List of Data Breaches and Cyber Attacks – May 2023

IT Governance found 98 publicly disclosed security incidents in May 2023, accounting for 98,226,877 breached records.

You can find the full list below, divided into four categories: cyber attacks, ransomware, data breaches, and malicious insiders and miscellaneous incidents.

Also be sure to check out our new page, which provides a complete list of data breaches and cyber attacks for 2023.

We break down the month’s cyber security landscape for each month, and you can find more information about our list and the biggest security incidents of the month.

---

---

Cyber attacks

• Luxottica Group confirms massive 2021 security breach (70 million)
• NextGen submitted a breach notification after credential-stuffing attack (1,049,375)
• United States Postal Service has exposed its internal IT operations and database (900,000)
• New hacking forum leaks data of RaidForums members (478,000)
• Credit Control Corporation issues notice of cyber attack (286,699)
• US Transportation Department reveals security breach (237,000)
• On Demand Staffing announces third-party security breach following cyber attack at Carvin Software (187,360)
• South Texas Health System hit by phishing attack (130,000)
• Charter Foods notifies those affected by recent cyber attack (109,194)
• OT&P Healthcare patients may have been compromised in cyber attack (100,000)
• Security breach exposes Hillsborough County voters’ personal information (58,000)
• Bristol Community College says faculty and student data was stolen in cyber attack (56,400)
• The Metropolitan Opera reports security breach (45,000)
• ASAS Health notifies those affected by recent security breach (25,527)
• Broadband service provider WhizComms informs customers of security breach (24,000)
• Amazon-owned online pharmacy PillPack exposed user health data in security breach (20,000)
• Fontainebleau Florida Hotel notifies individuals of recent security breach (18,653)
• Amtel Connectivity Source notifies current and former employees of security breach (17,835)
• PRGX Global notifies those affected by security breach (13,231)
• Veridian Credit Union discovers hacker on its systems (12,996)
• Retirement Clearinghouse notifies IRA account holders of security breach (10,509)
• RoadSafe Traffic Systems notifies consumers of recent security breach (9,632)
• IT giant Bitmarck shuts down customer, internal systems after cyber attack (unknown)
• T-Mobile discloses second data breach since the start of 2023 (unknown)
• Wichita State University restoring systems after cyber attack (unknown)
• Murfreesboro Medical Clinic remains closed due to cyber attack (unknown)
• Catholic Health patients may have fallen victim to data breach by a consultant’s employee (unknown)
• Fairfax County Public Schools breach exposed sensitive student information (unknown)
• Kabarak University ICT Manager suspended after uni’s Facebook account was hijacked (unknown)
• Uintah Basin Healthcare in Utah discloses security breach (unknown)
• Brightly warns of SchoolDude data breach exposing credentials (unknown)
• Norton Healthcare hit with ‘cyber-event’ amid ongoing computer system shutdowns (unknown)
• Illinois gov’t security breach exposes private information of Medicaid recipients (unknown)
• Philadelphia Inquirer hit by cyberattack causing newspaper’s largest disruption in decades (unknown)
• Patients concerned after Oklahoma Institute of Allergy Asthma and Immunology closes its doors because of alleged cyber attack (unknown)
• The Downs School, hit by possible cyber attack, seeking help from West Berkshire Council (unknown)
• Louisiana state agencies experience a statewide network outage amid cyber attack (unknown)
• Microsoft Azure VMs hijacked in Cloud cyber attack (unknown)
• Newport News Public Library branch computers out of operation for three weeks amid cyber attack (unknown)
• Peachtree Orthopedics alerts patients to cyber attack (unknown)
• Colombia’s SECOP II platform affected by “presumed hacking” (unknown)
• Asian Health Services provides notice of recent security breach to patients (unknown)
• UHS of Delaware files notice of third-party security breach (unknown)
• Conner Strong & Buckelew announces recent security breach following compromised employee email accounts (unknown)
• Sallie Mae notified individuals of recent security breach involving bank account information (unknown)
• Montana State University suffers cyber attack (unknown)
• Constellation Software experiences data breach following cyber attack (unknown)
• Albertsons Companies files notice of security breach following malware attack (unknown)
• Medicalodges experiences security breach affecting patients’ Social Security numbers (unknown)
• Advisor Group files notice of 2021 third-party security breach affecting clients’ SSNs (unknown)
• Bank of New York Mellon Corporation files notice of security breach (unknown)
• UAW Retiree Medical Benefits Trust announces third-party security breach (unknown)
• ARC Document Solutions experiences cyber attack (unknown)
• Sysco Corporation experiences cyber security event (unknown)
• Fertility Specialists Medical Group suffers security breach (unknown)
• The Heritage Group notifies current and former employees of security breach (unknown)
• Tennessee Orthopaedic Clinics notifies HHS of breach (unknown)
• DDoS attack in Greece disrupts high school exams (unknown)
• Russia’s ‘Silicon Valley’ hit by cyberattack; Ukrainian group claims deep access (unknown)

