Full List

Search

Recent Breaches

• Multiple organizations in Japan January 31, 2024 Researchers from Itochu discover an updated version of a backdoor called LODEINFO, distributed via spear-phishing attacks, and used against targets in Japan from the Chinese threat actor APT10.
• Lurie Children’s Hospital January 31, 2024 • [ ransomware, malware, healthcare ] Lurie Childrens Hospital suffers a network outage, later confirmed to be a ransomware attack by the Rhysida group demanding a $3.4M ransom.
• Encore Bank January 31, 2024 • [ hack, phishing, finance ] Encore Bank files a notice of data breach after discovering that an unauthorized party was able to gain access to an employees email account.
• Almerys January 31, 2024 • [ hack, healthcare ] French healthcare services firm Almerys also suffers a cyberattack that exposed the data of policyholders and healthcare professionals in the country. The combination of the two breaches compromises the information of 33 million individuals.
• Albania's Institute of Statistics (INSTAT) January 31, 2024 Homeland Justice, an Iran-linked hacking group with a history of targeting Albanian state agencies and businesses says that it was behind an attack on the countrys Institute of Statistics (INSTAT), which is responsible for census information and other official statistics.
• Willis Lease Finance Corporation January 31, 2024 • [ ransomware, malware, finance ] Aircraft parts dealer Willis Lease Finance Corporation (WLFC) informs the US Securities and Exchange Commission that it fell victim to a cyberattack. The Black Basta ransomware gang claims responsibility for the attack.
• Chris Larsen (Ripple's co-founder and executive) January 31, 2024 Threat actors steal around $112 million worth of the Ripple-focused cryptocurrency XRP from a crypto wallet belonging to the Ripples co-founder and executive chairman Chris Larsen.
• Emmanuel College January 31, 2024 • [ leak, education ] Emmanuel College files a notice of data breach after discovering that a cybersecurity incident affected the personal information of nearly 90k individuals.
• Viamedis January 31, 2024 • [ leak, healthcare ] French healthcare services firm Viamedis suffers a cyberattack that exposed the data of policyholders and healthcare professionals in the country.
• Crescent Community Health Center January 31, 2024 Crescent Community Health Center (CCHC) files a notice of data breach after discovering that information that had been provided to the company was subject to unauthorized access.
• Mitre Corporation January 31, 2024 The MITRE Corporation says that a state-backed threat actors breached its systems (MITRE's Networked Experimentation, Research, and Virtualization Environment - NERVE) in January 2024 by chaining the two Ivanti VPN zero-days CVE-2023-46805 and CVE-2024-21887.
• Undisclosed Fortune 50 company January 31, 2024 • [ ransomware, financial, malware ] Researchers from Zscaler reveal that a Fortune 50 company paid a record-breaking $75 million ransom payment to the Dark Angels ransomware gang.
• Spoutible January 31, 2024 • [ leak, misconfiguration, technology ] In January 2024, Spoutible had 207k records scraped from a misconfigured API that inadvertently returned excessive personal information. The data included names, usernames, email and IP addresses, phone numbers (where provided to the platform), genders and bcrypt password hashes. The incident also exposed 2FA secrets and backup codes along with password reset tokens.
• Lurie Children’s Hospital January 31, 2024 • [ ransomware, network outage, healthcare ] Lurie Childrens Hospital suffers a network outage, later confirmed to be a ransomware attack by the Rhysida group demanding a $3.4M ransom.
• Unknown organization in India January 30, 2024 Researchers from CloudSEK discover a massive database containing the information of roughly 750 million mobile subscribers in India offered for sale on the dark web.
• Bankers Life and Casualty Company January 30, 2024 • [ leak, finance ] Bankers Life and Casualty Company files a notice of data breach after discovering that an unauthorized party was able to access personal information that had been entrusted to the company.
• University of Chicago Medical Center January 30, 2024 • [ social, phishing, healthcare ] The University of Chicago Medical Center reveals that a phishing incident involving the emails of workers at University of Chicago Medical Center may have exposed the personal information of about 10,300 people.
• Schuster Company January 30, 2024 • [ data leak, personally identifiable information ] An unauthorized third party gained access to Schuster Companys network between January 2330, 2024 and exfiltrated employee/driver personally identifiable information. The company publicly disclosed the incident on April 4, 2025.
• Regione Basilicata January 29, 2024 • [ ransomware, malware, government ] The local region of Basilicata in Italy suffers a ransomware attack.
• Fulton County January 29, 2024 • [ ransomware, malware, government ] Fulton County discloses to have experienced a widespread system outage during the weekend. A ransomware group claims responsibility for the attack.