It appears that 2023 was like any other year since the arrival of the internet, with bad people doing bad things online. New Year's Eve in sight and more than five billion records have been stolen globally already this year. While this isn't an impressive stat, it's a far cry from the "33 billion records will be stolen by cybercriminals in 2023 alone" predicted by one research company in 2018.
Outstripping all others this year was, ironically, risk protection company DarkBeam. Thanks to an unprotected Elasticsearch and Kibana interface, 3.8 billion of its records were left exposed.
US telecom giant T-Mobile takes out the "when will they learn" category, when it suffered its ninth breach since 2018 in March. This involved a somewhat paltry 836 customers ... however, it followed on from a breach in January, which saw the data of 37 million users stolen.
In the UK in August, it was (finally) revealed that hackers had gained access to the UK’s electoral registers, which contain an estimated 40 million people’s personal information. The incident had actually taken place in October 2022 after suspicious activity was detected on its systems back to August 2021.
One of China's most popular online messaging platforms, the video chat platform Tigo, reported in July that the data of 700,000 users had been leaked. The website "Have I Been Pwned?", which allows Internet users to check if their data has been stolen in data breaches, stated that somewhere around 100 million records were compromised.
Breaches don't only occur in the US, Europe and China. The Indian Council of Medical Research exposed the data of 815 million Indian residents in October, 34 million Indonesians had their passport data leaked during a breach at the country’s Immigration Directorate General at the Ministry of Law and Human Rights, and further south - down under, in fact - around 14 million records were compromised when Melbourne-based Latitude Financial suffered a data breach in March.
The mass exploitation of a vulnerability in the file transfer software MOVEit throughout 2023, which saw data stolen from a wide array of businesses and governments, including the United States Department of Energy, British Airways and Shell. Around 2,000 affected organisations haven't divulged their 'losses' and it's possible the number of people whose data has been stolen could be in the hundreds of millions.
Other notable breaches included senior recruitment specialists PeopleConnect, which stated in February it had suffered a data breach affecting 20 million people; JD Sports confirmed in January that it had leaked the personal information of “approximately 10 million unique customers”, while social media giant Twitt ... X started the year with a bang and the leaking of more than 220 million users' email addresses.
Roll on 2024 ...