Portend Breaches

Banks in Chile July 25, 2018 • [ hack, leak, finance ] Hackers from the Shadow Brokers gain access to some 14,000 credit card numbers in Chile and publish them on social media.

Krungthai Bank (KTB) July 25, 2018 • [ hack, finance ] Computer systems of Kasikornbank (Kbank) and Krungthai Bank (KTB) are compromised, affecting the security of the personal and corporate data of more than 120,000 customers.

Southern Baptist Convention's International Mission Board July 24, 2018 • [ leak, government ] The Southern Baptist Convention's (SBC) International Mission Board announces to have suffered a data breach earlier this year (on April 11) exposing the personally identifiable information on its current and former employees, volunteers and applicants.

The National Bank of Blacksburg July 24, 2018 Brian Krebs reveals that hackers used phishing emails to break into The National Bank of Blacksburg in two separate cyber intrusions over an eight-month period, making off with more than $2.4 million total. The breaches happened in May 2016 and January 2017.

Verified @AlmostHumanFOX Twitter Account July 24, 2018 An apparent hacker is able to hack a discontinued TV show's verified Twitter account (@AlmostHumanFOX) to impersonate Justin Sun, the founder of the decentralized Tron currency and promote a cryptocurrency scam.

Accreditation, Audit & Risk Management Security, LLC July 23, 2018 • [ leak, misconfiguration, government ] A "security incident" occurred on April 3 at a third-party vendor (Accreditation, Audit & Risk Management Security, LLC) may have compromised the personal information of employees, inmates and others involved with the Pennsylvania Department of Corrections.

U.S. Utility Control Rooms July 23, 2018 Homeland Security Officials reveal that attackers from the malicious actor Dragonfly AKA Energetic Bear might have accessed the control rooms of U.S. Energetic Utilities.

Etherscan July 23, 2018 • [ hack, xss, finance ] Visitors of the popular Ethereum blockchain explorer Etherscan.io are shown a pop-up message showing "1337" indicating the website has been compromised.

Apollo July 23, 2018 In July 2018, the sales engagement startup Apollo left a database containing billions of data points publicly exposed without a password. The data was discovered by security researcher Vinny Troia who subsequently sent a subset of the data containing 126 million unique email addresses to Have I Been Pwned. The data left exposed by Apollo was used in their "revenue acceleration platform" and included personal information such as names and email addresses as well as professional information including places of employment, the roles people hold and where they're located. Apollo stressed that the exposed data did not include sensitive information such as passwords, social security numbers or financial data. The Apollo website has a contact form for those looking to get in touch with the organisation.

SingHealth July 20, 2018 • [ leak, healthcare ] Singapore's largest health care group, SingHealth, reveals to have suffered a cyber attack to a company database in which attackers copied information belonging to roughly 1.5 million patients, including the country's prime minster, Lee Hsien Loong.

Three U.S. congressional candidates July 20, 2018 Microsoft reveals to have helped the U.S. government to fend off attempts by Russia to hack into the campaigns of three congressional candidates earlier this year.

MedSpring Urgent Care July 20, 2018 • [ social, phishing, healthcare ] MedSpring Urgent Care notifies 13,000 patients after a phishing attack occurred on May 8.

Clark University July 20, 2018 • [ hack, phishing, education ] Clark University in Massachusetts notifies some students whose personal information, including Social Security Numbers, were in an employee's email account that had been accessed between March 19 and March 23rd, amid a phishing attack.

NorthStar Anesthesia July 20, 2018 • [ hack, phishing, healthcare ] NorthStar Anesthesia notifies patients after some employee email accounts are compromised between April 3 and May 24, 2018.

Boys Town National Research Hospital July 20, 2018 • [ hack, phishing, healthcare ] Boys Town National Research Hospital discloses data breach that may have exposed PHI on 105,309 individuals. The hospital, on May 23, discovered unusual activity relating to an employee's email account.

Golden Heart Administrative Professionals July 20, 2018 • [ hack, healthcare ] Golden Heart Administrative Professionals, a billing company and business associate of several healthcare providers in Alaska, notifies 44,600 individuals that some of their protected health information has potentially been accessed by unauthorized individuals.

Ochre Health Wollongong July 20, 2018 • [ hack, healthcare ] An unspecified cyber incident at Ochre Health Wollongong medical centre leaves patients without the possibility to access their patient data.

PIR Bank of Russia July 20, 2018 • [ financial, misconfiguration, finance ] Cybercriminals part of the notorious hacking group MoneyTaker attack the PIR Bank of Russia and steal $1M. The hacking is carried out after infiltrating the bank's systems by compromising an old, outdated router. The router was installed at one of the regional branches of the bank.

Liverpool FC July 19, 2018 • [ hack, financial ] Liverpool FC's fan database is hacked resulting in a serious data breach for around 150 supporters. The club confirms that season ticket holder information - including home addresses and bank details - were stolen from a club email account.

ComplyRight July 19, 2018 Cloud-based human resources company ComplyRight reveals that a security breach of its Web site may have compromised sensitive consumer information " including names, addresses, phone numbers, email addresses and Social Security numbers " from tax forms submitted by the company's thousands of clients on behalf of employees.

Recent Breaches