The speed at which big or small businesses encounter data breaches is alarming. In 2023, many high-profile companies have fallen victim to hacking. Recent major cyberattacks have affected healthcare, finance, retail, government, manufacturing, and energy industries, and this is clear evidence that the cybersecurity landscape has changed significantly in recent years.
Based on forecasts, cybercrime is expected to result in a $10.5 trillion expense for the worldwide economy by 2025, showing a yearly increase of 15%. This indicates that businesses face heightened vulnerability, with even well-protected large companies susceptible to attacks.
For smaller businesses, taking note of these data breaches can assist in shaping a robust security strategy to handle unforeseen challenges.
This article examines the top 5 high-profile company data breaches that have occurred in recent months, delving into the reasons behind these breaches and their consequences.
In May 2023, T-Mobile faced its second data breach of the year, exposing the PINs, full names, and phone numbers of more than 800 customers. This marked the ninth data breach for the company since 2018 and the second breach in 2023.
In early January 2023, T-Mobile discovered that a malicious actor had infiltrated their systems in November of the previous year. During this breach, personal information, including names, emails, and birthdays, of over 37 million customers was compromised. Once the breach was detected, T-Mobile promptly located the source and contained it within a day.
T-Mobile has expressed concerns about potential “significant expenses” resulting from this data breach, in addition to the $350 million they agreed to pay customers in a settlement related to a data breach that occurred in August 2021. As a result of these security lapses, T-Mobile not only suffered financial losses in the hundreds of millions but also eroded customer trust due to repeated incidents involving the exposure of personal information.
A significant breach involving the file transfer tool MOVEit has impacted over 200 organizations and potentially up to 17.5 million individuals as of July 2023. Among those affected are various federal agencies, including the Department of Energy, Department of Agriculture, and Department of Health and Human Services. It’s also believed that many schools across the United States were targeted in this attack.
As the full scope of the attack unfolds, additional breaches have been confirmed at prominent organizations such as Shell, Siemens Energy, Schneider Electric, First Merchants Bank, City National Bank, and several international targets. This extensive incident originated from a security vulnerability in MOVEit’s software.
Although MOVEit addressed the issue once it was discovered, hackers had already gained access to many sensitive data. The Clop ransomware group has claimed responsibility for these breaches and has threatened to release the stolen information on the dark web.
Yum! Brands (KFC, Taco Bell, & Pizza Hut)
In April 2023, Yum! Brands, the parent company of popular fast-food chains like KFC, Taco Bell, and Pizza Hut, disclosed a cyberattack that had taken place in January of the same year. Initially, they believed the attack had primarily affected corporate data. However, they are now taking a cautious approach and informing employees who may have had their personal information compromised.
The consequences of the attack forced the company to close nearly 300 locations in the UK in January. Moreover, it has resulted in ongoing expenses for Yum! Brands, including investments in enhanced security measures, communication with customers, and addressing the impact on the company’s brand perception.
ChatGPT, known for its groundbreaking AI capabilities, became a topic of public discussion in late March when it was revealed that the company had experienced a data breach.
OpenAI, the parent company of ChatGPT, confirmed the breach, stating, “In the hours before we took ChatGPT offline on Monday, it was possible for some users to see another active user’s first and last name, email address, payment address, the last four digits (only) of a credit card number, and credit card expiration date. Full credit card numbers were not exposed at any time”.
In response, the company informed affected users, verified their email addresses, and implemented additional security measures. This incident has further fueled scepticism among many Americans towards ChatGPT and AI, likely eroding trust in these technologies.
Back in February, Activision (the owner of the Call of Duty series) confirmed that they fell victim to a data breach that occurred in December. The attacker employed an SMS phishing attack targeting an HR employee to access valuable employee information, including emails, cell phone numbers, salaries, and work locations.
Activision asserts that they responded swiftly to the breach, and at that time, they didn’t believe that the hackers had accessed enough data to warrant direct alerts to their employees.
However, an independent security research group investigated the incident and uncovered that the hacker had also acquired access to Activision’s 2023 release schedule and sensitive employee information. Under California law, if the data of 500 or more employees is compromised, the company is obligated to inform those affected.
Cyberattacks and data breaches now constitute a significant threat to everyone. Whether a small business or a big, high-profile company, you face an increased risk of cyberattacks. You require a robust cybersecurity solution to protect your company’s data effectively. Employee training on cybersecurity matters is equally important. Using reliable security systems and regular cybersecurity upgrades are considered significant assets for every business in 2023.