Data Breaches and Cyber Attacks in Europe in December 2023 – 100,884,532 Records Breached

IT Governance Europe’s research found the following for December 2023:

 Publicly disclosed security incidentsRecords known to be breached

How does this compare to November 2023?


This month, we found 204 publicly disclosed incidents in Europe, accounting for 15% of all incidents globally. In absolute terms, this is a substantial 47% increase on November 2023, but a significant decrease in percentage terms, as November’s 139 incidents accounted for 30% of all incidents globally that month.

That said, note that the true figures for this month are higher in both absolute and relative terms due to a Europol action in 17 countries, 15 of which are in Europe. This action uncovered 443 organisations that suffered a breach, but because we don’t know how many are in Europe, we haven’t attributed these incidents to a specific country. We’ll update this if more information on the Europol action is released.

In terms of the absolute number of records known to be breached, there was an 8% decrease this month compared to November despite the increase in incidents. It was also a much smaller percentage of the global total: 15% of December’s total number of records known to be breached, versus 29% of November’s total.


The absolute number of incidents in the EU this month saw a much steeper increase on November’s incidents than in Europe (a 179% increase), but far fewer records breached (a 62% decrease compared to November).

However, as 10 of the 17 countries in which the Europol action took place are in the EU, the true number of incidents is higher. Again, we’ll update this if more information is released.

Data Breach Dashboard

For a quick overview of this month’s findings, check out our Data Breach Dashboard:

Please bear in mind that the above data only accounts for one month. We need to collect and analyse the data over a much longer period to be able to tell whether these findings are part of a longer-term pattern.

Top 2 biggest breaches

1. Rosvodokanal: more than 50 TB of data breached; 1.5 TB exfiltrated

Hackers from Ukraine’s Blackjack group, supported by the SSU (Security Service of Ukraine), have attacked the IT infrastructure of Rosvodokanal, a Russian water company.

According to Ukrainska Pravda, the hackers attacked more than 6,000 computers and deleted more than 50 TB of data,* including “internal document management, corporate mail, cyber defence services, backups, etc.”. The SSU is now analysing 1.5 TB of exfiltrated data.

Data breached: >50 TB breached (1.5 TB exfiltrated).

2. Tecnoquadri Srl: 33 million lines of data exfiltrated

The pro-Russia group UserSec claims to have exfiltrated 33 million lines of data from the Italian electrical and security system organisation Tecnoquadri Srl. The group plans to publish the data online.

Data breached: 33 million lines.

*For incidents where we only know the file size of the data breached, we use the formula 1 MB = 1 record. Given that we can’t know the exact numbers, as it depends on the types of records included (e.g. pictures and medical histories are considerably larger files than just names and addresses), we err on the side of caution by using this formula. We believe that this underestimates the records breached in most cases, but it is more accurate than not providing a number at all.

Breached countries

This month, the following countries suffered at least one publicly disclosed incident: Albania (4), Austria (5), Belarus (1), Belgium (8), Bosnia and Herzegovina (1), Bulgaria (7), Czech Republic (14), Denmark (3), Estonia (1), Finland (5), France (9), Germany (23), Greece (4), Ireland (2), Italy (10), Lithuania (1), Luxembourg (2), the Netherlands (6), Norway (1), Poland (13), Portugal (1), Romania (2), Russia (5), Serbia (2), Spain (7), Sweden (8), Switzerland (3), Turkey (1), the UK (39) and Ukraine (16).

Top 3 (by number of incidents)


While the UK suffered the most breaches in Europe this month by far, it only ranks third in terms of the total number of records known to be breached (discussed further below). Most of these incidents were caused by ransomware attacks (41%), denial-of-service attacks (26%) and human error (18%).

Germany also largely suffered from ransomware attacks (52%) and denial-of-service attacks (43%). Four of the ransomware attacks specified the amount of data breached, which combined amounted to 896 GB (allegedly, from Nexiga GmbH, NIDEC GPM Group, Unfallkasse Thüringen and WKW.automotive).

Ukraine mostly suffered from denial-of-service attacks (88%), allegedly originating from Russia, which usually target critical infrastructure. In fact, only one attack on Ukraine this month wasn’t on a critical infrastructure organisation (Concertus Design and Property Consultants Limited), and this was from a ransomware group that allegedly exfiltrated 1.9 TB of data – the only publicly disclosed ransomware attack in Ukraine this month.

