Craig Pepper
December 6, 2023
7 Min Read

The Year In Data Breaches



What happened? 

A hacker known as ‘Ryushi’ leaked more than 220 million users’ email address. The hacker initially demanded $200,000 to hand over or delete the stolen information. After presumably being rebuffed by Twitter, the hacker put the data up for sale on the hacking forum Breached.

What information was viewed or stolen? 

The leaked data primarily consisted of email addresses. Many people can be easily identified by their email address, particularly if they use their name or the name of their business. This could be particularly troublesome for celebrities and other high-profile figures.

What was the aftermath? 

The cybercrime intelligence firm Hudson Rock was the first to raise the alarm about the sale of the data Alon Gal, the organization’s co-founder, believes that the damage could extend beyond simple cybercrime. He warned that the database could be used by hackers, political hacktivists, and governments to harm privacy.

1. theguardian 2. cnn 3. dataconomy 4. thenewstack


PeopleConnect, the organisation behind the background check services TruthFinder and Checkmate

What happened? 

PeopleConnect’s research showed that the data breach came from within the company’s systems. This means that an employee intentionally either sold the information to a hacker or had access to the deep net on their own. There was speculation that the leak was accidental, but it is impossible to stumble upon the dark web accidentally.

What information was viewed or stolen? 

The unauthorized party leaked the personal information of 20.22 million people from a 2019 backup database. The database included the names, emails, phone numbers, hashed passwords, and old password reset tokens of Instant Checkmate and TruthFinder subscribers. The only members affected were those who signed up for or used the service between 2011 and 2019.

How did PeopleConnect admit to the breach? 

PeopleConnect posted notices onto TruthFinder and Instant Checkmate. “We have confirmed that the list was created several years ago and appears to include all customer accounts created between 2011 and 2019,” read the notes.

What will become of the stolen information? 

The stolen information is already being sold. The details were posted to a dark web forum on January 21, 2023, and have been there since.

1. itgovernance 2. idstrong


AT&T, a major telecommunications company.

What happened?

AT&T notified approximately 9 million customers that their data had been exposed following an attack on a third-party vendor. The vendor’s name was not disclosed.

What information was viewed or stolen? 

The breached records included people’s names, wireless account numbers, phone numbers, and email addresses. AT&T reported that more sensitive data, such as payment card numbers, Social Security numbers, and passwords, were not affected. However, in a small percentage of cases, customers’ rate plan names, past due sums, monthly payment amounts, and other account data were impacted.

What was the aftermath? 

AT&T was quick to point out that the incident involved a vendor and that its own systems were unaffected. The company confirmed that the vendor has since addressed whatever security shortcoming led to the breach. AT&T also recommended customers add “extra security” password protection to compromised accounts, which comes at no charge.

1. news.trendmicro 2. searchenginejournal 3. analyticsindiamag 4. techxplore 5. wired


Shields Health Care Group, a medical services provider

What happened? 

Shields identified suspicious activity on its internal network in March 2023. An investigation conducted last month revealed that cybercriminals had gained unauthorized access to the organization’s systems.

What information was viewed or stolen? 

The sensitive information stolen included patients’ Social Security numbers, dates of birth, home addresses, healthcare provider information, healthcare history, billing information, insurance numbers, and other financial details. The breach affected 2.3 million individuals.

What was the aftermath? 

Shields said in a statement that they take the “confidentiality, privacy, and security of information seriously” and have taken steps to secure their systems and enhance data security.

1. cybermagazine 2. shields 3. idstrong


Luxottica, a major eyewear company, experienced a significant data breach. 

What happened? 

The breach was a result of a cyber-attack. The data of more than 70 million customers in the United States and Canada was stolen after a data breach impacting one of its partners in 2021. The stolen data was initially offered for sale on the Breached hacking forum but was later leaked in its entirety for free.

What information was viewed or stolen? 

The compromised data included full names, email addresses, home addresses, and dates of birth of customers.

What was the aftermath? 

Luxottica notified the FBI and the Italian police, and an investigation is ongoing. The website holding the material has been taken down, and its proprietor is in custody.

1. theregister 2. healthitsecurity 3. hipaajournal



What happened? 

More than 100,000 ChatGPT account credentials were stolen and sold on dark web marketplaces. The majority of the breached ChatGPT credentials were obtained through the Raccoon information-stealing malware, which extracts sensitive data from victims’ browsers and cryptocurrency wallets.

What information was viewed or stolen?

The compromised data included usernames and passwords. There is also concern that users may have reused passwords, enabling hackers to potentially access other accounts and steal corporate data.

Who was responsible? 

The alleged developer of Raccoon, Mark Sokolovsky, was arrested, but new versions of the malware have emerged. It is estimated that around one million individuals fell victim to Raccoon by the end of 2022, with booby-trapped emails being the most common attack method.

What was the aftermath? 

OpenAI, the creator of ChatGPT, confirmed that a bug in the AI’s source code resulted in a breach of sensitive data. The vulnerability was in the Redis memory database, which OpenAI uses to store user information. Actors were able to access the open-source library and view users’ chat history. Furthermore, approximately 1.2% of ChatGPT Plus subscribers who were active on March 20th may have had payment information compromised due to the bug. The incident exposed names, email addresses, payment addresses, credit card types, and the last four digits of credit card numbers. OpenAI has stated that the number of affected users was very low and that the vulnerability was patched shortly after discovery. The company has assured users that there is no ongoing risk to users’ data.

1. wired 2. the guardian



What happened? 

The breach was a result of unauthorized access to Roblox’s systems. The data of attendees of the 2017-2020 Roblox Developers Conferences was exposed.

What information was viewed or stolen? The leaked list contained 4,000 unique email addresses, alongside personal details such as names, usernames, dates of birth, phone numbers, physical and IP addresses.

