Close Menu
TechTost
  • AI
  • Apps
  • Crypto
  • Fintech
  • Hardware
  • Media & Entertainment
  • Security
  • Startups
  • Transportation
  • Venture
  • Recommended Essentials
What's Hot

Hermes agent maker Nous Research is in talks for fresh funding at a $1.5 billion valuation

Already rich, already successful, because the latest wave of tech winners is grinding again

Waze adds new AI-powered features and customization updates

Facebook X (Twitter) Instagram
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer
Facebook X (Twitter) Instagram
TechTost
Subscribe Now
  • AI

    Already rich, already successful, because the latest wave of tech winners is grinding again

    14 July 2026

    Should artificial intelligence help you get away with murdering your husband?

    13 July 2026

    Meta enters the crowded AI coding fray with Muse Spark 1.1

    13 July 2026

    Can AI answer the $3 trillion question?

    12 July 2026

    OpenAI shuts down Atlas, but AI browser ambitions keep growing

    12 July 2026
  • Apps

    Waze adds new AI-powered features and customization updates

    14 July 2026

    As TV-watching app TV Time shuts down, its founder creates Bingers, a new home for fans

    13 July 2026

    Elon Musk says X will send DMs when posts you’ve interacted with are fixed

    13 July 2026

    ‘Slow-cial’ Roost app forces you to slow down to the speed of a carrier pigeon

    12 July 2026

    Character.AI is entering the micro-drama arena with its own productions, but there’s a twist

    12 July 2026
  • Crypto

    Venice AI goes unicorn with $65M Series A as first privacy AI platform takes off

    1 July 2026

    Crypto Exchange OKX wants AI agents to hire and pay each other

    30 June 2026

    Startup Battlefield 200 applications close today

    27 May 2026

    5 days left: Save up to $410 on Disrupt 2026 passes

    25 May 2026

    As crypto cools, a16z crypto raises $2.2 billion in capital

    6 May 2026
  • Fintech

    Don’t want to invest in Elon Musk? Two new ETFs expressly exclude him

    10 July 2026

    India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

    28 June 2026

    Early Bird pricing ends tonight for the Founder Summit

    26 June 2026

    4 days left to save up to $190 on Founder Summit 2026

    23 June 2026

    Robinhood’s note on 10% layoffs shows that blaming AI doesn’t cut it

    17 June 2026
  • Hardware

    Meta’s new AI chips will begin production in September

    12 July 2026

    This slush machine was a lifesaver during the New York heat wave

    12 July 2026

    Dumb Co dared me to exchange my iPhone for a hacked phone

    11 July 2026

    SK Hynix raises $26.5 billion in largest foreign public IPO in US history, set to build new fabs in US

    11 July 2026

    After Apple, smartphone manufacturing boom in India enters new phase with Vivo JV

    10 July 2026
  • Media & Entertainment

    12 states sue to block $110 billion Paramount deal from Warner Bros

    14 July 2026

    Netflix could be planning “always on” live TV channels.

    11 July 2026

    Netflix is ​​dealing with shorter video content with its new set of publisher deals with Variety and others

    8 July 2026

    Netflix invented binge watching. Now he may be over it.

    7 July 2026

    New Google ad imagines a Declaration of Independence written with the help of artificial intelligence

    4 July 2026
  • Security

    Apple says ex-employee exploited ‘rare’ bug to download confidential files after leaving for OpenAI

    13 July 2026

    US cybersecurity agency CISA had to create the incident guide during the incident, the agency reveals

    11 July 2026

    Florida ransomware dealer convicted of helping ransomware gang extort US companies

    10 July 2026

    Hacktivists call out Trump by hacking and defacing US military websites

    8 July 2026

    Canada’s spy agency says it hacked drug traffickers, extremists and a ransomware gang last year

    6 July 2026
  • Startups

    AI chip maker SambaNova raises $1 billion at $11 billion valuation, 5 months after last mega round

    12 July 2026

    Hot French startup ZML releases free product to speed up inference on multiple AI chips

    12 July 2026

    Former OpenAI executive Kevin Weil is now on Stoke Space’s board

    11 July 2026

    Phia Accused of ‘Cookie Stuffing’, Taking Affiliate Credit for Unearned Purchases

    11 July 2026

    Oratomic raises $300M to build sustainable quantum computer that only needs 20,000 qubits

    10 July 2026
  • Transportation

    SpaceX decided to fly Starship again after the booster failed in May

    13 July 2026

    TechCrunch Mobility: A robotaxi ultimatum

    12 July 2026

    Slate Auto partners with Crayola to paint its EV truck

    10 July 2026

    Autonomous drone delivery startup Manna plans major US expansion

    9 July 2026

    Federal authorities are demanding that autonomous vehicle companies stop interfering with first responders

