List of Data Breaches and Cyber Attacks in February 2023 – 29.5 Million Records Breached

Looking for the latest lists of security incidents? Take a look at our complete breakdown of data breaches and cyber attacks on our new page.

Welcome to our February 2023 list of data breaches and cyber attacks. Our research identified 106 publicly disclosed incidents accounting for 29,582,356 breached records this month.

It follows a mammoth start to the year, with more than 277 million breached records in January, and brings the running total for the year to over 300 million pieces of compromised personal data.

IT Governance is dedicated to helping organisations tackle the threat of cyber crime and other information security weaknesses. We offer a variety of resources to help understand and mitigate threats, from training courses and consultancy services to free guides.

You can find the full list of data breaches and cyber attacks below. Meanwhile, be sure to subscribe to our Weekly Round-up to receive the latest cyber security news and advice delivered straight to your inbox.

---

Cyber attacks

• Morgan Hill Unified School District discloses security breach after email hack (unknown)
• Skyview Networks suffers security incident (unknown)
• Eight arrested for hacking bank accounts using ‘Nepali Keti’ app (unknown)
• Nonstop Health data and source code appear to have been leaked on hacking forum (unknown)
• Background check services provider PeopleConnect reports cyber attack (20,221,007)
• Southeast Colorado Hospital District says an employee’s email account was hacked (unknown)
• Highmark Health notifying patients of a phishing incident (300,000)
• Diligent Corp. sends more notifications after discovering hacked data on the Internet (1,184)
• Utah-based Aspire Surgical notifying patients of security breach (unknown)
• Students sent home amid security incident at Berkeley County Schools (19,000)
• Outage at Daylong 988 mental health helpline was caused by a cyber attack (unknown)
• Sharp HealthCare notifies nearly patients of payment portal breach (62,777)
• Hackers hit Vesuvius, UK engineering company shuts down affected systems (unknown)
• The General Treasury of the Republic of Chile hit by criminal hackers (unknown)
• Health cards’ data stolen from the Pakistan Institute of Medical Sciences (unknown)
• Hackers breach Reddit to steal source code and internal data (unknown)
• Employee personal data exposed in Bridgewater-Raritan Regional School District breach (unknown)
• Malaysia’s Penang government data leaked online (unknown)
• Personal information exposed during breach at Edmonds School District (unknown)
• Medical records for Garrison Women’s Health patients lost in malware attack (4,158)
• Kimmel Center, Philadelphia Orchestra websites hit by cyber attack (unknown)
• Pepsi Bottling Ventures suffers breach after malware attack (unknown)
• Criminal hackers take down Bahrain airport website (unknown)
• Arizona Priority Care and AZPC Clinics notify patients of malware attack (10,978)
• Minuteman Senior Services reports another breach of an employee email account (unknown)
• Airline SAS network hit by hackers, says app was compromised (unknown)
• Convenience store chain CEFCO allegedly victim of data theft (unknown)
• Hackers stole GoDaddy source code, installed malware in multi-year breach (unknown)
• Security incident reported at Mount Pleasant Central School District after password breach (unknown)
• Sweetwater Union High School District still dealing with impact of Internet outage (unknown)
• Edgepark Medical Supplies notifies patients of Rise Interactive Media & Analytics security breach (54,509)
• Criminal hackers steal Activision games and employee data (unknown)
• Cyber attack on food giant Dole temporarily shuts down North America production (unknown)
• Hutchinson Clinic issues alert concerning December security breach (unknown)
• TELUS investigating leak of stolen source code, employee data (unknown)
• Chile-based FONASA says it has overcome a malware incident (unknown)
• O’Neal Industries, Inc. filed notice of a security breach (726)
• Motto Mortgage comes under cyber attack (unknown)
• Highmark discloses security breach after employee falls victim to phishing (300,000)
• Stroke Scan reports security breach (50,000)
• Meriplex Communications announces security breach affecting Malaga Bank customers (unknown)
• DotHouse Health Inc. announces security breach (10,000)
• CompSource Mutual Insurance Company reports security incident (unknown)
• Paul Smith’s College announces cyber attack (unknown)
• Cardiovascular Associates files notice of security breach (unknown)
• Rockler Companies says cyber attackers breached its systems (8,604)
• Emtec, Inc. discloses cyber attack (7,637)
• Cleveland Brothers Holdings suffers security incident (unknown)
• Mount Saint Mary College reports security breach (17,924)
• CentraState Medical Center faces lawsuits after security breach (617,000)
• Danish hospitals hit by DDoS attack (unknown)
• Asian Texans targeted in driver’s license breach (3,000)
• White Settlement Independent School District in Texas says data was breached in cyber attack (unknown)
• Social engineering attack on Boston labour union results in $6.4 million loss (unknown)
• LastPass says employee’s home computer was hacked and corporate vault taken (unknown)
• Dish hit by multiday outage after reported cyber attack (unknown)

---

If you’re facing a cyber security disaster, IT Governance is here to help. Our Cyber Incident Response service provides the help you need to deal with the threat, as our experts guide you through the recovery process.

