Full List

Search

Recent Breaches

• United Nations Development Programme March 27, 2024 • [ ransomware, malware, government ] The United Nations Development Programme (UNDP) investigates a cyberattack after threat actors breached its IT systems to steal human resources data. The 8Base ransomware operation claims responsibility for the attack.
• Lookiero March 27, 2024 In August 2024, a data breach from the online styling service Lookiero was posted to a popular hacking forum. Dating back to March 2024, the data included 5M unique email addresses, with many of the records also including name, phone number and physical address. When contacted about the incident, Lookiero advised that they would "look into it and get back to you if necessary". The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".
• Munchables March 26, 2024 • [ hack, financial, finance ] The Munchables blockchain-based game is attacked, with about $62 million worth of cryptocurrency was stolen from the game. Few hours after the attacker agrees to return the stolen funds.
• Gilmer County March 26, 2024 • [ ransomware, malware, government ] The government of Gilmer County in Georgia posts a notice on its website warning that a ransomware attack was affecting its ability to provide services to its more than 30,000 residents.
• VNDirect Securities Company (VNDirect) March 26, 2024 • [ hack, finance ] VNDirect, one of Vietnam's largest brokerages, begins the process of restoring its systems after a cyberattack that forced it to suspend trading transactions.
• Pakistan National Database and Registration Authority (Nadra) March 26, 2024 An investigation reveals that personal information of more than 2.7 million Pakistanis has been stolen from the records of the National Database and Registration Authority (Nadra) office, a government-run body that regulates the database of citizens.
• The Big Issue March 26, 2024 • [ ransomware, malware, healthcare ] The Big Issue, a street newspaper in the United Kingdom famed for providing homeless people with a legitimate income by paying them as vendors to distribute the magazine, confirms being impacted by a cyber incident, following the company being listed on the Qilin ransomware gangs darknet extortion site.
• Department of State employees and annuitants March 25, 2024 • [ social, government ] The State Departments oversight office warns current and former employees to be cautious of a fraudulent scheme targeting workers payroll accounts.
• Giant Tiger March 25, 2024 • [ leak, retail ] A threat actor claims responsibility for a data breach to Giant Tiger and leaks 2.8 million customer records on a forum.
• Crypt investors in Hong Kong March 25, 2024 • [ social, phishing, finance ] The Securities and Futures Commission of Hong Kong warns against entities operating under the name "HKCEXP" and "EDY" saying the names falsely poses as an SFC-registered entities.
• City of St. Cloud March 25, 2024 • [ ransomware, malware, government ] The city of St. Cloud says it discovered a ransomware attack affecting city services.
• Communications Workers Union March 25, 2024 • [ hack, technology ] The Communications Workers Union (CWU), which represents hundreds of thousands of employees in sectors across the UK economy including tech and telecoms, is currently working to mitigate a cyberattack.
• ParaSwap March 25, 2024 Decentralized finance aggregator ParaSwap rectifies a critical vulnerability in its smart contract, after the exploitation of the vulnerability resulted in minimal losses of $24,000 before white hat hackers intervened.
• boAt March 25, 2024 • [ leak, manufacturing ] In March 2024, the Indian audio and wearables brand boAt suffered a data breach that exposed 7.5M customer records. The data included physical and email address, names and phone numbers, all of which were subsequently published to a popular clear web hacking forum.
• University of Winnipeg March 24, 2024 • [ hack, education ] The University of Winnipeg in Canada confirms that threat actors stole sensitive information from the institution in an incident that took place late last month, affecting former and current students and staff.
• forum.kasperskyclub.ru March 24, 2024 The Russian language fan club forum for the cybersecurity giant Kaspersky (forum.kasperskyclub.ru) experiences a data breach, during which a hacker group known as RGB leaks the personal data of 56,798 users online.
• Kaspersky Club March 24, 2024 In March 2024, the independent fan forum Kaspersky Club suffered a data breach. The incident exposed 56k unique email addresses alongside usernames, IP addresses and passwords stored as either MD5 or bcrypt hashes.
• Curio March 23, 2024 Real-world asset liquidity provider Curio suffers a smart contract exploit resulting in a $16 million loss.
• England Cricket March 23, 2024 In March 2024, English Cricket's icoachcricket website suffered a data breach that exposed over 40k records. The data included email addresses and passwords stored as either bcrypt hashes, salted MD5 hashes or both. The data was provided to HIBP by a source who requested it be attributed to "IntelBroker".
• Traverse City Area Public Schools March 22, 2024 • [ ransomware, malware, education ] The Traverse City Area Public Schools are hit with a Medusa ransomware attack.