-
CommuteAir
January 26, 2023
•
[ leak, misconfiguration, government ]
A U.S. No Fly list with over 1.5 million records of banned flyers and upwards of 250,000 'selectees' is shared publicly on a hacking forum.
-
Guardian Analytics
January 26, 2023
•
[ leak, misconfiguration, finance ]
Webster Bank files a notice of data breach after learning of a third-party data breach at Guardian Analytics, one of Webster Bank's vendors.
-
Matco Tools Corporation
January 26, 2023
•
[ leak, manufacturing ]
Matco Tools Corporation files notice of a data breach following a cybersecurity incident that leaked confidential consumer information that was in the company's possession.
-
Eye4Fraud
January 25, 2023
•
[ hack, misconfiguration, technology ]
In February 2023, data alleged to have been taken from the fraud protection service Eye4Fraud was listed for sale on a popular hacking forum. Spanning tens of millions of rows with 16M unique email addresses, the data was spread across 147 tables totalling 65GB and included both direct users of the service and what appears to be individuals who'd placed orders on other services that implemented Eye4Fraud to protect their sales. The data included names and bcrypt password hashes for users, and names, phone numbers, physical addresses and partial credit card data (card type and last 4 digits) for orders placed using the service. Eye4Fraud did not respond to multiple attempts to report the incident.
-
Xavier University of Louisiana
January 24, 2023
Xavier University of Louisiana (XULA) says it suffered a cyberattack compromising Social Security numbers and other personal information from more than 44,000 students and vendors.
-
Municipal Court of Circleville, Ohio
January 24, 2023
•
[ ransomware, malware, government ]
The Circleville Municipal Court is hit with a LockBit 3.0 ransomware attack.
-
Puma
January 24, 2023
•
[ leak, retail ]
Private data allegedly belonging to more than 230,000 Puma customers in Chile is found on a hacker forum.
-
Planet Ice
January 24, 2023
•
[ hack ]
The ice rink operator Planet Ice suffers a data breach, and approximately 200,000 people have their details stolen.
-
Duolingo
January 24, 2023
•
[ leak, misconfiguration, education ]
In August 2023, 2.6M records of data scraped from Duolingo were broadly distributed on a popular hacking forum. Obtained by enumerating a vulnerable API, the data had earlier appeared for sale in January 2023 and contained email addresses, names, the languages being learned, XP (experience points), and other data related to learning progress on Duolingo. Whilst some of the data attributes are intentionally public, the ability to map private email addresses to them presents an ongoing risk to user privacy.
-
A10 Networks
January 23, 2023
•
[ ransomware, malware, manufacturing ]
The California-based networking hardware manufacturer A10 Networks confirms that the Play ransomware gang briefly gained access to its IT infrastructure and compromised data.
-
ePublic
January 23, 2023
•
[ leak, retail ]
The database of ePublic, an IT service provider offering services to multiple Italian municipalities, is leaked online.
-
Audifarma
January 22, 2023
•
[ hack, healthcare ]
Audifarma, a Colombian pharmacy chain, announces that it had been the victim of a cyber attack.
-
Instituto Federal Do Para (IFPA)
January 21, 2023
The Instituto Federal Do Para (IFPA), a public education institution in Brazil, is added to the leaks site of the ALPHV (BlackCat) ransomware gang.
-
Members Trust of the Southwest Federal Credit Union
January 20, 2023
•
[ leak, finance ]
Members Trust of the Southwest Federal Credit Union files notice of a data breach after confirming that the confidential information of some bank customers was accessible by an unauthorized party.
-
Wawasee Community School Corporation
January 20, 2023
•
[ ransomware, malware, education ]
The Wawasee Community School Corporation is hit with a ransomware attack.
-
Guildford County School
January 19, 2023
•
[ ransomware, malware, education ]
The Guildford County School is hit with a Vice Society ransomware attack.
-
Renewal by Andersen
January 19, 2023
•
[ hack, manufacturing ]
Renewal by Andersen files a notice of data breach after confirming that a security incident involving the company's IT network resulted in an unauthorized party gaining access to confidential consumer data.
-
Cannon Corporation
January 19, 2023
The Cannon Corporation dba CannonDesign sends notices of a data breach to more than 13,000 of current and former employees, informing that threat actors breached and stole data from its network in an attack in early 2023. The Avos Locker ransomware gang claims responsibility for the attack.
-
Iranian government
January 18, 2023
Researchers from Palo Alto Networks discover a new campaign by APT15 targeting the Iranian government.
-
Benetton Group
January 18, 2023
•
[ hack, manufacturing ]
Renowned Italian clothing company the Benetton Group reportedly is hit with a cyberattack from an unknown threat group