Top Cyber Breaches of 2023

Cyber breaches were in the news a lot in 2023. In fact, 2023 was one of the most significant years on record for cybersecurity incidents. Even if you and your advisory business didn’t have a hack, you may have still felt an impact.

With everything from common office tools to telecom services, hotel check-ins and even cleaning supplies targeted by hackers, it turns out it’s still a fairly small world out there when it comes to cybersecurity.

Here’s a brief look back at some of the top cyber breaches of 2023, what we know about how they happened, how affected firms responded and what you can do to protect your own business from similar attacks.

T-Mobile Cyber Incidents

T-Mobile suffered four cyber incidents in 2023. The first occurred in January, involving an API vulnerability and leading to a massive theft of records from 37 million customers. A second such incident compromised a further 836 customers’ data in February. April saw another major breach, where nearly 90GB of personal employee data from a retailer owned by T-Mobile was stolen and then exposed on the dark web. A fourth September incident affected about another 100 T-Mobile accounts when a system glitch briefly showed account information to the wrong customers. The 2023 incidents come closely on the heels of a 2021 breach affecting 47 million customers. That incident resulted in class-action litigation and a settlement of $500 million.

U.S. Marshals Service Hack

In February, the U.S. Marshals Service announced it was hit with a serious ransomware attack. The target was a special computer network used by the Marshals’ internal Technical Operations Group to track suspected criminals through cellphone, email and web data. The organization said it had refused to respond to ransom demands and shut down the system. The report said the identification of the breach and system shutdown left some Marshals still in the field without phone and email access. The system was reported to still be down several months after the breach was first announced.

LastPass Cloud Storage Theft

In March, the LastPass password manager software company announced the discovery of a breach that began in August 2022. The hackers had gained access to company’s corporate cloud storage vault by targeting a specific LastPass technical employee with high-level system access. After finding a vulnerability in the employee’s personal device, a keylogger was used to discover his master password, access the company’s system and steal company secrets. LastPass said the hack was related to a previous incident a month earlier that allowed the hackers to know which employees and systems to target. While its corporate secrets were compromised, the company said it did not believe customer data was directly impacted.

Congressional Health Portal Breach

Also in March, DC Health Link, a health insurance marketplace, announced a significant breach of its customers’ personal data. The breach was significant because it was the exchange used by Congress. About 11,000 out of 100,000 participants were said to work in various roles for the House and Senate. The company was alerted to the breach by the FBI, which said it was able to purchase stolen data, including social security numbers, phone numbers, addresses, emails and employer names, on the dark web. The origin of the breach was not reported. For remediation, the company has offered identity theft and credit monitoring services to those affected.

MOVEit File Transfer Hack

In May, Progress Software’s MOVEit, a widely used tool for transferring files, was targeted by hackers. The hackers found a zero-day exploit in the software that allowed access to the files of anyone who used it. As many as 2,600 organizations and the data of 77 million individuals may have been affected. Businesses, governments and institutions were targeted, including Sony, the State of Maine and the U.S. Department of Justice. The hackers were able to steal whatever data an organization organized with the tool, including personal identifiable information, financial details and emails. While the software makers quickly issued a security patch at the end of May, many unpatched organizations continued to experience breaches months later.

Clorox Business Interruption Attack

In August, the cleaning products manufacturer Clorox faced a cyber attack that led to a serious business disruption. Many of the company’s automated IT systems were taken offline, including sales systems that large retailers, including Target and Walmart, used to order its products. Because of a new law requiring public companies to report certain cyber incidents to the SEC, many details of the fallout are known. Clorox reported an overnight stock price decline of 2% when the incident was announced, as well as a 20% quarterly net sales decline of $356 million due to the disruption the event caused.

MGM Resorts Hack

In September, MGM Resorts was hit with a social engineering hack that took down its computer systems at multiple hotels and casinos across the Las Vegas Strip. The company was forced to manually check in guests with physical keys and issue handwritten receipts for casino winnings, taking nearly 10 days for things to get back to normal. The problem started with a vishing attack — a convincing phone call that allows hackers to gain access to a company’s computer system by trickery. MGM told the SEC that customer data was also stolen. It said it expects losses of about $100 million, plus up to $10 million in cyber incident remediation costs.

Okta Data Breach

In October, Okta, an enterprise cybersecurity firm, announced that it had experienced a data breach that allowed hackers to access client files through a help ticket system. The company provides single sign-on and other identity management solutions to more than 18,000 businesses, including many household names. With the exposure of their contacts’ full names and email addresses, the company said its clients were at increased risk of future social engineering attempts. The breach hit the company’s finances hard, wiping out more than $2 billion in market valuation.

23andMe Data Breach

Also in October, the DNA testing firm 23andMe was targeted by hackers with a successful credential stuffing campaign. Using a cache of previously compromised passwords, hackers were able to access over 14,000 customer accounts, then use those accounts to access sensitive data on a further 6.9 million users using 23andMe’s Family Tree and DNA Relatives features. The hackers offered the data for sale in bulk on the dark web for as little as $1 per record. The company notified the affected customers and increased data security with two-factor authentication and other protections.

How to Protect Against Cyber Breaches

Cyber breaches are a risk for every business, including advisors. Hackers can target any industry, hunting for vulnerabilities in common software programs and looking for ways to trick your employees. Plus, clients and customers of companies that are hacked also face risks from second-order exposures.

Insurance is available to help protect you from the high stakes risks that can come with a cyber breach. Coverage from Lockton Affinity’s CyberLock Defense leads the industry in its protection.

CyberLock Defense is tailored to suit the particular risks of your industry and provides broad coverage and flexible limits for cybercrime, cyber theft, social engineering, fraudulent funds transfer and other risks.

When you choose Lockton Affinity Advisor for your insurance, you have access to CyberLock Defense cyber liability coverage tailored to the needs of financial professionals. Visit us online or call (844) 406-5958 to learn more.