Date: 23 April 2024
The Banking and Finance Sector is amongst the top targets of cyber criminals - for obvious reasons. Sensitive customer data, high-worth transactions, critical banking operations and a tremendous amount of reputation damage with one cyber-attack.
The stakes in this industry are as high as they get, in financial and theatrical terms - a mix that the advanced criminal tends to love. This is why Cybersecurity Tabletop Exercises (or Cyber Security Drills) for the Banking and Finance sector have quickly become a top priority.
In this blog, we’ll take a quick look at:
- The Major Cybersecurity Challenges of the Banking and Finance Sector
- Why are Cyber Drills Critical for this Industry?
- Tailoring Cyber Tabletop Exercises for the Banking & Finance Sector
- Major Cyber Attacks in the Banking and Finance Sector in recent past
Major Cybersecurity Challenges of the Banking and Finance Sector
The financial industry is extremely sensitive to the repercussions of a security incident. A single breach can lead to catastrophic financial losses for the business and its customers. Legal challenges quickly follow and can severely jeopardise business reputation for years to come.
In fact, the new EU DORA regulation is specifically focussed on digital operational resilience of banking and finance entities in the EU in case of a cybersecurity event. The regulation comes into force in less than 10 months and draws our attention to just how critical cybersecurity in financial industry is.
With the increasing digitisation of financial services, from online banking to digital transactions, the sector has become more vulnerable to cyber attacks than ever before. Moreover, the rise of fintech and the proliferation of mobile banking applications have introduced new threats in the already complex digital landscape.
The top challenges and types of attacks that this business sector faces include:
- Malware and ransomware attacks that can cripple entire systems
- Customer Data Breaches
- ATM Fraud
- Fraud and pilferage associated with Banking PINs, OTPs etc.
- Sophisticated phishing schemes aimed at obtaining sensitive information
- Insider threats, whether intentional or accidental
Why are Cyber Tabletop Exercises for the Financial Sector so Important?
The Banking and Finance industry has always needed to prioritise cybersecurity , recognizing that a robust defence mechanism is not just about protecting data, but also about safeguarding the integrity of the financial system.
A single data breach in this sector can mean significant amounts of sensitive financial and personal information of customers being compromised. This leads to immediate loss of customer trust and business reputation. Business continuity is also critical for the industry to function seamlessly and retain its customers.
However, only strategy and documents aren’t enough. The finance industry has to accelerate the pace at which it works on its Cyber Incident Response.
Having effective cyber incident response plans is the first step in this direction. But it’s equally important to test and measure the effectiveness of these plans. Security team members need to build muscle memory for these plans and become better aware of their individual roles and responsibilities through regular cyber tabletop exercises.
The DORA regulation, as discussed above, also underlines the importance of scenario-based testing of Digital Operational Resilience of financial entities.
All of this may sound overwhelming, but it doesn’t have to be so complicated. This blog will help you understand how to conduct a successful tabletop exercise for the banking and financial sector. Using past attacks on the sector, covered later in the blog, you can create a cyber attack scenario suited to your business. You might also want to get started by downloading our Cyber Tabletop Exercise Template document which shows you how to create your own bespoke cyber simulation drill.
Tailoring Tabletop Exercises for the Banking and Financial Sector
Customising tabletop exercises for the banking and finance sector involves understanding the unique landscape of cyber threats in this domain. At Cyber Management Alliance, we firmly believe in creating bespoke tabletop exercises that specifically address the challenges of our clients’ business and industry. This means incorporating scenarios that reflect actual risks faced by banks, such as data breaches, fraud, and service disruptions.
Take a look at our Top 30 Cyber Attack Tabletop Exercise Scenarios document for a comprehensive idea of attack scenarios and threat actors you must rehearse for. This document also contains a list of the top 20 asset categories that must be prioritised.
Here are some of the most important factors to consider when designing a cyber security drill for this sector:
1. Realistic Scenario Development: Developing realistic scenarios is crucial for effective tabletop exercises. These scenarios should be based on a thorough risk assessment, reflecting the most pressing cyber threats to the banking and finance sector.
