Full List

Search

Recent Breaches

• South St. Paul Public Schools March 4, 2024 • [ education ] South St. Paul Public Schools alerts families to an ongoing technology disruption that is being investigated.
• American Express merchant processor March 4, 2024 American Express warns customers that credit cards were exposed in a third-party data breach after a merchant processor was hacked.
• Two South Korean microchip equipment companies March 4, 2024 The South Korean National Intelligence Service (NIS) reveal that North Korean hackers breached at least two South Korean microchip equipment companies in recent months, stealing product design drawings and facility site photos.
• Russian Ministry of Defense (Minoborony) March 4, 2024 • [ espionage, government ] The Main Intelligence Directorate (GUR) of Ukraine's Ministry of Defense claims that it breached the servers of the Russian Ministry of Defense (Minoborony) and stole sensitive documents.
• German Federal Defense (Bundeswehr) March 4, 2024 Russia publishes an intercepted conversation via Webex, in which Bundeswehr officials discuss the countrys support for Ukraine, particularly around the supply of Taurus cruise missiles.
• Giant Tiger March 4, 2024 • [ leak, misconfiguration, retail ] In March 2024, Canadian discount store Giant Tiger suffered a data breach that exposed 2.8M customer records. Attributed to a vendor of the retailer, the breach included physical and email addresses, names and phone numbers.
• WoTLabs March 3, 2024 • [ hack, technology ] In March 2024, WoTLabs (World of Tanks Statistics and Resources) suffered a data breach and website defacement attributed to "chromebook breachers". The breach exposed 22k forum members' personal data including email and IP addresses, usernames, dates of birth and time zones.
• Fair Vote Canada March 2, 2024 • [ leak, misconfiguration, government ] In March 2024, the Canadian national citizens' campaign for proportional representation Fair Vote Canada suffered a data breach. The incident was attributed to "a well-meaning volunteer" who inadvertently exposed data from 2020 which included 134k unique email addresses, names, physical addresses, phone numbers and, for some individuals, date and amount of a donation.
• Stock Development LLC March 2, 2024 • [ ransomware, data leak ] Stock Development confirmed network intrusion spanning April 2023 to March 2024. LockBit claimed the breach, posting 1 TB of stolen data. Victims notified beginning January 2025; about 13,147 individuals confirmed. No public confirmation of encryption or forensic attribution beyond the claim.
• Muscatine Power and Water March 1, 2024 • [ ransomware, malware, energy ] Muscatine Power and Water warns the public of a ransomware attack discovered on January 26.
• Mr Green Gaming March 1, 2024 • [ leak, misconfiguration ] Mr Green Gaming, a game community, suffers a breach when an inactive admin account is exploited, resulting in the leak of personal details belonging to 27,000 members.
• Tyler Technologies March 1, 2024 • [ ransomware, malware, technology ] The LockBit ransomware operation claims to have stolen data from the D.C. Department of Insurance, Securities and Banking (DISB), however the agencies denies the claims, and states that the leaked data is from a third-party technology provider.
• Dell March 1, 2024 Dell warns customers of a data breach after a threat actor claimed to have stolen information for approximately 49 million customers.
• Undisclosed Singapore-based firm March 1, 2024 GhostR, a financially motivated criminal group says it has stolen a confidential database containing 5.3 million of records that companies use for screening potential customers for links to sanctions and financial crime from World-Check.
• Life360 March 1, 2024 • [ leak, misconfiguration, manufacturing ] A threat actor has leaked a database containing the personal information of 442,519 Life360 customers collected by abusing a flaw in the login API.
• Telefónica March 1, 2024 • [ leak, technology ] Telefnica investigates the claims of a possible cyberattack occurred in March that allowed criminals to access more than 2 million records of clients and collaborators of the company.
• Arisa Health March 1, 2024 • [ healthcare ] Arisa Health, an Arkansas-based provider of mental and behavioral health services notifies more than 375,000 individuals of a recent data theft incident potentially compromising their sensitive personal and medical information.
• British Home Office March 1, 2024 • [ espionage, government ] Threat actors from APT29 working for Russias foreign intelligence service accessed corporate emails and data on individuals from the British government, after they breached Microsoft in January 2024.
• Life360 March 1, 2024 • [ leak, misconfiguration, technology ] In July 2024, data scraped from a misconfigured Life360 API was posted online after being obtained several months earlier. The records included 443k unique email addresses and in most cases, corresponding names and phone numbers (some records were null or obfuscated). Life360 promptly notified impacted users after the incident was discovered.
• Mr. Green Gaming March 1, 2024 • [ leak, technology ] In March 2024, the online games community Mr. Green Gaming suffered a data breach that exposed 27k user records. Acknowledged on their Discord server, the incident exposed email and IP addresses, usernames, geographic locations and dates of birth.