1.T-Mobile Faces Second Data Breach in 2023
In May 2023, T-Mobile disclosed its second data breach of the year, exposing the personal information of over 800 customers. This incident marked the ninth breach since 2018, indicating a recurring issue. In January 2023, T-Mobile identified another breach where sensitive details, including names, emails, and birthdays, were stolen from approximately 37 million customers. The company promptly contained the breach within a day after its detection.
T-Mobile anticipates incurring substantial expenses due to this breach, which adds to the $350 million settlement related to an earlier breach in August 2021. These repeated security failures have not only resulted in significant financial losses for T-Mobile but have also eroded customer trust.
2.Yum Brands Addresses Cyber Attack on Employee Data
In April 2023, Yum Brands, the parent company of renowned fast food chains KFC, Taco Bell, and Pizza Hut, revealed a cyber attack that occurred in January of the same year. Initially believed to primarily affect corporate data, Yum Brands adopted a cautious approach and started notifying employees whose personal information might have been compromised.
According to a statement provided to Electric, a Yum! a representative stated that during the forensic review and investigation, it was discovered that some employees’ personal information had been exposed. As a precautionary measure, the company is issuing individual notifications, offering complimentary monitoring and protection services. They have confirmed that no customer information was impacted.
This attack forced the closure of nearly 300 UK locations in January, incurring expenses for implementing enhanced security measures, customer notifications, and managing the impact on the brand’s reputation. This incident highlights the significant financial burden that data breaches pose to large companies in 2023.
3.ChatGPT Acknowledges Data Breach and Addresses User Privacy Concerns
In March 2023, ChatGPT, the AI language model developed by OpenAI, faced a data breach, causing concern among users and the public. OpenAI officials revealed that, before temporarily taking ChatGPT offline, certain users had access to limited personal information of another active user, including names, email addresses, payment addresses, and the last four digits of credit card numbers (without full numbers exposed). OpenAI promptly responded by notifying affected users, verifying their emails, and implementing additional security measures.
This incident further fuels scepticism surrounding ChatGPT and AI technology in general, eroding trust among many Americans. OpenAI’s swift response and remedial actions aim to restore user confidence and strengthen data protection protocols.
4.Chick-fil-A Enhances Security Measures Following Mobile App Breach
Chick-fil-A, a popular fast-food chain, confirmed a data breach involving its mobile app, resulting in the exposure of customers’ personal information. Unusual login activity prompted an investigation, which revealed a cyber attack occurring within the first few months of 2023. The attacker gained unauthorised access to the system using email addresses and passwords obtained from a third party, compromising membership numbers, names, emails, addresses, and more.
Although less than 2% of customer data was breached, Chick-fil-A promptly took action to prevent future attacks. The restaurant announced plans to bolster online security measures and monitoring. Additionally, they committed to reimbursing affected accounts. Customers can take steps to secure their accounts and request reimbursement for any unauthorised transactions.
Overall, these recent data breaches underscore the importance of customer privacy and the need for robust security measures to safeguard sensitive information.
5.Activision: February 2023
In February 2023, Activision, the renowned video game publisher responsible for the Call of Duty franchise, made an official announcement confirming a data breach that occurred back in December. The breach was the result of a hacker utilising an SMS phishing attack on an HR employee, successfully gaining unauthorised access to sensitive employee data, including emails, cell phone numbers, salaries, and work locations.
Activision maintains that they swiftly addressed the breach and concluded that the extent of the compromised data did not warrant immediate notification to their employees. However, an investigation conducted by a security research group revealed that the hacker also managed to obtain the gaming company’s 2023 release schedule, in addition to the sensitive employee information. Under California law, if a data breach affects 500 or more employees, the company is required to notify the affected individuals. The repercussions of Activision’s delay in notifying their employees remain uncertain, potentially leading to legal and financial ramifications.
6.Google Fi: February 2023
In February 2023, Google Fi, a prominent mobile virtual network operator, experienced a significant data breach. This breach was a direct consequence of the earlier T-Mobile data breach discussed below. As Google Fi relies on T-Mobile’s network infrastructure, they were inevitably impacted by the extensive breach, resulting in the compromise of their customers’ phone numbers.
While phone numbers may seem relatively innocuous, cybercriminals can exploit this information for various malicious purposes, including phishing attacks designed to deceive users into revealing further personal information. If you are a Google Fi user, exercising extra caution when encountering suspicious messages throughout 2023 is strongly advised.
7.MailChimp: January 2023
In January 2023, MailChimp, the well-known email marketing platform, notified its customers of a data breach that occurred as a result of a social engineering attack. This attack allowed unauthorised users to gain access to an internal customer support tool, compromising employee information and credentials.
MailChimp promptly identified and suspended the compromised accounts, and they have stated that an ongoing investigation is underway to further enhance platform security. According to Bleeping Computer, MailChimp stated, “Our investigation into the matter is ongoing, and includes identifying measures to further protect our platform.” This marks MailChimp’s first data breach in 2023, although they previously experienced breaches in April and August of 2022. It is imperative to understand how to respond to a data breach in order to prevent recurring instances of information compromise, as MailChimp has now realised.
8.Norton Life Lock: January 2023
In mid-January 2023, Norton LifeLock, a leading provider of cybersecurity solutions, sent notifications to its customers regarding a recent data breach. Over 6,000 customer accounts had been compromised in the preceding weeks due to a “stuffing” attack. Stuffing attacks occur when previously compromised passwords are employed to gain unauthorised access to accounts that share passwords, highlighting the significance of implementing multi-factor authentication.
Gen Digital, the parent company of Norton LifeLock, issued the notices to potentially affected accounts and advised customers to change their passwords and enable two-factor authentication as a precautionary measure.
Interested in pursuing an IT career?
Here at IT Career Swap We help you learn, master and then secure your dream career within IT. Claim a FREE TRIAL of the new ITCS 2.0 online learning platform, with access to over 600 IT related courses with 1,900+ modules.