In the first three quarters of 2023 [1] [2] [4], there has been a significant increase in data compromises, surpassing the previous annual record set in 2021 [1] [4]. Cyberattacks [1] [2] [3] [4], particularly phishing attacks and Zero-Day attacks, remain the primary causes of data breaches [1] [2] [4]. The rise in data breaches can be attributed to factors such as the surge in Zero-Day attacks and a new wave of ransomware attacks by emerging criminal groups [2]. Supply chain attacks have also had a notable impact.
Description
In the first three quarters of 2023 [1] [2] [4], the Identity Theft Resource Center (ITRC) tracked 2,116 data compromises, surpassing the previous annual record set in 2021 [1] [4]. Of the 733 compromises in Q3 [1], over half did not specify the attack vector [1]. The number of individuals affected in Q3 dropped by 39% compared to the same period in 2022, totaling 66.7 million victims [2]. However, the overall count for the first three quarters of 2023 stands at 233.9 million victims [2].
Cyberattacks [1] [2] [3] [4], particularly phishing attacks and Zero-Day attacks, remained the primary causes of data breaches [1] [2] [4]. The ITRC reported a significant increase in Zero-Day attacks in the first three quarters of 2023 compared to the previous year. Eva Velasquez [2], president and CEO of the ITRC, attributed the rise in data breaches to factors such as the surge in Zero-Day attacks and a new wave of ransomware attacks by emerging criminal groups [2].
The report also highlighted the impact of supply chain attacks, with 344 organizations affected by vendors utilizing a vulnerable MOVEit product and 79 organizations directly impacted by attacks against MOVEit software or services [2]. Four of the top ten breaches in Q3 were connected to a MOVEit attack [2]. Transparency and reporting standards were a concern [2], as 53% of the Q3 compromises lacked an attack vector, indicating a lack of transparency from compromised organizations.
The MOVEit mass-hack [5], which exposed the personal data of at least 64 million people [5], is currently under investigation by U.S. securities regulators [5]. Progress Software [5], the company behind the affected software [5], has received a subpoena from the U.S. [5] Securities and Exchange Commission (SEC) requesting documents and information related to the vulnerability [5]. Despite incurring $1 million in costs [5], Progress Software expects minimal financial impact from the incident [5]. However, they acknowledge the possibility of further losses due to legal action from affected customers [5]. So far, 2,546 organizations have confirmed being affected [5], impacting over 64 million individuals [5]. Additional victims, including Sony and Flagstar Bank [5], have also come forward with data breaches related to MOVEit [5].
Conclusion
The increase in data breaches and the prevalence of cyberattacks highlight the need for improved security measures and vigilance in protecting sensitive information. Organizations should prioritize transparency and reporting standards to ensure accountability and trust. The ongoing investigation into the MOVEit mass-hack serves as a reminder of the potential financial and reputational consequences of data breaches. It is crucial for companies to invest in robust cybersecurity measures and stay updated on emerging threats to mitigate future risks.
References
[1] https://finance.yahoo.com/news/q3-2023-data-breach-report-115200036.html
[2] https://www.medicaleconomics.com/view/u-s-data-breaches-hit-alarming-new-highs
[3] https://www.infosecurity-magazine.com/news/us-smashes-data-breach-record/
[4] https://www.prweb.com/releases/q3-2023-data-breach-report-identity-theft-resource-center-reports-data-compromise-record-with-three-months-left-in-the-year-301950476.html
[5] https://techcrunch.com/2023/10/11/sec-is-investigating-moveit-mass-hack-says-progress-software/