Top 3 (by number of records)

#CountryKnown number of records breached

Note: Where ‘around’, ‘about’, etc. is reported, we record the rounded number. Where ‘more than’, ‘at least’, etc. is reported, we record the rounded number plus one. Where ‘up to’, etc. is reported, we record the rounded number minus one.

Although only 5 incidents suffered by Russian organisations were publicly disclosed this month, they led to the breach of more than 50 million records. This largely came from the Rosvodokanal attack discussed earlier.

Italy suffered twice as many incidents as Russia this month, but this led to fewer records being breached. This was largely due to the Tecnoquadri Srl outlier discussed earlier. However, another noteworthy breach is that suffered by Azienda USL di Modena, where ransomware gang Hunters International allegedly exfiltrated 1,202,175 files.* The victim refused to pay the ransom.

The UK suffered three incidents this month that ran into nine figures: LivaNova (2.2 TB of data), Hallidays – Xeinadin Group (1.5 TB of data) and United Network for Organ Sharing (1.2 million records). Though all incidents suffered by UK organisations this month were small compared to some of the other incidents discussed in this blog, combined, they still led to more than 7 million records known to be breached.

*We’ve counted these files as a record each – we can only report the numbers disclosed, and there’s no way for us to know how many records are in each file. It’s entirely possible that the total number of records breached exceeds 1,202,175.

Sector overview

For our monthly analyses, we look at the top 3 most breached sectors in Europe by number of incidents and by known number of records breached.

We provide a full sector breakdown in our interim and annual reports.

Top 3 most breached sectors (by number of incidents)


The most breached sector this month was the public sector, with 35 incidents. 28 of them (80%) were denial-of-service attacks. Only 2 incidents in this sector were ransomware attacks, suffered by Spanish Ayuntamiento de Villamayor (1,000 rows of data) and Swiss Stadt Baden (3.15 GB of data). These two incidents are the only ones in this sector known to have had more than one record breached.

The finance sector also mainly suffered denial-of-service attacks this month: 24 of them (89%). There were also 2 incidents where data was known to be breached, both of them ransomware attacks: on Hallidays – Xeinadin Group (discussed earlier) and on Short Chartered Accountants, from which the DragonForce ransomware group allegedly exfiltrated 597.67 GB of data.

Manufacturing, the only sector appearing in the top 3 by both incidents and records this month, largely suffered from ransomware attacks: 20 of them (77%). For 6 of these, we know a specific number of records breached: British Alexander Dennis (507 GB of data), Spanish CIE Automotive (2.6 TB of data), British LivaNova (discussed earlier), German NIDEC GPM Group (discussed earlier), Spanish Tcman (179 files) and German WKW.automative (discussed earlier).

Top 3 most breached sectors (by number of records)

#SectorKnown number of records breached

Note: Where ‘around’, ‘about’, etc. is reported, we record the rounded number. Where ‘more than’, ‘at least’, etc. is reported, we record the rounded number plus one. Where ‘up to’, etc. is reported, we record the rounded number minus one.

Although the energy and utilities sector suffered 8 incidents this month, the 50 million records known to be breached came from just 1 incident: Rosvodokanal, which we discussed earlier. 5 of the 8 incidents were denial-of-service attacks on Greek and Ukrainian energy organisations: Coral Gas, DEPA Commercial S.A., Elin, Ukraine Energy Support Fund and Zhytomyroblenergo.

As discussed earlier, the manufacturing sector suffered 26 incidents this month, 6 of which were ransomware attacks. 2 of these involved 7 figures of records each – LivaNova and CIE Automotive. However, the biggest outlier in this sector was the incident suffered by Tecnoquadri Srl – the second-largest European breach of the month.

Compared to the top 2 sectors, healthcare had relatively few records breached. The 2,466,621 is largely made up of 2 incidents: Azienda USL di Modena and United Network for Organ Sharing, both of which were discussed earlier. In total, the sector suffered 11 incidents this month, a remarkable 4 of which (36%) were caused by human error. 2 further incidents were caused by a successful phishing attack and a misconfiguration, making 6 of the 11 incidents clearly preventable.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.