Full List

Search

Recent Breaches

• AeroGrow International April 5, 2019 • [ financial, malware, manufacturing ] AeroGrow says in a letter to customers that its website had credit card scraping malware for more than four months. Anyone who bought something through its website between October 29, 2018 and March 4, 2019 could have been affected.
• Health Recovery Services April 5, 2019 • [ hack, healthcare ] Health Recovery Services notifies 20,485 patients after discovering that an unauthorized IP address had accessed their network between November 2018 and February 5 2019.
• Training School of the First Scout Ranger Regiment April 4, 2019 • [ hack, government ] Emerging reports claim that the website of the training school of the First Scout Ranger Regiment, one of the Philippine Army's (PA) elite units, was hacked last year.
• Bayer April 4, 2019 • [ espionage, malware, manufacturing ] Bayer reveals to have contained a cyber attack carried out by the Wicked Panda Group via the WINNTI malware.
• Sylvan Union School District April 4, 2019 • [ ransomware, malware, education ] The Sylvan Union School District is hit by an apparent ransomware attack whose remediation costs exceed $1 million.
• Storenvy April 4, 2019 In mid-2019, the e-commerce website Storenvy suffered a data breach that exposed millions of customer records. A portion of the breached records were subsequently posted to a hacking forum with cracked password hashes, whilst the entire corpus of 23M rows was put up for sale. The data contained 11M unique email addresses alongside usernames, IP addresses, the user's city, gender date of birth and original salted SHA-1 password hash.
• City of Tallahassee April 3, 2019 Almost half a million dollars is diverted out of the city of Tallahassee's employee payroll after a suspected foreign cyber-attack of its human resources management application.
• Arizona Beverages April 2, 2019 • [ ransomware, malware ] Arizona Beverages, one of the largest beverage suppliers in the U.S., is hit by a ransomware attack.
• Genesee County April 2, 2019 • [ ransomware, malware, government ] Genesee County is hit with a ransomware attack and the county has been working non-stop to get their systems back online.
• Georgia Tech University April 2, 2019 • [ hack, misconfiguration, education ] Georgia Tech announces that a vulnerability in a web application allowed an attacker to gain access to the personal information of up to 1.3 million students, college applications, staff, and faculty members. The breach was discovered on March 21.
• Belgian Interior Ministry April 1, 2019 • [ espionage, government ] Belgian officials said that hackers breached the network of its interior ministry in a security incident that took place in April 2019. The investigation found that the threat actor's motive was likely espionage.
• Raymond Houndjo April 1, 2019 • [ espionage, malware, government ] Hackers used spyware, developed by Israeli technology firm NSO Group, that exploited a vulnerability in the messaging app WhatsApp to inject spyware onto the phones of opposition politicians and prominent religious leaders in Togo. The hack coincided with pro-reform protests in the country. Among the victims is Raymond Houndjo, a prominent member of the opposition party.
• Elliott Ohin April 1, 2019 • [ hack, malware, government ] Hackers used spyware, developed by Israeli technology firm NSO Group, that exploited a vulnerability in the messaging app WhatsApp to inject spyware onto the phones of opposition politicians and prominent religious leaders in Togo. The hack coincided with pro-reform protests in the country. Among the victims is Elliott Ohin who has served in several cabinet roles.
• Father Pierre Marie-Chanel Affognon April 1, 2019 Hackers used spyware, developed by Israeli technology firm NSO Group, that exploited a vulnerability in the messaging app WhatsApp to inject spyware onto the phones of opposition politicians and prominent religious leaders in Togo. The hack coincided with pro-reform protests in the country. Among the victims is Father Pierre Marie-Chanel Affognon, a Catholic priest.
• Monseigneur Benot Comlan Alowonou April 1, 2019 Hackers used spyware, developed by Israeli technology firm NSO Group, that exploited a vulnerability in the messaging app WhatsApp to inject spyware onto the phones of opposition politicians and prominent religious leaders in Togo. The hack coincided with pro-reform protests in the country. Among the victims is Monseigneur Beno t Comlan Alowonou, the Bishop of Kpalim .
• Lumin PDF April 1, 2019 • [ leak, misconfiguration, technology ] In April 2019, the PDF management service Lumin PDF suffered a data breach. The breach wasn't publicly disclosed until September when 15.5M records of user data appeared for download on a popular hacking forum. The data had been left publicly exposed in a MongoDB instance after which Lumin PDF was allegedly been "contacted multiple times, but ignored all the queries". The exposed data included names, email addresses, genders, spoken language and either a bcrypt password hash or Google auth token. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
• City of Albany March 31, 2019 • [ ransomware, malware, government ] The City of Albany, the capital of the U.S. state of New York, is hit by a ransomware attack, with city officials working over the weekend to respond to the incident.
• Vastaamo March 31, 2019 • [ ransomware, malware, healthcare ] In October 2020, the Finnish psychotherapy service Vastaamo was the subject of a ransomware attack targeting first the company itself, followed by their patients directly. The original security incident dates back to a period between late 2018 and early 2019 and exposed data including 30k unique email addresses, names, social security numbers and notes on individuals' psychotherapy sessions. This breach has been flagged as "sensitive" and is only searchable by owners of the email addresses and domains exposed in the incident.
• Bithumb March 30, 2019 • [ hack, insider, financial ] Bithumb is hacked for the second time in less than a year as attackers (probably an insider job) manage to steal $21 million worth (3 million EOS coins and 20 million XRP).
• Donald Trump March 30, 2019 Federal authorities investigate a possible Chinese intelligence operation targeting President Donald Trump, after a Chinese woman is arrested while trying to enter the Palm Beach club, Mar-a-Lago with a thumb drive infected with malware.