IT Governance, the global provider of cyber risk and privacy management solutions, discovered that more than 146 million records were compromised in 87 publicly disclosed security incidents in July 2023.
These statistics show a 47% increase against July 2022 and a 920% increase from June 2023. Three of the biggest data breaches impacted Tigo, Indonesian Immigration Directorate General and Teachers Insurance and Annuity Association of America.
In July, reports surfaced about Tigo – one of Chinas most popular online messaging platforms experiencing a data leak affecting over 700,000 individuals.
The leaked information included names, usernames, genders, email addresses, IP addresses, user uploaded photos and private messages.
Alarmingly, more than 100 million records were compromised, as revealed by Have I Been Pwned. Troy Hunt, who runs the site, made the incident public after multiple unsuccessful attempts to contact Tigo about the breach.
Although the platform is widely used in China, Tigo has previously faced scrutiny over its data privacy practices. Concerns about its security were highlighted when users trying to download the app from Google Play were informed that information is not encrypted over a secure connection, potentially allowing unauthorised actors to intercept messages and spy on people’s conversations.
The second biggest breach of July affected more than 34 million Indonesians, who had their passport data leaked after a hacker gained unauthorised access to the country’s Immigration Directorate General at the Ministry of Law and Human Rights.
The cyber security researcher, Taguh Aprianto, revealed the incident on Twitter, linking the attack to a hacktivist named Bjorka. However, it’s unclear how this hack could be considered hacktivism, as it involved stealing vast amounts of personal data and listing it on the dark web for $10,000.
The stolen information includes full names, genders, passport numbers, dates of issue and expiry, as well as dates of birth.
Law enforcement is investigating the breach, which appears more like a traditional cyber attack than a politically motivated one.
July also saw TIAA – Teachers Insurance and Annuity Association of America – join the list of organisations impacted by the MOVEit vulnerability.
Speculation about its involvement started weeks earlier when two schools reported the non-profit organisation’s compromise. However, it was only on 14 July that the full extent of the incident came to light after TIAA notified the Maine Attorney General about the breach.
The organisation stated that its systems were compromised due to an attack on its vendor, Pension Benefit Information. As a result, the data of 2,630,717 consumers belonging to TIAA’s clients was compromised.
It remains unclear whether this number represents the total number of TIAA’s clients’ consumers or if it is a subset of those affected, as some clients have already reported the breach.
Here is a condensed list of the four categories that IT Governance outlines as part of its monthly data breaches analysis:
- Cyber attacks: Tigo, Indonesian Immigration Directorate General, Teachers Insurance and Annuity Association of America, Tacoma-Pierce County Health Department, Milliman Solutions, Lansing Community College, Murfreesboro Medical Clinic & SurgiCenter.
- Ransomware: Tampa General Hospital, Centers for Medicare and Medicaid, George County, Mississippi, Gates Corporation, Port of Nagoya, HCA Healthcare, Luigi Vanvitelli hospital, Panorama Eyecare, Kansas Medical Center, Highland Health Systems.
- Data breaches: 419 Dating – Chat & Flirt, DiscoverEU, Kings of Translation, VirusTotal, Canadian health services, Dunedin Hospital .
- Malicious insiders and miscellaneous incidents: City of Odessa.
Also Read: IAM for Remote and Mobile Access
Alan Calder, Founder and Executive Chairman of IT Governance, commented:
“The cyber landscape in July 2023 witnessed an alarming surge in security incidents.
“The Tigo data leak shows the need for improved data privacy procedures, especially in light of the platform’s popularity in China and earlier encryption-related concerns.
“The Indonesian Immigration Directorate General and TIAA should conduct thorough investigations into the breaches, to understand the extent of the damage and identify the vulnerabilities that allowed the attackers to gain unauthorised access.
“These incidents highlight the importance of rigorous security measures and swift incident response and serve as stark reminders of the ever-growing cyber threats.
“It’s crucial to adopt robust cyber defence measures, implement data protection best practices, and invest in continuous security training for employees.
“Proactive vigilance and adherence to international standards, like ISO 27001, are essential for safeguarding sensitive data and preserving customer trust.”