Company Data Breaches: Over 340 million accounts compromised in four months

Exclusive new research by the Independent Advisor shows that over 340 million people have been affected by business data breaches already in the first four months of 2023.

The biggest breach to have happened this year is Twitter at the start of the year, impacting 235 million user accounts.

The figures come from a new Company Data Breach Tracker launched by the Independent Advisor, a regularly updated, month-by-month timeline of the latest company data breaches and hacks happening in 2023.

The causes of the breaches have also been highlighted with threat actors being the largest at 289,700,000. The next largest cause is hacking at 32,303,580, followed by third-party data exposure at 11,354,000, and then human error at 382,466.

Lead writer and researcher Camille Dubuis-Welch states:

“Like it or not, cybercrime is prolific. With an estimated 8,000 cyberattacks per year, staying secure online simply can’t be assumed or left as an afterthought. It’s clear that cybercriminals are getting increasingly creative, that anyone can be targeted and that there is still a lot to learn around prevention and recovery.

“While not all cases of a data breach lead to fraud or identity theft, compromised data is still an expensive business for companies and the repercussions stretch further to impact consumer trust and brand reputation, not to mention the mental and financial health of anyone directly involved.”

The three largest company breaches of 2023 so far are:

Company: Twitter
Attack type: Data leak (threat actor)
Affected: 235 million
Description: The largest attack of 2023 so far was on social media platform Twitter at the very start of the year. 235 million Twitter users and their associated email addresses were leaked to an online hacking forum, selling for around $2.
Company: T-Mobile
Attack type: Bad actor, hack
Affected/data leaked: 37 million
Description: The next largest was on mobile telecomm company T-Mobile, with the hacker gaining access to customer data from 37 million accounts, including names, birth dates, and phone numbers
Company: TruthFinder and Instant Checkmate
Attack type: Cyberattack
Affected: 20.22 million
Description: The third was PeopleConnect-owned background check services TruthFinder and Instant Checkmate. Hackers leaked a 2019 backup database containing information of 20.22 million users including their PII, encrypted passwords and expired or inactive password reset tokens.

May 19, 2023Chris Price

For latest tech stories go to TechDigest.tv

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__atuvc	1 year 1 month	AddThis sets this cookie to ensure that the updated count is seen when one shares a page and returns to it before the share count cache is updated.
__atuvs	30 minutes	AddThis sets this cookie to ensure that the updated count is seen when one shares a page and returns to it before the share count cache is updated.

Cookie	Duration	Description
at-rand	never	AddThis sets this cookie to track page visits, sources of traffic and share counts.
disqus_unique	1 year	Set to record internal statistics for anonymous visitors.
uvc	1 year 1 month	addthis.com sets this cookie to determine the usage of addthis.com service.
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_gat_gtag_UA_*	1 minute	Google Analytics sets this cookie to store a unique user ID.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
__gads	1 year 24 days	Google sets this cookie under the DoubleClick domain, tracks the number of times users see an advert, measures the campaign's success, and calculates its revenue. This cookie can only be read from the domain they are currently on and will not track any data while they are browsing other sites.

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies store information about how the user uses the website to present them with relevant ads according to the user profile.
loc	1 year 1 month	AddThis sets this geolocation cookie to help understand the location of users who share the information.
skimGUID	10 years	Set by Slimlinks, this cookie is a unique identifier provided to each device for log analysis to determine the number of unique users for various parts of skimresources.com.
test_cookie	15 minutes	doubleclick.net sets this cookie to determine if the user's browser supports cookies.
_ir	session	This is a Pinterest cookie that collects information on visitor behaviour on multiple websites. This information is used on the website, in order to optimize the relevance of advertisement.
__gpi	1 year 24 days	Google Ads Service uses this cookie to collect information about from multiple websites for retargeting ads.

Cookie	Duration	Description
wp_api	past	Description is currently not available.
wp_api_sec	past	Description is currently not available.
xtc	1 year 1 month	Description is currently not available.

The three largest company breaches of 2023 so far are:

Share this:

Like this: