Date: July 26, 2023
In a major blow to data security, the month of June 2023 witnessed a surge in cyber-attacks and data breaches, affecting businesses and individuals worldwide. A comprehensive analysis of recent data breaches reveals that 79 security incidents occurred in June 2023, compromising a staggering 14,353,113 records. This marks a worrying trend, with a total of 607 data breaches reported in 2023, impacting a massive 466,078,044 records.
Oregon and Louisiana Departments of Motor Vehicles Fall Victim: Among the most notable cyber attacks in June, the US states of Oregon and Louisiana reported that their departments of motor vehicles (DMVs) were targeted as part of a cyber attack exploiting the MOVEit software vulnerability. Louisiana’s Office of Motor Vehicles (OMV) disclosed that at least six million records, including driver’s license information, were stolen, while the Oregon DMV reported approximately 3.5 million compromised driver’s license and identity card details. The breach exposed sensitive information, such as names, addresses, birthdates, Social Security numbers, vehicle registration numbers, and handicap placard information.
Malware Infects Millions of Android Apps: In a separate incident, cyber security company CloudSEK discovered that more than 30 million downloads of Android apps were infected with the SpinOk malware. The malicious apps, available on the Google Play store, posed as legitimate software development kits (SDKs) and targeted those interested in making mini-games with daily rewards. Once infected, SpinOk could steal payment card details, login credentials, and even hijack payments to cryptocurrency wallets. The malware also gained access to victim’s data, including files, videos, and images, potentially leading to identity theft and financial loss.
US Faces a Menacing Cyber-Espionage Campaign: Additionally, the US issued a warning about a massive cyber-espionage campaign targeting critical infrastructure. Microsoft analysts identified a group named Volt Typhoon, which was exploiting vulnerabilities in the FortiGuard cybersecurity platform. This group posed a threat to US-Asia communications infrastructure and had the potential to launch cyberattacks against oil and gas pipelines and rail systems.
British Companies Hit by Outsourcing Supplier Cyberattacks: In the UK, significant companies such as the BBC and British Airways fell victim to cyberattacks after data breaches at their outsourcing suppliers. A Russian-speaking criminal gang exploited a weakness in MOVEit file-transfer software, exposing staff data and highlighting vulnerabilities in various software supply chains. The attacks underscored the growing threat of ransomware, with security vulnerabilities being the leading cause of such attacks. Several other major UK companies, including Marks and Spencer, Diageo, and Unilever, also experienced cyberattacks on outsourcing firm Capita, resulting in data breaches and potential risks to sensitive information.
The surge in cyber attacks and data breaches in June 2023 has raised concerns about the need for stronger cybersecurity measures across various sectors. Organizations and individuals must remain vigilant, employ robust security protocols, and stay informed to protect themselves from cyber threats in an increasingly interconnected world.
