Full List

Search

Recent Breaches

• Charles Darwin School September 6, 2024 • [ ransomware, malware, education ] The Charles Darwin School in south London is hit with a ransomware attack.
• Physical Medicine & Rehabilitation Center September 6, 2024 • [ leak, healthcare ] The Physical Medicine & Rehabilitation Center posts a notice on its website about an incident in July that affected patients at their New Jersey and New York locations. The Meow Leaks claims responsibility for the attack.
• Boulanger September 6, 2024 In September 2024, French electronics retailer Boulanger suffered a data breach that exposed over 27M rows of data. The data included 967k unique email addresses along with names, physical addresses, phone numbers and latitude and longitude. The data was later publicly published to a popular hacking forum.
• Boulanger September 6, 2024 • [ hack, leak, retail ] In September 2024, French electronics retailer Boulanger suffered a data breach that exposed over 27M rows of data. The data included 2M unique email addresses along with names, physical addresses, phone numbers and latitude and longitude. The data was later publicly published to a popular hacking forum. The data was provided to HIBP by a source who requested it be attributed to "leidhall".
• Cultura September 6, 2024 • [ hack, retail ] In September 2024, French retailer Cultura was the victim of a cyber attack they attributed to an external IT service provider. The resultant data breach included almost 1.5M unique email addresses along with names, phone numbers, physical addresses and orders. Cultura advised that all affected customers had been notified about the incident.
• Zenith American Solutions, Inc. September 6, 2024 • [ phishing, data leak ] Unauthorized access to Zenith American Solutions network discovered September 6 2024 after an employee email account was compromised via phishing; over 12,000 individuals names, dates of birth, Social Security numbers, and benefit-plan documents potentially accessed. The firm notified regulators January 2025 and publicly disclosed in June 2025. No actor attribution or ransom demand reported.
• Boulanger September 6, 2024 • [ data breach, PII, retail ] In September 2024, French electronics retailer Boulanger suffered a data breach that exposed over 27M rows of data. The data included 2M unique email addresses along with names, physical addresses, phone numbers and latitude and longitude. The data was later publicly published to a popular hacking forum.
• Tewkesbury Borough Council September 5, 2024 • [ hack, government ] The Tewkesbury Borough Council shouts down its systems following a cyber attack.
• Penpie September 5, 2024 Threat actors steak about $27 million worth of cryptocurrency from the Penpie decentralized finance (DeFi) protocol.
• Undisclosed organization September 5, 2024 • [ ransomware, malware ] Researchers at Palo Alto discover a ransomware incident where the threat actor Jumpy Pisces, tied to North Korea, collaborated with the Play ransomware group.
• Cisco September 4, 2024 • [ leak, malware, technology ] Ciscos site for selling company-themed merchandise is offline and under maintenance due to threat actors compromising it with JavaScript code that steals sensitive customer details provided at checkout exploiting CVE-2024-34102.
• Latvian government and critical infrastructure websites September 4, 2024 According to Latvian cybersecurity officials, politically motivated threat actors linked to Russia and Belarus are targeting Latvian government and critical infrastructure websites in a new wave of cyberattacks.
• Plaisted Companies, Inc. September 4, 2024 • [ data leak ] On or around September 4 2024, Plaisted Companies, Inc. experienced unauthorized access to internal application servers storing personal data. The company reported potential exposure of files containing personally identifiable information and began notifications on March 26 2025. No encryption, data theft confirmation, or ransom activity was reported.
• VK September 3, 2024 • [ leak, technology ] A threat actor using the alias HikkI-Chan leaks the personal details of over 390 million VK users (specifically, 390,425,719) on the notorious cybercrime and hacker platform Breach Forums. The data was stolen from a third-party.
• Individuals in South Korea September 2, 2024 • [ social ] Telegram removes 25 pieces of deepfake pornographic materials, after South Korean police investigates its role in deepfake-powered sex crimes targeting victims in the country.
• Tracelo September 2, 2024 • [ leak, technology ] A threat actor using the alias Satanic claims to have breached Tracelo, a smartphone geolocation tracking service. As a result, the hacker has leaked the personal details of over 1.4 million individuals (1,459,014) on the notorious Breach Forums.
• Transport for London September 2, 2024 • [ hack, government ] Transport for London (TfL), the city's transport authority, is investigating an ongoing cyberattack.
• Numotion September 2, 2024 • [ phishing, data leak ] Email account compromises exposed customer information at numotion.
• Deutsche Flugsicherung September 1, 2024 • [ hack, government ] Deutsche Flugsicherung, the German state-owned company responsible for the countrys air traffic control, has confirmed being hit by a cyberattack.
• BayMark Health Services September 1, 2024 • [ ransomware, healthcare ] BayMark Health Services, North America's largest provider of substance use disorder (SUD) treatment and recovery services, notifies an undisclosed number of patients that attackers stole their personal and health information in a September 2024 breach. The RansomHub operation claimed responsibility for the breach.