What events occurred during the week of August 21-28, 2023?

During that week, there were 5 advisory/vulnerability events, 30 incident/data breach events, and 3 practical knowledge items shared.

How does week 34 compare to week 33?

Week 34 showed a decline in advisories and incidents, with 4 fewer critical vulnerabilities and 3 fewer incidents. The number of impacted individuals from data breaches in week 34 exceeded 13 million, a significant increase from the 3 million range in week 33.

How many individuals were impacted by events during the week?

A total of 13,021,640 individuals were impacted across 11 incidents. The largest breach involved the French government unemployment aid agency, exposing 10 million individuals. Since not all incidents reported the number of impacted individuals, the actual number is likely higher.

What were the causes of the incidents?

The incidents were caused by various factors, including third-party breaches, ransomware attacks, unpatched software vulnerabilities, GPS metadata exposure, configuration errors, offboarding errors, live data in test systems, design flaws, and unauthorized employee access.

What industries were affected by the incidents?

The incidents affected multiple industries, including Government, IT/Software/Technology, Finance, Healthcare, Education, Manufacturing, Other, Utilities, Insurance, and Sales/Marketing.

What notable knowledge was shared?

Notable knowledge items included warnings about vulnerabilities in Barracuda ESG appliances, active attacks on ColdFusion vulnerabilities, and criminals using WinRAR vulnerabilities for monetary theft.

What critical vulnerabilities were reported?

Several critical vulnerabilities were reported, including vulnerabilities in Openfire servers, DeFI Exchange Balancer, Ivanti Sentry, Rockwell ThinManager, and Jupiter X Core WordPress plugin.

What incidents of data breaches occurred?

There were multiple incidents of data breaches, involving organizations like the French government unemployment aid agency, Lendinvest, Duolingo, Metropolitan Police, Indian ed-tech Byju, M&T Bank, Florida Second Judicial Circuit, University of Minnesota, New York Life, AMEX, Milan Eye Center, Pareto Phone Telemarketer, FTX crypto exchange, Lanett EMS, Helsinki and Uusimaa Hospital District, MidFirst Bank, WebDetetive, Alexander County Emergency Medical Services, National Grid, Illinois Department of Public Health, Moovit, Christie's auction house, CloudNordic, St Helens Council, Kansai Nerolac, Singing River Health System, South Africa Department of Defence, Seiko, and Leaseweb.

Were there any ransomware attacks?

Yes, there were several ransomware attacks reported on organizations like CloudNordic, St Helens Council, Kansai Nerolac, Singing River Health System, South Africa Department of Defence, Seiko, and Leaseweb.

Knowledge

State of (in)security - Week 34, 2023

published: Aug. 28, 2023

Take action: If you are developing APIs, enforce authentication for the API, limit the number of requests and carefully check which request content you accept and which data is being returned in the API. And test environments are NEVER as secure as production environments, simply because everyone is testing. Hence, test environments are a very bad place for live customer data.

Learn More

In the week between Aug. 21, 2023, midnight and Aug. 28, 2023, midnight we witnessed a total of:

5 advisory/vulnerability events
30 incident/data breach events

We also shared 3 practical knowledge items

Week over Week comparison of week 34 vs week 33 is (mostly) an improvement:

Total impacted individuals via the events of the week

There were a total of 13,021,640 impacted individuals across 11 incidents, with the largest breach being the French government unemployment aid agency reports Data breach, exposes 10 million individuals incident exposing 10,000,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.

Cause breakdown of incidents

Cause	Number of incidents
third party breach	9
ransomware	6
unpatched software vulnerability	2
GPS metadata not scrubbed from public access content	1
DB config error, exposed w/o password	1
offboarding error	1
live data in exposed test system	1
design flaw - API exposing too much data	1
employee unauthorized access	1

Industry breakdown of incidents

Industry	Number of incidents
Government	6
IT/Software/Technology	5
Finance	5
Healthcare	5
Education	2
Manufacturing	2
Other	2
Utilities	1
Insurance	1
Sales/Marketing	1

Read the Event Details of the Week

Knowledge

live exploit | FBI warns that Barracuda ESG appliances should be removed from use immediately.
active exploit | ColdFusion Vulnerability Actively Attacked
monetary theft | Criminals use WinRAR vulnerability for theft of funds from broker accounts

Vulnerabilities

critical vulnerability | Openfire servers still vulnerable to system takover attacks
critical vulnerability | DeFI Exchange Balancer reports Critical Vulnerability, asks users to withdraw funds from vulnerable pools
critical vulnerability | Ivanti reports critical vulnerability in Sentry, actively exploited by attackers
critical vulnerability | Rockwell ThinManager Critical Vulnerabilities expose Industrial Interfaces
critical vulnerability | Jupiter X Core WordPress plugin site hijacking vulnerability

Incidents

data breach | French government unemployment aid agency reports Data breach, exposes 10 million individuals
data breach | Lendinvest reports data breach, customer data exposed
data breach | Scraped duolingo user data sold again on a new hacking forum
data breach | Metropolitan Police personnel names and photos stolen by hackers
data breach | Indian ed-tech Byju reports Data Breach
data breach | M&T Bank reports Data Breach
data breach | Florida Second Judicial Circuit reports security incident, Gadsden County court records compromised
data breach | University of Minnesota reports data breach
data breach | New York Life reports MOVEit related data breach
data breach | AMEX reports data leak of their APAC employee data
data breach | Georgia based Milan Eye Center reports data breach
data breach | Pareto Phone Telemarketer breached, info of thousands of donors to Australian charities leaked
data breach | FTX crypto exchange reports data breach caused by their bankruptcy claims agent Kroll
data breach | Lanett, Alabama EMS patients potentially impacted by MOVEit related Data breach
data breach | Helsinki and Uusimaa Hospital District reports data breach by former employee
data breach | MidFirst Bank reports data breach impacting users
data breach | Mobile spyware company WebDetetive hacked, user data stolen, victim data deleted
data breach | Alexander County Emergency Medical Services report MOVEit related data breach
data breach | National Grid reports MOVEit related data breach of Massachusetts customers
data breach | Illinois Department of Public Health reports data breach exposing 126k individuals
data leak | Mobility app Moovit vulnerabe, exposes user data and enables free rides
data leak | Christie's auction house data breach exposes precise GPS Coordinates of Artworks
data loss | CloudNordic reports ransomware attack, loses all customer data
ransomware | St Helens Council reports ransomware attack
ransomware | Kansai Nerolac impacted by ransomware
ransomware | Singing River Health System in Mississippi shuts down systems after cyberattack
ransomware | South Africa Department of Defence impacted by ransomware, over 1 Terabytes of data stolen
ransomware | Seiko reports data breack, attacked by BlackCat ransomware group
ransomware | Leaseweb cloud/hosting provider shuts down critical systems after a cybersecurity attack
ransomware | Ohio History Connection reports ransomware attack

Read More
State of (in)security - Week 38, 2023
State of (in)security - Week 16, 2024
State of (in)security - Week 13, 2025
State of (in)security - Week 48, 2023
State of (in)security - Week 18, 2025