Full List

Search

Recent Breaches

• The European House – Ambrosetti spa April 1, 2024 • [ technical vulnerability, data exfiltration, unprotected passwords ] Unauthorized access to The European House Ambrosetti systems through a technical vulnerability in April 2024 resulted in exfiltration of account data for 61,670 people, including employees of client companies and internal staff using online services. Italy's data protection authority later fined the company for inadequate security, unprotected passwords, and delayed notification to affected individuals.
• Hoya Corporation March 31, 2024 • [ ransomware, malware, manufacturing ] Hoya Corporation, one of the largest global manufacturers of optical products, says a "system failure" caused servers at some of its production plants and business divisions to go offline. The Hunters International ransomware gang claims responsibility for the attack and demands a $10M ransom.
• Nexperia March 31, 2024 Dutch chipmaker Nexperia confirms that threat actors breached its network in March 2024 after the Dark Angels ransomware gang leaked samples of allegedly stolen data.
• PandaBuy March 31, 2024 Data belonging to more than 1.3 million customers of the PandaBuy online shopping platform is leaked, allegedly after two threat actors exploited multiple vulnerabilities to breach systems.
• New York City Automated Personnel System, Employee Self Service (known as NYCAPS/ESS) March 31, 2024 • [ hack, phishing, government ] The city of New York took its payroll website partially offline for the last nine days in response to a recent phishing scheme targeting city employees
• Pandabuy March 31, 2024 • [ hack, retail ] In March 2024, 1.3M unique email addresses from the online store for purchasing goods from China, Pandabuy, were posted to a popular hacking forum. The data also included IP and physical addresses, names, phone numbers and order enquiries. The breach was alleged to be attributed to "Sanggiero" and "IntelBroker".
• Atraf March 30, 2024 Atraf, a popular Israeli LGBTQ dating app, suffers a major data breach exposing personal information of over half a million users after a threat actor with the moniker "AK-47" dumps its database on Breach Forums.
• Traverse City Area Public Schools March 30, 2024 The Traverse City Area Public Schools (TCAPS) remains close for a network disruption due to a possible cyber attack.
• IxMetro March 30, 2024 Chilean data center and hosting provider IxMetro Powerhost suffers a cyberattack at the hands of a new ransomware gang known as SEXi, which encrypts the company's VMware ESXi servers and backups.
• Nottingham Rehab Supplies Healthcare March 30, 2024 • [ ransomware, leak, malware ] Multiple UK councils warned that citizens personal data may have been breached following a ransomware attack on a medical equipment supplier Nottingham Rehab Supplies (NRS) Healthcare. RansomHub said it successfully breached the firm on 30 March, stealing hundreds of thousands of sensitive documents. "More than 600k private documents was downloaded, including: Accounting, HR, Financial reports, Reception, Contracts and much more, the group said on its leak site.
• Samsung Germany Customer Tickets March 30, 2024 • [ leak, malware, technology ] In March 2025, data from Samsung Germany was compromised in a data breach of their logistics provider, Spectos. Allegedly due to credentials being obtained by malware running on a Spectos employee's machine, the breach included 216k unique email addresses along with names, physical addresses, items purchased from Samsung Germany and related support tickets and shipping tracking numbers.
• Omni Hotels & Resorts March 29, 2024 • [ ransomware, malware ] Omni Hotels & Resorts confirms that an alleged ransomware attack caused a nationwide IT outage that is still affecting its locations. The Daixin Team ransomware claims responsibility for the attack.
• Florida Department of Juvenile Justice March 29, 2024 • [ hack, government ] Threat actors break into the computer network of the Florida Department of Juvenile Justice.
• Prisma Finance March 28, 2024 A threat actor steals about $11.6 million from Prisma Finance, a popular decentralized finance (DeFi) platform. Shortly after the attacker declares to be a "white hat" and available to return the funds.
• Hot Topic March 28, 2024 American retailer Hot Topic discloses that two waves of credential stuffing attacks in November exposed affected customers' personal information and partial payment data.
• United Nations Development Programme March 27, 2024 • [ ransomware, malware, government ] The United Nations Development Programme (UNDP) investigates a cyberattack after threat actors breached its IT systems to steal human resources data. The 8Base ransomware operation claims responsibility for the attack.
• Lookiero March 27, 2024 In August 2024, a data breach from the online styling service Lookiero was posted to a popular hacking forum. Dating back to March 2024, the data included 5M unique email addresses, with many of the records also including name, phone number and physical address. When contacted about the incident, Lookiero advised that they would "look into it and get back to you if necessary". The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".
• Munchables March 26, 2024 • [ hack, financial, finance ] The Munchables blockchain-based game is attacked, with about $62 million worth of cryptocurrency was stolen from the game. Few hours after the attacker agrees to return the stolen funds.
• Gilmer County March 26, 2024 • [ ransomware, malware, government ] The government of Gilmer County in Georgia posts a notice on its website warning that a ransomware attack was affecting its ability to provide services to its more than 30,000 residents.
• VNDirect Securities Company (VNDirect) March 26, 2024 • [ hack, finance ] VNDirect, one of Vietnam's largest brokerages, begins the process of restoring its systems after a cyberattack that forced it to suspend trading transactions.