December can be the best or worst time to suffer a data breach. On the one hand, people have started to wind down to the end of the year, all attention is on the holidays and a data breach is more likely to fall under the radar.
But for the very same reasons, a December data breach can be the worst possible scenario. Your team suddenly has a mountain of work on its hands as it mitigates the damage. Meanwhile, incident response plans might be severely disrupted if the people tasked with handling certain tasks are on leave already.
As tempting as it is to turn our backs on 2022 and look forward to the new year, let’s take a moment to consider the security incidents that occurred, for better or worse, at the back end of last year.
In total, we found 78 publicly recorded data breaches in December 2022, which accounted for 31,586,757 breached records. As always, you can find the full list below, divided into their respective categories.
Cyber attacks
- The Pope’s website taken offline in suspected hacker attack (unknown)
- Internet issues caused by ‘unauthorized third party’ close South Jersey school (unknown)
- New Zealand health insurer Accuro says it’s been hacked (unknown)
- Hacker Makes Away With $5 million From Ankr Protocol (unknown)
- Vancouver Film School hit by paralyzing cyber attack (unknown)
- FBI investigating cyber attack on DraftKings and FanDuel (unknown)
- Hackers selling personal data patients from a Tamil Nadu Hospital (150,000)
- Cyber security incident hits San Diego Unified computer network (unknown)
- Safdarjung Hospital reports cyber attack (unknown)
- Versailles hospital targeted by cyber attack (unknown)
- Amnesty International Canada hit by cyber attack (unknown)
- Zero-day hackers breach Samsung Galaxy S22 twice in 24 Hours (unknown)
- Cincinnati restaurants under attack by cyber hackers (unknown)
- Greene County Tech School District services back up following hack (unknown)
- Brazil’s Iochpe-Maxion victim of cyber attack (unknown)
- Argentina’s Automovil Club Argentino discloses intrusion in its systems (unknown)
- Knox College president addresses ransomware incident (unknown)
- Morgan County School District Re-3 cancelled classes in wake of cyber security incident (unknown)
- Uber suffers new data breach after attack on vendor, info leaked online (unknown)
- Munster student gained access to school network and student information (unknown)
- TPG Telecom says email accounts of business customers hacked (15,000)
- Disruptions and delays in services at the Queen Elizabeth Hospital Barbados (unknown)
- FBI’s vetted info-sharing network ‘InfraGard’ hacked (80,000)
- Cyber attack on NZ’s largest insurer of doctors MAS may have exposed members’ personal data (unknown)
- State network data breach has potential impact on some Rochester Public Library users (1,709)
- Social Blade admits to being hacked (unknown)
- Criminal hackers selling user data from CoWIN platform (unknown)
- Sports betting operator BetMGM hit by security incident (unknown)
- Texas-based San Benito Consolidated School District suffers security breach (unknown)
- Medellin’s public utilities company under cyber attack (unknown)
- Aegea Saneamento e Participações suffers security incident (unknown)
- St. Rose Hospital patient data appears on hacking forum (1,800)
- Indian Railway Catering and Tourism Corporation denies data breach after criminal hackers claim attack (30 million)
- Azienda Ospedaliera di Alessandria hospital suffers security incident (unknown)
- Malaysia’s Ministry of Communications and Digital investigating alleged data leak (unknown)
- Argentina-based ARSAT suffered a cyber attack (unknown)
- Toyota Kirloskar Motor reports security breach (unknown)
If you’re facing a cyber security disaster, IT Governance is here to help. Our Cyber Incident Response service provides the help you need to deal with the threat, as our experts guide you through the recovery process.
They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.
Ransomware
- Brazilian debt collection firm pays Hive $500k ransom (unknown)
- Uruguay’s Ministry of Transport and Public Works victim of ransomware attack (unknown)
- Little Rock School Board approves paying ransom after cyber attack (unknown)
- Hudson County Schools of Technology goes old-school low tech after suspected ransomware attack (unknown)
- Rackspace’s Hosted Exchange disruption was due to a ransomware attack (unknown)
- Adams-Friendship Area School District hit by ransomware (unknown)
- Mexico’s Jalisco Congress attacked by ransomware (unknown)
- Argentina’s National Institute of Statistics and Census hit by ransomware (unknown)
- Cetrogar hit by ransomware (unknown)
- Attack on Spain-based Ayuntamiento Requena claimed by BlackCat (unknown)
- Threat actors have now leaked Kenosha USD data (unknown)
- Huron-Superior Catholic District School Board confirms ransomware attack (unknown)
- Guardian newspaper hit by suspected ransomware attack (unknown)
- Aussie fire stations impacted by cyber attack (unknown)
- SickKids reports “cybersecurity incident” affecting some phone lines and web pages (unknown)
- Mexico’s Financiera Reyes hit by ransomware gang (unknown)
- Venezuela’s Amazing Global struck by ransomware (unknown)
- Brazilian textile firm Biotipo infected with ransomware (unknown)
- Queensland University of Technology shuts IT systems after being hit by ransomware attack (unknown)
- Vanuatu ransomware attack claimed by RansomHouse (unknown)
- Hackers stole data from multiple electric utilities in recent ransomware attack (unknown)
- JAKKS Pacific double locked by two ransomware groups (unknown)
- Minnesota school district hit by ransomware (unknown)
- Port of Lisbon website still down amid cyber attack (unknown)
- Security breach at software provider affects software in Columbiana County Recorder’s office (unknown)
- Brazil’s Monte Cristalina hit by ransomware (unknown)
- CentraState Medical Center hit by suspected ransomware attack (unknown)
- California authorities confirm cyber intrusion (unknown)
- Centro Médico Virgen De La Caridad hit by ransomware (unknown)
Data breaches
- After discovery of huge data breach, social media site Hive goes offline (unknown)
- Dutch firm Forum voor Democratie leaves members and former members exposed (93,000)
- VA admits to improperly disclosing COVID-19 vaccine data (500,000)
- Ontario’s vaccine booking system affects hundreds of thousands, province says (360,000)
- Telstra customers exposed in data leak (130,000)
- privacy breach by Archives NZ allows people to see records containing sensitive health information of abuse survivors (unknown)
- City of Port Phillip notification of potential data breach (unknown)
- Canadian doctor’s records improperly disposed (unknown)
- Cincinnati State data breach possibly exposed Social Security numbers, other information (unknown)
- Malaysia’s Unifi Mobile says customers affected by data breach (250,248)
Malicious insiders and miscellaneous incidents
- Personal info of Edmonton employees compromised in insider data breach (5,000)
- Privacy breach reported by Manitoba Health after break-in (unknown)
- Security incident at Degroof Petercam affects hundreds of Belgian companies (unknown)
- Former employee of Selma animal hospital arrested for extortion, cyber stalking (unknown)
