State of (in)security - Week 19, 2023
Take action: Cut through the noise - cyberattacks are successful because of human errors and comfort in working. If you have been impacted, go back and ask how did the breach occur - was it an unpatched device, phishing email, virus or something else? Clear information about attack methods helps organizations and individuals learn from mistakes.
Learn More
In the week between May 8, 2023 and May 15, 2023 we witnessed a total of:
- 10 advisory/vulnerability events
- 37 incident/data breach events
Total impacted individuals via the events of the week
There were a total of 12,757,515 impacted individuals across 14 incidents, with the largest breach being the PharMerica incident exposing 5,800,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| healthcare | 10 |
| government | 6 |
| education | 4 |
| IT tech (SaaS, CMS, Computer HW, ERP) | 4 |
| Telecom | 2 |
| automotive | 2 |
| scada, ics | 1 |
| museums | 1 |
| banking | 1 |
| document management | 1 |
| consulting | 1 |
| food distribution | 1 |
Read the Event Details of the Week
Vulnerabilities
- critical vulnerability | Chrome issues patch for high vulnerabilities
- critical vulnerability | SAP Patches for May 2023
- critical vulnerability | Microsoft issues 38 patches, including six critical vulnerabilities, two actively exploited
- critical vulnerability | Critical Ruckus flaw exploited by DDoS botnet
- critical vulnerability | Another attempt to patch Outlook Zero-Day
- critical vulnerability | Essential Addons for Elementor Issues Patch for Critical Privilege Escalation
- critical vulnerability | Rockwell Automation Patches Over a Dozen Vulnerabilities in Products
- critical vulnerability | Adobe Patches Vulnerabilities in Substance 3D Painter
- critical vulnerability | GitLab warning about a new critical vulnerability
- ransomware | Hackers use public exploit to attack vulnerable WordPress sites
Incidents
- ransomware | Ransomware attack and data leak on Basel education services
- ransomware | Swiss Multinational ABB attacked by Black Basta ransomware
- ransomware | Curry County servers were targeted by ransomware attack
- ransomware | National Gallery of Canada hit by ransomware
- ransomware | Hacker Tactics - attempt to Install Ransomware at IoT Firm Dragos
- ransomware | Ransomware group executes cyberattack on Mercer University
- ransomware | 'Play' ransomware group releases 5GB of stolen data from Lowell City
- ransomware | Cyberattacks disrupt Tennessee Community College
- ransomware | Ransomware attack affects trauma, stroke care at Richmond University Medical Center
- ransomware | Murfreesboro Medical Clinic reopens some, but not all, services. Attack appears to be work ...
- ransomware | Ransomware attack on PharMerica impacts 5.8 million patients
- ransomware | Gaston College attacked through ransomware
- data breach | Farmers impacted by Natural England data breach
- data breach | MercyOne patients' private information potentially exposed in data breach
- data breach | Data Breach reported by University Urology, over 56,000 impacted.
- data breach | Medicalodges, Inc. suspected Data Breach Affecting Patients' data
- data breach | ASAS Health suffers a Data Breach impacting More Than 25K individuals
- data breach | Amtel reports data breach of over 17000 Employees
- data breach | Toyota pontential data breach - data on more than 2 million vehicles in Japan were at risk for over a decade
- data breach | Triad Business Bank Reports Data Breach
- data breach | WhizComms data breach: half of customers affected
- data breach | Lake County Health Department reports data breach exposing residents' health data
- data breach | Major hospital in Seoul breached by North Korean hackers
- data breach | TechnologyOne hit by cyber attack and halts trading
- data breach | Hackers sell personal information of 500,000 Israeli students
- data breach | Brightly informs of data breach of it's SchoolDude platform
- data breach | Discord reports data breach caused by hacked support agent
- data breach | Ambulance Victoria exposes employee records in a (minor) Data Breac
- data breach | ARC Document Solutions Experiences Data Breach
- data breach | Uintah Basin Healthcare Posts Notice Data Breach
- data breach | Illinois Data Breach Exposes Private Information of the most Needy
- data breach | PRGX Global notifies over 13200 Individuals impacted in Data Breach
- data breach | Petaluma Health Center reported Data Breach
- data breach | Val Verde schools confirm data breach in incident occurring in 2022
- data breach | USDOT investigating data breach impacting federal employees
- data breach | UAW Retiree Medical Benefits Trust Announces Third-Party Data Breach Affecting Members
- data breach | Food distribution giant Sysco informs of data breach
