-
TAFE NSW
August 8, 2019
•
[ social, phishing, education ]
TAFE NSW has two dozen employees hit by a phishing attack.
-
National Baseball Hall of Fame
August 7, 2019
•
[ financial, hack, malware ]
The website for the National Baseball Hall of Fame is hacked to include a MageCart script that stole the payment information of customers who purchased items on the site. The infection occurred between November 15, 2018 and May 14, 2019.
-
State Farm
August 7, 2019
•
[ hack, brute-force, finance ]
US banking and insurance giant State Farm says it suffered a credential stuffing attack in July, during which "a bad actor" was able to confirm valid usernames and passwords for State Farm online accounts.
-
Office of the First Deputy Prime Minister of Bahrain
August 7, 2019
•
[ espionage, malware, government ]
A threat actor broke into the systems of Bahrain's National Security Agency, Ministry of Interior, and office of the first deputy prime minister. On July 25, 2019, Bahraini authorities detected intrusions into its electric and water authority that shut down several systems. The attacks were similar to two hacks in 2012, in which the Shamoon virus was used to knock Qatar's natural gas firm RasGas offline and wipe data from the hard drives at Saudi Aramco, Saudi Arabia's national oil company. Iran is believed to be behind the attacks.
-
Township of Maplewood
August 7, 2019
•
[ hack, malware, government ]
The Township of Maplewood discovers a malware infection. The infection started on December 2018.
-
Venezuelan military
August 5, 2019
Researchers from ESET reveal the details of Machete, a cyber espionage group active since 2010, stealing sensitive files from the Venezuelan military.
-
AT&T
August 5, 2019
The US Department of Justice reveals that an AT&T employees took bribes to unlock millions of smartphones, and to install malware and unauthorized hardware on the company's network.
-
CafePress
August 5, 2019
CafePress, the custom T-shirt and merchandise company, is hacked. According to various reports, the breach that compromised more than 23 million accounts happened on February 20.
-
Camp Verde Unified School District
August 5, 2019
•
[ ransomware, malware, education ]
Camp Verde Unified School District reveals to have been hit by a ransomware attack.
-
Cardpool
August 4, 2019
A Russian hacker sells on a top-tier underground forum close to 900,000 gift cards with a total value estimated at $38 million. The cards are allegedly stolen from Cardpool.com.
-
Murfreesboro Water Department
August 3, 2019
•
[ hack, government ]
The online access portal for Murfreesboro Water Department bill payment is defaced.
-
Promofarma
August 3, 2019
In August 2019, a data breach from the Spanish online pharmacy Promofarma appeared for sale on a dark web marketplace. The breach exposed over 2.7M records and contained almost 1.3M unique customer email addresses. The data also included customer names and was provided to HIBP by dehashed.com.
-
City of Naples, Florida
August 2, 2019
•
[ financial, social, phishing ]
The City of Naples, Florida, loses $700,000 after a spear phishing attack.
-
Presbyterian Healthcare Services
August 2, 2019
•
[ leak, phishing, healthcare ]
Presbyterian Healthcare Services is the victim of a phishing attack impacting around 183,000 patients and health plan members.
-
SuperINN
August 2, 2019
•
[ hack ]
SuperINN notifies its clients of a hack impacting more than 43,000 consumers.
-
Poshmark
August 1, 2019
•
[ hack, retail ]
Poshmark, an online marketplace where North American users can buy and sell new or used clothes, shoes, and accessories, discloses a data breach: an unauthorized party gained access to its servers from where it stole personal information.
-
Broken Arrow Public Schools
August 1, 2019
•
[ ransomware, malware, education ]
Broken Arrow Public Schools are hit by a ransomware attack.
-
Librer Porra
August 1, 2019
A bookseller in Mexico named Librer a Porr a leaves a MongoDB exposed on the Internet and has the 2.1 customer records stolen and replaced by a ransom note.
-
StockX
August 1, 2019
•
[ hack, retail ]
StockX, a popular site for buying and selling sneakers and other apparel, resets customer passwords after it is hacked back in May. More than 6.8 million records were stolen.
-
Facebook
August 1, 2019
•
[ leak, technology ]
In April 2021, a large data set of over 500 million Facebook users was made freely available for download. Encompassing approximately 20% of Facebook's subscribers, the data was allegedly obtained by exploiting a vulnerability Facebook advises they rectified in August 2019. The primary value of the data is the association of phone numbers to identities; whilst each record included phone, only 2.5 million contained an email address. Most records contained names and genders with many also including dates of birth, location, relationship status and employer.