IT Governance’s research has discovered the following for October 2023:
- 114 publicly disclosed security incidents.
- 867,072,315 records known to be breached.
Introducing our Data Breach Dashboard
We’re excited to introduce our new monthly Data Breach Dashboard – a one-page overview of this month’s key findings that you can download for free.
Our first downloadable Dashboard is going live next week. We’ll add the link to this page, so please bookmark it and return to check out the Dashboard.
You’ll also be able to download each month’s data (and our sources) from the same page as the corresponding Dashboard.
Our monthly blogs will provide analysis of the data we’ve collected and we’ll continue to discuss the biggest breaches on our 2023 overview of publicly disclosed data breaches and cyber attacks.
High-level overview
Of October’s 114 incidents, we know the following:
Remediation
- 61% of breached organisations reported taking remedial action. This typically included conducting a forensic analysis to establish exactly what happened (often by engaging a third-party specialist). It usually also involved temporarily taking down systems to limit the impact of the security breach.
Data exfiltration
- 53% of breached organisations are known to have had data exfiltrated.
- An additional 30% may have had data exfiltrated.
- 18% have either concluded that no records were breached, or the breach didn’t involve a criminal.
Note: These numbers add up to 101% due to rounding.
Records breached
- For 53% of disclosed incidents, a specific number of records breached was reported.
Note: This includes security incidents where we know no records were breached.
- For a further 18% of disclosed incidents, we know that data has been exfiltrated, but we have no information on specific numbers.
Notification
- 49% of breached organisations notified a regulator.
- 53% notified affected individuals.
Top 10 biggest breaches
| # | Organisation name | Known number of records breached |
| 1 | ICMR (Indian Council of Medical Research) | 815,000,000 |
| 2 | 23andMe | 20,000,000 |
| 3 | Redcliffe Labs | 12,347,297 |
| 4 | McLaren Health Care | 6,000,000 |
| 5 | MCH (Morrison Community Hospital) | 5,000,000 |
| 6 | MNGI Digestive Health | 2,000,001 |
| 7 | Motel One | 1,000,000 |
| 8 | Flagstar Bank | 837,390 |
| 9 | District of Columbia Board of Elections | 600,001 |
| 10 | Shadow PC | 533,624 |
Note: Where ‘around’, ‘about’, etc. is reported, we record the rounded number. Where ‘more than’, ‘at least’, etc. is reported, we record the rounded number plus one. Where ‘up to’, etc. is reported, we record the rounded number minus one.
Sector overview
Most-breached sectors (by number of incidents)
| # | Sector | Incidents | |
| 1 | Other | 34 | 30% |
| 2 | Healthcare | 31 | 27% |
| 3 | Education | 16 | 14% |
| 4 (tie) | Media and telecoms | 12 | 11% |
| 4 (tie) | Public and non-profit | 12 | 11% |
| 6 | Legal | 5 | 4% |
| 7 | Finance and insurance | 4 | 4% |
Note: The percentages add up to 101% due to rounding.
Most-breached sectors (by number of records)
| # | Sector | Known number of records breached |
| 1 | Healthcare | 861,659,212 |
| 2 | Other | 2,433,216 |
| 3 | Public and non-profit | 1,661,001 |
| 4 | Finance and insurance | 843,726 |
| 5 | Education | 475,160 |
| 6 (tie) | Legal | 0 |
| 6 (tie) | Media and telecoms | 0 |
Other noteworthy findings
Unpatched/misconfigured
- At least 32% of incidents were caused by a lack of patching or through poor configuration management – an alarmingly high percentage, considering that such incidents are usually easy to prevent.
- Admittedly, a few of these were caused by the MOVEit breach (a zero-day exploit), but even if we excluded those, 28% of the remaining 109 incidents this month were caused by a lack of patching or a misconfiguration.
Ransomware
- 21% of incidents publicly disclosed this month were ransomware attacks, which accounted for 16,012,014 of the records that are known to be breached.
- Of these incidents, 75% definitely involved data exfiltration. An additional 21% may have involved exfiltration, which supports the worrying ransomware trend we’ve been seeing this year, particularly these past few months.
US
- 50% of publicly disclosed incidents this month occurred in the US. However, these only account for 17,527,078 of the records known to be breached – just 2% of this month’s total. We’ll publish a special US report for October 2023 next week, so keep an eye out for that.
