Full List

Search

Recent Breaches

• BudTrader June 27, 2024 • [ hack, misconfiguration ] In July 2024, a data breach of the now defunct cannabis social platform BudTrader was posted for sale on a hacking forum. Dating back to the previous month, the breach of the website exposed 2.7M email addresses, usernames and WordPress password hashes.
• Evolve Bank & Trust June 26, 2024 Evolve Bank & Trust confirms that hackers stole customer information and posted it on the dark web. A LockBit ransomware affiliated is suspected of the attack. Evolve customers like Wise, Affirm, and Mercury are also impacted by the breach.
• Palomar Health Medical Group June 26, 2024 • [ ransomware, malware, healthcare ] Palomar Health Medical Groups (PHMG) phones and computer systems are still down after suspicious activities nearly two months ago.
• The Ambulatory Surgery Center of Westchester June 26, 2024 • [ social, phishing, healthcare ] The Mount Kisco Surgery Center LLC d/b/a The Ambulatory Surgery Center of Westchester ("ASCW") discloses a security breach after the compromise of an employee's email.
• Ticketek Entertainment Group June 26, 2024 The threat actor ShinyHunters claims on a hacking forum the theft of information pertaining to 30 millions of Ticketek Entertainment Group (TEG) users. The breach is likely due to the SnowFlake campaign.
• Humboldt Independent Practice Association (IPA) June 26, 2024 • [ data leak, healthcare, unauthorized access ] Between June 26 and July 1 2024, an unauthorized actor accessed a Humboldt Independent Practice Association email account containing protected health information. Exposed data may include patient names, contact details, birth dates, diagnoses, insurance, and identification numbers. No evidence of encryption or confirmed data exfiltration has been reported. The breach was disclosed to HHS in November 2024 and publicly announced on February 15 2025.
• Alex Lab June 25, 2024 Bitcoin decentralized finance protocol Alex Lab says that a $4 million exploit it suffered last month is likely linked to North Korea Lazarus Group.
• South Africa’s National Health Laboratory Service June 25, 2024 • [ ransomware, malware, healthcare ] South Africas National Health Laboratory Service (NHLS) confirms to be dealing with a ransomware attack.
• Large business-to-business IT service providers in Southern Europe June 25, 2024 • [ espionage, technology ] Researchers from Sentinel One and Tinext Cyber reveal the details of Operation Digital Eye, a suspected China-nexus cyber espionage group attributed to an attacks targeting large business-to-business IT service providers in Southern Europe.
• Indonesia's Temporary National Data Center June 24, 2024 • [ ransomware, malware, government ] The Indonesian National Cyber and Encryption Agency (BSSN) reveals that the Brain Cipher ransomware disrupted the Temporary National Data Center server, affecting the operations of 210 government institutions, including immigration services at Soekarno-Hatta International Airport.
• Neiman Marcus June 24, 2024 • [ hack, malware, retail ] High-end department store Neiman Marcus discloses a data breach, shortly before the threat actor 'Sp1d3r' offered to sell information belonging to millions of the companys customers. The hack impacted 64,000 users and is likely part of the massive SnowFlake campaign.
• SpyX June 24, 2024 • [ leak, malware, technology ] In June 2024, spyware maker SpyX suffered a data breach that exposed almost 2M unique email addresses. The breach also exposed IP addresses, countries of residence, device information and 6-digit PINs in the password field. Further, a collection of iCloud credentials likely used to monitor targets directly via the cloud were also in the breach and contained the target's email address and plain text Apple password.
• Ezynetic (IT vendor to Moneylenders Credit Bureau/ Credit Bureau Singapore) June 24, 2024 • [ data leak ] PDPC fined Ezynetic after breach impacting ~190,000 whose data, including credit reports, was put for sale; uncovered June 24, 2024.
• Ladies' College June 24, 2024 • [ ransomware, weak passwords, mfa missing ] The Ladies College reported that on June 24, 2024 it lost access to several on-premises servers and quickly determined that an unauthorized party had gained access and deployed ransomware that encrypted systems. Regulators concluded the school failed to properly secure remote access, used a weak administrator password without MFA, and was vulnerable to brute-force compromise; monitoring alerts existed but lacked effective notification. The investigation found no evidence that data was accessed or copied off the network, though the incident impacted availability and encrypted some limited personal data. The school self-reported and later implemented remedial security measures.
• CoinStats June 23, 2024 • [ hack, finance ] CoinStats reveals to have suffered a massive security breach that compromised 1,590 cryptocurrency wallets, draining over $2 million in virtual assets, with the attack suspected to have been carried out by North Korean threat actors.
• Jollibee Group June 23, 2024 • [ leak, retail ] The Jollibee Group begins investigates a cybersecurity incident that may have compromised the records of millions of customers.
• Bitcoin Depot June 23, 2024 • [ data leak ] Bitcoin Depot reported a data breach that occured in June 2024 after completing an investigation on July 18, 2024. Customer data stolen affecting 27,000 individuals including personal information.
• BtcTurk June 22, 2024 Turkeys biggest cryptocurrency market BtcTurk says that their exchange had been hacked, with the assets stolen possibly amounting to nearly 51 million euros.
• Zacks (2024) June 22, 2024 • [ leak, finance ] In June 2024, the investment research company Zacks was allegedly breached, and data was later published to a popular hacking forum. This comes after a separate Zacks data breach confirmed by the organisation in 2023 with the subsequent breach disclosing millions of additional records representing a superset of data from the first incident. The 2024 breach included 12M unique email addresses along with IP and physical addresses, names, usernames, phone numbers and unsalted SHA-256 password hashes. Zacks did not respond to multiple attempts to contact them about the incident.
• Catholic Charities of Southern Nevada June 22, 2024 • [ data leak, PII/PHI exposure ] Suspicious activity detected June 22, 2024; later notice confirms sensitive PII/PHI impacted.