Portend Breaches

Jersey Mike's Subs July 31, 2018 • [ leak, retail ] Jersey Mike's Subs warns some of their customers to change their account passwords to ensure account security. According to the email, the firm suspected a possible data breach at some third party.

Borough of Matanuska-Susitna July 31, 2018 • [ ransomware, malware, government ] The Borough of Matanuska-Susitna is hit by CryptoLocker. The attack took place on July 24 but was maybe dormant since May. The IT systems are not operational with some users starting to use typewriters.

Altex Exchange July 30, 2018 • [ financial, misconfiguration, finance ] Altex Exchange acknowledges that a double-counting bug in Monero (XMR) cryptocurrency did result in a major undisclosed financial loss.

Spiez Laboratory July 30, 2018 • [ espionage, government ] The state-run Spiez laboratory near Bern, which analyzed the nerve agent samples from Salisbury, reveals to have been targeted by hackers believed to be linked to the Russian government ahead of a conference of chemical and biological warfare.

Hwera High School July 30, 2018 • [ ransomware, malware, education ] An anonymous computer hacker demands US$5000 from a Hwera High School to return course work they are holding for ransom.

UnityPoint Health July 30, 2018 • [ social, phishing, healthcare ] UnityPoint Health warns 1.4 million patients their information might have been breached by email hackers after a phishing attack.

Confluence Health July 28, 2018 • [ hack, healthcare ] Confluence Health discloses a patient data breach after an employee email account is hacked on March 30 and May 28, 2018.

Telecom Regulatory Authority of India (TRAI) chairman R S Sharma July 28, 2018 • [ leak, misconfiguration, government ] Alleged personal details of the Telecom Regulatory Authority of India (TRAI) chairman R S Sharma are leaked after he tweeted his 12-digit Unique Identification Authority of India or UIDAI number and challenged hackers.

Banks in Chile July 28, 2018 • [ leak, finance ] Additional 55,106 cards are leaked in Chile.

Lanwar July 28, 2018 • [ leak, misconfiguration, technology ] In July 2018, staff of the Lanwar gaming site discovered a data breach they believe dates back to sometime over the previous several months. The data contained 45k names, email addresses, usernames and plain text passwords. A Lanwar staff member self-submitted the breach to HIBP and has also contacted the relevant authorities about the incident after identifying a phishing attempt to extort Bitcoin from a user.

Government agency in the Middle East July 27, 2018 • [ espionage, malware, government ] Researchers from Palo Alto Networks Unit 42 unveils a targeted attack against a government agency in the Middle East carried out by a threat actor dubbed DarkHydrus.

Kaiser Permanente July 27, 2018 Kaiser Permanente's Health Innovations website is defaced by Dohaeragon.

Hudl football team July 27, 2018 Coaches for the football team at Braden River (Bradenton, Fla.), are caught using a college Hudl account to access opponents' game and practice videos.

Prison-issued tablets July 26, 2018 • [ hack, financial, government ] Idaho prison officials announce in a press release that they've identified 364 inmates who have exploited a vulnerability in their prison-issued tablets and have used it to assign nearly $225,000 worth of digital credits to their tablet accounts.

Yale University July 26, 2018 Yale University notifies members of breach that took place between 2008 and 2009, when a threat actor managed to access a database and exfiltrate names, Social Security numbers, and dates of birth. The breach was discovered on June 16 this year.

KICKICO July 26, 2018 KICKICO, an Initial Coin Offering (ICO) project suffers a security breach. Attackers access the private key of the smart contract and as a result, steal more than 70 million KickCoins which is around $7.7 million.

Blue Springs Family Care July 26, 2018 • [ ransomware, malware, healthcare ] Healthcare provider Blue Springs Family Care discloses a ransomware attack resulting from an authorized access that may have also compromised 44,979 patients records.

COSCO July 25, 2018 • [ ransomware, malware ] A ransomware attack severely disables the U.S. network of COSCO (China Ocean Shipping Company), one of the world's largest shipping companies.

City of Medford July 25, 2018 • [ leak, malware, government ] 1,842 Medford residents are impacted by a City of Medford data breach after the city's online utility billing service is infected with malware. The breaches happened between February 18th through March 14th and March 29th through April 16th.

Securities Investors Association Singapore (SIAS) July 25, 2018 • [ leak, finance ] The Securities Investors Association Singapore (SIAS) announces to have suffered a breach. The breach occurred in 2013 and that the NRIC numbers, home addresses, email addresses, mobile and landline numbers of 70,000 people were compromised in the incident.

Recent Breaches