Saturday , September 14 2024

41.9m records compromised by cyber breaches in March 2023

IT Governance has released its monthly analysis of the latest data breaches and cyberattacks in March 2023.

In March 2023, 41.9 million records were compromised by cyberattacks across the world, according to IT Governance, a global provider of cyber risk and privacy management solutions. IT Governance also identified 100 publicly disclosed security incidents, which is up from 29.5 million breached records and 106 publicly disclosed security incidents in February. These March statistics also follow an upwards year-on-year trend, with a 951% increase since March 2022.

Three of the biggest data breaches that occurred in March 2023 impacted; Latitude Financial, Go Anywhere and AT&T.

CISA unveils 25 new advisories for Industrial Control Systems

CISA issued 25 ICS advisories on September 12, 2024, detailing current security issues, vulnerabilities, and exploits in Industrial Control Systems....
Read More
CISA unveils 25 new advisories for Industrial Control Systems

Intel Issues Alert on 20+ Vulnerabilities, Urges Firmware Updates

Intel announced over 20 vulnerabilities in its processors and products in security advisories released on Tuesday. The chip giant has...
Read More
Intel Issues Alert on 20+ Vulnerabilities, Urges Firmware Updates

Urgent: GitLab Patches flaws allowing unapproved pipeline Job Execution

GitLab released security updates on Wednesday to fix 17 vulnerabilities, including a critical issue that lets attackers run pipeline jobs...
Read More
Urgent: GitLab Patches flaws allowing unapproved pipeline Job Execution

Fortinet admits data breach after hacker claims to steal 440GB

Fortinet confirmed a data breach after a threat actor claimed to have stolen 440GB of files from its Microsoft SharePoint...
Read More
Fortinet admits data breach after hacker claims to steal 440GB

Gov.t issues high alert on android devices

Indian Computer Emergency Response Team (CERT-In) issued a high-severity alert for android devices on September 11, 2024 highlighting the vulnerabilities...
Read More
Gov.t issues high alert on android devices

TD Bank fined $28 million for sharing customer data

Because of disclosing incorrect and negative data, The Consumer Financial Protection Bureau (CFPB) on Wednesday fined TD Bank, one of...
Read More
TD Bank fined $28 million for sharing customer data

Global-Cybersecurity-Index
Bangladesh secure role-model position by ITU

Bangladesh secure prestigious role-model position in the latest ITU cyber security index published by ITU. Bangladesh ranks among the top...
Read More
Global-Cybersecurity-Index  Bangladesh secure role-model position by ITU

New RansomHub Attack Kill Kaspersky’s TDSSKiller To Disable EDR

Threatdown Managed Detection and Response (MDR) team has discovered the RansomHub ransomware gang using a new attack method wityh two...
Read More
New RansomHub Attack Kill Kaspersky’s TDSSKiller To Disable EDR

Not Enough, Say Experts
India set to train 5000 ‘Cyber Commandos’

India is to make 5,000 cyber commandos over the next five years to deal with cybercrimes in India, said Home...
Read More
Not Enough, Say Experts  India set to train 5000 ‘Cyber Commandos’

Researcher detect 21 New Ransomwares in August

In August, Cybersecurity researchers identified 21 new ransomware variants that threaten indivisual and business. Cybercriminals are improving their tactics, making...
Read More
Researcher detect 21 New Ransomwares in August

Latitude Financial suffered the largest data breach of March 2023, with more than 14 million records being compromised. It was reported that cyber criminals captured several different types of data including almost 8 million drivers’ licences, 53,000 passport numbers, dozens of monthly financial statements, and an additional 6 million records dating back to “at least 2005” were also compromised in the attack – the source of which is not yet known.

Latitude Financial have been scrutinised for their apparent poor understanding of the attack, as the business originally reported that only 300,000 people had been affected.

The file transfer service GoAnywhere found a vulnerability which enabled cyber criminals to exploit dozens of organisations that use the tech. As more information about the major attack becomes available, some reports estimate the number of organisations that have been targeted at as many as 130. The victim in each instance has claimed that the breach was caused by the GoAnywhere MFT remote code execution vulnerability.

The telecoms giant AT&T has notified approximately 9 million customers that their personal data has been exposed in a data breach. AT&T reported that the breached records include people’s names, wireless account numbers, phone numbers and email addresses. It’s confident that more sensitive data, such as payment card numbers, Social Security numbers and passwords, have not been affected.

Although it claimed that the data was “several years old,” AT&T acknowledged that, in ” a small percentage” of cases, customers’ rate plan names, past due sums, monthly payment amounts, and other account data were impacted. AT&T was quick to point out that the incident involved a vendor and that its own systems were unaffected. The vendor’s name was omitted.

Here is a condensed list of the four categories which IT Governance outlines as part of its monthly data breaches analysis, and includes the following organisations:

·Cyber-attacks – GoAnywhere, WHSmith, HDFC Bank, Acer, AT&T, NorthStar, Latitude Financial, India’s department of health and Ferrari.

  • Ransomware – Hitachi Energy, Hatch Bank, Crown Resorts, Procter & Gamble and Northeast Surgical Group.

·Data breaches – ChatGPT, Sentara Health, UNC, Kroger and Nebu.

·Malicious insiders and miscellaneous incidents – Asante, Cerebral Inc., Beacon Health System, OU Health and Canberra Health Services.

Alan Calder, Founder and Chairman of IT Governance says: “Compared to March 2022, in March 2023 we have seen a 951% increase in compromises, and a 42% increase from February 2022. The current trend in data breaches is towards organisations with large consumer databases, whilst ex-employees are proving to be the most active with regards to malicious incidents.

“Many detrimental effects, such as monetary losses, legal liability, reputational harm, and a loss of customer trust, can arise from a data breach. Organisations must adhere to ISO 27001 and should have Data Breach Retainers in place to improve their security and defend against attacks. This provides a systematised framework for handling sensitive data, a multi-layered approach to security, and quick response and recovery in the case of a breach.

“March’s analysis clearly demonstrates that it’s more important than ever for organisations to implement a cyber defence in depth approach to security. This will ensure they prepared for the inevitable, and are ready to respond to attacks quickly, adequately, and effectively. As demonstrated by the biggest data breach which occurred last month with Latitude Financial, organisations must have a strong response plan in place, in order to retain trust with their customers and for their brand reputation as a whole.”

Check Also

Data center

How Malaysia’s Data Centre Industry Poised for Growth

Malaysia is quickly becoming a leading choice for investing in data centers. It aims to …

Leave a Reply

Your email address will not be published. Required fields are marked *