Full List

Search

Recent Breaches

• Purchase Line School District February 1, 2018 • [ social, phishing, education ] The Purchase Line School District is the victim of a email spoofing attack by an individual pretending to be a school district employee.
• City of Pittsburg, Kansas February 1, 2018 • [ social, phishing, government ] The City of Pittsburg in Kansas reveals to have been subjected to a sophisticated phishing scheme targeting employee payroll data. The attack results in the release of sensitive information for current and former city employees who received a W-2 for the 2017 fiscal year.
• Kinetics Systems February 1, 2018 Kinetics Systems falls victim of a phishing attack. The personal information of 11 residents of New Hampshire, including their W-2 forms, is compromised.
• HORNE LLP February 1, 2018 • [ leak, phishing, finance ] HORNE LLP notifies an incident affecting the security of protected health information of certain Forrest General Hospital patients. On November 1, 2017, the company discovered that the email account of one of its employees was sending phishing emails.
• Jobandtalent February 1, 2018 • [ hack, technology ] In approximately February 2018, the employment website Jobandtalent suffered a data breach which then appeared for sale alongside other breaches a year later. The incident impacted 11 million subscribers and exposed their names, email and IP addresses and passwords stored as salted SHA-1 hashes.
• MyFitnessPal February 1, 2018 • [ leak, misconfiguration, technology ] In February 2018, the diet and exercise service MyFitnessPal suffered a data breach. The incident exposed 144 million unique email addresses alongside usernames, IP addresses and passwords stored as SHA-1 and bcrypt hashes (the former for earlier accounts, the latter for newer accounts). In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly. The data was provided to HIBP by a source who requested it to be attributed to "BenjaminBlue@exploit.im".
• Users participating to the ICO of the Bee Token Crypto Currency January 31, 2018 • [ social, phishing, finance ] Users who were aiming to buy Bee Tokens during a Token Generation Event (i.e., an initial coin offering) are tricked into sending the money to scammers instead. The attackers steal nearly $1M worth of cryptocurrency.
• GoGet January 31, 2018 • [ hack, automotive ] Car-sharing company GoGet discloses a major data breach seven months after it was first detected in June 2017 as the alleged hacker is arrested by Australian police this week. In an email sent to customers, the firm says its IT team identified "unauthorised activity" on its system on 27 June last year and immediately launched a full internal investigation.
• ABN Ambro January 30, 2018 • [ hack, ddos, finance ] ABN Ambro is targeted by a new DDoS attack. Now the fingers are pointed to Russia.
• ING January 30, 2018 • [ hack, ddos, finance ] And during the same wave of DDoS attacks, also ING is targeted (once again).
• Spartanburg Public Library January 30, 2018 • [ ransomware, malware, education ] The Spartanburg Public Library system is shut down after it is hit with a ransomware attack.
• PropTiger January 30, 2018 • [ leak, misconfiguration, technology ] In January 2018, the Indian property website PropTiger suffered a data breach which resulted in a 3.46GB database file being exposed and subsequently shared extensively on a popular hacking forum 2 years later. The exposed data contained both user records and login histories with over 2M unique customer email addresses. Exposed data also included additional personal attributes such as names, dates of birth, genders, IP addresses and passwords stored as MD5 hashes. PropTiger advised they believe the usability of the data is "limited" due to how certain data attributes were generated and stored. The data was provided to HIBP by dehashed.com.
• JoomlArt January 30, 2018 • [ leak, misconfiguration, technology ] In January 2018, the Joomla template website JoomlArt inadvertently exposed more than 22k unique customer records in a Jira ticket. The exposed data was from iJoomla and JomSocial, both services that JoomlArt acquired the previous year. The data included usernames, email addresses, purchases and passwords stored as MD5 hashes. When contacted, JoomlArt advised they were aware of the incident and had previously notified impacted parties.
• Dutch tax authority January 29, 2018 • [ hack, ddos, government ] The Dutch Tax Authority is also taken down by a DDoS attack.
• Rabobank January 29, 2018 • [ hack, ddos, finance ] Rabobank is the third of the big Dutch banks to be targeted by a DDoS attack.
• Chester County School District January 29, 2018 • [ ransomware, malware, education ] Chester County School District posts on its Facebook page that ransomware hit the district's servers over the weekend.
• DigID January 29, 2018 • [ hack, ddos, government ] The Dutch official online signature system DigID is also reportedly hit by the same wave of DDoS attacks.
• Experty January 28, 2018 A hacker tricks Experty ICO participants into sending Ethereum funds to the wrong wallet address. He is able to do this by sending emails with a fake pre-ICO sale announcement to Experty users who signed up for notifications. The bounty amounts to $150,000.
• Ontario Progressive Conservative Party January 28, 2018 • [ ransomware, malware, government ] The Ontario Progressive Conservative Party's internal database is locked up by a ransomware attack in early November. The incident is first being acknowledged now.
• ABN Ambro January 27, 2018 • [ hack, ddos, finance ] ABN Ambro is the victim of a sustained DDoS attack. The wave of cyberattacks comes just days after local media reported that Dutch intelligence agency AIVD spied on Russia-linked hacker group Cozy Bear, also known as APT29, as early as 2014.