For instance, a scenario might involve a simulated attack on the bank's online transaction system, testing the institution’s ability to quickly identify and mitigate the breach while maintaining operational continuity. The key is to create scenarios that are specific enough to provide actionable insights while being broad enough to test a range of response strategies.
2. Regulatory Requirements: The exercise should consider the specific regulatory environment, customer expectations, and the technological infrastructure of financial institutions. This ensures these exercises are relevant, challenging, and effective in strengthening the cybersecurity posture of the sector.
3. Inspired by real-world threats: To maximise the impact of tabletop exercises, integrating real-world cyber threats specific to banking and finance is essential. This involves studying past cyber incidents within the sector and incorporating these insights into the exercise. Going through the table below would be particularly helpful to achieve this goal.
By simulating actual events, such as a recent phishing attack that targeted multiple banks, participants can gain a deeper understanding of the tactics used by cybercriminals and how to effectively counter them. The exercise can be enriched with questions such as - “What would you do if this happened to us?”
This approach not only enhances the realism of the exercise but also ensures that the lessons learned are directly applicable to real-world scenarios.
4. Lessons Learned: The final step is the application of lessons learned from these attack simulations. This involves critically analysing the responses and outcomes of the exercise. By dissecting both successful and unsuccessful strategies, financial institutions can improve their cybersecurity plans and cyber incident response playbooks accordingly. This continuous learning and adaptation process is crucial for staying ahead of evolving cyber threats.
In the banking and financial sector, bespoke cyber tabletop exercises are indispensable for ensuring robust cybersecurity preparedness. The impact of cybersecurity incidents on organisations in this industry can be much greater than others. Therefore, tailored exercises are critical to ensure adequate engagement and a deeper understanding of the threats that loom large.
Further, exercises that cater specifically to the unique vulnerabilities and operational frameworks of financial institutions bring out more meaningful responses from all participants. They’re encouraged to think critically and practise decision-making for real-life attacks.
Recent Cyber Attacks on Banking and Finance Sector
Analyzing past cyber attacks in the financial sector is crucial for effective cyber tabletop exercises. This retrospective view offers valuable insights into the patterns, tactics, and consequences of real-world cyber threats specific to this industry.
By delving into previous incidents, you can pinpoint common vulnerabilities and draw lessons from the failures and successes of others when it comes to incident response. This reflective approach facilitates the development of more authentic and demanding scenarios for tabletop exercises tailored to the industry. It also ensures that the exercise not only imparts theoretical knowledge but also practical applicability.
| Event Date | Financial Institution | Incident | Threat Actor | Impact | Source |
| March 18, 2024 | Nations Direct Mortgage | Nations Direct Mortgage alerts 83,000 to personal data leaks from December cyber attack | Unknown | Nations Direct Mortgage said more than 83,000 customers were affected by a late 2023 data breach that leaked Social Security numbers and other sensitive information. | Nations Direct Mortgage Data Breach |
| March 15, 2024 | International Monetary Fund | International Monetary Fund email accounts hacked in cyber attack | Unknown | The International Monetary Fund (IMF) disclosed a cyber incident after unknown attackers breached 11 IMF email accounts earlier this year. The investigation determined that eleven (11) IMF email accounts were compromised, but the IMF didn't provide other details regarding the breach. The organisation confirmed that it uses the Microsoft 365 cloud-based email platform. | IMF Email Hack |