    9 July 2026
  • Venture

    Hermes agent maker Nous Research is in talks for fresh funding at a $1.5 billion valuation

    14 July 2026

    Filed Under: College Fizz App Accuses VC Of Sharing Confidential Startup Info With Rival Sidechat

    11 July 2026

    Charles Hudson shares the common mistakes he’s seen after investing in 500+ startups

    10 July 2026

    Nandan Nilekani steps down as GP at Fundamentum as it launches third $200m fund

    9 July 2026

    What are bending spoons? The little-known owner of AOL and Vimeo who is now public

    5 July 2026
  • Recommended Essentials
TechTost
You are at:Home»Security»MOVEit, Capita, CitrixBleed and more: The biggest data breaches of 2023
Security

MOVEit, Capita, CitrixBleed and more: The biggest data breaches of 2023

techtost.comBy techtost.com27 December 202307 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Email
Moveit, Capita, Citrixbleed And More: The Biggest Data Breaches Of
Share
Facebook Twitter LinkedIn Pinterest Email

This year, 2023, it was a hell of a year for data breaches, just like the year before (and the year before that, etc.). Over the past 12 months, we’ve seen hackers ramp up their exploitation of bugs in popular file transfer tools to compromise thousands of organizations, ransomware gangs adopt new offensive tactics aimed at blackmailing their victims, and attackers continue to target organizations that they don’t have resources. such as hospitals, to infiltrate highly sensitive data such as patient healthcare information and insurance information.

In fact, according to October data from the US Department of Health and Human Services (HHS), healthcare breaches it affected more than 88 million people, up 60% from last year. And that’s not even counting the last two months of the year.

We’ve rounded up the most devastating data breaches of 2023. We hope we don’t have to update this list before the year is out…

Fortra GoAnywhere

Just weeks after 2023, hackers exploited a zero-day vulnerability affecting Fortra’s GoAnywhere file transfer software, allowing the mass hacking of more than 130 companies. This vulnerability, tracked as CVE-2023-0669it was known as zero-day because it was actively used before Fortra could release a patch.

Massive hacks exploiting this critical remote injection flaw were quickly claimed by the notorious Clop ransomware and extortion gang, which stole data from more than 130 victim organizations. Among those affected was NationBenefits, a Florida-based technology company that offers supplemental benefits to its more than 20 million members across the United States. Brightline, a virtual guidance and therapy provider for children. Canadian financial giant Investissement Québec. Switzerland-based Hitachi Energy. and the city of Toronto, to name just a few.

As revealed by TechCrunch in March, two months after news of the massive hacks first broke, some victim organizations only learned that data had been breached from their GoAnywhere systems after each received a ransom demand. Fortra, the company that developed the GoAnywhere tool, previously told those organizations that their data was not affected by the incident.

Royal Mail

January was a busy month for cyberattacks, as it also saw UK postal giant Royal Mail confirm it had fallen victim to a ransomware attack.

This cyberattack, first confirmed by Royal Mail on January 17, caused months of disruption, leaving the British postal giant unable to process or deliver letters or parcels to destinations outside the UK. The incident, which was claimed by the Russian-linked LockBit ransomware gang, also saw the theft of sensitive data, which the hacker group posted on its darkly leaked website. This data included technical information, HR and disciplinary personnel records, wage and overtime details, and even a staff member’s vaccination records against COVID-19.

The full scale of the data breach remains unknown.

3CX

The 3CX software-based phone system builder is used by more than 600,000 organizations worldwide with more than 12 million active daily users. But in March, the company was breached by hackers trying to target its downstream customers by installing malware on the 3CX client software while it was in development. This hack was attributed to Labyrinth Chollima, a sub-unit of the infamous Lazarus Group, the North Korean government hacking unit known for stealthy intrusions targeting cryptocurrency exchanges.

To date, it is unknown how many 3CX customers were targeted by this brazen supply chain attack. We do know, however, that another supply chain attack caused the breach. According to Google Cloud-owned Mandiant, attackers breached 3CX through a malware-infected version of X_Trader financial software found on a 3CX employee’s laptop.

Capita

April saw hackers compromise UK outsourcing giant Capita, whose clients include the National Health Service and the UK Department for Work and Pensions. The fallout from this hack lasted for months as more Capita customers learned that sensitive data had been stolen, many weeks after the compromise. The Universities Superannuation Scheme, the UK’s largest private pension provider, was among those affected, confirming in May that the personal details of 470,000 members had likely been accessed.

This was only the first cyber security incident to hit Capita this year. Shortly after Capita’s massive data breach, TechCrunch has learned that the outsourcing giant has left thousands of files, totaling 655 gigabytes, exposed online since 2016.

