Regardless of an organization’s size, everyone is vulnerable to cyber attacks and data breaches. Every day cybercriminals come up with new and creative ways to steal private or sensitive information that they can then leverage for money. The following table summarizes the publicly disclosed data breaches that have occurred worldwide in 2023:
Data Breach Statistics through July 2023 (source: IT Governance)
| Number of data breaches in 2023 | 694 |
| Number of breached records in 2023 | 612.4 million |
| Biggest data breach of 2023 -Twitter | 220 million |
| Most breached sectors | Healthcare (199)Education (119) |
Let’s take a more in-depth look at some recent breaches:
- MOVEit (May 2023) – 17.5 million impacted
Thousands of organizations have been affected by the recent MOVEit data breach. Progress MOVEit is a leading secure Managed File Transfer (MFT) software used by organizations around the world to provide visibility and control over file transfer activities. It is believed that around the end of May, the Russian-linked “Clop” ransomware group exploited a vulnerability (CVE-2023-34362) using “SQL injection” in Progress Software’s MOVEit file transfer application. Although the numbers may change, it is currently estimated that sensitive “personally identifiable information” (PII) of more than 17.5 million individuals worldwide has been stolen.
Among the organizations impacted by this breach are many schools and universities, including John Hopkins University, University of Utah, and UCLA. Although MOVEit is not directly used at UD, two of the University’s third-party service providers use it. At the end of June, UD was notified that the records of several hundred UD individuals were believed to have been affected. Investigations by these third-party service providers are still on-going. For more information about this breach and the potential impact on the UD community, please see the July 13th UDaily article.
- Enzo Biochem (April 2023) – 2.5 million impacted
Enzo Biochem is a pioneer in molecular diagnostics and provides treatments for cancer, metabolic, and infectious diseases as well as testing services for a variety of transmissible diseases such as COVID-19 and STDs. In April it was breached by a ransomware attack that affected the PII of nearly 2.5 million people.
- PharMerica (March 2023) – 6 million impacted
The personally identifiable information of almost 6 million individuals was compromised in a data breach at PharMerica – one of the largest providers of pharmacy services in the United States. Upon discovering the incident, PharMerica began an internal investigation and determined an unknown third party accessed PharMerica computer systems from March 12-13. Responsibility for the breach has been claimed by the “Money Message” ransomware group. This breach is the largest healthcare data breach to be reported by a single HIPAA-covered entity so far in 2023.
Learning from these breaches can help us defend UD against nefarious threat actors. As per the Gartner prediction report, by 2025 human failure will be responsible for over half of all significant cyber incidents. Humans are the weakest link in cybersecurity. Completing the Secure UD Education – 2023 and keeping up-to-date with cybersecurity best practices can help. Cybersecurity is everyone’s responsibility.