---

Ransomware

• MCNA Insurance reveals security incident on Memorial Day weekend (8,923,662)
• PharMerica discloses scale of massive ransomware attack (5.8 million)
• Clinical test data stolen from biotech company Enzo Biochem (2.47 million)
• Apria Healthcare suffers security breach (1.8 million)
• Brightline continues notifying clients of GoAnywhere incident (901,022)
• Buckley King law firm hit by ransomware gang (760,000)
• Whitworth University notifies students of ransomware attack (65,593)
• McPherson Hospital notifies patients of recent ransomware attack (19,000)
• Ransomware group starts leaking data from Crown Princess Mary Cancer Centre (10,000)
• Ransomware gang claims Edison Learning data theft (unknown)
• PENNCREST says it has been hit by ransomware (unknown)
• Lawrence Family Development Charter School targeted in ransomware attack (unknown)
• Ransomware attack continues at Bluefield University (unknown)
• ‘Ransomware cult’ claims to have hacked two local schools (unknown)
• City of Dallas limping back to normalcy following a crippling ransomware attack (unknown)
• New York’s Richmond University Medical Center suffers ransomware attack (unknown)
• Franklin County Public Schools hit by ransomware attack (unknown)
• Patients of the ASL 1 of Abruzzo find themselves with all the health data online (unknown)
• Insurance Information Bureau of India hit by ransomware attack (unknown)
• Instituto Nacional de Tecnologia Agropecuaria hit by ransomware (unknown)
• Point32Health infected with ransomware (unknown)
• Gentex Corporation confirms recent ransomware attack (unknown)
• Morris Hospital investigating attack by Royal ransomware group (unknown)
• Mountain View Hospital in Idaho closes after suspected ransomware attack (unknown)
• Mission Community Hospital hit by ransomware (unknown)

---

Data breaches

• Toyota has left users personal data exposed for over a decade (2 million)
• Indiana University exposes sensitive student data (1.3 million)
• Patients told to contact NT Health following privacy breach (50,616)
• New Mexico Department of Health data breach exposes decedent health information (49,000)
• South Africa’s Department of justice negligence leads to huge personal data loss (1,204)
• Employee records exposed in Ambulance Victoria data breach (600)
• NHS launches probe after five-year-old takes records of 150 patients to school to use as ‘drawing paper’ (unknown)
• Japanese minister apologised after a government app breached citizens’ privacy (unknown)
• Oyate Health Center in South Dakota discloses data breach (unknown)
• Pinnacle Propane notifies victims of leaked Social Security numbers following data breach (unknown)
• NHS data breach: trusts shared patient details with Facebook without consent (unknown)

---

Malicious insiders and miscellaneous incidents

• NHS says ‘stalker’ doctor shared woman’s records (unknown)
• IT employee impersonates ransomware gang to extort employer (unknown)

The post List of Data Breaches and Cyber Attacks – May 2023 appeared first on IT Governance UK Blog.