State of (in)security - Week 25, 2023
Take action: Never ever ever store more data than you need to. On two incidents the companies have exposed data of former customers/ people that are not customers at all. Now they have a bigger problem than just a data breach, from regulators and law enforcement.
Learn More
In the week between June 19, 2023, midnight and June 26, 2023, midnight we witnessed a total of:
- 10 advisory/vulnerability events
- 36 incident/data breach events
We also shared 1 practical knowledge items
Total impacted individuals via the events of the week
There were a total of 3,745,301 impacted individuals across 12 incidents, with the largest breach being the Genworth Financial impacted by MOVEit hack incident exposing 2,500,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.
Industry breakdown of incidents
| Industry | Number of incidents |
|---|---|
| healthcare | 10 |
| finance | 9 |
| government | 3 |
| education | 3 |
| food | 2 |
| logistics | 2 |
| retail | 1 |
| social media | 1 |
| transportation | 1 |
| energy, oil and gas | 1 |
| Information Technology | 1 |
| recruitment | 1 |
Read the Event Details of the Week
Knowledge
- awareness | Cybersecurity consequences - Western Digital disables Cloud service access for vulnerable WD devices
Vulnerabilities
- critical vulnerability | Asus Patches Critical WiFi Router Issues
- critical vulnerability | OT Vulnerabilities Identified in Schneider Electric ION and PowerLogic
- critical vulnerability | Two Critical WordPress Plugin Vulnerabilities expose Thousands of Sites
- critical vulnerability | Red Hat releases patch for OpenShift fixing numerous vulnerabilities
- critical vulnerability | Fortinet release fix for critical flaw in FortiNAC zero-trust product
- critical vulnerability | Zyxel issues second round of patches for the same critical vulnerability in NAS devices
- critical vulnerability | GCP ESPv2 open source proxy for GCP fixes a Critical API Authorization Bypass
- critical vulnerability | TP-Link AX21 Router vulnerability are exposed to being used as DDoS Botnet
- critical vulnerability | Apple releases IOS 16.5.1 and MacOS 13.4.1 to address critical and actively exploited vulnerabilities
- critical vulnerability | VMware releases patches for vCenter Server vulnerabilities that allow RCE and auth bypass
Incidents
- critical vulnerability | Medibank affected by MOVEit vulnerability
- data breach | NortonLifeLock impacted by MOVEit Vulnerability
- data breach | SoutheastHEALTH warns of data breach via a former vendor
- data breach | When hackers hack each other - BreachForums 4,000 members' data leaked
- data breach | D'Youville university reports data breach that may have exposed student information
- data breach | CoxHealth reports GoAnywhere related data breach impacting thousands of patients
- data breach | iOttie reports data breach and theft of credit cards through e-commerce site
- data breach | Dutch Pharmacy association reports data leak of newsletter recepients
- data breach | Kannact Digital Health reports data breach, 103K Impacted
- data breach | Canada Post reports data breach via third party
- data breach | Parker Wellbore reports Data Breach
- data breach | Data of Over 6000 people possibly exposed in Des Moines Public Schools breach
- data breach | National Australa Bank impacted by law firm cyber breach
- data breach | FirstBank Puerto Rico reports Data Breach
- data breach | Vermont health insurance customers exposed in data theft via GoAnywhere hack
- data breach | The Hatcher Agency reports Data Breach exposing 9500 Individuals data
- data breach | Umpqua Bank reports being exposed to the MOVEit vulnerability hack
- data breach | Mondelez - maker of Oreos reports data breach through compromise of a law firm
- data breach | University of Toledo Medical Center exposed in GoAnywhere
- data breach | Atlanta Women's Health Group reports Data Breach impacting 33,800 Patients
- data breach | Capital One Bank impacted by cyberattack on NCB Management
- data breach | Vincera Institute Reports Ransomware and Data Breach
- data breach | 45,000 NYC students affected by MOVEit caused vulnerability data breach
- data breach | Multiple Australian Government agencies impacted by HWL Ebsworth breach
- data breach | American Airlines and Southwest report third party data breach exposing pilots
- data breach | Genworth Financial reports Life-Insurance Data exposed inData Breach
- data breach | Harris Health System patient and staff exposed in MOVEit related data breach
- data breach | Tens of thousands impacted by "Perpetual" fund manager outage and incident
- data breach | Three Pennsylvania senior residences managed by SeniorChoice report data breach
- data breach | UPS exposed data of Canadian customers through online package look-up tools
- data breach | California Public Employees' Retirement System third-party data breach exposes 700,000
- ransomware | Genworth Financial impacted by MOVEit hack
- ransomware | PwC Australia faces another problem - MOVEit related data breach
- ransomware | Hackers leak data from City of Fort Worth over gender-affirming care ban
- ransomware | University of Hawaii Community College targeted by ransomware
- ransomware | Fayetteville, Arkansas grappling with massive cyberattack
