-
The Heritage Foundation
July 9, 2024
•
[ hack, education ]
In July 2024, hacktivists published almost 2GB of data taken from The Heritage Foundation and their media arm, The Daily Signal. The data contained 72k unique email addresses, primarily used for commenting on articles (along with names, IP addresses and the comments left) and by content contributors (along with usernames and passwords stored as either MD5 or phpass hashes).
-
-
U.S. Department of Veterans Affairs
July 8, 2024
The Microsoft Azure environment of the U.S. Department of Veterans Affairs was briefly compromised by Russian threat actors
-
Frankfurt University of Applied Sciences
July 8, 2024
The Frankfurt University of Applied Sciences announced on Monday it was targeted by a serious hacker attack that has led to a total shutdown of its IT systems.
-
Undisclosed app
July 7, 2024
•
[ leak, misconfiguration, retail ]
E-commerce platform Shopify denies it suffered a data breach after a threat actor with the moniker of 888 begins selling customer data they claim was stolen from the company's network. According to Shopify, the data loss reported was caused by a third-party app.
-
MSI
July 7, 2024
•
[ leak, misconfiguration, technology ]
In July 2024, MSI inadvertently exposed hundreds of thousands of customer records related to RMA claims that were subsequently found to be publicly accessible. The data included 250k unique email addresses alongside names, phone numbers, physical addresses and warranty claims. When contacted about the incident, MSI advised that "there is no evidence the information was ever accessed" and that "the security incident we had did not trigger state data breach notification obligations" due to the absence of "(social security number, driver's license number.etc)".
-
LuLu
July 6, 2024
In July 2024, the Emirati-based LuLu retail store suffered a data breach. The impacted data included 190k email addresses and associated phone numbers which were subsequently shared on a popular hacking forum. The data was provided to HIBP by a source who requested it be attributed to "IntelBroker". The following month, the threat of leaking the full database was carried out and a backup from October 2022 with a further 2.6M unique email addresses appeared. This data also included names, physical addresses, orders and PBKDF2 password hashes.
-
Elite Fitness
July 5, 2024
•
[ ransomware, leak, malware ]
The DragonForce ransomware group says on its leak site that it stole 5.31 gigabytes of data from Elite Fitness, New Zealand's leading fitness equipment retailer.
-
FNTech
July 5, 2024
•
[ hack, misconfiguration, technology ]
Roblox announces that it suffered a data breach impacting attendees of the 2022, 2023, and 2024 Roblox Developer Conference attendees, after a vendor, FNTech, is compromised.
-
AnimeLeague
July 4, 2024
•
[ leak, sqlinjection, technology ]
In July 2024, AnimeLeague disclosed a data breach of their services. The data was posted for sale on a popular hacking forum and included 2 databases covering both event registration records and a dump of the phpBB bulletin board. The impacted data included passwords in various hashed formats including SHA-1, salted md5 and bcrypt, as well as usernames, private messages, dates of birth, purchases and 192k unique email addresses.
-
FNTECH
July 4, 2024
•
[ leak, technology ]
In July 2024, the events management platform FNTECH suffered a data breach that exposed 10k unique email addresses. The data contained registrants from various events, including participants of the Roblox Developer Conference registration list. The data also included names and IP addresses.
-
Husky Owners
July 4, 2024
•
[ hack, leak ]
In July 2024, the Husky Owners forum website was defaced and linked to a breach of user data containing 16k records. The exposed data included usernames, email addresses, dates of birth and time zones.
-
Florida Department of Health
July 3, 2024
•
[ ransomware, malware, healthcare ]
The RansomHub ransomware group claims it breached the Florida Department of Health and gained access to a large amount of potentially sensitive data (100 GB) on Floridians.
-
Solano County
July 3, 2024
•
[ ransomware, malware, government ]
Nearly three months after a ransomware attack disrupted phone lines, computer services and Wi-Fi across Solano County's public libraries, systems are still down.
-
Cedar Falls
July 3, 2024
Cedar Falls officials are investigating a ransomware event that was detected in June 2024.
-
FIA (Fédération Internationale de l'Automobile)
July 3, 2024
FIA (Fdration Internationale de l'Automobile) says attackers gained access to personal data after compromising several FIA email accounts in a phishing attack.
-
Louisiana Special School District
July 3, 2024
•
[ ransomware, malware, education ]
Louisiana Special School District suffers an Akira ransomware attack.
-
Twilio Authy
July 3, 2024
Twilio confirms that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks.
-
Alabama State Department of Education
July 3, 2024
•
[ ransomware, malware, education ]
The Alabama State Department of Education says it stopped a ransomware attack last month but threat actors were still able to access some data and disrupt services.
-
Bittensor
July 3, 2024
Developers of the decentralized artificial intelligence project Bittensor temporarily suspend its blockchain network following a suspected security exploit involving user wallets.
