Full List

Search

Recent Breaches

• Stony Brook University October 14, 2020 • [ social, phishing, education ] Iranian hackers with a history of launching phishing attacks against acedmic institutions have launched a new campaign, including against Stony Brook University.
• Universiteit Utrecht October 14, 2020 • [ social, phishing, education ] Iranian hackers with a history of launching phishing attacks against acedmic institutions have launched a new campaign, including against the Universiteit Utrecht.
• University of Cambridge October 14, 2020 • [ social, phishing, education ] Iranian hackers with a history of launching phishing attacks against acedmic institutions have launched a new campaign, including against the University of Cambridge.
• University of Lincoln October 14, 2020 • [ hack, phishing, education ] Iranian hackers with a history of launching phishing attacks against acedmic institutions have launched a new campaign, including against the University of Lincoln.
• bigbasket October 14, 2020 • [ leak, retail ] In October 2020, the Indian grocery platform bigbasket suffered a data breach that exposed over 20 million customer records. The data was originally sold before being leaked publicly in April the following year and included email, IP and physical addresses, names, phones numbers, dates of birth passwords stored as Django(SHA-1) hashes.
• Intcomex October 13, 2020 • [ ransomware, leak, malware ] After a ransomware attack, Intcomex suffers a major data breach, with nearly 1 TB of its users' data leaked. The leaked data includes credit cards, passport and license scans, personal data, payroll, financial documents, customer databases, employee information and more.
• Unnamed e-commerece platform October 13, 2020 • [ financial, hack, leak ] Indian authorities are searching for a hacker who accessed the confidential data of an e-commerce company and advertised the sale of the information on the dark net. The hacker allegedly demanded money from the owner of the company to take down the list.
• Hennepin HealthCare October 13, 2020 • [ insider, misconfiguration, healthcare ] Five employees at Hennepin HealthCare have been fired for improperly accessing George Floyd's medical information.
• Verificient October 13, 2020 The online proctoring service ProctorTrack has disabled its service after its service company, Verificient, was hacked. The hacker sent offensive emails from the Verificient Support account and also defaced the Verificient website.
• Hackney Council October 13, 2020 London's Hackney Council has reported it has been the target of a serious cyber-attack which is affecting many of its services and IT systems. Data was stolen from the Council and published by the Pysa ransomware gang in January.
• Thingiverse October 13, 2020 • [ leak, misconfiguration, technology ] In October 2021, a database backup taken from the 3D model sharing service Thingiverse began extensively circulating within the hacking community. Dating back to October 2020, the 36GB file contained 228 thousand unique email addresses, mostly alongside comments left on 3D models. The data also included usernames, IP addresses, full names and passwords stored as either unsalted SHA-1 or bcrypt hashes. In some cases, physical addresses was also exposed. Thingiverse's owner, MakerBot, is aware of the incident but at the time of writing, is yet to issue a disclosure statement. The data was provided to HIBP by dehashed.com.
• WildWorks October 12, 2020 A threat actor has shared two databases belonging to online-game Animal Jam on a hacker forum. The databases were stolen by ShinyHunters after compromising WildWorks, the game's creator.
• Yazoo County School District October 12, 2020 • [ ransomware, malware, education ] The Yazoo County School District votes to pay a company $300,000 to recover files encrypted by ransomware threat actors.
• Havelsan October 12, 2020 • [ leak, manufacturing ] Researchers from the US-based firm Havelsan recently came across a post shared by an unknown threat actor that goes online with the moniker Spectre123, where he has allegedly leaked the sensitive documents Havelsan, a Turkish Military/defence manufacturer.
• NATO October 12, 2020 • [ government, leak ] Researchers from Cyble discover a post shared by an unknown threat actor that goes online with the moniker Spectre123, where he has allegedly leaked the sensitive documents of NATO.
• Walled Lake Consolidated School District October 12, 2020 • [ ransomware, malware, education ] Walled Lake Consolidated School District says a system outage has been linked to a ransomware attack. Several weeks later, the DoppelPaymer threat actors dumped some limited data as proof of access to the district's systems.
• Sisters of Charity Health System October 12, 2020 • [ hack, healthcare ] The Sisters of Charity Health System is another organization affected by the Blackbaud hack.
• Animal Jam October 12, 2020 In October 2020, the online game for kids Animal Jam suffered a data breach which was subsequently shared through online hacking communities the following month. The data contained 46 million user accounts with over 7 million unique email addresses. Impacted data also included usernames, IP addresses and for some records, dates of birth (sometimes in partial form), physical addresses, parent names and passwords stored as PBKDF2 hashes.
• Hawaii Attorney General's office October 11, 2020 • [ leak, government ] The state of Hawaii is investigating a potential breach of data within one of their systems tied to the Attorney General's office. Nearly 150 individuals who applied for a travel exemption through the state Attorney General's website were notified Friday about the potential breach.
• Sonoma Valley Hospital October 11, 2020 • [ hack, malware, healthcare ] Sonoma Valley Hospital reported that a security incident on Oct. 11 knocked out its computer systems, and is not fully restored.