MOVEit transfer

The mass exploitation of MOVEit Transfer, another popular file transfer tool used by businesses to securely share files, remains the biggest and most damaging breach of 2023. The fallout from this incident — which continues to emerge — started the May when Progress Software disclosed a critical-rated zero-day vulnerability in MOVEit Transfer. This flaw allowed the Clop gang to carry out a second round of mass hacks this year to steal the sensitive data of thousands of MOVEit Transfer customers.

According to the most up-to-date statistics, the MOVEit Transfer breach has so far claimed more than 2,600 victim organizations, with hackers accessing the personal data of nearly 84 million people. This includes the Oregon Department of Transportation (3.5 million records stolen), the Colorado Department of Health Policy and Financing (four million), and US government outsourcing giant Maximus (11 million).

Microsoft

In September, Chinese-backed hackers obtained a highly sensitive Microsoft email signature key, which allowed hackers to sneak into dozens of email inboxes, including those belonging to several federal government agencies. Those hackers, who Microsoft claims belonged to a newly discovered espionage group identified as Storm-0558, leaked unclassified email data from those email accounts, according to US cybersecurity agency CISA.

In an autopsy, Microsoft said it still doesn’t have specifics (or is willing to share) how those attackers first broke in and allowed hackers to steal its skeleton key to access email accounts. The tech giant has since faced significant scrutiny for its handling of the incident, which is believed to be the biggest breach of unclassified government data since the Russian spy campaign that hacked SolarWinds in 2020.

CitrixBleed

And then it was October, and it spawned yet another wave of massive attacks, this time exploiting a critical-rated vulnerability in Citrix NetScaler systems. Security researchers say they have observed attackers exploiting this flaw, now known as “CitrixBleed,” to break into organizations around the world spanning retail, healthcare and manufacturing.

The full impact of these massive hacks continues to unfold. But LockBit, the ransomware gang responsible for the attacks, claims to have put large companies at risk by exploiting the flaw. The CitrixBleed flaw allowed the Russia-linked gang to extract sensitive information, such as session cookies, usernames and passwords, from affected Citrix NetScaler systems, giving hackers deeper access to vulnerable networks. This includes well-known victims such as aerospace giant Boeing, law firm Allen & Overy and Industrial and Commercial Bank of China.

23 and I

In December, DNA testing company 23andMe confirmed that hackers had stolen the ancestry data of half of its customers, about 7 million people. However, that admission came weeks after it was first revealed in October that user and genetic data had been obtained after a hacker posted a portion of the stolen profile and DNA information of 23andMe users on a well-known hacking forum.

23andMe initially said hackers accessed user accounts using stolen user passwords already made public by other data breaches, but later admitted the breach also affected those who opted into its DNA Relatives feature, which matches users with their their genetic relatives.

After revealing the full extent of the data breach, 23andMe changed its terms of service to make it more difficult for victims of the breach to file legal claims against the company. Advocates described some of these changes as “cynical” and “self-serving.” If the breach did one good thing, it’s that it prompted other DNA and genetic testing companies to beef up the security of their user accounts in light of the 23andMe data breach.

biggest breaches Capita CitrixBleed cyber security data data breach MOVEit ransomware TechCrunch 2023 Recap vulnerability
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleEquity Down Under: How Australian startups can crack the US market
Next Article The Apple Watch import ban has been suspended. The Series 9 and Ultra 2 will be available on Apple’s site tomorrow
bhanuprakash.cg
techtost.com
  • Website

Related Posts

Apple says ex-employee exploited ‘rare’ bug to download confidential files after leaving for OpenAI

13 July 2026

US cybersecurity agency CISA had to create the incident guide during the incident, the agency reveals

11 July 2026

Florida ransomware dealer convicted of helping ransomware gang extort US companies

10 July 2026
Add A Comment

Leave A Reply Cancel Reply

Don't Miss

Hermes agent maker Nous Research is in talks for fresh funding at a $1.5 billion valuation

14 July 2026

Already rich, already successful, because the latest wave of tech winners is grinding again

14 July 2026

Waze adds new AI-powered features and customization updates

14 July 2026
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Fintech

Don’t want to invest in Elon Musk? Two new ETFs expressly exclude him

10 July 2026

India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

28 June 2026

Early Bird pricing ends tonight for the Founder Summit

26 June 2026
Startups

AI chip maker SambaNova raises $1 billion at $11 billion valuation, 5 months after last mega round

Hot French startup ZML releases free product to speed up inference on multiple AI chips

Former OpenAI executive Kevin Weil is now on Stoke Space’s board

© 2026 TechTost. All Rights Reserved
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer

Type above and press Enter to search. Press Esc to cancel.