Biggest Data Breaches And Cyber Hacks of 2023 And 2024

Why Trust Techopedia

Every time you endlessly scroll down your social media feed, two cyberattacks will happen somewhere in the world, occurring at a rate of one attack every 39 seconds

Experts predict that data breaches will cost the global economy $9.5 trillion in 2024

Given that most of us will use the same email address for multiple online accounts, it’s unsurprising that a single email can be compromised in numerous data breaches. Collectively, these attacks contribute to an alarming total of 16.7 billion compromised accounts.

Global data breach statistics as of Jan. 30, 2024.
Global data breach statistics as of Jan. 30, 2024. Source: Surfshark

 

There are further compelling reasons why cybersecurity and protection measures, such as effective malware removal solutions, antivirus software, and the best server antiviruses, should be a primary concern and a priority for all businesses. 

We have already witnessed the “Mother of All Breaches” (MOAB) at the beginning of 2024. 

Here, we compiled a list of the biggest data breaches and cyber hacks that you need to be aware of.

Advertisements

10 Biggest Data Breaches And Top Cyber Attacks of the Last 12 Months

Name of the Breach What Happened? When?
Russian Web Hosting Data Leak Over 54 million user profiles were exposed, compromising sensitive data such as email addresses and phone numbers. February 22, 2024
Microsoft Azure Data Breach Accounts of hundreds of senior executives were compromised. The attack used phishing and cloud account takeovers. February 12, 2024
Bank of America Data Breach The data breach was traced to a cyberattack targeting Infosys McCamish Systems, compromising names, SSNs, and account details. February 6, 2024
Cyber Attack on the Russian Center for Space Hydrometeorology (Planeta) 2 petabytes of data were deleted, impacting over 50 state entities, including the Ministry of Defense of the Russian Federation and Roscosmos. January 26, 2024
Mother of All Breaches (MOAB) This massive data leak of over 26 billion records from various platforms emphasized the importance of cybersecurity globally. January 22, 2024
Trello Data Breach This security breach affected over 15 million users and involved the collection of email addresses and usernames. January 16, 2024
Indian Telecom Data Breach Data of 750 million users was compromised and sold on the dark web, highlighting significant security risks. January 14, 2024
Indian Council of Medical Research Data Breach Identification and passport details of 81.5 million citizens were exposed, underscoring challenges in data security. October 2023
23andMe Data Leak Unauthorized access affected 6.9 million user accounts, highlighting the dangers of sharing genetic information online. October 2023
MOVEit Data Breach The attack targeted over 62 million individuals and 2,000 organizations globally, costing an estimated $10 billion. May 2023

All Recent Cyber Security Breaches And Biggest Data Leaks in 2024

Over 54 Million Users Affected by Russian Web Hosting Data Leak

February 22, 2024

Uid.me, a website builder platform owned by the prominent Russian hosting provider uCoz, inadvertently exposed over 54 million user profiles due to a misconfiguration in its MongoDB database. 

This breach compromised a wide array of sensitive data, including email addresses, phone numbers, dates of birth, and password hashes, posing serious risks of identity theft, phishing, and other cybercrimes, as highlighted by cybersecurity expert Bob Diachenko.

The Data Breach Impacting Microsoft Azure and Executive Accounts

February 12, 2024

Microsoft Azure has also become a victim of a significant data breach. The cyber attack exposed the accounts of hundreds of senior executives to unauthorized access.

This breach has been linked to a sophisticated campaign that utilized phishing and cloud account takeovers to infiltrate Microsoft 365 and Office Home applications. 

Notably, this attack was facilitated by malicious links within documents, deceptively labeled “View Document,” which redirected users to phishing sites designed to harvest credentials.

A critical vulnerability was also identified in up to 97,000 Microsoft Exchange servers, potentially allowing privilege escalation through a zero-day exploit

Proofpoint researchers alerted The cybersecurity community to this ongoing threat and have meticulously tracked the campaign’s impact on Azure environments. 

Third-Party Threats: The Bank of America Data Breach

February 6, 2024

It has only recently come to light that Bank of America had exposed customer information after a third-party breach

The recent security breach has been traced to a cyberattack last year targeting Infosys McCamish Systems (IMS), an Infosys subsidiary.

