The top 6 cyber security incidents in July 2023

An exploration of the most impactful cyber attacks and data breaches in July 2023

Add bookmark

Olivia Powell
07/27/2023

Two people typing at two desktop computers with rainbow light-up keyboards

Here, Cyber Security Hub takes a look at the top cyber attacks, data breaches and cyber security incidents across the globe that happened in July, 2023.

Hackers steal $20 million from Revolut

On July 9, the Financial Times (FT) reported that hackers had exploited a software vulnerability in fintech Revolut’s payment systems and stole US$20 million.

The cyber security incident was allegedly ongoing for several months in 2022, before the vulnerability was closed. According to FT’s sources, the software vulnerability caused communication issues between Revolut’s European and US payment systems. This meant that when some transactions were declined, Revolut would incorrectly refund accounts with money from the bank itself rather than the money belonging to the account.

Through exploiting this system, malicious actors including organized criminals, were able to steal around $23 million from Revolut. The mass fraud was discovered when a US-based partner bank of Revolut's notified the company that its funds were lower than expected. While Revolut was able to recover some of the money stolen by targeting these malicious actors, the company lost around $20 million overall.

Fanfiction site targeted by DDoS attack

On July 10, fanfiction site Archive of Our Own (AO3) alerted its users that it had been the victim of a targeted distributed-denial-of-service (DDoS) attack.

The site posted about the cyber attack on X (formerly Twitter), explaining why the site was offline. AO3 reassured its users that it was “working on countermeasures” and promising that the site would be functional soon.

The site fought against the DDoS attack for more than 28 hours, before announcing that the fanfiction site had updated its cyber security controls and was back online.

Anonymous Sudan, a hacktivist collective that claims to be an Islamic terrorist gang, said they were responsible the attack. In a post on the group’s Telegram, the hackers said it took down the fanfiction site as it is “against all forms of degeneracy, and the site is full of disgusting smuts and other LGBTQ+ and NSFW things”.

While Anonymous Sudan claims to be a hacktivist group motivated by a religious, specifically Muslim ideology, many cyber security experts have called the legitimacy of this claim into question.

AO3 made a statement regarding the real identity of the gang, noting that even cyber security experts do not believe that Anonymous Sudan are telling the truth about the motivation behind their cyber attacks, and therefore urged caution in believing the reason given for targeting AO3.

Learn more Anonymous Sudan and the AO3 cyber attack here.

Microsoft hack sees emails stolen from US agencies

Technology corporation Microsoft announced on July 14 that it was the victim of a “China-based threat actor with espionage objectives”, who had stolen emails belonging to more than 20 US organizations.

In a statement analyzing the hack, the company explained that the hackers, referred to as Storm-0558, had been able to exploit a software vulnerability. This gave them unauthorized access to the Microsoft email accounts of approximately 25 organizations including US government agencies.

During the hack, the malicious actor “acquired an inactive MSA consumer signing key and used it to forge authentication tokens for Azure AD enterprise and MSA consumer to access OWA and Outlook.com”. The method by which the hacker acquired the inactive MSA key is currently unknown and under investigation.

The malicious actor was then able to exploit a software vulnerability that meant that the key “was trusted for signing Azure AD tokens” even though it was only intended for MSA accounts, giving them unauthorized access to victims’ email accounts. Microsoft said the software vulnerability had since been patched.

Storm-0558 was able to access and exfiltrate email data including emails, attachments, conversations and email folder information during the cyber attack.

Discover more about Storm-0558 here.

HCA Healthcare data breach impacts 11 million patients

US-based, HCA Healthcare, suffered a data breach impacting 11 million patients.

The cyber attack was discovered when the personal data of patients was posted online on July 10. In a statement regarding the breach, HCA Healthcare said the data was stolen from “an external storage location exclusively used to automate the formatting of email messages”.

This meant the stolen dataset contained personally identifying information, including:

Patient names, cities, states and zip codes.
The telephone numbers, email addresses, gender and dates of birth of patients.
The service dates, locations and the dates of upcoming appointments.

After the unauthorized access and data theft was discovered, HCA Healthcare disabled access to the third-party storage location. The company also contacted all those impacted by the data breach.

HCA Healthcare said an investigation into the data breach had been launched, and the incident reported to the relevant authorities.

Initial investigations into the cyber attack have not yet identified evidence of any malicious activity on HCA Healthcare networks or systems related to this incident.

Learn about the class-action lawsuits filed following the HCA Healthcare data breach here.

Estee Lauder data stolen in cyber attack

Cosmetics company Estee Lauder suffered a cyber attack on July 18, disrupting its business processes.

The cyber attack saw a malicious actor steal data from the company’s systems and disrupt its processes. Estee Lauder did not make public how the hacker infiltrated its systems.

In a statement about the cyber security incident, the cosmetics company said it had taken down some of the impacted systems and was working to secure and restore the systems affected.

Estee Lauder said an investigation had been launched into the data breach to understand what data had been stolen. The cosmetics company also said both law enforcement and cyber security experts had also been contacted regarding the cyber attack.

Learn more about cyber attacks launched against American companies here.

Roblox data breach exposes developer data

Attendees of the Roblox Developer Conference between 2017-2021 may have had their personal data leaked, it was revealed on July 18.

Troy Hunt, creator of the site Have I Been Pwned, broke news of the data theft on X. In an anonymous message sent to Hunt, a source said that all those who attended the Roblox Developer Conference had their personal data stolen and later posted online. The data leaked included full names, birth dates, email, home and IP addresses and phone numbers.

On July 20, Roblox addressed the data leak, saying that the company had contacted everyone affected: “Minimally affected users just got a sorry email. For more seriously affected users they got a year of identity protection and an apology for everyone else.”