Full List

Search

Recent Breaches

• Florida Department of Health July 3, 2024 • [ ransomware, malware, healthcare ] The RansomHub ransomware group claims it breached the Florida Department of Health and gained access to a large amount of potentially sensitive data (100 GB) on Floridians.
• Solano County July 3, 2024 • [ ransomware, malware, government ] Nearly three months after a ransomware attack disrupted phone lines, computer services and Wi-Fi across Solano County's public libraries, systems are still down.
• Cedar Falls July 3, 2024 Cedar Falls officials are investigating a ransomware event that was detected in June 2024.
• FIA (Fédération Internationale de l'Automobile) July 3, 2024 FIA (Fdration Internationale de l'Automobile) says attackers gained access to personal data after compromising several FIA email accounts in a phishing attack.
• Louisiana Special School District July 3, 2024 • [ ransomware, malware, education ] Louisiana Special School District suffers an Akira ransomware attack.
• Twilio Authy July 3, 2024 Twilio confirms that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks.
• Alabama State Department of Education July 3, 2024 • [ ransomware, malware, education ] The Alabama State Department of Education says it stopped a ransomware attack last month but threat actors were still able to access some data and disrupt services.
• Bittensor July 3, 2024 Developers of the decentralized artificial intelligence project Bittensor temporarily suspend its blockchain network following a suspected security exploit involving user wallets.
• Ladies.com July 3, 2024 • [ leak, misconfiguration, technology ] In 2024, the lesbian dating website ladies.com suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 119k users of the service including email addresses, photos, sexual orientation, genders, dates of birth and precise latitude and longitude, among other personal attributes. The website was shut down in mid-2024 and the breach later acknowledged by the site operator in December, along with a breach of the "Senior Dating" website run by the same organisation.
• Fairfield Memorial Hospital July 2, 2024 • [ ransomware, leak, malware ] The LockBit ransomware gang claims to have breached Fairfield Memorial Hospital in Illinois and adds it to their Tor leak site.
• OVHcloud July 2, 2024 • [ hack, ddos, technology ] OVHcloud, says it mitigated a record-breaking distributed denial of service (DDoS) attack earlier this year, allegedly launched from a botnet of MilkroTik devices, which reached an unprecedented packet rate of 840 million packets per second (Mpps).
• HealthEquity July 2, 2024 Healthcare fintech firm HealthEquity discloses a data breach after a partners compromised account was used to access its systems. The intruders were able to steal protected health information from the company systems.
• Hellenic Cadastre (Greek Land Registry Agency) July 1, 2024 • [ leak, government ] The Land Registry agency in Greece announces that it suffered a limited-scope data breach following a wave of 400 cyberattacks targeting its IT infrastructure with the attackers able to steal steal 1.2 GB of data.
• Undisclosed financial institution July 1, 2024 • [ hack, ddos, finance ] Researchers at Radware reveal that a financial institution in the Middle East suffered a DDoS attack lasting more than 100 hours in total, averaging 4.5 million requests per second.
• Wayne Memorial Hospital July 1, 2024 • [ ransomware, malware, healthcare ] The Monti ransomware gang claims to have breached Wayne Memorial Hospital in Pennsylvania and adds it to their Tor leak site.
• EqualizeRCM July 1, 2024 • [ ransomware, malware, education ] SysInformation Healthcare Services, LLC ("SysInformation"), d/b/a EqualizeRCM discloses a ransomware attack.
• Florida Community Health Centers July 1, 2024 • [ ransomware, malware, healthcare ] Florida Community Health Centers (FCHC) discloses to have suffered a ransomware attack affecting nearly 300,000 people.
• Organizations in the manufacturing and logistics industries July 1, 2024 • [ ransomware, malware, manufacturing ] Researchers from Halcyon discover Volcano Demon, a new ransomware group targeting organizations in manufacturing and logistics via an encryptor dubbed LukaLocker.
• Central Tickets July 1, 2024 • [ leak, misconfiguration, retail ] In September 2024, data from the ticketing service Central Tickets was publicly posted to a hacking forum. The data suggests the breach occurred several months earlier and exposed 723k unique email addresses alongside names, phone numbers, IP addresses, purchases and passwords stored as unsalted SHA-1 hashes.
• Otelier July 1, 2024 In July 2024, a threat actor gained access to the hotel management platform Otelier and retrieved customer data from well-known hotel brands including Marriott, Hilton, and Hyatt. The data included 437k customer email addresses (a further 868k generated email addresses from the booking.com and Expedia platforms were not loaded into HIBP), names, physical addresses, phone numbers, booking information related to travel plans, purchases recorded by the platform and in a small number of cases, partial credit card data. The data was provided to HIBP by a source who requested it be attributed to "ayame@xmpp.jp".