The number of disclosed security incidents and compromised records surged in March 2024, according to new analysis, highlighting the escalating threats faced by businesses globally.
Monthly analysis of data breaches and cyber attacks by cyber risk specialist IT Governance revealed March 2024 saw 3,478 publicly disclosed security incidents, an increase of 388% compared to the previous month.
During the same period, over 299 million records were compromised by threat actors, the firm said .
IT Governance noted the number of records compromised during March 2024 had increased by a staggering 613% compared to the same time last year, and also shows a 58% uptick from February 2024.
The reason the number of exposed records was particularly high this month can be attributed to two high-profile security incidents, described as ‘outlier events’, which contributed a significant portion of the exposed information.
The first of these outlier events related to an AI hiring system, Chattr.ai, used by a large number of fast food chains in the US including Applebees, Dunkin, KFC, Subway, and Wendys.
Misconfigured Google Firebase instances used by Chattr.ai meant attackers could register profiles with full privileges, and access the personally identifiable information of Chattr employees, franchise managers, and potential job applicants.
The data available to threat actors included the individuals’ names, phone numbers, emails, plaintext passwords, branch locations, confidential messages, and shift information.
Overall, the security researcher who first flagged the vulnerability, MrBruh, identified 916 misconfigured Google Firebase instances, which exposed a eye-watering 124,605,664 user records.
The second outlier event referred to in the analysis was also related to artificial intelligence.
Researchers at application security firm Oligo found thousands of servers running AI infrastructure using the Ray open-source AI framework were exposed to attacks targeting five unique critical vulnerabilities.
When exploited, the vulnerabilities cloud allow attackers to take control of the victims computing power and leak sensitive data.
The flaw had been under active exploitation for 7 months, the report stated on 25 March 2024, with IT Governance speculating thousands of records were exposed during that time, with the exact number unconfirmed.
French cyber security takes a hit with two large-scale data breaches in March
IT Governance’s analysis highlighted the three largest data breaches of March 2024, with the Google Firebase misconfiguration incident taking top spot.
Next up was a cyber attack targeting France’s agency for unemployment, France Travail. On March 13 2024, the agency announced the attack resulted in the sensitive data belonging to 43 million individuals being exposed.
The data included names, dates of birth, email and postal addresses, phone numbers, social security numbers, and internal system identifiers.
Notably, and fortunately, France Travail reported the passwords and bank details of individuals were not impacted during the breach, the largest in French history.
March appears to have been a bad month for French firms, as the third major incident cited in the report refers to another French organization, sports nutrition company MX3 Nutrition.
According to IT Governance, a threat actor by the name of Chunky leaked 36 million customer records belonging to MX3 Nutrition, with individuals’ names, email addresses, hashed passwords, and more, all finding their way onto popular hacking forums.
This incident is yet to be verified by MX3, however, but IT Governance’s analysis noted the listing included samples, or a proof pack, to lend credibility to its assertions.
Commenting on the investigation, founder and executive chairman of IT Governance, Alan Calder, said the surge in successful breaches as well as the number of records exposed online shows there is a lot more to be done to protect sensitive information.
“The increase in security incidents during March 2024 is a clear indicator that organizations need to focus on stronger cyber security measures to safeguard sensitive data”, he argued,
“The diverse methods used by threat actors to exploit vulnerabilities demonstrates the importance of taking proactive security measures. This includes conducting regular security checks, ensuring timely software patch updates, and providing comprehensive cyber security training to employees.”
Calder stressed that companies cannot afford to be careless when configuring their assets, urging those running any of the products mentioned to address the vulnerabilities as soon as possible.
“As we have seen in these findings, neglecting proper configuration protocols can result in unauthorized access to sensitive data, leading to data breaches, financial losses, reputational damage and legal repercussions for affected organizations. With this in mind, it’s crucial that affected organizations promptly address the vulnerabilities in Google Firebase”, he advised.
“Similarly, if the allegations concerning MX3 Nutrition’s data leak are confirmed, the company must take immediate action to mitigate the potential fallout and protect the privacy of its customers.