Full List

Search

Recent Breaches

• Northwest Health La Porte May 2, 2023 • [ ransomware, malware, healthcare ] Northwest Health La Porte confirms that the protected health information of 10,256 patients was compromised in the Clop ransomware group's series of attacks exploiting the zero-day vulnerability in Fortra's GoAnywhere file transfer.
• Physicians Insurance May 2, 2023 • [ social, phishing, finance ] Physicians Insurance A Mutual Company, its affiliate MedChoice Risk Retention Group, and its subsidiary Experix (collectively "Physicians Insurance") file a notice of data breach after discovering that an unauthorized party gained access to an employee's email account.
• Optima Tax Relief May 2, 2023 • [ leak, finance ] Optima Tax Relief files a notice of data breach after learning that a recent data security incident exposed the confidential information of certain customers to an unauthorized party.
• Wichita State University May 2, 2023 • [ hack, education ] Wichita State University takes proactive measures and disconnects several University systems to isolate an unauthorized attempt by a third party to access the University's systems
• Barracuda May 1, 2023 • [ hack, malware, technology ] Barracuda, a company known for its email and network security solutions, warns customers that some of their Email Security Gateway (ESG) appliances were breached last week by targeting CVE-2023-2868, a now-patched zero-day vulnerability.
• SNY Cargo May 1, 2023 Researchers from ClearSky Security reveal the details of 'Fata Morgana' a watering hole attack on at least eight shipping and logistics companies in Israel. The attack is highly likely to be orchestrated by a nation-state actor from Iran, with a low confidence specific attribution to Tortoiseshell (also called TA456 or Imperial Kitten).
• Emby May 1, 2023 • [ hack, misconfiguration, technology ] Emby says it remotely shut down an undisclosed number of user-hosted media server instances that were recently hacked by exploiting a previously known vulnerability and an insecure admin account configuration.
• Precision Anesthesia Billing May 1, 2023 • [ hack, healthcare ] Precision Anesthesia Billing files a notice of data breach after discovering that an unauthorized party was able to access confidential patient information provided to the company.
• Heritage Group May 1, 2023 • [ hack, misconfiguration ] Heritage Group files a notice of data breach after an unauthorized party gained access to the company's computer network and was able to access confidential information belonging to certain current and former employees and their dependents.
• Mission Community Hospital May 1, 2023 • [ ransomware, leak, malware ] Mission Community Hospital is added to the list of the victims of the RansomHouse group, which claimed to have stolen 2.5 TB of data, including a large amount of patient data exploiting vulnerabilities on Paragon and Cisco.
• City of Dallas May 1, 2023 • [ ransomware, malware, government ] The City of Dallas suffers a Royal ransomware attack, causing it to shut down some of its IT systems to prevent the attack's spread.
• Level Finance May 1, 2023 Attackers exploit a Level Finance smart contract vulnerability to drain approximately $1,100,000 worth of cryptocurrency.
• Roosevelt University May 1, 2023 • [ hack, education ] Roosevelt University (RU) files a notice of data breach after discovering that an unauthorized actor was able to access confidential student and prospective student information in the school's possession.
• Western Sydney University May 1, 2023 • [ hack, misconfiguration, education ] Western Sydney University (WSU) notifies students and academic staff about a data breach after threat actors breached its Microsoft 365 and Sharepoint environment.
• Le Coq Sportif Columbia May 1, 2023 • [ leak, retail ] In January 2025, a data breach from the Columbian website for Le Coq Sportif was posted to a popular hacking forum. The data included almost 80k unique email addresses with the breach dating back to May 2023. Impacted data included physical and IP addresses, names, purchases, genders, dates of birth and bcrypt password hashes. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".
• North Carolina Housing Finance Agency April 30, 2023 • [ financial, phishing, government ] The North Carolina Housing Finance Agency (NCHFA) loses nearly $3 million in a business email compromise (BEC) scam.
• TIC Hosting April 30, 2023 • [ hack, technology ] TIC Hosting, a hosting provider in Romania, suffers a data breach affecting 300 customers.
• Bluefield University April 30, 2023 • [ ransomware, malware, education ] The Bluefield University is hit with an Avos ransomware attack. Few days later the ransomware gang hijacks the University's emergency broadcast system, "RamAlert," to send students and staff SMS texts and email alerts that their data was stolen and would soon be released.
• Our Sunday Visitor April 30, 2023 Data extortion group Karakurt claims it attacked Our Sunday Visitor, a Catholic publishing company, The attackers claim to have stolen 130 gigabytes of data, including accounting documents, HR information, employee data, financial contracts, invoices, marketing information and more.
• Pareto Phone Limited April 30, 2023 • [ leak ] ChildFund in New Zealand issues a public notice about a data breach involving a telemarketing company, Pareto Phone Limited. ChildFund had contracted with Pareto in 2014 to conduct fundraising activity on its behalf.