| March 08, 2024 | Financial services firm Paysign | Paysign investigating reports of consumer information data breach | A cybercriminal forum user with the name "emo" | Paysign said it is investigating reports of a data breach involving consumer information after hackers tried to sell a database allegedly belonging to the company containing millions of records as on March 06, 2024. A cybercriminal forum user with the name "emo," claimed to have stolen 1,242,575 records containing the full names of customers, addresses, dates of birth, phone numbers and account balances. | Alleged Data Breach at Paysign |
| February 13, 2024 | Prudential Financial | Prudential Financial breached in data theft cyber attack | ALPHV Ransomware | Prudential Financial disclosed that its network was breached, with the attackers stealing employee and contractor data before being blocked from compromised systems one day later. Prudential said that the cybercrime group accessed Company administrative and user data from certain information technology systems and a small percentage of Company user accounts associated with employees and contractors. | Prudential Financial Data Theft |
| February 12, 2024 | Bank of America | Bank of America warns customers of data breach after vendor hack | LockBit Ransomware | Bank of America warned customers of a data breach exposing their personal information after Infosys McCamish Systems (IMS), one of its service providers, was hacked last year. Customers’ personally identifiable information (PII) was exposed in the security breach including the affected individuals' financial information, account and credit card numbers. | Bank Of America Data Breach |
| January 29, 2024 | California-based insurance brokerage and consulting firm Keenan | Keenan warns 1.5 million people of data breach after summer cyber attack | Unknown | Keenan & Associates has sent notices of a data breach to 1.5 million customers, warning that hackers accessed their personal information in a recent cyber attack. | Keenan & Associates Data Breach |
| January 22, 2024 | Fintech firm EquiLend | Global fintech firm EquiLend offline after recent cyber attack | LockBit ransomware representative, LockBitSupp | A global financial technology firm EquiLend said its operations were disrupted after some systems were taken offline in a cyber attack. Following the incident, the company also detected unauthorised access to its network and is now working to restore all affected services. | EquiLend Cyber Attack |
| January 19, 2024 | Financial Services Platform Payoneer | Payoneer accounts in Argentina hacked in 2FA bypass attacks | Sombraman1919-(BreachForums name) | Numerous Payoneer users in Argentina reported waking up to finding that their 2FA-protected accounts were hacked and funds stolen after receiving SMS OTP codes while they were sleeping. | Payoneer 2FA Bypass Attacks |
| January 10, 2024 | Fidelity National Financial | Fidelity National Financial: Hackers stole data of 1.3 million people | BlackCat Ransomware | Fidelity National Financial (FNF) has confirmed that a November cyber attack has exposed the data of 1.3 million customers. | Fidelity National Financial Data Breach |
| January 08, 2024 | US mortgage lender loanDepot | US mortgage lender loanDepot confirms ransomware attack | Unknown | Mortgage lender loanDepot said that approximately 16.6 million people had their personal information stolen in a ransomware attack. The attack caused the company to take IT systems offline, preventing online payments against loans. | loanDepot Ransomware Attack |
| January 02, 2024 | Blockchain platform Orbit Chain | Orbit Chain loses $86 million in fintech hack | Sophisticated state-sponsored attackers believed to be based out of North Korea | Orbit Chain has experienced a security breach that has resulted in a loss of $86 million in cryptocurrency, particularly Ether, Dai, Tether, and USD Coin as Orbit Chain's balance went from $115M to $29M instantly, meaning that the losses are estimated to be about $86,000,000. | Orbit Chain Hack |
| December 28, 2023 | Risk and financial advisory company Kroll | Kroll reveals FTX customer information exposed in August data breach | Unknown | Kroll released additional details regarding the August data breach, which exposed the personal information of FTX bankruptcy claimants as Kroll said the exposed data included coin holdings and balances, which would allow threat actors to pinpoint attractive targets who invest heavily in the cryptocurrency markets. | Kroll Data Breach |