They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.

---

Ransomware

• Tallahassee Memorial hospital victim of suspected ransomware attack (unknown)
• Australia’s Black and White Cabs booking service offline after cyber attack (unknown)
• Modesto Police off computers, back onto radio, following cyber attack (unknown)
• ION starts bringing customers back online after ransomware attack (unknown)
• Regal Medical Group hit by ransomware (unknown)
• Suspected ransomware attack disables systems at Ross Memorial Hospital (unknown)
• Hidalgo County Adult Probation Office hit by ransomware attack (unknown)
• AmerisourceBergen MWI Animal Health hit by ransomware (unknown)
• Institute of Bankers data leak following ransomware incident (113,000)
• Dallas Central Appraisal District paid ransomware attackers (unknown)
• Medellin, Colombia, government website hit by ransomware (unknown)
• City of Oakland targeted by ransomware attack (unknown)
• Technion University hacked by ransomware gang (unknown)
• B&G Foods attacked by ransomware (unknown)
• California Northstate University student and employee data stolen (unknown)
• Wawasee Community School Corporation victim of ransomware attack (unknown)
• MKS Instruments’ breach notification includes a surprising statement to reassure those affected (unknown)
• Argentinian oil and natural gas company Grupo Albanesi hit by ransomware (unknown)
• Ransomware gang claims to hit Indian chemical business SRF (unknown)
• Reventics notifying patients of ransomware incident (1,027)
• Lehigh Valley Health Network reveals ransomware attack (unknown)
• KFI Engineers pays $300k ransom to cyber criminals (unknown)
• Washington State city allegedly hit by ransomware (unknown)
• Colombia’s Red de Salud del Norte Joaquín Paz Borrero Hospital hit with ransomware (unknown)
• Colombian energy supplier EPM hit by BlackCat ransomware attack (unknown)
• Xavier University of Louisiana hit by ransomware (44,312)
• Tom James Company falls victim to ransomware (8,656)
• Eureka Casino Resort announces ransomware attack (229,299)
• Teijin Automotive Technologies files notice of data breach following ransomware attack (25,464)
• Minneapolis Public Schools hit by ransomware, calls it ‘encryption event’ (unknown)
• US Marshals Service suffers ransomware breach (unknown)

---

Data breaches

• Taiwan car rental platform iRent plans compensation for data leak victims (400,000)
• Saolta confirms data breach at LUH (1)
• Russian e-commerce giant Elevel exposed buyers’ delivery addresses (7 million)
• Emailing error causes former Blue Cross Blue Shield customers to receive claims (unknown)
• Derriford Hospital admits data breach as patient sent list of complaints against hospital (unknown)
• The Center for Autism and Related Disorders notifies patients after vendor’s error caused data breach (unknown)
• Indian social media app Slick exposed children’s’ user data (unknown)
• Lancashire County Council has referred itself following a data breach (unknown)
• Mscripts notifies patients whose prescription information was in unsecured Cloud storage (66,372)
• Liverpool NHS hospital trust tells employees that their data was leaked via email due to human error (14,000)
• UK Rail Minister’s laptop with confidential details of strike talks is stolen from pub (unknown)
• Misconfiguration caused data breach affecting Stanford University PhD applicants (897)
• Piles of confidential ANZ bank documents found ‘floating down the street’ after they were carelessly dumped in a skip bin (unknown)

---

Malicious insiders and miscellaneous incidents

• Former employee of Royal Automobile Club prosecuted for data protection violations (unknown)
• Nova Scotia Health employees found snooping into medical files of mass shooting victims (270)
• Brooks Rehabilitation notifies patients of pixel tracking breach (1,554)
• Global chipmaking supplier ASML claims an employee stole manufacturing secrets (unknown)
• NHS call centre advisor found guilty of accessing medical records illegally (unknown)