Yum! Brands – the parent company of famous fast food chains KFC and Taco Bell – revealed it was attacked by a cyber attack in April 2023. Someone found the first breach in January. Initially, Yum! Brands found that the attack only affected company data. But in April, the company notified restaurant employees and customers as an additional measure after discovering some employee data had also been exposed.
After this attack, Yum! Brands has closed almost 300 restaurants in the UK. The company also enhanced security measures, paid to notify employees and customers, and troubleshoot communications problems.
6. Data breach MCNA insurance
In May 2023, Managed Care of North America (MCNA) Insurance Company announced a data breach that occurred since the beginning of the year. A third party illegally accessed information from late February to early March 2023. The exposed data included specific internal systems, allowing hackers to delete personal information of nearly 9 million customers.
In particular, the incident revealed countless sensitive personal information of insurance customers. For example, hackers know their full name, date of birth and contact information such as address, phone number and email. Additionally, they may have accessed some customers’ Social Security numbers, driver’s license numbers, government-issued ID numbers, and health insurance information.
7. Attack on game publisher Activision
Game publisher Activision – the company behind the famous Call of Duty game – announced a data breach in February 2023. The breach occurred in December 2022, but it took Activision and an independent security research group several weeks of investigation to understand the extent of the breach.
Activision claims the breach was limited in scope and was handled quickly. However, a third-party security research group found hackers may have accessed sensitive employee information. The company’s 2023 game release schedule was also leaked.
Activision was attacked through SMS phishing messages. A bad actor sent a message to a human resources employee, containing a link to a phishing website. The perpetrators then gained access to employees’ emails, phone numbers, salary details and work locations.
8. Google Fi was affected by the T-Mobile breach
Google provides wireless phone services, including calls, texts, and data through its subsidiary Google Fi Wireless. However, Google itself does not manage or operate the wireless network. Instead, they use T-Mobile’s network infrastructure.
Google Fi customer phone numbers were exposed in the T-Mobile data breach in January 2023. Hackers are expected to use this information to launch further attacks, such as SMS phishing attacks.
This is proof of the severity of data breaches. A breach of one company can lead to a data breach of any partner working with the attacked party.
9. Nearly 6 million people were affected in the PharMerica breach
A report found that 5.8 million individuals were affected in the March 2023 data breach at PharMerica, one of the largest pharmaceutical service providers in the US. This is the most serious medical data breach reported in 2023.
The “Money Message” hacker group claimed they were behind the attack, gaining access to personal information of both living and deceased individuals. Exposed information included names, addresses, dates of birth, Social Security numbers, medications, and health insurance information.
10. Microsoft cloud email breach
Microsoft’s cloud email service was revealed in June 2023. The severity of the incident lies in the fact that many accounts belong to US government agencies. It is believed that the emails of Commerce Secretary Gina Raimondo and officials in the Commerce Department were affected. A total of 60,000 emails were stolen from 10 ministries, departments and branches in the breach.
The incident led to Senator Ron Wyden requesting a federal investigation to determine whether Microsoft’s lax security practices led to the attack. The Windows manufacturer also received a lot of criticism from experts in the field of security.
