Last week in data breaches – May 6 2024

In recent months, several significant data breaches have made headlines, highlighting the need for improved cybersecurity measures across various industries. The MOVEit data breach, one of the largest in recent memory, affected over 62 million individuals and over 2,000 organizations, primarily in the U.S. The breach resulted from a vulnerability in the MOVEit file transfer tool, which was exploited by threat actors to access sensitive information from numerous organizations, including government agencies, financial institutions, and healthcare providers. The impact of this breach continues to unfold as new organizations report being affected​ (Dark Reading)​​ (IT Governance)​.

Another notable breach involved the identity services provider Okta, which revealed that a threat actor accessed its support case management system using stolen credentials. Similarly, Spanish airline Air Europa experienced a data breach that compromised customer financial information, and genetic testing company 23andMe suffered an attack that exposed customer data, including genetic ancestry and history​ (​​ (Dark Reading)​.

In addition to these incidents, a massive leak referred to as the “mother of all breaches” exposed billions of records online, raising concerns about the widespread availability of sensitive personal information. This leak, involving data breach search engine Leak-Lookup, highlighted the growing ecosystem of personal data stashes and the risks associated with data brokers and criminal access to private information​ (Malwarebytes)​.