Some of the recent high profile cyber attacks that all freshers should know about are:
Cyber Attack: MOVEit
Date: June 2023
Description: The mass hack of file transfer tool, MOVEit, has impacted more than 200 organizations and up to 17.5million individuals as of July 2023. Multiple federal agencies are among those affected, including the Department of Energy, Department of Agriculture, and Department of Health and Human Services. It’s believed the majority of schools across the U.S have also been targeted by the hack. While MOVEit patched the flaw once identified, hackers had already gained access to hordes of sensitive data. Clop, a Russia-linked ransomware group, claims responsibility for the breaches, and has threatened to publish stolen information on the dark web.
Cyber Attack: T-Mobile
Date: May 2023 (and January 2023)
Description: It was announced in May that T-Mobile suffered its second data breach of 2023, after a hack revealed the PINs, full names, and phone numbers of over 800 customers. This is the company’s ninth data breach since 2018 and second this year. In early January 2023, T-Mobile discovered that a malicious actor gained access to their systems last November and stole personal information – including names, emails, and birthdays – from over 37 million customers. Once they identified the data breach, they were able to track down the source and contain it within a day.
Cyber Attack: Yum! Brands (KFC, Taco Bell, & Pizza Hut)
Date: April 2023
Description: Yum! Brands, the parent company of popular fast food chains KFC, Taco Bell, and Pizza Hut, announced in April of 2023 that a cyber attack had occurred in January. They initially believed the attack only directly affected corporate data, however they are now being cautious and notifying employees who may have had their personal data breached. The attack resulted in the company closing down almost 300 locations in the UK back in January, and has continued to cost the company money in adding security measures, alerting customers, and brand perception.
Cyber Attack: ChatGPT
Date: March 2023
Description: ChatGPT has been subject to public discourse because of its revolutionary AI capabilities, but the company faced a setback in late March when they announced a data breach. Officials from OpenAI, ChatGPT’s parent company, said: “In the hours before we took ChatGPT offline on Monday, it was possible for some users to see another active user’s first and last name, email address, payment address, the last four digits (only) of a credit card number, and credit card expiration date. Full credit card numbers were not exposed at any time” (via CMSWire). The company is handling the aftermath by notifying impacted users, confirming their emails, and adding additional security measures. Many Americans are skeptical of ChatGPT and AI in general, and this data breach is likely to further diminish trust.
Cyber Attack: Chick-fil-A
Date: March 2023
Description: Popular fast-food joint, Chick-fil-A has confirmed a data breach of their mobile app that exposed customers’ personal information. The company noticed unusual login activity, investigated the anomaly, and determined the cyber attack happened within the first few months of 2023. The hacker used email addresses and passwords from a third-party to access the system and acquire data including membership numbers, names, emails, addresses, and more. Although less than 2% of customer data was breached, Chick-fil-A is already taking measures to prevent any future cyber attacks. The restaurant announced they would increase online security and monitoring, and also reimburse any accounts that suffered from the attack. If you think your account was affected, here is how you can secure your account and get reimbursed for any unauthorized transactions.
Cyber Attack: Activision
Date: February 2023
Description: The video game publisher behind the Call of Duty franchise, Activision, confirmed on February 19th, that they had suffered a data breach back in December. The hacker used an SMS phishing attack on an HR employee to gain access to employee data, including their emails, cell phone numbers, salaries, and work locations. Activision claims that the attack was addressed swiftly and the hackers didn’t obtain sufficient data to warrant alerting their employees directly after the data breach. However, a security research group investigated the breach and reported that the hacker had also gained access to the gaming company’s 2023 release schedule, along with the sensitive employee info. Under California law, if 500 or more employees’ data is breached, the company must alert those affected.