Company reveals monthly biggest cybersecurity incidents

Company reveals monthly biggest cybersecurity incidents

IT Governance, a global provider of cyber-risk and privacy management solutions, discovered that more than 146 million records were compromised in 87 publicly disclosed security incidents in July.

These statistics show a 47% increase against July 2022 and a 920% increase from June 2023.

Three of the biggest data breaches impacted Tigo, Indonesian Immigration Directorate General and Teachers Insurance and Annuity Association of America.

In July, reports surfaced about Tigo – one of China’s most popular online messaging platforms – experiencing a data leak affecting over 700,000 individuals.

The leaked information included names, usernames, genders, email addresses, IP addresses, user uploaded photos and private messages.

Alarmingly, more than 100 million records were compromised, as revealed by Have I Been Pwned. Troy Hunt, who runs the site, made the incident public after multiple unsuccessful attempts to contact Tigo about the breach.

Although the platform is widely used in China, Tigo has previously faced scrutiny over its data privacy practices. Concerns about its security were highlighted when users trying to download the app from Google Play were informed that information is not encrypted over a secure connection, potentially allowing unauthorised actors to intercept messages and spy on people’s conversations.

The second biggest breach of July affected more than 34 million Indonesians, who had their passport data leaked after a hacker gained unauthorised access to the country’s Immigration Directorate General at the Ministry of Law and Human Rights.

The cybersecurity researcher, Taguh Aprianto, revealed the incident on Twitter.  

The stolen information includes full names, genders, passport numbers, dates of issue and expiry, as well as dates of birth. Law enforcement is investigating the breach.

July also saw TIAA – Teachers Insurance and Annuity Association of America – join the list of organisations impacted by the MOVEit vulnerability.

The organisation stated that its systems were compromised due to an attack on its vendor, Pension Benefit Information. As a result, the data of 2,630,717 consumers belonging to TIAA’s clients was compromised.

It remains unclear whether this number represents the total number of TIAA’s clients’ consumers or if it is a subset of those affected, as some clients have already reported the breach.

Alan Calder, Founder and Executive Chairman of IT Governance, said: ““The cyber landscape in July 2023 witnessed an alarming surge in security incidents.

“The Tigo data leak shows the need for improved data privacy procedures, especially in light of the platform’s popularity in China and earlier encryption-related concerns.

“The Indonesian Immigration Directorate General and TIAA should conduct thorough investigations into the breaches, to understand the extent of the damage and identify the vulnerabilities that allowed the attackers to gain unauthorised access.

“These incidents highlight the importance of rigorous security measures and swift incident response and serve as stark reminders of the ever-growing cyberthreats.

“It’s crucial to adopt robust cyberdefence measures, implement data protection best practices and invest in continuous security training for employees.

“Proactive vigilance and adherence to international standards, like ISO 27001, are essential for safeguarding sensitive data and preserving customer trust.” 

Browse our latest issue

Intelligent CXO

View Magazine Archive