The breach underscores the intricate web of vulnerabilities that financial institutions navigate, spotlighting the cascading risks that stem from interconnected service ecosystems.

On November 3, 2023, Infosys announced a breach that compromised critical systems and applications within IMS, which, following a thorough investigation, had implications for Bank of America customer data. 

This breach, officially characterized as an external system breach (hacking), compromised sensitive information, including names, social security numbers, and account details of 57,028 individuals.

In response, Bank of America initiated a communication campaign on February 6, 2024, alerting affected customers via letters about the breach and offering guidance on protective measures to secure their personal information

Data Breach Battles: The Role of Cyber Attacks in National Security Strategies

January 26, 2024

Pro-Ukrainian hackers, identified as the “BO Team,” targeted the Russian Center for Space Hydrometeorology, also known as “Planeta,” deleting 2 petabytes of critical data

This center, crucial for its space satellite data analysis and ground-based observations, supports various sectors, including military, civil aviation, and agriculture, under Roscosmos, Russia’s space agency.

The attack, which affected Planeta’s Far Eastern branch, destroyed 280 servers. This wiped out 2 petabytes (equivalent to 2000 terabytes) of data and significantly disrupted the center’s operations, impacting over 50 state entities, including the Ministry of Defense of the Russian Federation and several other state agencies. 

The Main Intelligence Directorate of Ukraine’s Ministry of Defense highlighted this operation as a devastating blow to the Russian research capabilities, emphasizing the escalating cyberwarfare between the nations.

As Sweden geared up to join NATO, its sole digital service provider for government services also fell victim to a ransomware attack by Russian hackers, disrupting operations across 120 government offices with expected continued disruptions for several weeks. 

These instances highlight an emerging trend around the strategic use of data breaches in global cyberwarfare.

The Mother of All Breaches (MOAB): 26 Billion Reasons to Rethink Security

January 22, 2024

2024 began with an unprecedented cybersecurity event called the “Mother of All Breaches” (MOAB). This massive data leak, encompassing 12 terabytes of information, included over 26 billion records organized across over 3,800 folders. Each folder signifies a distinct breach, painting a grim picture of cybersecurity’s current state.

MOAB wasn’t a result of a singular incident but rather a compilation of numerous data breaches, including data from major platforms like LinkedIn, Twitter, Weibo, Tencent, and Dropbox. 

This aggregation likely includes data collected over time by data enrichment companies, which merge various data sources to create more comprehensive profiles. 

While the presence of duplicates within this dataset is acknowledged, the leaked data’s breadth and sensitivity make it a goldmine for malicious actors

Originating from a mix of past breaches and potentially containing new, unrevealed data, MOAB highlights the critical importance of robust cybersecurity measures, including immediate password changes and adopting two-factor authentication to mitigate the risk of identity theft and fraud. 

Trello’s Turmoil: The Data Breach Impacting 15 Million Users

January 16, 2024

In January, Trello, a known project management site, made headlines for experiencing a major security breach affecting over 15 million users

This breach involved collecting data such as email addresses, names, and usernames using a method that took advantage of an accessible API. The stolen data was later sold on a hacking forum, sparking concerns about the privacy and security of Trello’s user community.

Under Atlassian’s umbrella, Trello is a tool in the business world for organizing tasks and overseeing projects using boards, cards, and lists. 

While Trello assured users that there was no entry into their systems, this incident sheds light on protecting user information from evolving cyber threats. It serves as a reminder of the importance of bolstering security protocols. It also raises awareness about the dangers of storing vast amounts of personal and professional data online.

750 Million Indian Telecom Users’ Data Sold Online

January 14, 2024

Cybersecurity firm CloudSEK revealed a massive breach compromised the data of 750 million telecom users in India, peddling the information on the dark web for $3,000. 

The breach involves a database of 1.8 terabytes and includes sensitive details such as names, mobile numbers, addresses, and Aadhaar numbers. 

This security lapse was identified by CloudSEK’s XVigil, a contextual AI digital risk platform, highlighting the activities of threat actors CyboDevil and UNIT8200, affiliates of CYBO CREW. 

Detected initially through a post by CyboDevil on an underground forum on January 23, 2024, and previously by UNIT8200 on Telegram on January 14, 2024, this incident marks a significant risk to individual and organizational security in India, underscoring the escalating challenges in cybersecurity.

