Full List

Search

Recent Breaches

• TSG Interactive US Services Limited (d/b/a PokerStars) June 2, 2023 • [ ransomware, cve-2023-34362, technology ] PokerStars is added to the list of the victims of the Clop ransomware gang exploiting the CVE-2023-34362 vulnerability.
• YKK June 2, 2023 • [ ransomware, malware, manufacturing ] The Japanese zipper giant YKK confirms that its U.S. operations were targeted by hackers in recent weeks but said it was able to contain the threat before damage was caused. However the LockBit ransomware gang posts the company name on its leak site, threatening to leak the stolen data.
• Wake Family Eye Care June 2, 2023 • [ ransomware, malware, healthcare ] Wake Family Eye Care files a notice of data breach after discovering that a recent ransomware attack compromised confidential patient information.
• Allegheny County June 1, 2023 Allegheny County, Pennsylvania, files a notice of data breach after confirming that a vulnerability in MOVEit, a file-transfer program used by Allegheny County, resulted in an unauthorized party being able to access confidential consumer information.
• Allegiant Air June 1, 2023 • [ hack, sqlinjection ] Allegiant Air confirms that 1,405 people had information accessed through the exploitation of the MOVEit vulnerability.
• biorieux June 1, 2023 biorieux files a notice of data breach after discovering that the MOVEit file transfer software used by Vitality Group, contained a vulnerability allowing hackers to access confidential consumer information that had been provided to bioMrieux.
• University System of Georgia (USG) June 1, 2023 • [ ransomware, malware, education ] Threat actors are actively exploiting a zero-day vulnerability in the MOVEit Transfer file transfer software, tracked as CVE-2023-34362, to steal data from organizations. Few days later the Clop ransomware gang claims responsibility for the attacks and starts extorting companies impacted by the data theft attacks,
• Law Foundation of Silicon Valley June 1, 2023 The Law Foundation of Silicon Valley, a California law firm that provides free services to those in need, discloses to have been it by a ransomware attack compromising the data of 42,000 individuals.
• North Mississippi Health Services June 1, 2023 North Mississippi Health Services (NMHS) posts a notice on its website describing a third-party data breach at Cadence Bank, a company that provides treasury management services to NMHS, due to the exploitation of MOVEit vulnerability.
• Ofcom June 1, 2023 • [ hack, sqlinjection, government ] Britain's communications regulator Ofcom announces that confidential information which it held on companies it regulates was downloaded by hackers exploiting the CVE-2023-34362 vulnerability in the MOVEit file transfer tool.
• Kaspersky June 1, 2023 • [ hack, malware, technology ] Russian cybersecurity firm Kaspersky discloses 'Operation Triangulation': some iPhones on its network were hacked using an iOS vulnerability that installed malware via iMessage zero-click exploits.
• Middlesex County Public Schools June 1, 2023 • [ ransomware, malware, education ] The superintendent for Middlesex County Public Schools confirms that the school division was the subject of a recent ransomware attack.
• Cadence Bank June 1, 2023 Cadence Bank files a notice of data breach after discovering that the MOVEit file transfer application used by Cadence, contained a critical vulnerability, with the incident resulting in an unauthorized party being able to access consumers' sensitive information.
• Delta Dental of California June 1, 2023 Delta Dental of California files a notice of data breach after discovering that attackers exploited the vulnerability in MOVEit, the file-transfer application used by the company.
• Discovery at Home June 1, 2023 • [ social, phishing, retail ] Discovery at Home issues a website notice about a phishing incident they discovered on June 1.
• Pathology Resource Network June 1, 2023 • [ leak, sqlinjection, healthcare ] Pathology Resource Network (PRN) adds a website notice on its homepage after discovering that Cadence Bank, which provides treasury management services to PRN, experienced a MOVEit-related data breach.
• Russian diplomats June 1, 2023 Russia's Federal Security Service (FSB) also accuses U.S. intelligence of hacking "thousands of Apple phones" to spy on Russian diplomats exploiting the same vulnerability.
• Starmount Life Insurance Company June 1, 2023 • [ hack, misconfiguration, finance ] Unum Group's subsidiary Starmount Life Insurance Company posts a notice of data breach on its website after discovering that the company's MOVEit server was accessed by an unauthorized party.
• 22 energy companies in Denmark May 31, 2023 SektorCERT, Denmark's state-funded organization handling cyber incidents in the critical sector, reveals that 22 energy companies were breached during May 2023, exploiting the CVE-2023-28771 Zyxel vulnerability.
• AlohaCare May 31, 2023 • [ leak, sqlinjection, healthcare ] AlohaCare files a notice of data breach after confirming that a vulnerability in the file-transfer program MOVEit resulted in confidential patient information being accessible to an unauthorized party.