| December 26, 2023 | Fidelity National Financial subsidiary LoanCare | Fidelity National Financial subsidiary says 1.3 million affected by November cyber attack | ALPHV/BlackCat Ransomware | LoanCare, a subsidiary of title insurance giant Fidelity National Financial reported a data breach to state regulators. It said that 1,316,938 people had information accessed by hackers who breached the parent company on or about November 19, 2023. | LoanCare Data Breach |
| December 21, 2023 | First American Insurance | First American becomes latest real estate industry giant to be hit by a cyber attack | Unknown | Insurance company First American confirmed that it is dealing with a cyber attack that forced it to shut down certain systems. | First American Cyber Attack |
| December 15, 2023 | Mortgage company Mr. Cooper | October cyber attack leaked data of 14.7 million people, mortgage giant Mr. Cooper says | Unknown | According to the latest update, mortgage loan servicer Mr. Cooper said the information of nearly 14.7 million people was leaked during a cyber attack in October 2023. | Mr. Cooper Data Breach |
| December 12, 2023 | Russian Federal Taxation Service (FNS) | Ukraine’s intelligence claims cyber attack on Russia’s state tax service | Ukraine's security services (SBU) | Ukraine's defence intelligence directorate (GUR) said it infected thousands of servers belonging to Russia's state tax service with malware, and destroyed databases and backups. During the operation, Ukraine's military spies said they managed to break into one of the "key well-protected central servers" of Russia's federal tax service (FNS) as well as more than 2,300 regional servers throughout Russia and occupied Crimea. | Russian Federal Taxation Service Cyber Attack |
| December 11, 2023 | Central Bank of Lesotho | Central Bank of Lesotho faces outages after cyber attack | Unknown | The central bank of the southern African country Lesotho faced severe outages due to a cyber attack that forced it to shut down its systems. | Central Bank of Lesotho |
| December 03, 2023 | Tipalti | Accounting Software Technology company, Tipalti, investigates claims of data stolen in ransomware attack | ALPHV/BlackCat Ransomware | The threat actors claimed to have stolen 265 GB of data, including data for Twitch and Roblox, which they said they will extort separately. | Tipalti Ransomware Attack |
| November 10, 2023 | The Industrial and Commercial Bank of China's (ICBC) | China's biggest lender ICBC hit by ransomware attack | LockBit Ransomware (Apparently) | The Industrial and Commercial Bank of China's (ICBC) U.S. arm was hit by a ransomware attack that disrupted trades in the U.S. Treasury market on Thursday, the latest in a string of victims ransom-demanding hackers have claimed in the year. | ICBC Ransomware Attack |
| November 06, 2023 | EFU Life Assurance | INC RANSOM hits Pakistani insurance company EFU Life Assurance | INC RANSOM (A ransomware group) | Hackers apparently stole files belong to EFU Life Assurance. | EFU Life Assurance ransomware attack |
| October 21, 2023 | American Family Insurance | American Family Insurance confirms cyber attack is behind IT outages | Unknown | Insurance giant American Family Insurance has confirmed it suffered a cyber-attack and shut down portions of its IT systems after customers reported website outages all week. |
American Family Insurance Cyber Attack |
| September 27, 2023 | ChildFund NZ | ChildFund NZ discloses third-party breach | Unknown | ChildFund does not say when it may have stopped working Pareto, but Pareto suffered a cyber attack in April of this year that resulted in personal information of ChildFund NZ donors being accessed by an unknown party. ChildFund NZ is one of 70 charities impacted by the Pareto breach. | ChildFund Data Breach |
| September 27, 2023 | Philippine Health Insurance Corporation (PhilHealth) | Philippines state health org struggling to recover from ransomware attack | Medusa Ransomware Gang | The ransomware incident forced Philippine Health Insurance Corporation to take several websites and portals offline as the ransomware gang gave PhilHealth 10 days to pay several different ransoms, including $100,000 to extend the ransomware’s deadline and $300,000 to either delete all the stolen data or download it. | PhilHealth Ransomware Attack |
| September 25, 2023 | Hong Kong crypto business Mixin | Hong Kong crypto business Mixin says hackers stole $200 million in assets | Allegedly North Korean government’s APT38 hacking group — known by many researchers as Lazarus or TraderTraitor | A cryptocurrency business based in Hong Kong announced that hackers had stolen around $200 million of its assets after attacking its cloud service provider. | Mixin Hack |
