How many advisory and vulnerability events were reported between November 20 and November 27, 2023?

Between November 20 and November 27, 2023, there were 2 advisory/vulnerability events reported.

What was the total number of incident/data breach events reported in the same period?

There were a total of 27 incident/data breach events reported between November 20 and November 27, 2023.

What was the week over week comparison of cyber security events?

Comparing week 47 to week 46, there was a significant reduction in advisories from 10 to 2, a slight reduction in incidents from 30 to 27, but an increase in the number of known impacted individuals from data breaches, rising from 2.7 million to 10.5 million.

How many individuals were impacted by data breaches during this week?

A total of 10,517,314 individuals were impacted across 9 incidents, with the largest breach being from Welltok's MOVEit data breach, exposing 8,493,379 individuals.

What were the main causes of the incidents reported?

The main causes of the incidents were ransomware with 10 occurrences, third party breach with 3, and unpatched software vulnerability with 1 incident.

Which industries experienced the most incidents?

The industries with the most incidents were Healthcare with 10, IT/Software/Technology with 3, followed by Finance, Government, Consulting/Professional Services, and others with fewer incidents.

Knowledge

State of (in)security - Week 47, 2023

published: Nov. 27, 2023

Take action: Keep your legacy infrastructure in mind - all the systems and pieces of software that are no longer supported by the vendors. Plan to replace such infrastructure quickly after end of support. Such infrastructure is quite likely to carry vulnerabilities and it's no longer going to be patched by the vendor. Even if it's still operating well, that infrastructure makes you an easy target for attack.

Learn More

In the week between Nov. 20, 2023, midnight and Nov. 27, 2023, midnight we witnessed a total of:

2 advisory/vulnerability events
27 incident/data breach events

Week over Week comparison of week 47 vs week 46 is an improvement in events and vulnerabilities but is worse in exposed individuals:

We also shared 1 practical knowledge items

Total impacted individuals via the events of the week

There were a total of 10,517,314 impacted individuals across 9 incidents, with the largest breach being the Welltok confirms MOVEit data breach after multiple customers report them as source of incident incident exposing 8,493,379 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.

Cause breakdown of incidents

Cause	Number of incidents
ransomware	10
third party breach	3
unpatched software vulnerability	1

Industry breakdown of incidents

Industry	Number of incidents
Healthcare	10
IT/Software/Technology	3
Finance	2
Government	2
Consulting/Professional Services	2
Pharmaceuticals	1
Telecommunications	1
Automotive	1
Transport/Logistics	1
Aviation	1
Defence	1
Hospitality/Events	1
Insurance	1

Read the Event Details of the Week

Knowledge

active attack | Sophos Web Appliance flaw activelly exploited by hacker teams in the wild

Vulnerabilities

critical vulnerability | ownCloud file sharing self-hosted platform reports critical bugs
critical vulnerability | WordPress Kirotech UserPro plugin multiple vulnerabilities, two critical

Incidents

data breach | U.S. Drug Mart Files pharmacy reports data breach exposing customer SSNs
data breach | Spanish Civil Guard reports Vodafone data breach
data breach | NSC Technologies reports data breach impacting over 48k individuals
data breach | Pennsylvania Warren General Hospital hospital reports data breach, exposes 169k individuals
data breach | Precisely Software reports data breach exposing unknown number of SSNs
data breach | Israeli cybersecurity firm Radware hacked and customer data leaked
data breach | Gulf Air reports data breach, critical systems unaffected
data breach | Taj Hotel Group reports data breach, exposing data of 1.5 million guests
data breach | Stratford District Council reports data breach of residents' emails
data breach | Hackers claim attack on South Africa credit agencies, demand ransom
data breach | IT provider CTS impacted by cyberattack, exposes UK law firms to risk
data breach | Welltok confirms MOVEit data breach after multiple customers report them as source of incident
data breach | Wyoming County Community Health System reports Data Breach, exposes 24k people
data breach | Idaho National Laboratory reports data breach, exposes employee data
data breach | Portneuf Medical Center impacted by cyber attack, diverts emergency patients
data breach | Fidelity National Financial impacted by cyber attack, shuts down systems
data breach | General Electric investigating potential data breach
data breach | AutoZone reports MOVEit related data breach, exposing almost 185k customers
ransomware | UT Health East Texas stops emergency room services, suspected cyberattack
ransomware | NYC Bar Association confirms data of 27k members exposed after cyberattack
ransomware | Mission Community Hospital reports ransomware attack, data breach
ransomware | Hunters International cybercrime gang claims data breach of Crystal Lake Health Centers
ransomware | Welsh logistic Owens Group impacted by LockBit ransomware, data stolen
ransomware | Direct debit processor London & Zurich targeted by ransomware, causing payment backlog
ransomware | UK Spy agencies investigate potential data breach in King Edward VII’s Hospital
ransomware | NoEscape group claims responsibility for hacking Granger Medical Clinic, leaks alleged data
ransomware | Vanderbilt University Medical Center impacted by cybersecurity incident

Read More
Payouts King Ransomware Uses QEMU Virtual Machines to …
State of (in)security - Week 25, 2025
Snowflake attack research - data breaches are related …
State of (in)security - Week 46, 2024
State of (in)security - Week 2, 2025