Portend Breaches

Republican presidential nominee Donald Trump JD Vance, and people associated with the Democratic campaign of Kamala Harris October 25, 2024 Chinese threat actors engaged in a broader espionage operation targeting cellphones used by Republican presidential nominee Donald Trump JD Vance, and people associated with the Democratic campaign of Kamala Harris.

Carolina Arthritis October 25, 2024 ThreeAM adds Carolina Arthritis to its leak site.

Free October 25, 2024 Free, a major internet service provider (ISP) in France, confirms that threat actors breached its systems and stole customer personal information.

Sensitive government and police databases in Italy October 25, 2024 • [ hack, espionage, government ] Four people are arrested in Italy after a business intelligence company called Equalize is accused of hacking sensitive government and police databases to create dossiers for its clients.

Hellenic Open University October 25, 2024 • [ ransomware, data leak ] Greek open university confirmed ransomware with prolonged disruption and data leak.

Georgia Urology October 25, 2024 • [ email compromise, healthcare, data leak ] Georgia Urology disclosed unauthorized access to two employee Microsoft 365 email accounts that exposed patient PII/PHI; notification letters began March 27 2025.

The Superior Court of California for the County of San Joaquin October 25, 2024 • [ data leak ] The Superior Court of California for the County of San Joaquin later concluded that an unauthorized person had accessed its computer network between October 25 and 30, 2024, after first reporting significant connectivity issues and a cybersecurity incident around the end of that month. Subsequent investigation determined that files containing sensitive personal information such as Social Security numbers, drivers license numbers and credit card numbers had been exposed. The court has not disclosed how many files or people were affected but is offering one year of identity protection and credit monitoring services to potentially impacted individuals and has posted a data breach notice on its website.

U.S. Government October 24, 2024 • [ financial, government ] A threat actor appears to have stolen approximately $20 million in stablecoins and ETH from wallets belonging to the U.S. Government.

City of Coppell October 23, 2024 • [ ransomware, malware, government ] The RansomHub operation takes credit for a damaging attack on the city of Coppell, Texas.

Esport North Africa October 23, 2024 • [ leak, technology ] A threat actor known as Shooked, leaks the personal details of over 180,000 Esport North Africa (ESNA) users just one day before the tournament is set to begin in Morocco.

Russian Foreign Ministry October 23, 2024 The Russian Foreign Ministry is targeted by a severe DDoS attack, coinciding with the major BRICS summit taking place in the country, spokeswoman Maria Zakharova said.

Unnamed Service Provider in France October 23, 2024 Frances Ministry of Labor and Employment announces that it discovered a cyberattack against an unnamed service provider, and suspected to have impacted the data of young people it was helping get into employment.

Word & Brown Insurance Administrators, Inc. October 23, 2024 • [ data leak ] Word & Brown Insurance Administrators, Inc. experienced unauthorized access to an employee workstation on or about October 23, 2024. The attacker accessed and copied insurance administration records containing personal and health-related information for clients and employees. No encryption or operational disruption was reported. Disclosure was filed December 23, 2024.

Transak October 21, 2024 A recent data breach at the crypto payment processor Transak exposes the information of more than 92,000 people after an employee's laptop was accessed.

Gold Coast Health Plan October 21, 2024 • [ data leak, third-party breach, account takeover ] Gold Coast Health Plan reported that a contracted vendor (Conduent Business Solutions) suffered a cyberattack involving compromise of a single employee email account, which allowed unauthorized access to certain files during a window from Oct. 21, 2024 to Jan. 13, 2025. The vendor discovered the incident on Jan. 13, 2025 and began an investigation with law enforcement notification. A later forensic review determined that information for 540 plan members could have been exposed, listing specific claim-related and membership data elements; the release stated that Social Security numbers and financial information were not accessed or disclosed.

The Wayback Machine October 20, 2024 The Internet Archive is breached again, this time on their Zendesk email support platform after repeated warnings that threat actors stole exposed GitLab authentication tokens.

Undisclosed cryptocurrency market-making firm October 20, 2024 • [ data exfiltration, cryptocurrency, state-sponsored attack ] Recorded Future observed C2 reconnaissance followed by FTP exfiltration from a market-making firm in the UAE during the Contagious Interview campaign (OctNov 2024). Attributed to the NGB 3rd Technical Surveillance Bureau (North Korea).

Undisclosed online casino operator October 20, 2024 • [ Data exfiltration, State-sponsored attack, Reconnaissance ] Recorded Future analysis identified reconnaissance and FTP exfiltration traffic from a Costa Rican online casino targeted in the Contagious Interview campaign (OctNov 2024), attributed to the NGB 3rd Technical Surveillance Bureau (North Korea).

Hot Topic October 19, 2024 In October 2024, retailer Hot Topic suffered a data breach that exposed 57 million unique email addresses. The impacted data also included physical addresses, phone numbers, purchases, genders, dates of birth and partial credit data containing card type, expiry and last 4 digits.

Grupo Aeroportuario del Centro Norte October 18, 2024 Grupo Aeroportuario del Centro Norte announces that a cyber incident forced its IT team to turn to backup systems. The RansomHub operation claims to be responsible for the incident, and threatens to leak 3 terabytes of stolen data.

Recent Breaches