MOVEit's servers and steal data within. Clop threatened to release this data to the public if its ransom demands were not met, and began publishing sensitive information on June 14th.

T-Mobile

The cellular service provider has suffered two data breaches in 2023 so far. The first was discovered in January, with an estimated 37 million users affected. Hackers stole personal information such as names, emails, and birthdays. Thankfully, no financial information was compromised, according to T-Mobile's filing with the SEC.

Later in May, a second and much smaller data breach affecting just 836 customers occurred, with phone numbers, PINs, and full names among the data harvested. These two attacks are just the latest in a string of similar incidents for T-Mobile, which has experienced 9 different cyberattacks since 2018.

PeopleConnect Inc

20.2 million users had their personal data leaked after PeopleConnect's user database was breached, with details such as names, emails, and telephone numbers compromised. The company, which provides a service for looking up individuals and conducting background checks, initially disclosed the breach in February of 2023.

In a March update, the company stated that passwords for user accounts had not been decrypted, and that the leak came from a cloud storage location maintained and used by a former service provider it had worked with in 2019.

JD Sports

Shoppers at the fashion retailer JD Sports were alerted to their data potentially being accessed by hackers in January. According to the company, roughly 10 million customers that had placed online orders between November 2018 and October 2020 may have had their billing information, order details, and last four digits of their credit cards accessed.

Zacks Investment Research Inc

Initially, the investment research firm Zacks confirmed in January that they had experienced a breach affecting 820,000 customers between November 2021 and August 2022. Information stolen included names, addresses, and phone numbers.

However, in June of this year, the breach database and notification service, Have I Been Pwned, reported that it had received a database containing information from 8.9 million Zacks users. Worryingly, the database was from 2020, raising questions as to how many malicious actors had access to it in that time. Zacks later confirmed that the database contained information from its customers, but any financial info remained encrypted and safe.

TMX Finance Corporate Services

A provider of consumer lending services, TMX announced in March that it had identified a breach in February, but suspected it may have begun in December 2022. 4.8 million customers were affected, with information such as names, birthdays, passport numbers, and SSNs potentially compromised.

Independent Living Systems, LLC

Despite the breach occurring in July 2022, Independent Living Systems, LLC only notified its customers and partners on March 14th, 2023. A provider of services to managed care organizations, ILS suffered a breach that led to 4.2 million accounts being compromised, with data such as names, addresses, and Social Security Numbers harvested.

As a result, ILS has been struck with several lawsuits, accusing the company of storing data in a reckless and negligent manner, failing to provide adequate notice of the breach, and more.

What Can Companies Do To Protect Themselves?

As these breaches show, cybercriminals aren't planning to stop their attacks any time soon. Here are a few ways businesses can improve their cybersecurity efforts and keep their data from being stolen.

  • Better Employee Training: An estimated 91% of all cyberattacks begin with a phishing email, which depends on an employee opening a malicious attachment or download to gain access to the company's network. Training employees on how to recognize and avoid phishing emails or messages is a critical line of defense against these types of attacks.
  • Identification: Computers and business tablets equipped with biometric, smart card, or RFID readers can help prevent malicious actors from accessing your business's network by only allowing those with the appropriate credentials to log in on your company's devices.
  • Zero Trust Security: Zero trust security is a security paradigm that focuses less on network-based perimeters and more on users, assets, and resources. In a zero trust system, there is no implicit trust granted to devices or user accounts just because they're a part of the network. Essentially, everyone and everywhere is monitored and requires authentication, adding an extra layer of security between every interaction.
  • Legacy Device Protection: Many businesses still use devices that are no longer supported by the original manufacturer. Sadly, this makes them easy targets for hacking attempts, as their cyber security features (if any) are out of date. Business computers with legacy ports, however, can attach to these devices and protect any data they stream.

Closing Thoughts

Data breaches continue to be one of the most pressing concerns for modern businesses in 2023. As more and more commerce is conducted over the Internet, and more and more data is stored in private networks, hackers have more and more incentive to try and break in.

If your company is interested in learning how to protect its data, contact an expert here at Cybernet Manufacturing. Our staff are eager to explain to you how our business computers can help you prevent and minimize data breaches.

Join the conversation and connect with us on this and other relevant topics - Follow us on Facebook, Twitter, and LinkedIn.

About Kyle Johnson

Having earned his Master's in English from Sonoma State University, Kyle works as one of Cybernet’s Content Writers, which has given him the opportunity to learn far more about the healthcare and industrial sectors than he ever expected to. When he isn’t exploring and writing about these topics, he’s usually enjoying life in Orange County or diving into a new book or tabletop game.