Data security is an extremely fluid issue that doesn’t wait for anyone. Those who fail to stay ahead of ongoing changes are poised to reap the most damage from an attack. Businesses can face reputational harm of course, but at the end of the day, it’s almost always consumers’ information that is compromised. To highlight just how common instances of exposure are getting, we’ve compiled this list of 2023’s badly handled data breaches. Although the organizations involved span sectors and sizes, they all share a lack of proactivity in common.
Telecom giant T-Mobile earns a rightful spot on this list not just because it experienced a breach in 2023, but because of how unprepared it was to mitigate increasing attacks across the board. The company was already coming off a bad couple of years; in June 2022, it paid out a $350 million settlement in a class action lawsuit over a 2021 incident that saw more than 77 million customers’ personal information exposed.
Months later 37 million more of T-Mobile’s customers were affected by a cyber-attack. Then a smaller-scale but longer-lasting breach between February and March impacted another 836. There were also reports of individuals’ credit card balances, purchase history, credit card details, device IDs, and home addresses being leaked due to a ‘temporary system glitch’ in September.
November Boeing Cyber-Attack
It may not have received as much public attention as the aircraft door that flew off during a recent Alaskan Airlines flight, but Boeing’s data breach just a few months prior in 2023 is certainly something worth talking about. The aircraft manufacturer reported that its systems were targeted in a November cyber-attack carried out by the hacking group LockBit. They stole 45 gigabytes of data and threatened to leak it if Boeing didn’t pay a ransom. It’s unclear as to how much the attackers requested or whether any money was actually sent, with the likeliest answer to the latter question being a no. LockBit ended up following through on its promise by publishing sensitive data days later on November 10th, 2023. This marked a huge blow to Boeing’s reputation as an industry-leading aircraft manufacturer – a position that has earned it ongoing partnerships with large multinational corporations and even the United States government.
2023 got off to a bad start for X – better known as Twitter – just months after new owner Elon Musk took the helm. At the beginning of the year, hackers posted a comprehensive database containing the email addresses and usernames of more than 200 million accounts. It wasn’t the first time the platform’s users have found themselves exposed; a report says that as many as 400 million individuals’ data was being sold by criminals on the dark web in late 2022. The asking price? As little as two dollars apiece. X tried to clean up its reputation throughout the rest of 2023 and into 2024, but that’s been understandably hard as the stolen information from January continues to circulate online.
The main problem people have with this latest incident isn’t that it happened, but how X handled it. Despite the serious nature of the winter’s data breaches, the company’s initial response was relatively nonchalant. For many people, it went to show that neither Twitter nor X has learned anything from past badly handled data breaches and reinforced the perception of a lack of accountability and responsibility toward user privacy.
Toronto’s Public Library is a backbone resource in Canada’s largest city. It operates a network of 100 branches across the Greater Toronto Area (GTA) that currently serves more than 18 million people a year. That entire system came to a screeching halt in September 2023, when hackers used highly sophisticated ransomware to breach and steal a large amount of sensitive employee, library customer, and volunteer information dating as far back as 1998.
The initial outage lasted 10 days and was then followed by months of limited services as staff worked to get public computers, digital book transfer systems, and website functions up and running again.
A cyber-attack of this scale is unprecedented yet goes to show how long-lasting the effects of cybercrime can be on communities at large. The Toronto Public Library continues to face questions about the incident and why it wasn’t prepared to handle an attack given its massive size.
Let’s end the year off strong with a cyber-attack that ended up being one of the health industry’s worst in 2023. Norton Healthcare, an operator of 40 cancer, heart, women, and pediatric clinics in Kentucky, announced on December 11th that 2.5 million patients’ and employees’ personal data had been illegally accessed by hackers.
The news was not only concerning due to the high number of victims involved but also for the prolonged amount of time it took Norton Healthcare to share. The breach happened between May 7th and May 9th, yet only came to light after a December filing with Maine’s attorney general.
The thousands of people who entrusted the company with highly sensitive health information were left in the dark for months, completely unaware of the fact that their personal data could be in the hands of criminals.
The greater public rarely gets any insight into how companies manage their data or protect it against threats. Even more frustrating, the list of failures we covered here happened in 2023 alone – it represents just a fraction of the very extensive track record major organizations have of doing the wrong thing.
In 2024, safeguarding business success requires an unwavering commitment to cybersecurity. No enterprise can afford to overlook the crucial aspects of reputation and customer satisfaction. As the landscape evolves, proper checks, balances, and proactive measures become essential for maintaining viable operations. TeraDact, a leader in cybersecurity, can fortify your defenses and ensure a secure future. Reach out today to get free access to our data workshop. Here’s to hoping next year’s badly handled data breaches list is much shorter and less implicating for companies and consumers alike.