| September 18, 2023 | Kuwait government’s Finance Ministry | Kuwait isolates some government systems following attack on its Finance Ministry |
Rhysida ransomware gang | The government of Kuwait suffered a ransomware attack that affected its Ministry of Finance. Government officials immediately tried to separate and shut off affected systems. | Kuwait Ministry of Finance Ransomware Attack |
| September 13, 2023 | CoinEx | CoinEx confirms hack after $31 million in cryptocurrency allegedly stolen from exchange | North Korea’s Lazarus hacking group (Apparently) | Cryptocurrency exchange CoinEx confirmed that a hacker stole millions of dollars worth of cryptocurrency in an attack. While the company claims the amount of losses is still being determined, blockchain data collected by several cryptocurrency security firms shows that about $31 million worth of coins was allegedly stolen from the platform. | CoinEx Hack |
| September 04, 2023 | Germany’s Federal Financial Supervisory Authority (BaFin) | German financial regulator's website hit by DDoS attack | Unknown | Due to the impact of the DDoS attack, the website of Germany’s Federal Financial Supervisory Authority (BaFin) was only partially accessible for two days. |
BaFin DDoS Attack |
| August 14, 2023 | United Bank, Parkersburg | United Bank announces breach involving Camden Clark data | Clop Ransomware (MOVEit Breach) | The impacted electronic records are related to payments made by check or money order to Camden Clark between approximately December 2022 and May 2023. | United Bank Parkersburg Breach |
| August 07, 2023 | American National Insurance Company | American National Insurance Company Experiences Data Breach Affecting Consumers’ Social Security Numbers | Clop Ransomware (MOVEit Breach) | In a notice, ANICO explains that the incident resulted in an unauthorised party being able to access consumers’ sensitive information, which includes their names, Social Security numbers, addresses, financial account information and medical information. | American National Insurance Company Data Breach |
| August 07, 2023 | The Hartford Life and Accident Insurance Company | The Hartford Life and Accident Insurance Company Files Notice of Data Breach Impacting Thousands | Unknown | In a notice, the company explained that the incident resulted in an unauthorised party being able to access consumers’ sensitive information, including their names and Social Security numbers. | The Hartford Data Breach |
| August 07, 2023 | Bank OZK | Bank OZK Announces Third-Party Data Breach Stemming from Vendor’s Use of MOVEit | Clop Ransomware (MOVEit Breach) | Bank OZK said that the incident resulted in an unauthorised party being able to access consumers’ sensitive information, which includes their names, Social Security numbers, transaction activity, dates of birth and Trust and Wealth account numbers. | Bank OZK Data Breach |
| August 03, 2023 | Omaha Health Insurance Company (“OHIC”), a division of Mutual of Omaha | Mutual of Omaha Rx reports data breach leaking confidential member information | Unknown | In this notice, OHIC explained that the incident resulted in an unauthorised party being able to access consumers’ sensitive information, which includes their names, Social Security numbers, dates of birth, medical claims information, banking information, billing information and medical treatment information. | Omaha Health Insurance Company Data Breach |
| August 03, 2023 | Unum Group’s subsidiary Starmount Life Insurance Company, Inc. (”Starmount”) | Unum Group Confirms MOVEit data breach leaked customer information, including SSNs | Unknown | Unum explained that the incident resulted in an unauthorised party being able to access consumers’ sensitive information. | Starmount Life Insurance Data Breach |
| July 20, 2023 | Fidelity & Guaranty Life Insurance Company | Fidelity & Guaranty Life Insurance Company notified by PBI of data breach related to MOVEit | Clop Ransomware (MOVEit Breach) | F&G said that the incident resulted in an unauthorised party being able to access consumers’ sensitive information, which includes their names and Social Security numbers. | F&G Life Insurance Co Data Breach |
| July 17, 2023 | Quorum Federal Credit Union | Quorum Federal Credit Union announces data breach resulting from MOVEit vulnerability | Clop Ransomware (MOVEit Breach) | Quorum announced that the incident resulted in an unauthorised party being able to access consumers’ sensitive information, which includes their names, Social Security numbers, financial account information and driver’s license numbers. | Quorum Federal Credit Union Data Breach |
