December may have ushered in festive cheer, but companies from almost every industry in world faced a chilling reality filled with high-profile hacks, ransomware attacks, and exposed PII vulnerabilities.
Last month’s breaches were a stark reminder that cybercriminals operate 365 days a year, 24 hrs. a day, reminding us to tighten our data security belts and prepare for the ever-evolving threats lurking in the digital shadows. Let us look closer into some of the most notable December 2023 breaches.
Real Estate Wealth Network
The Real Estate Wealth Network (REWN) data breach was a major cyber security incident that occurred in December 2023, exposing over 1.5 billion records of real estate ownership data.
Number of Records: 1.52 billion records, including data on millions of property owners, investors, sellers, and even celebrities and politicians.
Data types included: property history, tax records, mortgage details, names, addresses, phone numbers, email addresses, and potentially more.
Delta Dental of California
The Delta Dental of California data breach was a significant cybersecurity incident that impacted nearly 7 million individuals.
Number of People Affected: Approximately 6.9 million members of Delta Dental of California and its affiliates.
Stolen data included names, addresses, Social Security numbers, passport numbers, driver’s license numbers, financial account details, tax identification numbers, health insurance policy numbers, and some health information.
The Marina Bay Sands data breach was a significant cybersecurity incident that occurred in October 2023, impacting approximately 665,000 customers of the iconic Singaporean resort.
The breach affected members of the “Sands LifeStyle” loyalty program, which offers rewards and discounts on hotel stays, attractions, and shopping within the Marina Bay Sands complex.
Leaked data included names, email addresses, phone numbers, country of residence, membership numbers, and membership tiers.
In late October 2023, Boeing’s computer systems were compromised by the LockBit ransomware gang. The hackers claimed to have stolen a “tremendous amount” of sensitive data, including design documents, blueprints, and even some classified military information.
Boeing refused to pay the ransom demanded by the hackers, and in early November 2023, LockBit began leaking some of the stolen data online.
Scale and Nature: The leaked data consisted of 43GB of files, including backups for various systems, engineering schematics, and internal communications.
While Boeing has not confirmed the exact nature of all the leaked data, it is believed to include information on: Commercial aircraft, such as the 737 MAX and 787 Dreamliner, Military aircraft, such as the F/A-18 Super Hornet and KC-46 tanker, Internal company operations, such as manufacturing processes and quality control procedures.
On December 20, 2023, an unknown threat actor gained access to Ubisoft’s internal systems for nearly 48 hours (about 2 days) before their access was revoked. They attempted to exfiltrate 900GB of data but were unsuccessful.
Ubisoft is still investigating the incident and has not confirmed what data was accessed or if any user data was compromised. However, some sources have reported that the threat actor may have targeted Rainbow Six Siege user data.
This is the third time Ubisoft has been the target of a major data breach in the past three years. In 2020, the Egregor ransomware gang leaked portions of the Ubisoft Watch Dogs game’s source code. In 2022, Ubisoft suffered another data breach that disrupted its games, systems, and services.
ESO Solutions, a provider of software solutions for emergency responders, hospitals, and state and federal agencies, fell victim to a ransomware attack on September 28, 2023. Hackers accessed and encrypted portions of the company’s computer network, demanding a ransom payment to decrypt the data.
The breached data varied depending on the individual, but could potentially include names, addresses, Social Security numbers, dates of birth, injury type, injury date, treatment date, and treatment type.
Scale and Nature: The data breach impacted an estimated 2.7 million individuals, primarily patients and healthcare personnel who utilized ESO Solutions’ software and services.
ESO Solutions began notifying affected individuals in December 2023, mailing letters that outlined the situation and recommended steps to take.
As a result, the data breach has resulted in two class action lawsuits against ESO Solutions, alleging negligence in data security practices.
It is important to note that this is not an exhaustive list, and many other smaller breaches occurred in December 2023. The overall number of breached records in the month alone surpassed 2.2 billion.