Portend Breaches

Multiple U.S. defense contractors July 1, 2024 • [ espionage, malware, government ] Between July 2024 and July 2025, the Chinese state-linked group RedNovember, operating under the Ministry of State Security (MSS), conducted an espionage campaign exploiting internet-facing network devices and Outlook Web Access systems to infiltrate at least two U.S. defense contractors. Attackers deployed the Go-based backdoor Pantegana, Cobalt Strike, and SparkRAT for reconnaissance and persistence, exfiltrating sensitive defense-related data.

Chapman & Roberts PA July 1, 2024 • [ data leak, law firm, pii ] Greensboro immigration law firm disclosed a breach dating back to July 2024 that exposed client/individual PII; notifications issued in May 2025.

Harbin Clinic July 1, 2024 • [ data leak, third-party breach ] Third-party breach at Nationwide Recovery Services (July 2024) led to theft of Harbin Clinic patient data; disclosures and notifications in May 2025.

University of Medicine and Pharmacy HCMC Hospital July 1, 2024 • [ data leak ] Hackers leaked personnel data and configuration lists from over 50 servers belonging to the University of Medicine and Pharmacy HCMC Hospital; the method of compromise was not disclosed and no encryption or ransom activity was reported.

Dr. F.H. Wigmore Regional Hospital patients July 1, 2024 • [ insider threat, unauthorized access, privacy breach ] Saskatchewans Information and Privacy Commissioner found a privacy breach at Dr. F.H. Wigmore Regional Hospital where an emergency department unit clerk inappropriately accessed their own health record and the records of 98 other people, for a total of 102 accesses between July 2024 and June 2025. The decision found the employee also disclosed information learned from records in at least two instances, including sharing private health information with a co-worker and texting a family member about another relatives hospital admission.

Mercku June 30, 2024 The helpdesk portal of Mercku, a router maker, is sending MetaMask phishing emails in response to newly filed support tickets, in what appears to be a compromise.

Roll20 June 29, 2024 • [ hack, technology ] Roll20, a popular online tabletop platform for role-playing games (RPGs), reveals that its systems were breached.

Patelco Credit Union June 29, 2024 • [ ransomware, malware, finance ] Patelco Credit Union discloses it experienced a ransomware attack that led to the proactive shutdown of several of its customer-facing banking systems to contain the incident's impact.

Patelco Credit Union June 29, 2024 • [ ransomware, data leak, regulatory action ] Ransomware encrypted Patelco systems on June 29, 2024, causing a near-total outage of digital banking through mid-July and exposing substantial member PII; DFPI later issued a consent order and $100,000 fine with mandated cybersecurity improvements.

Kadokawa June 28, 2024 • [ ransomware, leak, malware ] Japanese media giant Kadokawa confirms that some of its data was leaked in a ransomware attack early June 2024. The BlackSuit ransomware gang claims responsibility for the attack.

Bloom Health Centers June 28, 2024 • [ hack, phishing, healthcare ] Psych Associates of Maryland LLC d/b/a Bloom Health Centers ("Bloom Health") discloses a security breach after the compromise of an employee's email.

Domestic flight in Australia June 28, 2024 • [ hack, phishing ] The AFP charges an Australian man (42) with operating a fake Wi-Fi access point on a domestic flight to steal user credentials and data.

Pediatric Urology Associates June 28, 2024 • [ ransomware, malware, healthcare ] Pediatric Urology Associates is allegedly hit with a dAn0n ransomware attack.

Shoe Zone June 28, 2024 • [ hack, malware, retail ] In June 2024, the UK footwear chain Shoe Zone disclosed a data breach that was subsequently posted for sale on a popular hacking forum. The data included over 100k orders containing names, addresses, partial credit card numbers (card type and last 4 digits), and 46k unique email addresses. The data was provided to HIBP by a source who requested it be attributed to "IntelBroker".

Landmark Admin June 27, 2024 • [ leak, finance ] Life insurance company Landmark Admin sends notifications to an unknown number of individuals about a data breach impacting personal, medical, and insurance information.

Teamviewer June 27, 2024 TeamViewer, the company that makes widely used remote access tools for companies, confirms an ongoing cyberattack on its corporate network carried out by the Russian state-sponsored actor APT29

Telecommunication providers in Crimea June 27, 2024 • [ hack, ddos, technology ] Local authorities in Crimea warn of internet disruptions from distributed denial-of-service (DDoS) attacks targeting telecommunication providers.

University Hospital Centre in Zagreb, a.k.a. KBC Zagreb June 27, 2024 • [ ransomware, malware, healthcare ] The LockBit ransomware gang claims responsibility for a cyberattack on Croatias largest hospital, which forces it to shut down IT systems for a day.

BudTrader June 27, 2024 • [ hack, misconfiguration ] In July 2024, a data breach of the now defunct cannabis social platform BudTrader was posted for sale on a hacking forum. Dating back to the previous month, the breach of the website exposed 2.7M email addresses, usernames and WordPress password hashes.

Evolve Bank & Trust June 26, 2024 Evolve Bank & Trust confirms that hackers stole customer information and posted it on the dark web. A LockBit ransomware affiliated is suspected of the attack. Evolve customers like Wise, Affirm, and Mercury are also impacted by the breach.

Recent Breaches