List of Data Breaches and Cyber Attacks in January 2023 – 277.6 Million Records Breached

Looking for the latest lists of security incidents? Take a look at our complete breakdown of data breaches and cyber attacks on our new page.

Welcome to our January 2023 list of data breaches and cyber attacks. The new year comes with the promise of fresh beginnings and to revolve the bad habits of our past, but we’ve had no such luck in the cyber security sector.

Our research discovered 104 publicly disclosed security incidents, which accounted for 277,618,767 leaked records. That’s more breached records than we found in any calendar month last year, and it’s among the most incidents we’ve ever seen.

You can find the full list of data breaches and cyber attacks below. Meanwhile, be sure to subscribe to our Weekly Round-up to receive the latest cyber security news and advice delivered straight to your inbox.

---

Cyber attacks

• Shibuya officials apologize for disrupted services after apparent cyber attack (unknown)
• University of Miami Health confirms intrusion after password breach (unknown)
• University of Havana struck by hacktivist group (unknown)
• Air France and KLM notify customers of account hacks (unknown)
• Criminal hackers leak email addresses of Twitter users (220 million)
• Slack’s private GitHub code repositories stolen over holidays (unknown)
• Oregon’s worker’s compensation insurer, SAIF Corp., experiences data breach (unknown)
• Toronto hospital network issues ‘code grey’ as digital systems go down (unknown)
• Des Moines Public Schools cancels Tuesday classes after cyber attack (unknown)
• SB Tactical, one of the most popular AR-15 pistol brace manufacturers, breached (unknown)
• Captify’s Your Patient Advisor advises consumers of payment card breach (244,296)
• Zurich Japan hit by security breach (757,463)
• Aflac insurance policy holders’ data stolen in cyber attack (3.2 million)
• Texas-based West Oaks Eyecare discloses malware incident (1,045)
• Canada’s Okanagan College warns of potential privacy breach after cyber attack (17,200)
• The Quintana Roo Attorney General’s Office involved in data leak (unknown)
• Venezuela’s Sistema Integral De Control Alimentario suffers cyber attack (unknown)
• Brazil’s Court of Justice of the State of Pará suffered a cyber attack (unknown)
• Brazilian government email network compromised in cyber attack (unknown)
• 24 Hours of Le Mans Virtual race was postponed amid cyber attack (unknown)
• NortonLifeLock says customer accounts were compromised in credential-stuffing attack (925,000)
• Washington therapist notifies clients after being tricked by a hacker (640)
• Russia-linked drug marketplace Solaris hacked by its rival (unknown)
• Mailchimp says it was hacked – again (133)
• PayPal users notified of data security incident (34,942)
• T-Mobile discloses yet another security breach (37 million)
• ODIN Intelligence website is defaced as hackers claim breach (unknown)
• Ticketmaster says cyber attack disrupted Taylor Swift ticket sales (unknown)
• Puma investigates claims of data leak (237,013)
• Court records were lost in debilitating Vanuatu cyber attack (unknown)
• Zendesk experiences potential security breach (unknown)
• Fitzgibbon Hospital filed notice of a security breach (112,000)
• Satellite Healthcare files official notice of security incident (unknown)
• Community Psychiatry Management reports cyber attack (unknown)
• Bank of Eastern Oregon discuses security breach after employee email account compromised (unknown)
• Healthcare firm mscripts suffers cyber attack (unknown)
• Lutheran Social Services of Illinois announces security breach (184,000)
• Five Guys announces security breach impacting personal data of job applicants (unknown)
• Jefferson County Health Department files notice of security breach (115,940)
• Matco Tools Corporation suffers cyber attack (14,342)
• Insulet Corporation files notice of security incident that leaked consumers’ data (unknown)
• University of Colorado Hospital Authority announces third-party security breach (48,879)
• Green Valley Pecan Company reports security incident (8,900)
• TruConnect files notice of security breach that leaked Social Security Numbers (54,200)
• Bay Bridge Administrators reports security breach (unknown)
• Members Trust of the Southwest Federal Credit Union announce cyber attack (6,800)
• Fidelity Building Services Group Files Notice of security breach (unknown)
• Zacks Investment Research notifies clients of cyber attack (820,000)
• JD Sports hit by cyber attack (10 million)
• Tucson Unified School District experiences ‘cyber security incident’ (unknown)

---

If you’re facing a cyber security disaster, IT Governance is here to help. Our Cyber Incident Response service provides the help you need to deal with the threat, as our experts guide you through the recovery process.

They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.

---

Ransomware

• Los Angeles Housing Authority hit by ransomware (unknown)
• Bristol Community College acknowledges ransomware attack (unknown)
• Swansea Public Schools cancel classes Wednesday after ransomware attack (unknown)
• Romanian hospital held for ransom by hackers (unknown)
• Pennsylvania-based Maternal & Family Health Services reveals ransomware incident (unknown)
• Ransomware gang claims attack on Mexico-based Grupo Estrategas EMM (unknown)
• Universidad De La Salle crippled by cyber attack (unknown)
• 15 schools across the UK crippled by ransomware (unknown)
• Consulate Health Care chain hit by Hive (unknown)
• San Francisco’s Bay Area Rapid Transit hit by ransomware (unknown)
• Spain’s City Council of Durango “completely paralyzed” by ransomware (unknown)
• New York City Bar Association hit by ransomware (unknown)
• Home Care Providers of Texas discloses ransomware incident (124,363)
• Royal Mail cyber attack carried out by Russian-linked ransomware gang (unknown)
• DNV confirms ransomware attack (70)
• Ransomware gang steals data from KFC, Taco Bell, and Pizza Hut brand owner (unknown)
• Costa Rica’s Ministry of Public Works and Transportation targeted by ransomware attack  (unknown)
• LAUSD says ransomware gang stole contractors’ SSNs (unknown)
• Rundle Eye Care notifies patients of data breach (unknown)
• Source code for League of Legends stolen by hackers (unknown)
• Wawasee Community School Corporation dealing with a possible ransomware attack (unknown)
• Livingston Memorial VNA reports data breach following apparent ransomware attack (unknown)
• Stratford University reports data breach following ransomware attack (78,000)
• Jamaica’s South East Regional Health Authority victim of ransomware attack (unknown)
• The Instituto Federal Do Pará hit by ransomware (unknown)
• Audifarma, a Colombian pharmacy chain, suffers ransomware attack (unknown)
• Atlantic General Hospital hit by ransomware (unknown)
• The Qulliq Energy Corp suffers suspected ransomware attack (unknown)

---

Data breaches

• January 6 Committee exposes Social Security numbers of Republicans and family members (2,000)
• California police app exposed secret details about raids and suspects (6,770)
• Cambridge Student Union data ‘outed without even knowing’ (unknown)
• ICE releases thousands of immigrants affected by data breach (6,000)
• British Columbia School District 42 discloses data breach (19,126)
• AlKomprar Technology exposed customer data after security gaffe (15,000)
• Pierce County accidentally shared SSN info linked to hundreds of thousands of voters (463,000)
• TSA ‘no fly’ list leaked after being found on unsecured airline server (1.5 million)
• India’s public education app exposed millions of students’ data (1.6 million)
• Maple Ridge – Pitt Meadows School District suffers massive data breach (19,126)

---

Malicious insiders and miscellaneous incidents

• Oxford University dating website for staff and students shut down after ‘huge data breach’ (unknown)
• DCH Health System notifies patients whose records were improperly accessed by an employee (2,530)
• Credit Suisse says former employee exfiltrated some employee data improperly (9)