Company Data Breaches: Over 340 million accounts compromised in four months
Exclusive new research by the Independent Advisor shows that over 340 million people have been affected by business data breaches already in the first four months of 2023.
The biggest breach to have happened this year is Twitter at the start of the year, impacting 235 million user accounts.
The figures come from a new Company Data Breach Tracker launched by the Independent Advisor, a regularly updated, month-by-month timeline of the latest company data breaches and hacks happening in 2023.
The causes of the breaches have also been highlighted with threat actors being the largest at 289,700,000. The next largest cause is hacking at 32,303,580, followed by third-party data exposure at 11,354,000, and then human error at 382,466.
Lead writer and researcher Camille Dubuis-Welch states:
“Like it or not, cybercrime is prolific. With an estimated 8,000 cyberattacks per year, staying secure online simply can’t be assumed or left as an afterthought. It’s clear that cybercriminals are getting increasingly creative, that anyone can be targeted and that there is still a lot to learn around prevention and recovery.
“While not all cases of a data breach lead to fraud or identity theft, compromised data is still an expensive business for companies and the repercussions stretch further to impact consumer trust and brand reputation, not to mention the mental and financial health of anyone directly involved.”
The three largest company breaches of 2023 so far are:
- Company: Twitter
Attack type: Data leak (threat actor)
Affected: 235 million
Description: The largest attack of 2023 so far was on social media platform Twitter at the very start of the year. 235 million Twitter users and their associated email addresses were leaked to an online hacking forum, selling for around $2.
- Company: T-Mobile
Attack type: Bad actor, hack
Affected/data leaked: 37 million
Description: The next largest was on mobile telecomm company T-Mobile, with the hacker gaining access to customer data from 37 million accounts, including names, birth dates, and phone numbers
- Company: TruthFinder and Instant Checkmate
Attack type: Cyberattack
Affected: 20.22 million
Description: The third was PeopleConnect-owned background check services TruthFinder and Instant Checkmate. Hackers leaked a 2019 backup database containing information of 20.22 million users including their PII, encrypted passwords and expired or inactive password reset tokens.