| July 14, 2023 | PlainsCapital Bank | PlainsCapital Bank announces data breach involving vendor’s use of MOVEit | Clop Ransomware (MOVEit Breach) | PlainsCapital Bank explained that the incident resulted in an unauthorised party being able to access customers’ sensitive information, which includes their Social Security numbers and bank account numbers. | PlainsCapital Bank Data Breach |
| July 13, 2023 | The Franklin Mutual Insurance Group | The Franklin Mutual Insurance Group notifies victims of recent data breach following ransomware attack | Unknown | In this notice, FMI explained that the incident resulted in an unauthorised party being able to access consumers’ sensitive information. | Franklin Mutual Insurance Group Data Breach |
| July 10, 2023 | Rockland Trust Bank | Rockland Trust Bank informs 14,806 of data breach involving vendor’s use of MOVEit software | Clop Ransomware (MOVEit Breach) | Rockland Trust said that the incident resulted in an unauthorised party being able to access consumers’ sensitive information, which includes their names, addresses, account numbers, email addresses, bill payment amounts, and the payees’ names and addresses. | Rockland Trust Bank Data Breach |
| July 05, 2023 | NIH Federal Credit Union | NIH Federal Credit Union notifies 14,706 members of data breach | Unknown | The NIHFCU investigation confirmed that the employee’s email account was accessed by the unauthorised party for a period of a few hours on April 11, 2023. It was later determined that some of the emails and attachments within the email account contained confidential consumer information. | NIH Federal Credit Union Data Breach |
| June 30, 2023 | City National Bank of Florida | Over 36k Customers of City National Bank of Florida affected by MOVEit data breach | Clop Ransomware (MOVEit Breach) | The breach did not impact CNBF’s computer systems but the bank explained that the incident resulted in an unauthorised party being able to access consumers’ sensitive information. | City National Bank of Florida Data Breach |
| May 01, 2023 | Level Finance Crypto | Level Finance crypto exchange hacked after two security audits | Unknown | Hackers exploited a Level Finance smart contract vulnerability. They managed to drain 214,000 LVL tokens from the decentralised exchange and swapped them for 3,345 BNB, worth approximately $1,100,000. | Level Finance Crypto Hack |
| April 24, 2023 | Mossad, National Insurance Institute of Israel | Mossad, Israeli companies targeted in major cyber attack by Sudanese hacker group. | A hacker group calling itself Anonymous Sudan | The cyber attack forced various Israeli websites, including those of Mossad and the so-called National Insurance Institute, which is responsible for the social security of Israeli settlers, to go offline. | Israeli Cos Attacked |
| April 24, 2023 | KuCoin | KuCoin's Twitter account was hacked to promote a crypto scam. | Unknown | The compromise allowed attackers to promote a fake giveaway scam that led to the theft of over $22.6K in cryptocurrency. | KuCoin Crypto Scam |
| April 24, 2023 | US Consumer Financial Protection Bureau | The US Consumer Financial Protection Bureau suffers a breach affecting 256,000 consumer accounts. | A former CFPB employee | In this data breach, the personal information of around 256,000 consumer accounts was compromised. | US Consumer Financial Protection Bureau Data Breach |
| April 20, 2023 | Angel One | Client data breach at Angel One; stock falls 2%. | Unknown | Client profile data (like name, email, mobile number) and client holding data may have been accessed. The company's stock price also dropped down by 2% apparently due to the incident. | AngelOne Data Breach |
| April 20, 2023 | ICICI Bank | ICICI Bank refutes data breach allegation. | Unknown | Over 3.6 million ICICI Bank files comprising the bank's and its clients' information was allegedly leaked from a publicly accessible cloud storage bucket managed by DigitalOcean. The hackers allegedly stole bank statements, credit card numbers, KYCs, PAN card info., scanned passport copies, and also the resumes of current and prospective employees. But ICICI bank denies the breach saying they don’t own the URL captured by the hackers. | ICICI Bank Alleged Data Breach |
