December 16, 2023

Monthly Data Breach Report: December 2023 Edition

PKWARE

November 2023 painted a grim picture in the cybersecurity landscape. From healthcare facilities to multinational corporations, the month was marred by a string of high-profile data breaches, exposing millions of records and highlighting the ever-evolving tactics of cybercriminals. While some attacks brazenly targeted giants like McLaren Health Care and Infosys, others exploited subtler vulnerabilities, like exposed Docker Hub accounts and supply chain weaknesses.

This month’s breaches serve as a stark reminder that no organization is immune, and proactive cybersecurity measures are more crucial than ever.

McLaren Health Care

2.2 million patients’ data including names, addresses, Social Security numbers, and medical records exposed in a ransomware attack. This impacted individuals across 14 healthcare facilities in the US.

The unauthorized access occurred between July 28 and August 23, 2023, but patients were not notified until November 9, 2023. This delay has raised concerns about whether McLaren Health Care complied with state and federal laws requiring timely notification of data breaches.

The breach is still under investigation. The FBI is involved, and McLaren Health Care is cooperating with the investigation.

Maine Government

The Maine government said hackers exploited a vulnerability in its MOVEit file-transfer system, which stored sensitive data on state residents. Data breach compromised personal information of over 95 million individuals potentially including exposure of sensitive information like driver’s licenses, Social Security numbers, and other personally identifiable details, but the state hasn’t officially confirmed the extent of the breach.

Marina Bay Sands

The Singapore-based luxury complex Marina Bay Sands revealed it was hit by a security incident that exposed the personal data of approximately 665,000 members. While details like types of stolen data haven’t been fully disclosed, concerns center around potential exposure of data, including names, email addresses, phone numbers, country of residence, and membership numbers and tiers.

According to a statement published by the resort, the incident occurred on October 19-20 and involved unauthorized third-party access to its non-casino customers’ loyalty program membership data known as Sands LifeStyle.

Infosys McCamish Systems

Indian IT services giant Infosys’ US unit experienced a “security event” impacting several applications, raising concerns about potential data breaches involving clients and employees.

The lack of specific details around the breach has understandably generated concern and speculation. Some reports suggest it might have been a ransomware attack, but this hasn’t been confirmed by Infosys.

DP World

A global logistics giant, faced a major cyberattack in November 2023, disrupting operations at five major Australian ports. Hackers exploited a known IT vulnerability, accessing employee data and causing significant delays in container movement.

While the full extent of the stolen information remains under investigation, the incident highlights the importance of cybersecurity in critical infrastructure and raises concerns about potential risks for affected individuals.

Truepill

In November 2023, hackers infiltrated Truepill, a digital pharmacy giant, compromising the personal and medical data of over 2.3 million customers. This attack potentially exposed sensitive information like names, addresses, and medication history, raising significant concerns about identity theft, fraud, and discrimination.

Keep your organization out of breach headlines by ensuring your organization not only knows where all its sensitive data is stored but can also protect it wherever it lives and moves.

Take a look at our unique, data-centric approach!

Share on social media
  • Bob Cristello February 29, 2024
  • PCI DSS 4.0 Compliance: Safeguarding the Future of Payment Security
    PKWARE February 22, 2024
  • Data Breach Report: February 2024
    PKWARE February 15, 2024
  • 2024 Cybersecurity Predictions
    PKWARE January 31, 2024