List of Data Breaches and Cyber Attacks in March 2023 – 41.9 Million Records Breached

Welcome to our March 2023 list of data breaches and cyber attacks. Our research identified exactly 100 publicly disclosed incidents during the month, accounting for 41,970,182 breached records.

You can find the full list of data breaches and cyber attacks below, including our new feature in which we delve into the month’s biggest incidents in a little more detail.

Meanwhile, if you enjoy this sort of cyber security news, be sure to subscribe to our Weekly Round-up to receive the latest stories straight to your inbox.


Biggest data breaches in March 2023

  • Latitude Financial

The largest confirmed data breach of March 2023 occurred at Latitude Financial, with more than 14 million records being compromised.

The Melbourne-based company, which provides personal loans and credit cards to people in Australia and New Zealand, reported that cyber criminals had captured several different types of data.

Almost 8 million drivers licences were stolen, along with 53,000 of passport numbers and dozens of monthly financial statements.

An additional 6 million records dating back to “at least 2005” were also compromised in the attack, the source of which is not yet known.

The most concerning aspect of this breach is that Latitude Financial originally reported that only 300,000 people had been affected. This suggests that it had a poor understanding of the attack and rushed to disclose the breach.

Having to then update its estimate invites further public scrutiny of the attack and could see customers lose faith in the company.

Most of us are aware by now that data breaches can occur anywhere, so falling victim to an attack isn’t necessarily a sign of ineffective security measures. However, a mismanaged response suggests that an organisation isn’t prepared for an attack, and it bodes poorly for ongoing remediation efforts.

  • GoAnywhere

A vulnerability in the file transfer service GoAnywhere has enabled cyber criminals to exploit dozens of organisations that use the tech. Details of the sprawling attack continue to emerge, with some reports estimating that as many as 130 organisations have been targeted.

Until recently, these details were coming from GoAnywhere or its parent company, Fortra, but individual victims.

Organisations that are confirmed to have been targeted include Hatch Bank, the City of Toronto, the cyber security company Rubrik and Hitachi Energy. In each case, the victim has reported that it was breached through the GoAnywhere MFT remote code execution vulnerability.

The attacks have been attributed to the Clop ransomware gang, but coverage of their activity is not consistent with traditional ransomware attacks. Reports suggest that the group is stealing the data rather than encrypting the organisations’ systems and holding them to ransom.

Regardless of the specific techniques being used, it’s likely that millions of sensitive data records have been compromised – although few victims have listed specific figures.

  • AT&T

AT&T has notified approximately 9 million customers that their personal data has been exposed in a data breach.

The telecoms giant said that the breached records include people’s names, wireless account numbers, phone numbers and email addresses. It’s confident that more sensitive data, such as payment card numbers, Social Security numbers and passwords, have not been affected.

However, AT&T conceded that, in a “a small percentage” of cases, customers’ rate plan name, past due amounts, monthly payment amounts and other account data was affected, although it said that the information was “several years old”.

AT&T was eager to note that the breach related to a vendor and that it’s own systems had not been compromised. It didn’t name the vendor.



Cyber attacks


If you’re facing a cyber security disaster, IT Governance is here to help. Our Cyber Incident Response service provides the help you need to deal with the threat, as our experts guide you through the recovery process.

They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.


Ransomware


Data breaches


Malicious insiders and miscellaneous incidents

The post List of Data Breaches and Cyber Attacks in March 2023 – 41.9 Million Records Breached appeared first on IT Governance UK Blog.