Monthly Data Breach Report: December 2023 Edition

November 2023 painted a grim picture in the cybersecurity landscape. From healthcare facilities to multinational corporations, the month was marred by a string of high-profile data breaches, exposing millions of records and highlighting the ever-evolving tactics of cybercriminals. While some attacks brazenly targeted giants like McLaren Health Care and Infosys, others exploited subtler vulnerabilities, like exposed Docker Hub accounts and supply chain weaknesses.

This month’s breaches serve as a stark reminder that no organization is immune, and proactive cybersecurity measures are more crucial than ever.

2.2 million patients’ data including names, addresses, Social Security numbers, and medical records exposed in a ransomware attack. This impacted individuals across 14 healthcare facilities in the US.

The unauthorized access occurred between July 28 and August 23, 2023, but patients were not notified until November 9, 2023. This delay has raised concerns about whether McLaren Health Care complied with state and federal laws requiring timely notification of data breaches.

The breach is still under investigation. The FBI is involved, and McLaren Health Care is cooperating with the investigation.

The Maine government said hackers exploited a vulnerability in its MOVEit file-transfer system, which stored sensitive data on state residents. Data breach compromised personal information of over 95 million individuals potentially including exposure of sensitive information like driver’s licenses, Social Security numbers, and other personally identifiable details, but the state hasn’t officially confirmed the extent of the breach.

The Singapore-based luxury complex Marina Bay Sands revealed it was hit by a security incident that exposed the personal data of approximately 665,000 members. While details like types of stolen data haven’t been fully disclosed, concerns center around potential exposure of data, including names, email addresses, phone numbers, country of residence, and membership numbers and tiers.

According to a statement published by the resort, the incident occurred on October 19-20 and involved unauthorized third-party access to its non-casino customers’ loyalty program membership data known as Sands LifeStyle.

Indian IT services giant Infosys’ US unit experienced a “security event” impacting several applications, raising concerns about potential data breaches involving clients and employees.

The lack of specific details around the breach has understandably generated concern and speculation. Some reports suggest it might have been a ransomware attack, but this hasn’t been confirmed by Infosys.

A global logistics giant, faced a major cyberattack in November 2023, disrupting operations at five major Australian ports. Hackers exploited a known IT vulnerability, accessing employee data and causing significant delays in container movement.

While the full extent of the stolen information remains under investigation, the incident highlights the importance of cybersecurity in critical infrastructure and raises concerns about potential risks for affected individuals.

In November 2023, hackers infiltrated Truepill, a digital pharmacy giant, compromising the personal and medical data of over 2.3 million customers. This attack potentially exposed sensitive information like names, addresses, and medication history, raising significant concerns about identity theft, fraud, and discrimination.