Full List

Search

Recent Breaches

• Boulanger September 6, 2024 • [ hack, leak, retail ] In September 2024, French electronics retailer Boulanger suffered a data breach that exposed over 27M rows of data. The data included 2M unique email addresses along with names, physical addresses, phone numbers and latitude and longitude. The data was later publicly published to a popular hacking forum. The data was provided to HIBP by a source who requested it be attributed to "leidhall".
• Cultura September 6, 2024 • [ hack, retail ] In September 2024, French retailer Cultura was the victim of a cyber attack they attributed to an external IT service provider. The resultant data breach included almost 1.5M unique email addresses along with names, phone numbers, physical addresses and orders. Cultura advised that all affected customers had been notified about the incident.
• Zenith American Solutions, Inc. September 6, 2024 • [ phishing, data leak ] Unauthorized access to Zenith American Solutions network discovered September 6 2024 after an employee email account was compromised via phishing; over 12,000 individuals names, dates of birth, Social Security numbers, and benefit-plan documents potentially accessed. The firm notified regulators January 2025 and publicly disclosed in June 2025. No actor attribution or ransom demand reported.
• Tewkesbury Borough Council September 5, 2024 • [ hack, government ] The Tewkesbury Borough Council shouts down its systems following a cyber attack.
• Penpie September 5, 2024 Threat actors steak about $27 million worth of cryptocurrency from the Penpie decentralized finance (DeFi) protocol.
• Undisclosed organization September 5, 2024 • [ ransomware, malware ] Researchers at Palo Alto discover a ransomware incident where the threat actor Jumpy Pisces, tied to North Korea, collaborated with the Play ransomware group.
• Cisco September 4, 2024 • [ leak, malware, technology ] Ciscos site for selling company-themed merchandise is offline and under maintenance due to threat actors compromising it with JavaScript code that steals sensitive customer details provided at checkout exploiting CVE-2024-34102.
• Latvian government and critical infrastructure websites September 4, 2024 According to Latvian cybersecurity officials, politically motivated threat actors linked to Russia and Belarus are targeting Latvian government and critical infrastructure websites in a new wave of cyberattacks.
• Plaisted Companies, Inc. September 4, 2024 • [ data leak ] On or around September 4 2024, Plaisted Companies, Inc. experienced unauthorized access to internal application servers storing personal data. The company reported potential exposure of files containing personally identifiable information and began notifications on March 26 2025. No encryption, data theft confirmation, or ransom activity was reported.
• VK September 3, 2024 • [ leak, technology ] A threat actor using the alias HikkI-Chan leaks the personal details of over 390 million VK users (specifically, 390,425,719) on the notorious cybercrime and hacker platform Breach Forums. The data was stolen from a third-party.
• Individuals in South Korea September 2, 2024 • [ social ] Telegram removes 25 pieces of deepfake pornographic materials, after South Korean police investigates its role in deepfake-powered sex crimes targeting victims in the country.
• Tracelo September 2, 2024 • [ leak, technology ] A threat actor using the alias Satanic claims to have breached Tracelo, a smartphone geolocation tracking service. As a result, the hacker has leaked the personal details of over 1.4 million individuals (1,459,014) on the notorious Breach Forums.
• Transport for London September 2, 2024 • [ hack, government ] Transport for London (TfL), the city's transport authority, is investigating an ongoing cyberattack.
• Numotion September 2, 2024 • [ phishing, data leak ] Email account compromises exposed customer information at numotion.
• Deutsche Flugsicherung September 1, 2024 • [ hack, government ] Deutsche Flugsicherung, the German state-owned company responsible for the countrys air traffic control, has confirmed being hit by a cyberattack.
• BayMark Health Services September 1, 2024 • [ ransomware, healthcare ] BayMark Health Services, North America's largest provider of substance use disorder (SUD) treatment and recovery services, notifies an undisclosed number of patients that attackers stole their personal and health information in a September 2024 breach. The RansomHub operation claimed responsibility for the breach.
• Hesley Group (UK care provider) September 1, 2024 • [ hack, healthcare ] In September 2024, a cyberattack against Hesley Group led to unauthorized access to HR folders, with a small amount of sensitive staff data stolen. Exfiltrated information included PII and employment/medical records (names, contact details, bank details, salary, criminal record, medical data, etc.). No encryption or ransomware involved. The attackers remain unidentified. The incident was publicly disclosed in August 2025 after regulatory notifications.
• Undisclosed Victims In Mena September 1, 2024 • [ malware, data theft ] Campaign used Facebook ads and Telegram links to deliver Asyncrat and steal data.
• National Police September 1, 2024 • [ data leak ] Dutch intelligence services said a previously unknown Russian group (LAUNDRY BEAR) hacked multiple orgs including police; the police GAL was stolen in Sept 2024.
• Storage Durango Blue Diamond August 31, 2024 • [ data breach, cybersecurity incident ] Company reported data breach under investigation following cybersecurity incident disclosure.