Global Data Breaches and Cyber Attacks in 2023 and 2024
Global Data Breaches and Cyber Attacks in 2023 and 2024
Source: IT Governance

The Top 3 Biggest Data Breaches in 2023

In 2023, our newsfeeds quickly filled with breaking news about massive data breaches. 

T-Mobile faced multiple attacks throughout the year, affecting millions of customers through various vulnerabilities and system glitches. 

MGM Resorts suffered a ransomware attack in September, leading to considerable customer disruptions and financial losses despite not yielding to ransom demands. 

But here are the top 3 biggest cyber attacks and most significant data breaches of 2023.

Exposing 81.5 Million Citizens in India’s Largest Data Breach

October 2023

Amid the wave of data breaches in 2023, the Indian Council of Medical Research (ICMR) experienced a monumental cybersecurity failure, with a threat actor compromising the identification and passport details (including names, addresses, and phone numbers) of 81.5 million citizens of India. 

In addition to this vast exposure, personal and COVID-19 test details of 5 million individuals were also revealed, marking this event as a historic breach. 

This incident, characterized by selling 90GB of sensitive data for $80,000, underscores the critical challenges in safeguarding personal information. 

It highlights the urgency for comprehensive data security measures to address and mitigate the escalating threat landscape underscored by data breaches in 2023.

The 23andMe Data Leak Exposing 6.9 Million Accounts

October 2023

In one of 2023’s most famous leaks, genetics testing giant 23andMe disclosed unauthorized access affecting 6.9 million user accounts and pointed the finger of blame at its users, which predictably shocked nearly half of its customer base impacted by the data leaks.

It is one of the most high-profile recent data breaches due to stealing genetic information.

23AndMe finished 2023 as one of the top cybersecurity attacks and got people talking about the dangers of sharing your DNA online. 

It also underscores the growing threat of credential-stuffing attacks against users’ genetic ancestry and history. 

Experts warned users to adopt robust cybersecurity measures such as two-step verification and multifactor authentication to safeguard sensitive personal information.

The MOVEit Data Breach’s Toll on 62 Million Users and 2,000 Organizations

May 2023

One of the world’s biggest data breaches in terms of global impact was the MOVEit breach

The attack was orchestrated by the ransomware group CL0P (TA505) via a zero-day exploit and has had staggering repercussions, impacting over 62 million individuals and more than 2,000 organizations worldwide, culminating in an estimated total cost of $10 billion. 

Approximately 84% of these organizations are based in the U.S., and around 30% come from the financial sector. 

The MOVEit breach highlights not only the vulnerabilities in managed file transfer software but also its far-reaching effects, affecting a wide range of sectors, including government, finance, healthcare, and major corporations like Sony Interactive Entertainment and the BBC, underscoring the pervasive threat of cyberattacks in today’s interconnected digital ecosystem.

The Bottom Line

The last twelve months have been marked by unprecedented cyber threats, with the global economy facing a potential loss of $9.5 trillion due to cyberattacks. 

The alarming frequency of one attack every 39 seconds highlights the critical importance of cybersecurity in today’s interconnected world. 

From the “Mother of All Breaches” (MOAB) affecting billions of records to significant leaks at major organizations like 23andMe, Microsoft Azure, and the Indian Council of Medical Research, the year has underscored the vast vulnerabilities in digital data security. 

These breaches, affecting over 16.7 billion accounts, demonstrate the urgent need for robust cybersecurity measures, including two-step verification and multifactor authentication, to protect sensitive information against the growing threat of cybercrime.

FAQs

What is the biggest data breach in 2024 so far?

What was the biggest cybersecurity breach in 2023?

What is the most breached sector?

Advertisements

Related Reading

Related Terms

Advertisements
Neil C. Hughes
Senior Technology Writer
Neil C. Hughes
Senior Technology Writer

Neil is a freelance tech journalist with 20 years of experience in IT. He’s the host of the popular Tech Talks Daily Podcast, picking up a LinkedIn Top Voice for his influential insights in tech. Apart from Techopedia, his work can be found on INC, TNW, TechHQ, and Cybernews. Neil's favorite things in life range from wandering the tech conference show floors from Arizona to Armenia to enjoying a 5-day digital detox at Glastonbury Festival and supporting Derby County.  He believes technology works best when it brings people together.