Security round-up: April 2023

May 2, 2023 |
Will Shaw

Written by
Will Shaw

There's a lot to talk about in our fourth security roundup of 2023. Let's look at the recent cyberattacks that have impacted global organisations.


One of the larger incidents hitting the news this month is the cyberattack on Capita.

Capita is an international outsourcing and professional services company. It is one of the largest outsourcing providers in the UK, notably as a major government supplier which has been contracted for billions of pounds in public services, from healthcare to defence.

On 3rd April, Capita confirmed there had been a cyber incident mainly affecting its access to internal Microsoft Office 365 applications. This was a few days after the company had said it was experiencing a major IT incident on 31st March.

On 8th April, the ransomware gang Black Basta claimed credit for an attack on Capita, by sharing some of the company’s files as proof. These files were said to have stored personal data and financial information. Capita has confirmed the attack.

The impact is still being investigated, and the initial disruption was said to be within some services limited to Capita’s network.

NHS and Capita

As a result of the Capita incident, the NHS has also expressed fears of a data breach because Capita employees were unable to access its system for several days. Concerns were raised by the NHS because the service outsources critical operations to Capita.

As of 20th April, Capita released a statement which stated:

“There is currently some evidence of limited data exfiltration from the small proportion of affected server estate which might include customer, supplier or colleague data…”

“…Since the incident, Capita and its technical partners have restored Capita colleagues’ access to Microsoft Office 365. The majority of Capita’s client services were not impacted by the incident and remained in operation, and Capita has now restored virtually all client services that were impacted.”

This demonstrates how widespread the effects of cyberattacks can be. An attack on one organisation can have far-reaching consequences for others. This is why robust security measures are required, not just to protect ourselves, but also to reassure our partners and customers.

In other news…

Pizza Hut and KFC

Pizza Hut and KFC owner Yum! Brands experienced a data breach this month, revealing that several individuals’ personal data have been exposed in a ransomware attack. Although the incident is being highlighted now, the breach is said to have taken place in January. Personal data included names, driving license details and ID card information. Whether the breached data are being used fraudulently is still being investigated.

Micro-Star International Co (MSI)

MSI is a Taiwanese IT corporation known for designing and developing computer hardware and related products and services.

The organisation was recently targeted by a new ransomware gang known as ‘Money Message’. The group has claimed to have stolen source code from MSI’s network. MSI is a global giant, generating billions of dollars in revenue.

Money Message listed the MSI data leak on its website, claiming that the shared screenshots are of MSI’s CTMS and ERP databases. If the stolen data are from these databases, then the files will contain software source code, private keys, and BIOS firmware.

The group is said to have threatened to release the data unless it receives a $4million payment.

MSI has confirmed the breach and said its IT department has implemented an information security defence mechanism and recovery procedure, as well as reporting the incident to relevant government authorities.

Western Digital

Western Digital specialises in digital storage solutions. The organisation has been targeted by hackers who have claimed to have stolen something in the region of 10 TB of data. The data stolen are said to include customer information.

At the start of this month, Western Union announced that it was experiencing a “network security incident.”

Allegedly, the hackers have obtained a file that was digitally signed with Western Digital’s code signing certificate. This would allow the hackers to impersonate the organisation and digitally sign files on its behalf.

Among the stolen data, there is said to be various forms of confidential information, including contact details belonging to company executives, an internal email, files stored in a PrivateArk instance, and data from the organisations SAP back office, which helps them manage their e-commerce data.

The hackers’ main goal has been to make money. Since the incident, Western Digital has undertaken an investigation into the attack and is focused on resolving the situation.

See you next month…

These examples show that the consequences of a cyberattack can be severe and devastating to any business, and why strong security and ongoing monitoring are critical.

We'll keep you up to date on the latest threats in our next security roundup in May.

Please contact us to learn more about how we can help your company with its cybersecurity needs.

Recommended reading