List of Data Breaches and Cyber Attacks in July 2023 – 146 Million Records Breached

IT Governance found 87 publicly disclosed security incidents in June 2023, accounting for 146,290,598 breached records.

You can find the full list below, divided into four categories: cyber attacks, ransomware, data breaches, and malicious insiders and miscellaneous incidents.

Also be sure to check out our new page, which provides a complete list of data breaches and cyber attacks for 2023.

We break down the month’s cyber security landscape for each month, and you can find more information about our list and the biggest security incidents of the month.

---

Cyber attacks

• Video and chatting app Tigo leaks more user messages (100 million)
• Indonesian passport data exposed in massive Immigration Directorate security breach (34 million)
• Teachers Insurance and Annuity Association of America notifying those affected by MOVEit  breach (2,630,717)
• Tacoma-Pierce County Health Department reveals historic security breach (1.5 million)
• Milliman Solutions notifies patients of third-party breach involving MOVEit (1.2 million)
• Lansing Community College reports cyber attack (757,832)
• Murfreesboro Medical Clinic & SurgiCenter notifies patients of recent security breach (559,000)
• Security breach by PLAY affects thousands of Swiss emigrants (425,000)
• Chattanooga Heart Institute to notify those affected by March’s “data security incident (170,450)
• Phoenician Medical Center notifies patients of recent security breach (162,500)
• Orrick, Herrington & Sutcliffe reports unauthorised access on its systems (153,000)
• Hillsborough County, Florida, says it was affected by MOVEit breach (70,000)
• Idea Financial files notice of security breach affecting consumers (37,000)
• City National Bank of Florida affected by MOVEit breach (36,000)
• Sovos Compliance notifies individuals affected by MOVEit vulnerability (18,000)
• Rockland Trust Bank informs customers of security breach involving vendor’s use of MOVEit (14,806)
• NIH Federal Credit Union notifies members of security breach (14,706)
• MSX International reports security breach affecting confidential information (13,000)
• The Accreditation Commission for Education in Nursing notifies individuals of vendor breach (11,980)
• MOVEit vulnerability strikes bioMérieux (10,244)
• Security breach exposes personal information of Roblox developers (4,000)
• Buckingham County Public Schools notifies students after a business email account was compromised (86)
• California’s College of the Desert knocked offline in cyber attack (unknown)
• Cyber attack knocks out satellite communications for Russian military (unknown)
• Imagine360 discovers that two of its file-sharing platforms were hit within days of each other (unknown)
• Jackson Township, Ohio hit by “digital security ‘incident” (unknown)
• Trinidad and Tobago facing outages after cyber attack (unknown)
• “Gay furry hackers” claim responsibility for attacks on five government departments (unknown)
• Australian infrastructure company Ventia hit by cyber attack (unknown)
• Chinese hackers breach US Government emails via Microsoft flaw (unknown)
• Recycling giant TOMRA pulls systems offline following ‘extensive cyberattack’ (unknown)
• Norwegian ministries hit by cyber attack (unknown)
• Deutsche Bank confirms vendor security breach leaked customers’ information (unknown)
• Sunflower Bank says MOVEit vulnerability resulted in security breach (unknown)
• PlainsCapital Bank announces security breach involving vendor’s use of MOVEit (unknown)
• University of Utah announces three vendor breaches related to MOVEit vulnerability (unknown)
• Security breach at edgeMED Healthcare affects various healthcare facilities (unknown)
• D’Youville University experienced security breach leaking student’s Social Security numbers (unknown)
• Vitality Group provides notice of MOVEit breach on behalf of GuidePoint Security (unknown)
• Activate Healthcare notifies patients of security breach affecting their PHI and SSNs (unknown)
• Washington State University notifies students and employees of third-party security breach (unknown)
• Advanced Medical Management experiences security breach that leaked PHI and SSNs (unknown)
• UCLA sends notice of security breach after MOVEit vulnerability leaked confidential data (unknown)
• Radisson Hotels experiences breach of guest information related to MOVEit vulnerability (unknown)
• University of Dayton notifies students and faculty of two security breaches at service providers (unknown)
• Middlebury College informed of MOVEit breach by two vendors (unknown)
• Webster University notifies students and faculty of two third-party security breaches (unknown)
• Athene Annuity and Life Company files notice of MOVEit security breach (unknown)
• Fidelity & Guaranty Life Insurance Company notified by PBI of security breach related to MOVEit (unknown)
• AMC Theatres files notice of security breach that leaked and Social Security numbers (unknown)
• Quorum Federal Credit Union announces security breach resulting from MOVEit vulnerability (unknown)
• Ventura County Credit Union experiences security breach following compromised employee email account (unknown)
• New York City Department of Education confirms student and employee information leaked in MOVEit breach (unknown)
• NHS ambulance organisations struggle to record patient data amid cyber attack at software company Ortivus (unknown)
• JumpCloud discloses breach by state-backed APT hacking group (unknown)
• CardioComm, a provider of ECG monitoring devices, confirms cyberattack downed its services (unknown)
• Gallivan notifies University of Guelph students of Fortra breach four months later (unknown)

---

Ransomware

• Tampa General Hospital confirms cyber security breach in suspected ransomware attack (1.2 million)
• Centers for Medicare and Medicaid notifying Medicare members about MOVEit breach (645,000)
• George County, Mississippi, recovering from ransomware attack (25,000)
• Gates Corporation discloses ransomware attack (11,090)
• Ransomware attack hits Japan’s biggest port, disrupting cargo shipments (unknown)
• HCA Healthcare hit by ransomware (unknown)
• Luigi Vanvitelli hospital hit by ransomware (unknown)
• Panorama Eyecare in Colorado named in ransomware attack (unknown)
• Kansas Medical Center hit in ransomware attack (unknown)
• Highland Health Systems, based in Alabama, hit by ransomware (unknown)
• Two California plastic surgery practices suffer ransomware attacks (unknown)
• Estee Lauder struck by ransomware (unknown)
• Franklin Mutual Insurance Group notifies victims of recent ransomware attack (unknown)
• Yamaha confirms cyber attack after multiple ransomware gangs claim attacks (unknown)
• Hawaiʻi Community College pays ransom to attackers (unknown)
• MHMR Authority of Brazos Valley provides notice of ransomware attack (unknown)

---

Data breaches

• Dating app that claims millions of users suffered a data breach (2,357,896)
• Interrail breaches users’ data in free giveaway gaffe (245,971)
• Kings of Translation exposed highly sensitive records online (25,601)
• Japan’s Career Consultation Session accidentally shares personal details in email gaffe (10,000)
• VirusTotal apologises after leaking customer data (5,600)
• London Mayor’s Office says sex abuse victim’s details could be among hundreds revealed by data breach (400)
• Fertility patients had data breached by Canadian health services (126)
• Dunedin Hospital mistakenly leaks children’s data (unknown)
• Children’s medical documents found along Cape Coral streets (unknown)

Malicious insiders and miscellaneous incidents

• City of Odessa in Texas dealing with data breach (unknown)

The post List of Data Breaches and Cyber Attacks in July 2023 – 146 Million Records Breached appeared first on IT Governance UK Blog.