| March 16, 2023 | A Deutsche Bank subsidiary, Latitude Financial Services (Latitude) | Latitude Financial data breach now impacts 14 million customers. | Unknown | Latitude confirmed it was impacted by a cyber attack on March 16, affecting 330,000 customers, but, after further investigating the incident, on March 27, 2023, Latitude revealed that the impact of the incident is much more significant, now believed to have affected 14 million customers or loan applicants from Australia and New Zealand. | Latitude Financial Data Breach |
| March 12, 2023 | Lending protocol Euler Finance | Hackers steal $197 million in crypto in Euler Finance attack. | Unknown | The cryptocurrency theft involved multiple tokens, including $8.75 million worth of DAI, $18.5 million in WBTC, $33.85 million in USDC, and $135.8 million in stETH. | Euler Finance Attack |
| March 10, 2023 | Chile’s National Health Fund, Fonasa | BlackCat confirms attack on Fonasa. | BlackCat Ransomware | A news source shared a stolen data file that includes a directory of files as well as some correspondence with the names, addresses, and city of Fonasa health beneficiaries, etc. | Fonasa Ransomware Attack |
| March 07, 2023 | Commonwealth Bank of Australia's Indonesian unit | Commonwealth Bank of Australia's Indonesian arm hit by cyber attack | Unknown | The incident involved unauthorised access of a web-based software application used for project management, and the bank's Australian systems were segregated from PTBC systems. | Cyber Attack on Indonesian Arm of Commonwealth Bank of Australia |
| March 06, 2023 | HDFC Bank | HDFC Bank denies data breach even as 7.5 GB of customer information is allegedly leaked for free on Hacker Forum. | Threat actor using the title Kernelware on Breach Forums | The threat actor posted 7.5 GB of stolen data belonging to HDFC Bank for download without any payment. | HDFC Bank Alleged Data Breach |
| March 03, 2023 | La Segunda Insurance | LockBit published data stolen from La Segunda including judicial files, expert reports and medical data. | LockBit Ransomware | LockBit group encrypted the insurer's systems and exposed 52 GB of sensitive information from the Rosario insurance company La Segunda. | La Segunda Insurance Ransomware Attack |
| March 02, 2023 | Hatch Bank | Hatch Bank discloses data breach after Cl0p ransomware attack on GoAnywhere MFT. | Clop ransomware (Apparently) | Hackers stole the personal information of almost 140,000 customers from the company's Fortra GoAnywhere MFT secure file-sharing platform. | Hatch Bank Data Breach |
| March 01, 2023 | Poland’s Tax Service | Poland blames Russian hackers for a cyber attack on a tax service website. | Pro-Russian hacker group NoName057(16) | The cyber attack caused the website to crash for approximately one hour and blocked users’ access to the online tax filing system. | Poland's Tax Service Cyber Attack |
| February 03, 2023 | Nonstop Health | Data and Source Code from Nonstop Health allegedly hacked | Unknown | Data and source code allegedly from Nonstop were leaked on two popular hacking-related forums. Personal information leaked online included names, date of birth, postal address with state and zip code, personal email address, and Social Security numbers. | Nonstop Health Data Breach |
| Janaury 25, 2023 | Zacks Investment Research | Zacks Investment Research data breach affects 820,000 clients | Unknown | Hackers breached Zacks Investment Research (Zacks) company and gained access to personal and sensitive information belonging to 820,000 customers. | Zacks Investment Research Data Breach |
| January 20, 2023 | Bank of Eastern Oregon | Bank of Eastern Oregon files official notice of data breach | Unknown | The Bank of Eastern Oregon (“BEO”) filed notice of a data breach with the Attorney General of Montana after learning that employee email accounts containing confidential customer information were accessed by an unauthorised party. Based on the company’s official filing, the incident resulted in an unauthorised party gaining access to consumers’ sensitive information. | Bank of Eastern Oregon Data Breach |
| January 9, 2023 | Aflac Insurance, Zurich Insurance Group | Aflac, Zurich policyholders in Japan affected by data leaks | Unknown | Personal information for more than 1.3 million Aflac cancer insurance policyholders and almost 760,000 Zurich Insurance auto insurance policyholders is on the dark web following a hack on a third-party contractor. | Data Leak of Policyholders in Japan |
