> series: anatomy_of_a_breach —— part: 180 —— year: 2023 —— verdict: sql_injection_still_works_social_engineering_still_works_patching_still_matters<span class="cursor-blink">_</span>_
2023 was the year that proved, conclusively, that the root causes of data breaches have not changed in fifteen years. MOVEit's SQL injection — the same vulnerability class from Heartland (2008) — compromised 2,500 organisations. Scattered Spider's social engineering — the same technique that hit Twitter (2020) — cost MGM $100 million. ICBC's unpatched Citrix — the same patching failure from WannaCry (2017) — disrupted US Treasury trading. And 23andMe's credential stuffing — the same attack from Collection #1 (2019) — exposed genetic data.
In the UK, Royal Mail's international service was halted for six weeks by LockBit. The BBC, British Airways, Boots, and Ofcom were all exposed through Zellis's compromised MOVEit instance. And the UK Electoral Commission lost 40 million voters' data through unpatched software and weak passwords — a breach that had persisted for two years before detection. The threats in 2023 were not new. They were the same threats, exploiting the same failures, that this series has documented since 2009.
We'll scope your test for free and tell you exactly what you need. No obligation, no hard sell.
Free Scoping Call| # | Breach | Key Lesson |
|---|---|---|
| 169 | Royal Mail | UK: International mail halted 6 weeks. LockBit. £66M demanded. Refused to pay. |
| 170 | T-Mobile 37M | Sixth breach. API again. $150M on security. Breached 18 months later. |
| 171 | 3CX Supply Chain | Supply chain from supply chain. Lazarus Group. VoIP compromised. |
| 172 | Western Digital | Data storage company: 10TB stolen. My Cloud offline 2 weeks. Irony persists. |
| 173 | MOVEit / Cl0p | SQL injection. 2,500 orgs. 60M people. The same vulnerability. Fifteen years later. |
| 174 | MOVEit UK | BBC, BA, Boots, Ofcom. All through Zellis payroll. NI numbers stolen. |
| 175 | Barracuda ESG | Replace, don't patch. Chinese espionage via email appliance. 7 months. |
| 176 | Electoral Commission | UK: 40M voters. 2 years undetected. Unpatched. Weak passwords. China-linked. |
| 177 | MGM + Caesars | Phone call to help desk. $15M paid. $100M lost. Scattered Spider. |
| 178 | 23andMe | 6.9M genetic profiles. Credential stuffing. DNA is data. Data gets breached. |
| 179 | ICBC LockBit | World's largest bank. Unpatched Citrix. USB stick for Treasury trades. |
| 180 | 2023 Year in Review | Fifteen years. Same root causes. SQL injection. Social engineering. Unpatched systems. |
With 180 articles spanning fifteen years, the Anatomy of a Breach series has documented the most comprehensive history of cyber threats ever compiled. The technologies have changed: cloud, mobile, IoT, blockchain, AI. The scale has grown: from thousands to billions of records. The consequences have escalated: from £1,000 fines to national emergencies, from data loss to patient deaths. But the root causes — SQL injection, social engineering, unpatched systems, weak authentication, misconfigured infrastructure, and the persistent gap between security policy and practice — remain unchanged from 2009 to 2023.
The controls remain the same: penetration testing (finding the vulnerabilities before attackers do), Cyber Essentials certification (establishing and maintaining the baseline), SOC in a Box monitoring (detecting breaches in hours, not years), and incident response capability (managing the crisis when prevention fails). Fifteen years of evidence. One conclusion. Implement these controls. The organisations that do survive. The rest fill these pages. The series continues.
<a href="/penetration-testing">Test</a>. <a href="/cyber-essentials">Certify</a>. <a href="https://www.socinabox.co.uk">Monitor</a>. <a href="https://www.cyber-defence.io">Prepare</a>. Fifteen years of evidence demands nothing less.
We'll scope your test for free and tell you exactly what you need. No obligation, no hard sell.
Free Scoping Call