Full List

Search

Recent Breaches

• Frost & Sullivan June 24, 2020 • [ leak, misconfiguration, technology ] U.S. business consulting firm Frost & Sullivan is breached after data from an unsecured backup folder exposed on the Internet is sold on a hacker forum.
• Mercy Iowa City June 24, 2020 Mercy Iowa City notifies its patients of a data breach that occurred in the spring after an employee's email account was compromised and exposed the information of 92,795 people. The hacker reportedly used the compromised email account to send spam and phishing emails.
• Choice Health Management Services June 23, 2020 • [ social, phishing, healthcare ] Choice Health Management Services notifies an unspecified number of individuals of a phishing attack that occurred in late 2019.
• Tax Collector's Office for Polk County June 23, 2020 • [ hack, malware, government ] The Tax Collector's Office for Polk County blames malware found on an employee's computer for a data breach that affected around 450,000 residents of Polk County. The breach occurred in June.
• Kreditplus June 23, 2020 • [ leak, finance ] In June 2020, the Indonesian credit service Kreditplus suffered a data breach which exposed 896k records containing 769k unique email addresses. The breach exposed extensive personal information including names, family makeup, information on spouses, income and expenses, religions and employment information. The data was provided to HIBP by breachbase.pw.
• Swvl June 23, 2020 • [ hack ] In June 2020, the Egyptian bus operator Swvl suffered a data breach which impacted over 4 million members of the service. The exposed data included names, email addresses, phone numbers, profile photos, partial credit card data (type and last 4 digits) and passwords stored as bcrypt hashes, all of which was subsequently shared extensively throughout online hacking communities. The data was provided to HIBP by breachbase.pw.
• Encrochat June 22, 2020 • [ hack, technology ] The encrypted chat Encrochat shuts down after a police hack.
• Indiabulls Group June 22, 2020 Indian conglomerate Indiabulls Group is allegedly hit with a cyberattack from the CLOP Ransomware operators who have leaked screenshots of stolen data.
• Iowa State University June 22, 2020 Iowa State University officials announce that nearly 4,900 Iowa State University-affiliated email accounts were the recipients of a racist cyberattack from an email sender claiming to be Equity Prime Mortgage.
• Stalker Online June 22, 2020 More than one million players of the video game Stalker Online are at risk after a database containing over 1.2 million user records is being sold on hacking forums. Separately, another database which is said to contain more than 136,000 records from the game's forums is also being offered for sale.
• Coastal Preparatory Academy June 22, 2020 According to a letter sent to parents by Coastal Preparatory Academy and a lawsuit filed in Superior Court, a former employee obtained extremely sensitive personal information about parents and students, including social security numbers, health and financial information, and employment records. The employee also allegedly locked Academy leadership out of the computer system by refusing to provide passwords.
• Promo June 22, 2020 In July 2020, the self-proclaimed "World's #1 Marketing Video Maker" Promo suffered a data breach which was then shared extensively on a hacking forum. The incident exposed 22 million records containing almost 15 million unique email addresses alongside IP addresses, genders, names and salted SHA-256 password hashes. The data was provided to HIBP by dehashed.com.
• Appen June 22, 2020 In June 2020, the AI training data company Appen suffered a data breach exposing the details of almost 5.9 million users which were subsequently sold online. Included in the breach were names, email addresses and passwords stored as bcrypt hashes. Some records also contained phone numbers, employers and IP addresses. The data was provided to HIBP by dehashed.com.
• Scentbird June 22, 2020 In June 2020, the online fragrance service Scentbird suffered a data breach that exposed the personal information of over 5.8 million customers. Personal information including names, email addresses, genders, dates of birth, passwords stored as bcrypt hashes and indicators of password strength were all exposed. The data was provided to HIBP by breachbase.pw.
• yotepresto.com June 22, 2020 In June 2020, the Mexican lending platform yotepresto.com suffered a data breach. Over 1.4 million customers were impacted by the breach which disclosed email and IP addresses, usernames and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
• Vakinha June 22, 2020 In June 2020, the Brazilian fund raising service Vakinha suffered a data breach which impacted almost 4.8 million members. The exposed data included email addresses, names, phone numbers, geographic locations and passwords stored as bcrypt hashes, all of which was subsequently shared extensively throughout online hacking communities. The data was provided to HIBP by dehashed.com.
• Undisclosed bank in Europe June 21, 2020 • [ hack, ddos, finance ] Akamai reveals that a bank in Europe was hit by a massive distributed denial-of-service (DDoS) attack that peaked at a record 809 million packets per second (PPS).
• University of California, Davis June 21, 2020 • [ hack, phishing, education ] A racist cyberattack email is delivered to thousands of University of California, Davis email accounts, prompting the university to block most of the emails, officials said Tuesday.
• Not Acxiom June 21, 2020 • [ leak, misconfiguration, technology ] In 2020, a corpus of data containing almost a quarter of a billion records spanning over 400 different fields was misattributed to database marketing company Acxiom and subsequently circulated within the hacking community. On review, Acxiom concluded that "the claims are indeed false and that the data, which has been readily available across multiple environments, does not come from Acxiom and is in no way the subject of an Acxiom breach". The data contained almost 52M unique email addresses.
• Tallapoosa County Probate Office June 20, 2020 • [ ransomware, malware, government ] Tallapoosa County Probate Office is hit with a ransomware attack.