As the internet continues to expand, keeping up with its transformation has become increasingly challenging. The constant need to adapt to technological advances has exposed organisations toÌýdata breaches and cyber-attacks where cyber criminals primarily target them for financial gain – and sometimes political reasons – where their aim is to extort and ransom their victims for profit.
But when domain and hosting providers FasthostsÌýreleased theirÌýState Of The WebÌýreport, which revealed that 11% of Brits don’t use the internet out of fear for their online safety, they were keen to understand why.
°ä´Ç³Ü²Ô³Ù±ô±ð²õ²õÌýÌýhave come to light in 2023, and we’re only halfway through. These have affected hundreds of organisations operating in different sectors across the UK, from small businesses toÌýlargeÌýcorporations, and from the private to public sectors. But who’s most at risk?ÌýFasthostsÌýhas compiled the most notableÌýbreachesÌýfrom 2023 (so far), and the three industries currently most at risk.
Business
In the 2023 cyber securityÌýbreachesÌýsurveyÌýreleased by the British government, it was estimated that across all UK businesses, approximately 2.39 million instances of cyber crime and around 49,000 instances of fraud (as a result of cyber crime) took place in the last 12 months.
Starting off the new year theÌýwrongÌýway was Twitter. On January 5th, the email addresses tied to over 235 million accounts – almost half of Twitter’s user base – were posted to an online hacking forum. Described as one of the most significantÌýleaksÌýever seen, users have been warned that as a result of the hack, they could become victims of hacking, targeted phishing, and doxxing. Not the news you want to hear.
On January 8th, Yum! Brands – the parent company of KFC, Pizza Hut, and Taco Bell – were at the receiving end of a cyber attack. In fact, they were forced to close over 300 UK restaurants in order to contain the incident, whichÌýinvolved a threat actor gaining unauthorised access to Yum! Brands’ network.ÌýAlthough they proclaimed that there was no evidence of identity theft or fraud, they made everyone involved aware that they could have been subject to the loss of information such as names, driver’s licence numbers, ID numbers, and other personal identifiers.
In January, PayPal was made to send outÌýdataÌýbreachÌýnotifications to just under 35,000 users who had their personalÌýdataÌýexposed. The attack involved credential stuffing – the act of using the login credentials collected from aÌýdataÌýbreachÌýfrom a separate service provider to attempt to login to a different serviceÌý– to access the accounts. Although PayPal itself wasn’tÌýbreached, as an online payment system, the consequences of aÌýbreachedÌýaccount could be catastrophic.
At the end of January, sportswear retailer JD Sports became another cyber victim. The company revealed that information such as name, billing and delivery address, phone numbers, order details, and the last 4 digits of card details were leaked for approximately 10 million customers. The attack also targeted the purchases from their partner companies includingÌýSize?, Blacks, Scotts, and Millets.
The ZellisÌýdataÌýhack involved a chain system affecting multiple parties. Hackers originally found a weakness in MOVEit, a file sharing system that payroll provider Zellis uses alongside their clients. The information that was stolen related to employees of eight of theirÌýlargestÌýclients, including BBC, Boots, British Airways, and Aer Lingus.
Education
As cyber attacks on the educational sector rise, the latest cyber securityÌýbreachesÌýsurvey 2023 revealed that all types of education institutions are more likely to have identified cyber securityÌýbreachesÌýor attacks in the last 12 months than the average UK business.
In January, it surfaced that 14 UK schools were hit by a cyber attack supposedly revealing 500GB worth of highly confidentialÌýdata, including SEN information, child passport scans, staff pay scales, and contract details. The hack was reportedly orchestrated by Russian hacker group, Vice Society, who have been targeting public schools across the world, and most recently the UK in late 2022. They’re known to acquire sensitive information to use for double extortion purposes (a ransomware tactic used to ask for money in exchange for the decryption or deletion ofÌýdata).
This time targeting the higher-education sector, one of the most recent victims is the University of Manchester, who revealed that they were victims of a cyber attack at the beginning of June. They are still currently unsure as toÌýwhatÌýdataÌýhas been accessed, but believe thatÌýdataÌýis likely to have been copied, as the orchestrator of the attack accessed their systems and threatened the institution with a ‘last warning’ before releasing theÌýdataÌýfrom their 40,000 students and 12,000 staff.
Government
NewÌýresearchÌýhas revealed that nearly eight in 10 providers of frontline healthcare services within the UK have experienced at least oneÌýdataÌýbreachÌýsince 2021.
Around 90 separate organisations have reportedÌýbreachesÌýof personal information held byÌýCapitaÌýafter the payroll outsourcing group suffered a cyber attack. This causedÌýmajorÌýIT outages for clients, some of which ran crucial services for the NHS, local councils and the military. Capita employs over 50,000 people in the UK and holds £6.5bn worth of public sector contracts with the British government.
On the back of the University of ManchesterÌýdataÌýbreach, a new report has surfaced suggesting that theÌýdataÌýfrom over one million NHS patients may have been compromised from the NHSÌýdataÌýused for ‘research purposes’ that was leaked in the University’s recentÌýdataÌýbreach. Some of the reportedly stolenÌýdataÌýincludes NHS numbers and the first three letters of patients’ postcodes.
TheÌýbreachesÌýlisted here don’t even begin to scratch the surface of what’s happened in the digital world so far this year. As we are becoming increasingly reliant on digital technologies, learning how to manage the potential threats and vulnerabilities is an uphill battle. Tackling these threats involves a collective effort, combining new risk management framework, and educating businesses, staff, and individuals on practising strong internet safety to enhance their defences.
