Navigating the Digital Storm: The Most Impactful Data Breaches in 2023

In recent years, the number of data breaches has been increasing year over year. It doesn’t seem like the size, shape, or sector of the companies that get hit matters, and this trend doesn’t seem to be slowing down. As of November of 2023, there have been 953 data breaches recorded, with breached records numbering in the billions. More than ever, a strong cybersecurity plan is essential for a successful business.

Companies have a responsibility to keep their users’ information safe, but when threat actors want sensitive data, it can be extremely hard to keep them out. Whether it’s from reused passwords, phishing attempts, or malware sent through email files, there are a number of creative ways for attackers to get to user’s personal information. The question companies need to ask isn’t how to stop a cyberattack—it’s what to do when one happens.

We have compiled a list of 10 of the biggest data security breaches of 2023.

MoveIt

MoveIt is one of the biggest file-transferring software companies on the market, working with everything from government organizations to banks and hospitals. Unfortunately, they are one of the companies that top our list for the biggest data breaches, as they are behind some of the breaches mentioned later in this blog. As of November, they are counting more than 2,000 organizations affected, with more than 62 million individuals personal data compromised. Some of the overhead companies affected are Nuance, National Student Clearinghouse, and CareSource.

23andMe

23andMe is used by millions of people to sequence their DNA, find lost relations, and more. That’s why the 23andMe data breach on October 2, 2023, was so devastating. Nearly 20 million records were affected, with the stolen data including display names, profile photos, sex, birth year, location, relationships to their matches, DNA makeup, and passwords. The company reacted quickly, immediately adding MFA requirements to all current and future customer accounts.

Oregon Department of Transportation

Millions of Oregon residents were told that their private information had been taken on June 15, 2023  due to the MoveIt data breach. The ID Cards, Drivers Licenses, and learner permits of 3.5 million people were stolen, with the information stolen including names, addresses, dates of birth, SSNs, license numbers, height, eye colors, vehicle registration information, and handicap placard information.

Louisiana Office of Motor Vehicles

The residents of Louisiana experienced a similar breach later in July. The ID cards and drivers licenses of 6 million people were also taken due to the MoveIt data breach. The records taken include name, address, date of birth, SSN, license number, height, eye color, vehicle registration info, and handicap placard info. The group that stole the data claimed to have deleted it, and they haven’t contacted the state government about releasing it or demanding any ransoms.

PharMerica

One of the largest pharmaceutical companies in the US reported on March 14, 2023 that a data breach had occurred that compromised the data of around 5.8 million patients. The breach included names, dates of birth, SSNs, medication lists, and insurance information. It also affected the information of deceased individuals. An unknown third party breached the servers back in May, but PharMerica hasn’t reported how the attackers managed to get in.

Managed Care of North America (MCNA) Insurance Company

The MCNA Insurance Company disclosed in May a data breach which affected nearly 9 Million records. This disclosure came four months after the attack initially happened. Some of the information taken includes names, dates of birth, addresses, telephone numbers, emails, SSNs, drivers’ license numbers, health insurance info, and info regarding dental/orthodontic care. Following the attack, the MCNA gave impacted individuals 12 months of free identity theft protection and credit monitoring.

T-Mobile

T-Mobile data breaches are not unpopular, with the company disclosing eight successful hacks since 2018. This year is no different. After suffering a data breach back in November, T-Mobile reported yet another one on January 19th that affected 37 million users. The info was taken through a single API without authorization and was contained within a day. While no financial records were taken, customer’s names, billing addresses, emails, and phone numbers were compromised in the attack.

Mr. Cooper

A data breach hit Mr. Cooper, a loan and mortgage company, back in October. They aren’t sure what information was taken other than usernames, passwords, and SSNs. No financial information was included in the breach as payments are handled by a third-party. The company’s 4.1 million customer base couldn’t access their accounts to pay their loans, nor could they access the app or website following the attack. They were assured that Mr. Cooper would allow late payments while also getting info on other ways to pay.

University of Minnesota

Though they can’t see any malware, ransomware, or other hints that the attack is still ongoing, the University of Minnesota reported a data breach back in August. The attacker claims to have gotten 7 million unique SSNs, ranging all the way back to 1989 up to 2021. The university isn’t disclosing what other information was taken, but they have notified the people that were compromised.

Darkbeam

Darkbeam, a top-performing cyber vulnerability and threat management provider, makes the top of our list of the largest data breaches of the year, with over 3 billion records stolen. Though the information stolen was nominal at best, with the hackers only managing to steal usernames and passwords, the number of stolen records poses a problem. Most data breaches are caused by reused passwords, giving hackers a larger database of potential logins for other websites. While DarkBeam isn’t what exactly led to the data breach, human error is the biggest theory.

Keeping your data safe is more important than ever. As seen in the cases above, these bad actors tend to go for the most sensitive information—Social Security Numbers, home addresses, demographic information, and more. Even data breaches that only feature usernames and passwords should be taken seriously. Passwords are reused 64% of the time, meaning even a single breach could give someone access to your entire life. You can learn more tips about password safety by reading our blog: 5 Best Practices for Password Safety. You’ll find useful information about password managers, password-generating tools, and more.