Full List

Search

Recent Breaches

• Kaspersky June 1, 2023 • [ hack, malware, technology ] Russian cybersecurity firm Kaspersky discloses 'Operation Triangulation': some iPhones on its network were hacked using an iOS vulnerability that installed malware via iMessage zero-click exploits.
• Middlesex County Public Schools June 1, 2023 • [ ransomware, malware, education ] The superintendent for Middlesex County Public Schools confirms that the school division was the subject of a recent ransomware attack.
• Cadence Bank June 1, 2023 Cadence Bank files a notice of data breach after discovering that the MOVEit file transfer application used by Cadence, contained a critical vulnerability, with the incident resulting in an unauthorized party being able to access consumers' sensitive information.
• Delta Dental of California June 1, 2023 Delta Dental of California files a notice of data breach after discovering that attackers exploited the vulnerability in MOVEit, the file-transfer application used by the company.
• Discovery at Home June 1, 2023 • [ social, phishing, retail ] Discovery at Home issues a website notice about a phishing incident they discovered on June 1.
• Pathology Resource Network June 1, 2023 • [ leak, sqlinjection, healthcare ] Pathology Resource Network (PRN) adds a website notice on its homepage after discovering that Cadence Bank, which provides treasury management services to PRN, experienced a MOVEit-related data breach.
• Russian diplomats June 1, 2023 Russia's Federal Security Service (FSB) also accuses U.S. intelligence of hacking "thousands of Apple phones" to spy on Russian diplomats exploiting the same vulnerability.
• Starmount Life Insurance Company June 1, 2023 • [ hack, misconfiguration, finance ] Unum Group's subsidiary Starmount Life Insurance Company posts a notice of data breach on its website after discovering that the company's MOVEit server was accessed by an unauthorized party.
• 22 energy companies in Denmark May 31, 2023 SektorCERT, Denmark's state-funded organization handling cyber incidents in the critical sector, reveals that 22 energy companies were breached during May 2023, exploiting the CVE-2023-28771 Zyxel vulnerability.
• AlohaCare May 31, 2023 • [ leak, sqlinjection, healthcare ] AlohaCare files a notice of data breach after confirming that a vulnerability in the file-transfer program MOVEit resulted in confidential patient information being accessible to an unauthorized party.
• Barrick Gold May 31, 2023 Barrick Gold files a notice of data breach after discovering that attackers exploited the vulnerability in the MOVEit secure file-transfer software used by the company.
• Financial Institution Service May 31, 2023 Financial Institution Service files a notice of data breach after discovering that the vulnerability in the file-transfer application MOVEit allowed attackers to access the personal information of more than 750,000 people.
• Indiana Family and Social Services Administration May 31, 2023 • [ leak, sqlinjection, government ] The Indiana Family and Social Services Administration (FSSA) posts a notice announcing that the protected health information of an estimated 212,193 Indiana Medicaid members was impacted by the MOVEit data breach affecting CareSource.
• Kennedy Krieger Institute May 31, 2023 • [ leak, misconfiguration, healthcare ] The Johns Hopkins University and the Johns Hopkins Health System Corporation (collectively "Johns Hopkins'') file a notice of data breach on behalf of the Kennedy Krieger Institute after learning that a software vulnerability resulted in confidential consumer information being leaked.
• Non-profit organization(s) in Saudi Arabia May 31, 2023 • [ espionage, malware, healthcare ] Researchers from Cisco Talos disclose a stealthy cyberespionage campaign that targeted a non-profit organization in Saudi Arabia with a backdoor named Zardoor, and remained undetected for two years.
• Centers for Medicare & Medicaid Services May 31, 2023 • [ leak, sqlinjection, healthcare ] The Centers for Medicare & Medicaid Services (CMS) notified 612,000 Medicare beneficiaries of a data breach stemming from a vulnerability in Progress Software's MOVEit Transfer software.
• Medical College of Wisconsin May 31, 2023 The Medical College of Wisconsin (MCW) confirms that the protected health information of 240,667 individuals was stolen by the Clop hacking group, which exploited the zero day vulnerability in Progress Software's MOVEit Transfer.
• BORN Ontario May 31, 2023 • [ hack, sqlinjection, government ] BORN Ontario (Better Outcomes Registry & Network) reveals to have been hit by a data breach related to MOVEit CVE-2023-34362 vulnerability.
• Casepoint May 31, 2023 • [ ransomware, malware, technology ] Casepoint says it's investigating a potential cybersecurity incident after the ransomware group BlackCat claims to have compromised the legal technology platform to steal terabytes of sensitive data.
• CCleaner May 31, 2023 • [ leak, technology ] The maker of the popular optimization app CCleaner confirms that threat actors stole a trove of personal information about its paid customers following a MOVEit data breach in May.