List of Data Breaches and Cyber Attacks in 2023
Welcome to our second edition of the Security Spotlight! This week’s newsletter is highlighted by our July list of data breaches and cyber attacks , which features insights from over 80 publicly disclosed security incidents.
We also return with another of our readers’ questions, and provide our usual round-up the latest industry news.
This week’s headlines include a cyber attack against the Kenyan government that has crippled essential services and a DDoS attack that has knocked the website of Israel’s largest oil refinery offline .
Elsewhere, we have another batch of resources to help you tackle the information security threats you face, including our latest webinar on the transition to ISO 27001:2022 and a fresh blog post on a unique type of scam .
List of Data Breaches and Cyber Attacks | July 2023
It’s again time for our monthly list of data breaches and cyber attacks. On this page, you’ll find a comprehensive analysis of security incidents from July and across the year as a whole. Our research found over 80 security incidents in June 2023, accounting for more than 146 million compromised records. You can find a link to the in this week’s article, as well as summaries of the biggest breaches of July 2023. Continue?reading??
We’re back with the latest in our new feature, where we answer your questions about the information security industry. This week’s question comes from Mary via our blog, who asks:
Several months ago, I tried using my loyalty card at the checkout, but I was told the account no longer worked. When I phoned the support number, the man said my account details had been changed, and he couldn’t give me access unless I verified my identity, otherwise it would be a GDPR breach.
I’ve kept trying to fix the issue, but no one in customer service will help, and I’m starting to think this is a ploy to not pay out to customers who have accumulated a large number of points. Can you help?
Hi, Mary – the GDPR is only one part of the problem here. Really, this is about account security, and the customer support team are within their right to make sure that you are the genuine account holder. Otherwise, anyone could phone up, claim to be a customer and use their accounts.
As you mention, some of these accounts have large points accumulated, and they could use this to make purchases and commit fraud. Given this, it’s in everyone’s interests to protect the account from unauthorised access.
Meanwhile, the employee’s specific reference to the GDPR presumably relates to his reluctance to provide any information about the account holder. The fact that a named person has an account with that shop is protected data, and because he’s unable to verify that you are that person, he cannot disclose it.
All in all, it sounds as though the shop is reluctant to help, but that’s a matter of customer service rather than a GDPR violation.
We understand that you, like many of us, can find these sorts of rules frustrating at times, but imagine how much more maddening it would be if you learned that scammers were using your information to commit fraud.
We hope that answers your question, Mary. If you have a question for our team, you can get in touch with us on LinkedIn, Twitter or via our website.
Free webinar | ISO 27001:2022 – Certification and beyond
As the transition deadline for the latest version of ISO 27001 nears, organisations must begin planning for the change if they haven’t already.
Those looking for guidance on how to get started should take a look at our upcoming webinar, ISO 27001:2022 – Certification and beyond.
This presentation, which takes place on Wednesday 16 August, provides insights into conducting internal audits, preparing for certification and selecting the right certification body.
It’s hosted by IT Governance’s founder and executive chairman Alan Calder, who will help you discover the benefits of certification, including reduced security incidents, increased customer trust and improved business resilience. Register?now??
领英推荐
Blog | What is Tailgating? Definition, Examples & Prevention
Fraudsters have countless tricks up their sleeves to bypass security measures and access sensitive information. In most cases, this refers to cyber crime, but scammers might also gain physical access to their premises in tailgating attacks.
Although it’s a much bolder method – given that a criminal could get caught in the act – many organisations don’t protect their physical perimeter in the same way that they stay safe online, presenting opportunities for attackers to strike.
In this blog, we explain how tailgating works and the ways you might encounter it at your organisation. We also provide our top tips on preventing tailgating attacks and show you how IT Governance can help mitigate the risks. Continue?reading??
Kenya cyber-attack: Why is eCitizen down?
Kenya's government has been fighting off a huge cyber-attack that has affected services on a key government online platform for almost a week.
The attack has also affected some private companies, although the extent is not yet clear.
There were also disruptions to train-booking systems and payment for electricity.
Mobile-money banking services were also affected and people relying on the popular mobile-money service M-Pesa to make payments at shops, public transport vehicles, hotels and other platforms also experienced difficulties.
There are still questions over who was behind it and what was the motive.
The BBC’s Peter Mwai and Anita Nkonge investigate the incident. Continue?reading??
Israel's largest oil refinery website offline after DDoS attack
Website of Israel's largest oil refinery operator, BAZAN Group is inaccessible from most parts of the world as threat actors claim to have hacked the Group's cyber systems.
The Haifa Bay-based BAZAN Group, formerly Oil Refineries Ltd., generates over $13.5 billion in annual revenue and employs more than 1,800 people.
BleepingComputer confirmed that the oil refinery's website has been made inaccessible for most visitors from around the world. Continue?reading??
Free download | A Concise Guide to Data Subject Access Requests (DSARs)
Given that our question this week focused on the GDPR – as indeed do many of the questions we receive – we thought this would be an ideal time to remind you about our Concise Guide to Data Subject Access Requests (DSARs).
A DSAR is the process of requesting that an organisation shares any information that it stored on you. Although this framework is not new to the GDPR, the introduction of the legislation has meant that more people are aware of their rights as well as the risks associated with data privacy violations.
In this free green paper, we examine the process for submitting DSARs and the way organisations must respond to a request. Download?now??