Portend Breaches

Habib Bank Limited January 1, 2025 • [ hack, finance ] hacked

Federal Board of Revenue January 1, 2025 • [ hack, finance ] hacked

Fondo Genesis (MetLife) December 31, 2024 • [ ransomware, malware, finance ] The ransomware group RansomHub claims responsibility for a breach of MetLife's operations in Latin America. MetLife denies the allegations, acknowledging a separate cyber incident involving Fondo Genesis, a subsidiary operating solely in Ecuador. Claims to have exfiltrated 1TB of data.

Ford X Account December 31, 2024 • [ hack, manufacturing ] Ford confirms that its X account was briefly compromised, after posts referencing the Israel-Palestine war are published.

Thomas Cook (India) Ltd. December 31, 2024 • [ hack, retail ] Global travel agency Thomas Cook's Indian arm closes its affected systems after a cyber attack takes down its IT infrastructure.

Office of Foreign Assets Control December 30, 2024 Chinese state-backed threat actors breach the Office of Foreign Assets Control (OFAC), a Treasury Department office that administers and enforces trade and economic sanctions programs, exploiting a vulnerability in a BeyondTrust Remote Support SaaS instance.

DEphoto December 28, 2024 The threat actor known as 0mid16B breaches DEphoto, a U.K. photo business, twice in few days, acquiring the personal information of 555,952 customers.

Multiple Italian sites, including Malpensa and Linate airports December 28, 2024 Pro-Russia group Noname057(16) targets Italian sites, including Malpensa and Linate airports, in a new DDoS campaign amid rising geopolitical tensions.

Atos December 28, 2024 French tech giant Atos, which secures communications for the country's military and secret services, denies claims made by the Space Bears ransomware gang that they compromised one of its databases. Instead the threat actors breached unconnected "external third-party infrastructure," which, although stored data mentioning the company's name, was not managed or secured by Atos.

Undisclosed U.S. telecommunications company December 27, 2024 • [ hack, technology ] A White House official adds a ninth U.S. telecommunications company to the list of telecoms breached in a Chinese hacking campaign that impacted dozens of countries.

Infocert December 27, 2024 Infocert, one of the leading Spid digital identity providers in Italy, confirms a serious breach of its users personal data. The attackers claim to have stolen a huge volume of data from Infocerts databases, including 5.5 million registrations, 1.1 million telephone numbers, and 2.5 million email addresses.

X account of Animoca Brands co-founder Yat Siu December 26, 2024 A threat actor compromises the X account of Animoca Brands co-founder Yat Siu, using it to promote a fraudulent token.

Japan Airlines December 26, 2024 • [ hack ] Japans flag carrier announces that it has restored its systems following a cyber incident that delayed some domestic and international flights.

Mi Argentina December 25, 2024 • [ hack, government ] The Mi Argentina site and the SUBE card app, two of the governments most important digital platforms, suffer a cyber attack.

ArdyssLife December 24, 2024 • [ hack, manufacturing ] The threat actor known as 0mid16B claims to have successfully attacked Ardyss[.]com and ArdyssLife[.]com, stealin 596 GB of data from United States ArdyssLife[.]com and Ardyss[.]com server network.

Undisclosed Organization(s) December 24, 2024 Researchers at Northwave reveal that UNC5325, a suspected Chinese threat actor, is exploiting CVE-2024-9474, a vulnerability in Palo Alto firewalls, to install custom malware backdoor for espionage.

CyberHaven December 24, 2024 • [ hack, malware, technology ] Data-loss prevention startup Cyberhaven says threat actors published a malicious update to its Chrome extension that was capable of stealing customer passwords and session tokens.

Speedio December 24, 2024 • [ leak, misconfiguration, technology ] In December 2024, data alleged to have been taken from the Brazilian lead generation platform Speedio was posted for sale to a popular hacking forum. The data was allegedly obtained from an unsecured Elasticsearch instance and contained over 62M records of largely public business information including company names, phone numbers and physical addresses, along with 27M unique email addresses, predominantly from public services such as Gmail and Outlook. Speedio did not respond to multiple attempts to disclose the incident, and the origin of the data could not be independently verified. The data was provided to HIBP by a source who requested it be attributed to "ayame@xmpp.jp".

European Space Agency December 23, 2024 • [ hack, xss, government ] The European Space Agency's official web shop is hacked as it started to load a piece of JavaScript code that generates a fake Stripe payment page at checkout.

Kenton County School District December 20, 2024 • [ social, phishing, education ] Personal data from current and former students in Kenton County School District are compromised in a phishing scheme.

Recent Breaches