IT Governance found 71 publicly disclosed security incidents in September 2023, accounting for 3.81 billion breached data records.

You can find the full list below. Follow the links for further information about each incident.

There is one major outlier this month: September’s total is skewed by the huge data breach at DarkBeam, which saw 3.8 billion data records exposed. You can read about that, and the year’s other incidents to date, on our new page, which provides an overview of the known data breaches and cyber attacks in 2023.

That page also breaks down each month’s security incidents and provides more information about the biggest and most notable breaches.

In previous months, we’ve distinguished between cyber attacks, data breaches, ransomware attacks, and malicious insiders and miscellaneous incidents. However, these categories overlap more and more (for instance, ransomware infections result from cyber attacks and, in turn, often result in data breaches) so attempting to differentiate between them is increasingly futile.

This month’s incidents therefore aren’t split into categories but are presented as a single list, while we consider different approaches to this blog and how best to present the data in future.

September 2023 cyber attacks and data breaches

Breached organisation Known breached records
DarkBeam 3,800,000,000
Better Outcomes Registry & Network 3,400,000
Undisclosed restaurant database 2,200,000
Pizza Hut Australia 1,000,000
Trygg-Hansa 650,000
Ayush Jharkhand Gov 320,000
Lakeland Community College, Ohio 290,000
Oak Valley Hospital District 283,629
CareSource 212,193
Minneapolis Public Schools 105,617
Friends of the Earth (About Loyalty/Kokoro) 93,000
Lifeline Health Systems 75,000
Hong Kong Consumer Council 25,000
Sanford Health (DMS Health Technologies) 21,000
Undisclosed manufacturer of ‘smart’ chastity cages 10,000
Bloom Health Centers 1,545
Cedar Park Middle School 207
Carthage Area Hospital and Claxton Hepburn Medical Center 0
Highgate Wood School 0
Lawrence Public Schools 0
Carlisle Area School District 0
North Mississippi Health Services 0
Coffee Meets Bagel 0
Defence Housing Australia 0
Janssen CarePath 0
Dymocks 0
Coca-Cola FEMSA 0
Skokie-Morton Grove School District 69, Illinois 0
Decatur ISD, Texas 0
The Minnesota Department of Employment and Economic Development 0
Sri Lankan state email domain 0
Hinds County 0
MGM Resorts 0
St. Paul Public Schools 0
Save the Children 0
East Jackson Community Schools 0
REJIS 0
St. Louis County 0
Butler County 0
Chambersburg Area School District 0
Caesars Entertainment 0
Auckland Transport 0
Hillsborough County Public Schools 0
Columbia government (IFX Networks) 0
FTX (Kroll) 0
Betton (Ille-et-Vilaine) 0
Nuance 0
Kfar Shaul Mental Health Center, Jerusalem 0
Canada Border Services Agency 0
City of Pittsburg, Kansas 0
Cyberport 0
TissuPath 0
Air Canada 0
Nansen 0
Pain Care Specialists, Oregon 0
National Student Clearinghouse, on behalf of almost 900 schools 0
Crimea 0
Government of Bermuda 0
MNGI Digestive Health 0
Mixin 0
Swan Retail 0
Maries County Courthouse 0
Baruch College 0
US State Department 0
Shelter (About Loyalty/Kokoro) 0
RSPCA (About Loyalty/Kokoro) 0
Dogs Trust (About Loyalty/Kokoro) 0
Battersea Dogs and Cats Home (About Loyalty/Kokoro) 0
ChildFund NZ (Pareto Phone) 0
Johnson Controls 0
21 Pinal County school districts 0