Arrow back

This month in data breaches: January edition

02 February, 2023

Whether your New Year has started with a bang or a whimper, there’s one constant for every organisation: cyber threats never take a break and data breaches can occur anytime.

In January 2023, that’s a lesson several well-known companies and organisations learned as they fell victim to devastating data breaches. These incidents have cost companies and schools hundreds of millions of pounds and damaged customer trust.

But it's not all bad news! By learning from these incidents, we can prevent similar breaches from happening in the future.

In this blog, we'll take a closer look at the biggest data breaches of January and explore how they could have been avoided. So, grab a seat and join us as we dive into the world of data breaches and learn how to protect your organisation better.


It was revealed on January 5th that the US wireless carrier T-Mobile suffered a data breach in which a malicious actor gained access to the company's systems, and stole personal information from over 37 million customers. It’s their second cyber attack in less than 2 years, coming just two months after they promised to upgrade and strengthen their data security.

A spokesperson said, "Carriers have a unique responsibility to protect customer information. When they fail to do so we will hold them accountable.” T-Mobile was able to contain the breach within a day, but the incident has already cost the company hundreds of millions of dollars and damaged customer trust.

This is not the first time T-Mobile has dealt with a data breach, they also had to pay a $350 million settlement related to an August 2021 incident.

This type of breach could have been prevented with proper employee training and awareness of cybersecurity. By implementing measures such as regularly educating their employees on how to identify and prevent phishing attacks alongside how to handle sensitive information, they could create a culture of security within the organisation.


MailChimp also fell victim to a data breach in the new year due to a social engineering attack that gave unauthorised access to over 133 users on an internal customer support tool.

Hackers gained access to employee information and credentials, but MailChimp has since identified and suspended those accounts.

Again, this is not the first time MailChimp has been hacked, as they also suffered data breaches in April and August of 2022. Such attacks highlight the importance of deploying comprehensive cybersecurity processes and protocols to stop hacking attempts before compromising information multiple times.

Norton Life Lock

Norton Life Lock also suffered a data breach in January 2023, this time due to a “stuffing” attack. Stuffing attacks are when previously compromised passwords are used to hack into accounts that use a shared password, highlighting the importance of multi-factor authentication.

"Systems have not been compromised, and they are safe and operational, but as is all too commonplace in today's world for bad actors to take credentials found elsewhere, like the dark web, and create automated attacks to gain access to other unrelated accounts,"

Norton's parent company, Gen Digital, sent notices to the accounts they believed could have been compromised and recommended changing passwords as well as enabling two-factor authentication. It’s a breach that once again highlights the importance of building a cybersecurity culture that extends across your entire organisation, both in the office and at home.

Hull and Yorkshire Schools

Last month saw schools in Hull suffer a major data breach that compromised the sensitive information of students and staff. The breach was caused by a phishing attack in which hackers sent emails to school employees posing as a trusted source, tricking them into revealing their login credentials.

Once the hackers gained access to the employees' accounts, they were able to steal sensitive information such as names, addresses, and more. This information was then used for malicious purposes, causing harm to both the individuals and the schools.

The breach highlights the importance of proper cybersecurity training and awareness, as well as the need for robust security measures to protect sensitive information. It also highlights the dangers of phishing attacks, which are becoming increasingly sophisticated and challenging to detect.

How to protect your organisation

While different types of cyber attacks caused these data breaches, they all highlight the importance of proper security protocols and the role that human error can play in these incidents.

  • Keep your systems regularly updated to prevent breaches from happening.
  • Implementing multi-factor authentication: Regularly monitoring and testing your security systems are also essential steps organisations like yours can take to prevent data breaches.
  • Invest in cybersecurity training for employees: Cybersecurity is not just the responsibility of IT departments, it is a responsibility that falls on every employee within the organisation.
  • Cybersecurity training should cover a wide range of topics, from how to identify and prevent phishing attacks, using strong passwords, how to handle sensitive information, the list goes on.

At Bob’s Business, we’re building towards a world where everybody is safe online. If you’re ready to start taking cybersecurity seriously, we’re here to help. Give your team the knowledge they need to spot and stop attacks before they damage your business. Book a slot to chat with a member of our team now.

Back to resources

Ready to build your cybersecurity culture?

Whether you’re looking for complete culture change, phishing simulations or compliance training, we have solutions that are tailor-made to fit for your organisation.

Girl with laptop
Boy with laptop
man and woman with laptops
Global Cyber Alliance