Data breaches continue to make headlines, reminding us of the importance of robust cybersecurity measures.
In June 2023, several prominent organisations experienced significant data breaches, compromising sensitive information and damaging their reputation.
Let’s take a closer look at the most significant data breaches that occurred last month, why they happened, and what organisations like yours can do to prevent similar breaches in the future.
MOVEit file transfer tool data breach
In June 2023, a widespread data breach occurred by exploiting the popular file transfer tool MOVEit.
Over 100 organisations worldwide, including UCLA, Siemens Energy, AbbVie, Schneider Electric, Allegiant Air, and the New York City Department of Education, fell victim to the hacking campaign conducted by the Clop ransomware gang, with alleged ties to Russia.
Allegiant Air confirmed unauthorised access to the personal information of approximately 1,405 individuals, including names, addresses, dates of birth, and Social Security numbers.
The New York City Department of Education reported that around 45,000 students, staff, and related service providers were impacted, with unauthorised access to approximately 9,000 Social Security numbers and 19,000 documents.
The MOVEit data breach serves as a reminder of the critical need for organisations to prioritise cybersecurity measures.
By implementing proactive security measures, timely patching, robust incident response protocols, and employee education, organisations can strengthen their defences against data breaches and protect their sensitive information.
Continuous vigilance and collaboration with law enforcement agencies are vital in combating evolving cyber threats and maintaining stakeholder trust.
Manchester Law Firm vs. Capita
A major data breach at Capita, a UK-based company, resulted in a class-action lawsuit and potentially impacted millions.
The breach, one of the country’s largest, affected around 90 organisations, including Royal Mail and Axa.
Barings Law has initiated legal proceedings against Capita and has signed up 250 individuals suspecting compromised personal data.
Hackers accessed sensitive information such as home addresses, emails, telephone numbers, and pension details.
The breach raises concerns about potential fraud and unauthorised account access.
Capita stated that the intrusion was interrupted, but some data was exfiltrated from a small portion of their server estate.
The incident emphasises the need for organisations to prioritise data security, protect personal information, and take preventive measures against such breaches in the future.
The University of Manchester
June also saw the University of Manchester experience a cyber-incident, leading to unauthorised access to its systems and possible data copying, according to a statement released on June 9, 2023.
The university’s chief operating officer, Patrick Hackett, confirmed the breach and stated that internal and external experts are working to address the issue and determine the extent of the data accessed.
Relevant authorities, including the Information Commissioner’s Office and the National Cyber Security Centre, have been notified.
The university is prioritising resolution and providing information to those affected. With universities being prime targets for malicious actors due to the valuable data they hold, swift action and damage control is crucial.
What can your organisation learn from these data breaches?
The data breaches that occurred in June 2023 serve as a reminder of the constant threat organisations face in the digital landscape.
Organisations can significantly reduce their risk by examining the causes behind these breaches and implementing preventive measures.
- Implement robust cybersecurity measures, including firewalls, intrusion detection systems, and encryption protocols.
- Regularly update and patch software and systems to address vulnerabilities.
- Conduct regular security assessments and penetration testing to identify and address weaknesses.
- Enforce strict access controls and limit privileges to only those necessary for job responsibilities.
- Implement multi-factor authentication for accessing critical systems and sensitive information.
- Regularly back up data and test the restoration process to ensure data integrity and availability.
- Establish an incident response plan and conduct drills to mitigate breaches effectively.
- Stay informed about the latest cybersecurity threats and trends, and actively monitor for any signs of compromise. Check out our recent blog post if you think you’ve been breached.
- Train employees on cybersecurity awareness for data security, including strong password management, phishing awareness, and social engineering prevention.
How can Bob’s Business help your organisation reduce its risk of a breach?
In the face of rising cyber threats, ensuring that employees receive cybersecurity training and maintain awareness is crucial.
We are the UK’s Most Trusted Cybersecurity Awareness Training Provider, offering engaging and interactive eLearning modules and phishing simulations designed to educate and equip employees with the knowledge to protect their organisation.
Get in touch with us now to discover how we simplify risk reduction.