Full List

Search

Recent Breaches

• Choice Rehabilitation December 31, 2018 Choice Rehabilitation notifies patients after hack of corporate email account. The suspicious activity occurred from July 1, 2018 through September 30, 2018.
• Sen. Claire McCaskill December 31, 2018 • [ espionage, phishing, government ] Sen. Claire McCaskill and her staffers are the targets of a spear phishing campaign allegedly orchestrated by the infamous Fancy Bear AKA APT28.
• IIMJobs December 31, 2018 • [ hack, leak, misconfiguration ] In December 2018, the Indian job portal IIMJobs suffered a data breach that exposed 4.1 million unique email addresses. The data also included names, phone numbers, geographic locations, dates of birth, job titles, job applications and cover letters plus passwords stored as unsalted MD5 hashes. The data was provided to HIBP by dehashed.com.
• Unknown Organization December 30, 2018 Hackers from the Anonymous collective release the contact information of over 200 Italian police officers, including their full names and personal email addresses. Hackers also post the user login name and password of 26 website administrators.
• City of Lake Charles December 29, 2018 • [ hack, government ] City of Lake Charles reports security breach of its information technology systems.
• Dataresolution December 29, 2018 • [ ransomware, malware, technology ] Cloud hosting provider Dataresolution.net struggles to bring its systems back online after suffering a Ryuk ransomware infestation on Christmas Eve.
• BannerBit December 29, 2018 • [ leak, technology ] In approximately December 2018, the online ad platform BannerBit suffered a data breach. Containing 213k unique email addresses and plain text passwords, the data was provided to HIBP by a third party. Multiple attempts were made to contact BannerBit, but no response was received.
• North Gyeongsang resettlement centre December 28, 2018 Almost 1,000 North Korean defectors have their personal data leaked after a computer at the North Gyeongsang resettlement centre is hacked.
• College of Eastern Idaho December 28, 2018 • [ hack, phishing, education ] College of Eastern Idaho notifies a security incident discovered on September 5, 2018, when suspicious email activity was detected within an employee's email account.
• Family Physicians Group December 28, 2018 • [ social, phishing, healthcare ] Family Physicians Group notifies more than 8,000 patients about a phishing attack on an employee's email account. Patient data may have been exposed between Aug. 7 and Aug. 21, 2018, when the company discovered the attack.
• Dental Center of Northwest Ohio December 28, 2018 • [ ransomware, malware, healthcare ] Dental Center of Northwest Ohio reveals that a ransomware attack affecting its local third-party IT vendor (Arakyta) may have endangered personal data belonging to current and former patients and employees.
• Westminster College December 28, 2018 • [ social, phishing, education ] Westminster College in Salt Lake City, Utah notifies people after eleven of their employees fell prey to phishing attacks.
• BlankMediaGames December 28, 2018 In December 2018, the Town of Salem website produced by BlankMediaGames suffered a data breach. Reported to HIBP by DeHashed, the data contained 7.6M unique user email addresses alongside usernames, IP addresses, purchase histories and passwords stored as phpass hashes. DeHashed made multiple attempts to contact BlankMediaGames over various channels and many days but had yet to receive a response at the time of publishing.
• BevMo December 27, 2018 • [ financial, malware, retail ] Alcohol retailer BevMo reveals that its website was breached, compromising the credit card data of nearly 15,000 customers: a "malicious code" placed on the checkout page, compromising data between Aug. 2 and Sept. 26.
• Tribune Publishing's Southern California December 27, 2018 • [ ransomware, malware, technology ] A Ryuk ransomware attack is suspected of preventing production of several newspapers, including the Wall Street Journal and Los Angeles Times. The attack affected the systems at Tribune Publishing's Southern California printing plant.
• Pinoy Weekly December 26, 2018 The news sites of Bulatlat, Kodao and Pinoy Weekly are taken down by a DDoS attack, after stories on the Communist Party of the Philippines' 50th anniversary were posted.
• OGUsers (2019 breach) December 26, 2018 • [ hack, misconfiguration, technology ] In May 2019, the account hijacking and SIM swapping forum OGusers suffered a data breach. The breach exposed a database backup from December 2018 which was published on a rival hacking forum. There were 161k unique email addresses spread across 113k forum users and other tables in the database. The exposed data also included usernames, IP addresses, private messages and passwords stored as salted MD5 hashes.
• Roll20 December 26, 2018 • [ hack, technology ] In December 2018, the tabletop role-playing games website Roll20 suffered a data breach. Almost 4 million customers were impacted by the breach and had email and IP addresses, names, bcrypt hashes of passwords and the last 4 digits of credit cards exposed. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
• Hayley Atwell December 24, 2018 • [ hack, leak ] "Captain America" actress Hayley Atwell's nude photos are allegedly hacked and those behind it threatened to release the images, according to reports.
• British Post Office December 23, 2018 • [ leak, government ] A threat actor compromised the British Post Office and local government networks, stealing personal data including email addresses and mobile phone numbers of thousands of employees.