Full List

Search

Recent Breaches

• South Africa’s National Health Laboratory Service June 25, 2024 • [ ransomware, healthcare, cyberattack ] South Africas National Health Laboratory Service (NHLS) confirms to be dealing with a ransomware attack.
• Indonesia's Temporary National Data Center June 24, 2024 • [ ransomware, malware, government ] The Indonesian National Cyber and Encryption Agency (BSSN) reveals that the Brain Cipher ransomware disrupted the Temporary National Data Center server, affecting the operations of 210 government institutions, including immigration services at Soekarno-Hatta International Airport.
• Neiman Marcus June 24, 2024 • [ hack, malware, retail ] High-end department store Neiman Marcus discloses a data breach, shortly before the threat actor 'Sp1d3r' offered to sell information belonging to millions of the companys customers. The hack impacted 64,000 users and is likely part of the massive SnowFlake campaign.
• SpyX June 24, 2024 • [ leak, malware, technology ] In June 2024, spyware maker SpyX suffered a data breach that exposed almost 2M unique email addresses. The breach also exposed IP addresses, countries of residence, device information and 6-digit PINs in the password field. Further, a collection of iCloud credentials likely used to monitor targets directly via the cloud were also in the breach and contained the target's email address and plain text Apple password.
• Ezynetic (IT vendor to Moneylenders Credit Bureau/ Credit Bureau Singapore) June 24, 2024 • [ data leak ] PDPC fined Ezynetic after breach impacting ~190,000 whose data, including credit reports, was put for sale; uncovered June 24, 2024.
• Ladies' College June 24, 2024 • [ ransomware, weak passwords, mfa missing ] The Ladies College reported that on June 24, 2024 it lost access to several on-premises servers and quickly determined that an unauthorized party had gained access and deployed ransomware that encrypted systems. Regulators concluded the school failed to properly secure remote access, used a weak administrator password without MFA, and was vulnerable to brute-force compromise; monitoring alerts existed but lacked effective notification. The investigation found no evidence that data was accessed or copied off the network, though the incident impacted availability and encrypted some limited personal data. The school self-reported and later implemented remedial security measures.
• CoinStats June 23, 2024 • [ hack, finance ] CoinStats reveals to have suffered a massive security breach that compromised 1,590 cryptocurrency wallets, draining over $2 million in virtual assets, with the attack suspected to have been carried out by North Korean threat actors.
• Jollibee Group June 23, 2024 • [ leak, retail ] The Jollibee Group begins investigates a cybersecurity incident that may have compromised the records of millions of customers.
• Bitcoin Depot June 23, 2024 • [ data leak ] Bitcoin Depot reported a data breach that occured in June 2024 after completing an investigation on July 18, 2024. Customer data stolen affecting 27,000 individuals including personal information.
• BtcTurk June 22, 2024 Turkeys biggest cryptocurrency market BtcTurk says that their exchange had been hacked, with the assets stolen possibly amounting to nearly 51 million euros.
• Zacks (2024) June 22, 2024 • [ leak, finance ] In June 2024, the investment research company Zacks was allegedly breached, and data was later published to a popular hacking forum. This comes after a separate Zacks data breach confirmed by the organisation in 2023 with the subsequent breach disclosing millions of additional records representing a superset of data from the first incident. The 2024 breach included 12M unique email addresses along with IP and physical addresses, names, usernames, phone numbers and unsalted SHA-256 password hashes. Zacks did not respond to multiple attempts to contact them about the incident.
• Catholic Charities of Southern Nevada June 22, 2024 • [ data leak, PII/PHI exposure ] Suspicious activity detected June 22, 2024; later notice confirms sensitive PII/PHI impacted.
• Japan Aerospace Exploration Agency (JAXA) June 21, 2024 • [ hack, government ] The Japanese space agency JAXA has been hit by a series of cyberattacks since it reported a cyber incident during November 2023.
• Pinnacle Orthopaedics & Sports Medicine Specialists June 21, 2024 • [ ransomware, malware, healthcare ] Pinnacle Orthopaedics & Sports Medicine Specialists is hit with an INC ransomware attack.
• Acadian Ambulance June 21, 2024 • [ ransomware, malware, healthcare ] Acadian Ambulance is hit with a Daixin ransomware attack. The threat actors claim to have stolen 10 million records.
• Undisclosed third-party of Accenture June 20, 2024 • [ leak, misconfiguration, technology ] A threat actor named '888' claims to have extracted contact details of 33,000 current and former employees of Accenture in a breach that involves a third-party firm.
• Z-lib June 20, 2024 • [ leak, misconfiguration, technology ] In June 2024, almost 10M user records from Z-lib were discovered exposed online. Now defunct, Z-lib was a malicious clone of Z-Library, a well-known shadow online platform for pirating books and academic papers. The exposed data included usernames, email addresses, countries of residence, Bitcoin and Monero cryptocurrency wallet addresses, purchases and bcrypt password hashes.
• NewsBank June 20, 2024 • [ data leak, employee data, class action ] Employee data breach at NewsBank discovered around July 1, 2024; investigation found unauthorized access June 20July 1, 2024 to systems holding employee PII (names, SSNs, DL, financial/credit-debit data; possible medical info). Class action reported Feb 20, 2025; no actor publicly identified.
• Kraken June 19, 2024 • [ financial, misconfiguration, finance ] The Kraken crypto exchange discloses that alleged security researchers exploited a zero-day website bug to steal $3 million in cryptocurrency and then refused to return the funds.
• Apple June 19, 2024 • [ hack, manufacturing ] The threat actor IntelBroker claims to have hacked Apple, allegedly gaining access to internal source code of three popular tools of Apple.com.