Major Data Breaches of 2023: A Year of Reckless Security and Accountability

Elliot Kim

Elliot Kim

December 26, 2024 · 4 min read
Major Data Breaches of 2023: A Year of Reckless Security and Accountability

In a year marked by devastating cyberattacks and data breaches, 2023 will be remembered as a stark reminder of the importance of robust security measures and accountability. From genetic testing giant 23andMe to healthcare tech company Change Healthcare, this year's list of major data breaches is a sobering testament to the recklessness of corporate giants and the devastating consequences of their actions.

One of the most egregious examples is 23andMe, which lost the genetic and ancestry data of close to 7 million customers due to a brute-force attack on thousands of accounts. Instead of taking responsibility, the company blamed its users for not securing their accounts sufficiently. This move was met with widespread criticism, including from lawyers representing the affected users and U.K. and Canadian authorities, who launched a joint investigation into the breach. The company's financial future is now uncertain, and the security of its vast bank of customer genetic data remains a concern.

Change Healthcare, a healthcare tech company, suffered a cyberattack in February that forced it to shut down its entire network, causing widespread outages across the U.S. healthcare system. The company's handling of the hack was heavily criticized, and it eventually paid a ransom of $22 million to the hackers. It took until October for the company to reveal that over 100 million people had their private health information stolen in the attack.

In the U.K., a ransomware attack on Synnovis, a provider of pathology services, disrupted healthcare services for months. The attack, claimed by the Qilin ransomware group, left patients unable to get blood tests, and thousands of outpatient appointments and surgical procedures were cancelled. Experts say the attack could have been prevented if two-factor authentication had been in place. The incident has had an "alarming impact" on staff, who have been forced to work additional hours without access to essential computer systems.

Cloud computing giant Snowflake found itself at the center of a series of mass hacks targeting its corporate customers, including AT&T, Ticketmaster, and Santander Bank. The hackers broke in using login details stolen by malware, and Snowflake's lack of mandated multi-factor security allowed them to steal vast banks of data. Snowflake later rolled out multi-factor-by-default to its customers, but the incident highlights the importance of robust security measures.

In a bizarre incident, the city of Columbus, Ohio sued a security researcher for truthfully reporting on a ransomware attack. The city's mayor had reassured residents that stolen city data was "either encrypted or corrupted," but the researcher found evidence that the ransomware crew had access to residents' data, including Social Security numbers and driver's licenses. The city's move was seen as an effort to silence the researcher rather than remediate the breach.

A 30-year-old backdoor law came back to haunt this year after hackers, dubbed Salt Typhoon, were discovered in the networks of some of the largest U.S. phone and internet companies. The hackers accessed real-time calls, messages, and communications metadata of senior U.S. politicians and high-ranking officials. The incident highlights the risks of outdated laws and the importance of robust security measures.

MoneyGram, the U.S. money transfer giant, was hit by hackers in September, resulting in the theft of customer data, including Social Security numbers and government identification documents. Despite confirming the incident, the company has yet to disclose how many customers were affected or how many it has directly notified.

Finally, U.S. retail giant Hot Topic suffered a massive breach of 57 million customer records, but has yet to publicly confirm the incident or alert customers or state offices of attorneys general. The stolen data includes email addresses, physical addresses, phone numbers, purchases, gender, and date of birth, as well as partial credit card data.

In conclusion, 2023 has been a year marked by devastating data breaches and a lack of accountability from corporate giants. As we move into the new year, it is essential that companies prioritize robust security measures and take responsibility for protecting user data. The consequences of their actions will be felt for years to come.

Similiar Posts

Copyright © 2024 Starfolk. All rights reserved.