Full List

Search

Recent Breaches

• Adam Griffin May 6, 2024 • [ social, phishing, finance ] Adam Griffin, a crypto investor is robbed of nearly $500,000 in cryptocurrencies after a scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and ultimately seized control over the account by convincing him to click yes to a Google prompt on his mobile device.
• Richmond University Medical Center May 6, 2024 • [ ransomware, malware, healthcare ] The Richmond University Medical Center in New York is investigating a ransomware attack since May 2023 and it recently determined that the incident resulted in a data breach affecting more than 670,000 people.
• Mālama I Ke Ola Health Center May 4, 2024 • [ hack, healthcare ] The Mlama I Ke Ola Health Center discloses to have suffered a cyberattack
• Mālama I Ke Ola Health Center May 4, 2024 • [ cyberattack ] The Mlama I Ke Ola Health Center discloses to have suffered a cyberattack
• Undisclosed crypto investor May 3, 2024 • [ financial, hack, phishing ] An individual loses around $71 million worth of bitcoin in what appears to be an address poisoning attack. A week later the author of the attack returns the stolen bounty.
• City of Wichita May 3, 2024 • [ ransomware, malware, government ] The City of Wichita, Kansas, discloses it was forced to shut down portions of its network after suffering a weekend ransomware attack. The LockBit ransomware operation claims responsibility for the attack.
• Abri Credit Union May 3, 2024 • [ data leak ] Abri Credit Union disclosed unauthorized access to its systems occurring in May 2024 that was discovered in December 2025. The incident may have exposed personal, financial, and limited medical information of members. The credit union notified affected individuals and offered credit monitoring services; no operational disruption was publicly reported.
• Teixeira Cândido (Angolan journalist) / Syndicate of Angolan Journalists context May 3, 2024 • [ spyware, Predator, mobile infection ] Amnesty Internationals Security Lab reported forensic confirmation that Intellexas Predator spyware successfully infected the iPhone of Angolan journalist and press freedom activist Teixeira Cndido on May 4, 2024 after he opened a malicious link sent via WhatsApp. Amnesty said the attacker could have gained wide access to device data (including messages and files) and that the infection appears to have been removed after the phone was restarted later that day. The investigation described multiple additional infection links sent afterward that did not appear to succeed. Attribution to a specific government customer was not made in the public report.
• The Post Millennial May 2, 2024 Have I Been Pwned adds the information for 26,818,266 people whose data was leaked in a recent hack of The Post Millennial conservative news website.
• Human Events May 2, 2024 • [ hack, leak ] The conservative news website Human Events is also hacked and replaced with a page leaking private information.
• The Post Millennial May 2, 2024 • [ hack, misconfiguration, technology ] In May 2024, the conservative news website The Post Millennial suffered a data breach. The breach resulted in the defacement of the website and links posted to 3 different corpuses of data including hundreds of writers and editors (IP, physical address and email exposed), tens of thousands of subscribers to the site (name, email, username, phone and plain text password exposed), and tens of millions of email addresses from thousands of mailing lists alleged to have been used by The Post Millennial (this has not been independently verified). The mailing lists appear to be sourced from various campaigns not necessarily run by The Post Millennial and contain a variety of different personal attributes including name, phone and physical address (depending on the campaign). The data was subsequently posted to a popular hacking forum and extensively torrented.
• Brandywine Realty Trust May 1, 2024 • [ ransomware, malware ] Philadelphia-based real estate company Brandywine Realty Trust discloses to have fell victim to a ransomware attack that disrupted some of its business applications.
• Payroll Vendor for UK Ministry of Defence May 1, 2024 The UK Government confirmed today that a threat actor recently breached the countrys Ministry of Defence and gained access to part of the Armed Forces payment network.
• Firstmac Limited May 1, 2024 • [ leak, finance ] Firstmac Limited warns customers that it suffered a data breach a day after the new Embargo cyber-extortion group leaked over 500GB of data allegedly stolen from the firm.
• Atlas May 1, 2024 • [ ransomware, malware, energy ] The Back Basta extortion group claims to have breached Atlas, one of the largest national distributors of fuel in the United States. Black Basta purportedly stole 730 GB of data
• South African Department of Justice and Constitutional Development May 1, 2024 • [ hack, financial, government ] The South African Department of Justice and Constitutional Development (DJ&CD) suffers a cyber security incident affecting child maintenance payments.
• At least three Wyndham hotels May 1, 2024 • [ espionage, malware, hospitality ] pcTattletale, a consumer-grade spyware app is found running on the check-in systems of at least three Wyndham hotels across the United States.
• AddComm May 1, 2024 Dutch bank ABN Amro says client data may have been compromised in a ransomware attack at third-party services provider AddComm.
• Brosix and Chatox May 1, 2024 • [ hack, misconfiguration, technology ] Brosix and Chatox promised secure messaging, but threat actors accessed unprotected backups containing highly sensitive pharmacy and patient communications
• First Contact Health May 1, 2024 • [ phishing, unauthorized access, health data ] Guernseys Office of the Data Protection Authority (ODPA) sanctioned First Contact Health after cyber criminals successfully targeted an employee email account in a phishing attack, gaining unauthorized access to confidential health data. The practice reported the breach to the ODPA in May 2024, and the unauthorized access was believed to have occurred at least five months earlier. The enforcement action cited failures in key security controls intended to prevent phishing-based account compromise.