What was the aftermath? 

Roblox is aware of the security issue and has engaged independent experts to support the investigation led by their information security team. Those who are impacted will receive an email communicating the next steps Roblox is taking to support them.

1. itgovernance


The UK Electoral Commission, an independent body that oversees elections in the UK

What happened? 

The Commission identified the incident in October 2022 after detecting suspicious activity on its systems that dated back to August 2021. Attackers were able to access Electoral Commission servers that held emails, control systems, and reference copies of the electoral registers of those registered to vote in the UK between 2014 and 2022, as well as overseas voters.

What information was viewed or stolen? 

Electoral registers contain voters’ names, addresses, and the date on which they achieve voting age that year. Personal data contained in the Commission’s compromised email system included names, email addresses, home addresses, and telephone numbers, as well as other personal data that might have been submitted as part of webforms or emails.

What was the aftermath? 

A whistleblower told the BBC that the Commission had failed a Cyber Essentials audit around the time the attackers gained access to its systems. Although there’s no evidence to suggest that the attackers exploited any vulnerability associated with this audit failure, the failure itself is indicative that security at the Commission was not what it ought to have been. The Commission has confirmed that it has still not passed.

1. the guardian 2. infosecurity-magazine



What happened?

Since May, mass exploitation of a vulnerability in the widely-used file transfer software MOVEit has allowed cybercriminals to steal data from a dizzying array of businesses and governments, including Shell, British Airways, and the United States Department of Energy. Progress Software, which owns MOVEit, patched the flaw at the end of May, and broad adoption of the fix ultimately halted the rampage. But the “Clop” data extortion gang had already orchestrated a far-reaching smash and grab.

What information was viewed or stolen?

The data posted in the samples includes files pertaining to big restaurant chains, SevenRooms clients, promo codes, payment reports, reservation lists, and API keys. The scale of the MOVEit breach remains unquantified, but some estimates now put the number of affected organizations at over 2,000 and the number of individual victims at over 60 million.

What was the aftermath?

The MOVEit team has worked with industry experts to investigate the May 31 incident. Cybersecurity and Infrastructure Security Agency (CISA), CrowdStrike, Mandiant, Microsoft, Huntress, and Rapid7 have assisted with incident response and ongoing investigations. Cyber industry experts have credited the MOVEit team for its response and handling of the incident by quickly providing patches, as well as regular and informative advisories that helped support rapid remediation.

1. wired 2. siliconrepublic 3. fiercehealthcare


23andMe, a consumer genetics and research company

What happened?

The breach was a result of credential stuffing attacks Initially, 1 million data packs of Ashkenazi Jews were leaked on a hacking forum. Later, an additional 4.1 million genetic data profiles of UK and German residents were added.

What information was viewed or stolen?

The compromised data included usernames, full names, profile pictures, date of birth, genetic ancestry results, and geographical location.

What was the aftermath?

The threat actor claims to have 20 million 23andMe data records in their possession, suggesting that further data leaks are likely 23andMe confirmed the breach but denied it was an internal attack. The company stated that the preliminary results of the investigation suggest that the login credentials used in these access attempts may have been gathered by a threat actor from data leaked during incidents involving other online platforms where users have recycled login credentials.

1.the register 2. how to geek



What happened?

Samsung admitted that hackers accessed the personal data of UK-based customers during a year-long breach of its systems The breach was a result of a hacker exploiting a vulnerability in a third-party business application.

What information was viewed or stolen?

The affected data may have included customers’ names, phone numbers, addresses, and email addresses However, Samsung assured that no financial data, such as bank or credit card details or customer passwords, were impacted.

What was the aftermath?

Samsung reported the issue to the UK’s Information Commissioner’s Office (ICO) The company was recently alerted to the security incident and stated that it resulted in certain contact information of some Samsung UK e-store customers being unlawfully obtained.

1. itgovernance2.

These incidents show the importance of robust cybersecurity measures and the potential consequences of lapses in data protection. It’s always important to stay vigilant and protect data online. If you believe you or your organisation may have been affected by any breaches, it’s recommended to monitor your accounts for any suspicious activity and change your passwords as a precautionary measure.

Empowering Your Cybersecurity Journey with Periculo

At Periculo, we recognise the evolving nature of cyber threats and offer tailored solutions to address your cybersecurity needs effectively. Here are just 3 of our services that would help:

Cyber Essentials: A foundational certification guiding you in safeguarding against common cyber threats—an essential starting point for businesses of any size.

Cyber Essentials Plus: An advanced certification providing a more detailed assessment, instilling confidence and assurance in your cybersecurity measures.

Penetration Testing: A proactive service involving simulated cyber attacks to identify and rectify vulnerabilities—a crucial cybersecurity check-up for your system.

Unlocking Additional Value with Periculo

Enhance your cybersecurity by signing up for our FREE partnership package, gaining access to a suite of resources tailored to fortify your defences.

Basic Training: Equip yourself and your team with fundamental cybersecurity knowledge, empowering you to recognize and mitigate potential threats effectively.

Templates: Customize cybersecurity policies and procedures effortlessly with our provided templates, streamlining your cybersecurity processes.

Security Wiki: Access an extensive database of cybersecurity information, staying informed about the latest best practices and emerging threats.

Cyberline Phishing QR Code Sticker: An innovative tool to test employee awareness of phishing attacks—utilize this sticker with a QR code leading to a simulated phishing website, reinforcing a culture of caution.

Free Vulnerability Scan: Experience a complimentary scan of your system, providing insights into potential weaknesses—a practical trial of our penetration testing service.

Don't hesitate to secure your business's future. Sign up for our free partnership package today, and embark on a journey toward a safer and more secure digital landscape. Your business deserves nothing less.

Read similar blogs