List of Data Breaches and Cyber Attacks in September 2023 – 3,808,687,191 Breached Records

IT Governance found 71 publicly disclosed security incidents in September 2023, accounting for 3.81 billion breached data records.

You can find the full list below. Follow the links for further information about each incident.

There is one major outlier this month: September’s total is skewed by the huge data breach at DarkBeam, which saw 3.8 billion data records exposed. You can read about that, and the year’s other incidents to date, on our new page, which provides an overview of the known data breaches and cyber attacks in 2023.

That page also breaks down each month’s security incidents and provides more information about the biggest and most notable breaches.

In previous months, we’ve distinguished between cyber attacks, data breaches, ransomware attacks, and malicious insiders and miscellaneous incidents. However, these categories overlap more and more (for instance, ransomware infections result from cyber attacks and, in turn, often result in data breaches) so attempting to differentiate between them is increasingly futile.

This month’s incidents therefore aren’t split into categories but are presented as a single list, while we consider different approaches to this blog and how best to present the data in future.

September 2023 cyber attacks and data breaches

Breached organisationKnown breached records
DarkBeam3,800,000,000
Better Outcomes Registry & Network3,400,000
Undisclosed restaurant database2,200,000
Pizza Hut Australia1,000,000
Trygg-Hansa650,000
Ayush Jharkhand Gov320,000
Lakeland Community College, Ohio290,000
Oak Valley Hospital District283,629
CareSource212,193
Minneapolis Public Schools105,617
Friends of the Earth (About Loyalty/Kokoro)93,000
Lifeline Health Systems75,000
Hong Kong Consumer Council25,000
Sanford Health (DMS Health Technologies)21,000
Undisclosed manufacturer of ‘smart’ chastity cages10,000
Bloom Health Centers1,545
Cedar Park Middle School207
Carthage Area Hospital and Claxton Hepburn Medical Center0
Highgate Wood School0
Lawrence Public Schools0
Carlisle Area School District0
North Mississippi Health Services0
Coffee Meets Bagel0
Defence Housing Australia0
Janssen CarePath0
Dymocks0
Coca-Cola FEMSA0
Skokie-Morton Grove School District 69, Illinois0
Decatur ISD, Texas0
The Minnesota Department of Employment and Economic Development0
Sri Lankan state email domain0
Hinds County0
MGM Resorts0
St. Paul Public Schools0
Save the Children0
East Jackson Community Schools0
REJIS0
St. Louis County0
Butler County0
Chambersburg Area School District0
Caesars Entertainment0
Auckland Transport0
Hillsborough County Public Schools0
Columbia government (IFX Networks)0
FTX (Kroll)0
Betton (Ille-et-Vilaine)0
Nuance0
Kfar Shaul Mental Health Center, Jerusalem0
Canada Border Services Agency0
City of Pittsburg, Kansas0
Cyberport0
TissuPath0
Air Canada0
Nansen0
Pain Care Specialists, Oregon0
National Student Clearinghouse, on behalf of almost 900 schools0
Crimea0
Government of Bermuda0
MNGI Digestive Health0
Mixin0
Swan Retail0
Maries County Courthouse0
Baruch College0
US State Department0
Shelter (About Loyalty/Kokoro)0
RSPCA (About Loyalty/Kokoro)0
Dogs Trust (About Loyalty/Kokoro)0
Battersea Dogs and Cats Home (About Loyalty/Kokoro)0
ChildFund NZ (Pareto Phone)0
Johnson Controls0
21 Pinal County school districts0

About The Author

Neil Ford

Neil has worked at IT Governance since 2013. He writes about all IT governance, risk management and compliance subjects, and can often be found talking about them on podcasts and videos.