The number of disclosed security incidents and compromised records increased in March 2024, according to a new analysis, highlighting the growing threats facing businesses globally.
Monthly analysis of data breaches and cyber attacks by cyber risk specialist IT Governance revealed that 3,478 security incidents were publicly disclosed in March 2024, an increase of 388% compared to the previous month.
During the same period, more than 299 million records were compromised by threat actors, the firm said.
IT Governance noted that the number of compromised records during March 2024 increased by a staggering 613% compared to the same period last year, and also shows a 58% increase since February 2024.
The reason why the number of exposed records was particularly high this month can be attributed to two high-profile security incidents, described as “outlier events”, which contributed a significant portion of the exposed information.
The first of these outlier events was related to an AI recruiting system, Chattr.ai, used by a large number of fast food chains in the US, including Applebees, Dunkin, KFC, Subway and Wendys.
Misconfigured Google Firebase instances used by Chattr.ai meant that attackers could register profiles with full privileges and access the personally identifiable information of Chattr employees, franchise managers, and potential job applicants.
The data available to threat actors included people's names, phone numbers, emails, plaintext passwords, branch locations, sensitive messages, and shift information.
Overall, the security researcher who first pointed out the vulnerability, MrBruh, identified 916 misconfigured Google Firebase instances, exposing 124,605,664 user records.
The second outlier event referenced in the analysis was also related to artificial intelligence.
Researchers at application security company Oligo found that thousands of servers running AI infrastructure using the open source Ray AI framework were exposed to attacks targeting five unique critical vulnerabilities.
When exploited, the cloud of vulnerabilities allows attackers to take control of victims' computing power and leak sensitive data.
The flaw had been under active exploitation for 7 months, according to the March 25, 2024 report, and IT Governance speculated that thousands of logs were exposed during that time, without confirming the exact number.
French cybersecurity hit with two large-scale data breaches in March
IT Governance's analysis highlighted the three largest data breaches of March 2024, with the Google Firebase misconfiguration incident taking the top spot.
The next step was a cyberattack targeting the French unemployment agency, France Travail. On March 13, 2024, the agency announced that the attack resulted in the exposure of sensitive data belonging to 43 million people.
The data included names, dates of birth, postal and email addresses, telephone numbers, social security numbers, and internal system identifiers.
Notably, and fortunately, France Travail reported that people's passwords and banking details were not affected during the breach, the largest in French history.
March appears to have been a bad month for French companies, as the third major incident cited in the report concerns another French organization, sports nutrition company MX3 Nutrition.
According to IT Governance, a threat actor named Chunky leaked 36 million customer records belonging to MX3 Nutrition, with people's names, email addresses, hashed passwords, and more, all landing on popular hacking forums.
However, MX3 has yet to verify this incident, but IT Governance's analysis noted that the list included samples, or a test package, to lend credibility to its claims.
Commenting on the investigation, IT Governance founder and chief executive Alan Calder said the increase in successful breaches, as well as the number of records exposed online, shows there is much more to do to protect sensitive information.
“The increase in security incidents during March 2024 is a clear indicator that organizations must focus on stronger cybersecurity measures to safeguard sensitive data,” he argued.
“The various methods used by threat actors to exploit vulnerabilities demonstrate the importance of taking proactive security measures. This includes conducting regular security checks, ensuring timely software patch updates, and providing comprehensive cybersecurity training to employees.”
Calder emphasized that companies cannot afford to be careless when configuring their assets, and urged those running any of the aforementioned products to address vulnerabilities as soon as possible.
“As we have seen in these findings, neglecting proper configuration protocols can result in unauthorized access to sensitive data, leading to data breaches, financial loss, reputational damage, and legal repercussions for affected organizations. With this in mind, it is critical that affected organizations quickly address vulnerabilities in Google Firebase,” he advised.
“Likewise, if allegations regarding the MX3 Nutrition data breach are confirmed, the company must take immediate steps to mitigate potential consequences and protect the privacy of its customers.