Portend Breaches

Keesal, Young & Logan June 7, 2024 The law firm Keesal, Young & Logan discloses that it recently detected a data breach, and an investigation showed that more than 316,000 people were impacted. Threat actors may have obtained names, Social Security numbers, drivers license numbers, financial account information and other data.

Various election-related sites and two political parties in the Netherlands June 6, 2024 • [ hack, ddos, government ] Researchers from Cloudflare report to have mitigated at least three distributed denial of service (DDoS) attack waves on various election-related sites in the Netherlands, as well as several political parties; PVV (Party for Freedom) and FvD (Forum for Democracy). The hacktivist group known as 'HackNeT' took responsibility for the attacks.

Los Angeles Unified School District June 6, 2024 • [ leak, education ] Los Angeles Unified School District (LAUSD) officials are investigating a threat actor's claims that they're selling stolen databases containing records belonging to millions of students and thousands of teachers. 24 million records are allegedly compromised.

Alabama Cardiology Group June 6, 2024 • [ hack, healthcare ] Alabama Cardiology Group notifies nearly 281,000 current and past patients, physicians and employees that threat actors stole their sensitive information.

Dubai Municipality June 5, 2024 • [ leak, government ] Daixin Team adds the Dubai Municipality to its dark web leak site.

Advance Auto Parts June 5, 2024 A threat actor using the Sp1d3r handle claims to be selling 3TB of data from Advance Auto Parts, a leading automotive aftermarket parts provider, stolen after breaching the company's Snowflake account.

Disney June 5, 2024 Club Penguin fans hack a Disney Confluence server to steal information about their favorite game and walking away with 2.5 GB of internal corporate data.

Tech in Asia June 5, 2024 A database owned by Tech in Asia, a prominent technology news outlet focusing on startups and technological innovations across Asia is compromised and leaked by a threat actor known by the pseudonym Sanggiero, linked to the infamous hacking collective, IntelBroker.

Vietnam Post June 5, 2024 • [ ransomware, malware ] The Vietnam Post is hit with a ransomware attack.

Town of Arlington June 5, 2024 • [ financial, phishing, government ] The town of Arlington discloses that it had lost nearly $446,000 in a monthslong business email compromise (BEC) scam.

Santa Barbara Systems June 5, 2024 • [ hack, ddos, manufacturing ] Santa Barbara Systems, a General Dynamics subsidiary in Spain that is refurbishing Leopard tanks for delivery to Ukraine, suffers a cyberattack on its website, by pro-Russia group NoName057(16).

Advance Auto Parts June 5, 2024 • [ leak, misconfiguration, automotive ] In June 2024, Advance Auto Parts confirmed they had suffered a data breach which was posted for sale to a popular hacking forum. Linked to unauthorised access to Snowflake cloud services, the breach exposed a large number of records related to both customers and employees. In total, 79M unique email addresses were included in the breach, alongside names, phone numbers, addresses and further data attributes related to company employees.

Ukrainian civil service officials and military personnel June 4, 2024 • [ espionage, malware, government ] The Computer Emergency Response Team of Ukraine (CERT-UA) warns of a campaign targeting Ukrainian civil service officials and military personnel via the DarkCrystal RAT delivered through Signal.

Northern Minerals June 4, 2024 • [ ransomware, malware, energy ] Northern Minerals issues an announcement warning that it suffered a cybersecurity breach resulting in some of its stolen data being published on the dark web. The BianLian ransomware group claims responsibility for the attack,

Synnovis June 4, 2024 • [ ransomware, malware, healthcare ] A Qilin ransomware attack affecting pathology and diagnostic services provider Synnovis impacts healthcare services at multiple major NHS hospitals in London.

High-profile TikTok accounts belonging to multiple companies and celebrities June 4, 2024 TikTok fixes a 0-Day vulnerability exploited by attackers to hijack high-profile TikTok accounts belonging to multiple companies and celebrities.

Victorian Freight Specialists June 4, 2024 • [ hack ] The threat actor known as GhostR claims to have stolen data from Australian logistics company Victorian Freight Specialists.

Spytech June 4, 2024 In July 2024, spyware maker Spytech suffered a data breach that exposed data collected as recently as the previous month. Designed to "invisibly record everything users do", the breach exposed information related to both purchasers and targets of the product. Target data collection (and subsequent exposure) included the infected computer name, browsing history, applications used, usernames of authenticated users, keywords being monitored, file operations (creation and deletion), computer usage times and email addresses, often captured within the spyware's logs. The data also included the names, purchases and md5 password hashes of purchasers.

Multiple organizations June 3, 2024 • [ hack, malware, technology ] A massive trove of 361 million email addresses from credentials stolen by password-stealing malware, in credential stuffing attacks, and from data breaches is added to the Have I Been Pwned data breach notification service.

Verny June 3, 2024 • [ hack, retail ] Verny, a popular Russian discount retail chain with over 1,000 stores nationwide is hit by a cyberattack over the weekend that disrupts its services for several days.

Recent Breaches