Recent Breaches
-
March 4, 2020 The Australian Signals Directorate (ASD) reveals that a vulnerability in Citrix, could have been used by malicious actors to access a database of Australian Defence recruitment details.
-
March 4, 2020 • Boots suspends payments using loyalty points in shops and online after attempts to break into customers' accounts using stolen passwords.
-
March 4, 2020 • US telecommunications giant T-Mobile discloses a security breach that impacted both its employees and customers alike. The attackers gained access to "certain T-Mobile employee email accounts, some of which contained account information for T-Mobile customers and employees."
-
March 4, 2020 • In March 2020, a massive trove of personal information referred to as "Lead Hunter" was provided to HIBP after being found left exposed on a publicly facing Elasticsearch server. The data contained 69 million unique email addresses across 110 million rows of data accompanied by additional personal information including names, phone numbers, genders and physical addresses. At the time of publishing, the breach could not be attributed to those responsible for obtaining and exposing it. The data was provided to HIBP by dehashed.com.
-
March 3, 2020 • Four Queens Hotel and Casino and Binion's Casino are hit with a ransomware attack.
-
March 3, 2020 • Clothing giant J.Crew says an unknown number of customers had their online accounts accessed "by an unauthorized party" in or around April 2019.
-
March 2, 2020 • Spartanburg School District One is hit with a ransomware attack.
-
March 2, 2020 • A threat actor posts a leaked Vijay Sales, a large electronics retail store chain in India, database on a popular dark web hacker forum. The threat actor claims the source was from an "exposed backup server" breached in February 2020.
-
March 2, 2020 • A threat actor posts another database, this time from technology company GeoCloud, leaked through a public Amazon server. The data contains users' names, email addresses, and passwords as well as the company's social media keys and company information.
-
March 2, 2020 • The City of Novi Sad in Serbia is hit by the PwndLocker ransomware.
-
March 2, 2020 • The Syrian Electronic Army publishes some invoices leaked from Microsoft indicating that the company charges the FBI to view customers' information.
-
March 2, 2020 • Tesco issues new cards to 600,000 Clubcard account holders after a credential stuffing attack.
-
March 1, 2020 • Community Development Bank becomes the latest victim of the Maze ransomware team.
-
March 1, 2020 • Visser Precision, parts maker for space and defense contractors confirms a DoppelPaymer ransomware attack.
-
March 1, 2020 • In approximately March 2020, the Brazilian recruitment website Catho was compromised and subsequently appeared alongside 20 other breached websites listed for sale on a dark web marketplace. The breach included almost 11 million records with 1.2 million unique email addresses. Names, usernames and plain text passwords were also exposed. The data was provided to HIBP by breachbase.pw.
-
February 29, 2020 • A hacker dubbed Digileaker claims to have stolen the data related to 8,000 Digitex users.
-
February 29, 2020 • Legal services giant Epiq Global is hit by a ransomware attack.
-
February 29, 2020 Fintech startup Loqbox reveals to have suffered an "attack" which potentially revealed its customers' names, postal addresses, dates of birth, email addresses and phone numbers.
-
February 29, 2020 • RailWorks Corporation, one of the leading providers of rail infrastructure solutions in North America, discloses a ransomware attack.
-
February 28, 2020 • Munson Healthcare Group discloses that hackers gained access to patient data placed by compromising the email accounts of at least two employees. Patient records were accessed from July 31, 2019, to October 22, 2019, but the breach went undetected until January 16, 2020.