-
AT&T
January 6, 2023
•
[ leak, misconfiguration, technology ]
A threat actor named IntelBroker claims to have found a third-party vendor's unsecured cloud storage containing 37 million AT&T client records. The threat actor shares a sample of 5 million records.
-
Consulate Health Care
January 6, 2023
•
[ ransomware, leak, malware ]
The Hive ransomware gang leaks 550 GB of data stolen from Consulate Health Care, including customer and employee PII data.
-
Frances King School of English
January 6, 2023
•
[ ransomware, leak, malware ]
The Vice Society ransomware group leaks the data of 14 schools including the Frances King School of English.
-
Gateway College
January 6, 2023
•
[ ransomware, malware, education ]
The Vice Society ransomware group leaks the data of 14 schools including the Gateway College.
-
Universidad De La Salle
January 6, 2023
•
[ ransomware, leak, malware ]
The Cl0p ransomware group adds Universidad De La Salle to its leak page
-
Autotrader
January 6, 2023
•
[ hack, misconfiguration, automotive ]
In January 2023, 1.4M records from the Autotrader online vehicle marketplace appeared on a popular hacking forum. Autotrader stated that the "data in question relates to aged listing data that was generally publicly available on our site at the time and open to automated collection methods". The data contained 20k unique email addresses alongside physical addresses and phone numbers of dealers and vehicle details including VIN numbers. The data was provided to HIBP by a source who requested it be attributed to "IntelBroker".
-
-
RV Transport
January 5, 2023
•
[ hack, ddos ]
NoName057(16) claims to have conducted DDoS attacks against the websites of nine Lithuanian logistics companies.
-
3Mob
January 5, 2023
•
[ hack, ddos, technology ]
The Russian-affiliated People's CyberArmy claims to have conducted a DDoS attack against the website of a Ukrainian mobile operator.
-
T-Mobile
January 5, 2023
•
[ hack, misconfiguration, technology ]
T-Mobile discloses a new data breach after a threat actor stole the personal information of 37 million current postpaid and prepaid customer accounts through one of its Application Programming Interfaces (APIs).
-
CircleCI
January 4, 2023
•
[ hack, technology ]
CircleCI, a software development service discloses a security incident and is urging users to rotate their secrets.
-
OKKO Group
January 4, 2023
•
[ hack, ddos, retail ]
The Russian-affiliated People's CyberArmy claims to have conducted a DDoS attack against the website of a Ukrainian gas station network.
-
Breitto
January 3, 2023
•
[ hack, ddos ]
NoName057(16) claims to have conducted DDoS attacks against the websites of four Lithuanian logistics companies.
-
Live Oak Surgery Center
January 3, 2023
Live Oak Surgery Center discloses that two employee email accounts were compromised by an unauthorized third party, which in turn potentially caused the information of 5,264 patients to be viewed or taken.
-
University of Miami Health System (UHealth)
January 3, 2023
University of Miami Health System (UHealth) announces that the protected health information of 973 patients has potentially been compromised as a result of an employee's personal data breach.
-
Shibuya Ward
January 3, 2023
•
[ hack, ddos, government ]
The website of Shibuya Ward (Municipality of Shibuya) is taken down by a DDoS attack.
-
United Kingdom's Department for Environment, Food & Rural Affairs (DEFRA)
January 3, 2023
Threat actors abuse an open redirect on the official website of the United Kingdom's Department for Environment, Food & Rural Affairs (DEFRA) to direct visitors to fake OnlyFans adult dating sites.
-
Swansea Public Schools
January 3, 2023
•
[ ransomware, malware, education ]
The Swansea Public Schools institution is also hit with a ransomware attack.
-
iD Tech
January 3, 2023
•
[ hack, leak, technology ]
In February 2023, the tech camps for kids service iD Tech had almost 1M records posted to a popular hacking forum. The data included 415k unique email addresses, names, dates of birth and plain text passwords which appear to have been breached in the previous month. iD Tech did not respond to multiple attempts to report the incident.
-
Freught
January 2, 2023
NoName057(16) claims to have conducted a DDoS attack against the website of a Lithuanian logistics company.