Full List

Search

Recent Breaches

• Curve Finance July 29, 2023 Decentralized Finance (DeFi) platform Curve Finance says in a post-mortem that at least $61 million worth of cryptocurrency was stolen from the platform through a vulnerability in the Vyper language.
• Ellipsis July 29, 2023 Decentralized Finance (DeFi) platform Ellipsis is also victim of a theft of crypto assets exploiting the vulnerability in the Vyper language.
• Brighthouse Financial July 29, 2023 • [ hack, sqlinjection, finance ] Brighthouse Financial confirms to have suffered a data breach occurred exploiting the MOVEit CVE-2023-34362 vulnerability.
• United HealthCare Services July 28, 2023 United Healthcare Services files a notice of data breach. As a result of the incident, an unauthorized party was able to access sensitive information belonging to 398,319 individuals.
• BankCard USA July 28, 2023 • [ ransomware, malware, finance ] BankCard USA pays a $50,000 ransom to the Black Basta group after suffering a ransomware attack.
• Teachers Retirement System of Georgia July 28, 2023 Teachers Retirement System of Georgia (TRS) posts a notice of data breach after discovering that PBI Research Services (PBI), a third-party vendor used by TRS, experienced a data breach related to the company's use of MOVEit.
• Wojeski & Company July 28, 2023 • [ ransomware, phishing, data leak ] NY AG says Wojeski suffered a phishing-led ransomware incident that locked access to files, followed by a second breach when a vendors employee improperly accessed and exfiltrated client data. Notifications lagged by over a year. Settlement requires encryption, inventorying locations of personal data, stronger access controls, vulnerability management, and a formal IR plan; $60,000 penalty and credit monitoring for affected New Yorkers.
• Fidelity Life Association July 27, 2023 • [ hack, finance ] Fidelity Life Association files a notice of data breach after discovering that confidential consumer information that had been entrusted to the company was subject to unauthorized access.
• LifeWorks Wellness Center July 27, 2023 • [ hack, healthcare ] LifeWorks Wellness Center recently reports a data breach that has affected 17,000 patients, after attackers gained access to its internal file system.
• T. Rowe Price Retirement Plan Services July 27, 2023 • [ hack, sqlinjection, finance ] T. Rowe Price Retirement Plan Services files a notice of data breach after discovering that hackers accessed a MOVEit server belonging to Pension Benefit Information (PBI), one of TRP's third-party vendors.
• IMX Medical Management Services July 27, 2023 • [ hack, malware, healthcare ] IMX Medical Management Services confirms that malware was found on a laptop computer that potentially allowed unauthorized individuals to access the protected health information of 7,594 individuals
• Family Vision of Anderson July 26, 2023 • [ ransomware, malware, healthcare ] Family Vision of Anderson files a notice of data breach after a ransomware attack exposed confidential patient information to unauthorized access
• Deloitte July 26, 2023 • [ leak, vulnerability, technology ] Deloitte confirms to be among the victims of a ctyber intrusion occurred exploiting the MOVEit vulnerability.
• Maximus July 26, 2023 • [ ransomware, malware, healthcare ] U.S. government contractor Maximus confirms that the Clop Ransomware gang, exploiting the vulnerability in MOVEit Transfer accessed the protected health information of as many as 11 million individuals.
• Transactions Applications Group July 26, 2023 • [ ransomware, malware, finance ] Transactions Applications Group joins the list of the victims that the Russian ransomware crew Clop claims to have compromised via the MOVEit vulnerability.
• Wuhan Earthquake Monitoring Center July 26, 2023 • [ hack, government ] China accuses U.S. of hacking the Wuhan Earthquake Monitoring Center.
• College of Foothill July 26, 2023 • [ ransomware, malware, education ] The College of Foothill joins the list of the victims that the Russian ransomware crew Clop claims to have compromised via the MOVEit vulnerability.
• College of Lake Forest July 26, 2023 • [ ransomware, sqlinjection, education ] The College of Lake Forest joins the list of the victims that the Russian ransomware crew Clop claims to have compromised via the MOVEit vulnerability.
• Johnstown Regional Sewage July 26, 2023 • [ social, phishing ] Federal and local law enforcement agencies investigate into an alleged phishing scam perpetrated against Johnstown Regional Sewage.
• NATO Communities of Interest (COI) Cooperation Portal July 26, 2023 • [ hack, government ] NATO confirms that its IT team is investigating claims about an alleged data-theft hack on the Communities of Interest (COI) Cooperation Portal (dnbl.ncia.nato.int) by the hacking group known as SiegedSec.