-
Family Physicians Group
December 28, 2018
•
[ social, phishing, healthcare ]
Family Physicians Group notifies more than 8,000 patients about a phishing attack on an employee's email account. Patient data may have been exposed between Aug. 7 and Aug. 21, 2018, when the company discovered the attack.
-
Dental Center of Northwest Ohio
December 28, 2018
•
[ ransomware, malware, healthcare ]
Dental Center of Northwest Ohio reveals that a ransomware attack affecting its local third-party IT vendor (Arakyta) may have endangered personal data belonging to current and former patients and employees.
-
Westminster College
December 28, 2018
•
[ social, phishing, education ]
Westminster College in Salt Lake City, Utah notifies people after eleven of their employees fell prey to phishing attacks.
-
BlankMediaGames
December 28, 2018
In December 2018, the Town of Salem website produced by BlankMediaGames suffered a data breach. Reported to HIBP by DeHashed, the data contained 7.6M unique user email addresses alongside usernames, IP addresses, purchase histories and passwords stored as phpass hashes. DeHashed made multiple attempts to contact BlankMediaGames over various channels and many days but had yet to receive a response at the time of publishing.
-
BevMo
December 27, 2018
•
[ financial, malware, retail ]
Alcohol retailer BevMo reveals that its website was breached, compromising the credit card data of nearly 15,000 customers: a "malicious code" placed on the checkout page, compromising data between Aug. 2 and Sept. 26.
-
Tribune Publishing's Southern California
December 27, 2018
•
[ ransomware, malware, technology ]
A Ryuk ransomware attack is suspected of preventing production of several newspapers, including the Wall Street Journal and Los Angeles Times. The attack affected the systems at Tribune Publishing's Southern California printing plant.
-
Pinoy Weekly
December 26, 2018
The news sites of Bulatlat, Kodao and Pinoy Weekly are taken down by a DDoS attack, after stories on the Communist Party of the Philippines' 50th anniversary were posted.
-
OGUsers (2019 breach)
December 26, 2018
•
[ hack, misconfiguration, technology ]
In May 2019, the account hijacking and SIM swapping forum OGusers suffered a data breach. The breach exposed a database backup from December 2018 which was published on a rival hacking forum. There were 161k unique email addresses spread across 113k forum users and other tables in the database. The exposed data also included usernames, IP addresses, private messages and passwords stored as salted MD5 hashes.
-
Roll20
December 26, 2018
•
[ hack, technology ]
In December 2018, the tabletop role-playing games website Roll20 suffered a data breach. Almost 4 million customers were impacted by the breach and had email and IP addresses, names, bcrypt hashes of passwords and the last 4 digits of credit cards exposed. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
-
Hayley Atwell
December 24, 2018
•
[ hack, leak ]
"Captain America" actress Hayley Atwell's nude photos are allegedly hacked and those behind it threatened to release the images, according to reports.
-
British Post Office
December 23, 2018
•
[ leak, government ]
A threat actor compromised the British Post Office and local government networks, stealing personal data including email addresses and mobile phone numbers of thousands of employees.
-
Evercore
December 23, 2018
•
[ hack, phishing, finance ]
Thousands of sensitive documents have been stolen by hackers in a cyber-attack on the influential investment bank Evercore, after an employee in London falls victim of a phishing attack.
-
Borough of Westwood
December 22, 2018
•
[ leak, government ]
The borough of Westwood, discloses a data breach that began in December 2018.
-
San Diego Unified School District (SDUSD)
December 21, 2018
•
[ social, phishing, education ]
The San Diego Unified School District (SDUSD) reveals that PII of more than a half million students and staff were compromised as the result of a phishing attack that may have occurred as early as January 2018.
-
Electrum Bitcoin wallets
December 21, 2018
•
[ social, phishing, finance ]
A clever phishing attack targeting Electrum Bitcoin wallets results in the theft of more than $750,000 worth of cryptocurrency.
-
Saint John online parking payment system
December 21, 2018
Another consequence of the Click2Gov breach: the city of Saint John shuts down its online system used to pay parking tickets after discovering a data breach that could have exposed customer names, addresses and credit card information.
-
NASA's Jet Propulsion Laboratory (JPL)
December 20, 2018
The APT 10 threat actors, in conjunction with the Tianjin State Security Bureau, compromised eight technology service providers, including Hewlett Packard Enterprise and IBM (their cloud services in particular were targeted), to steal commercial secrets from over forty-five client technology companies. The victims include Swedish telecom giant Ericsson, U.S. Navy shipbuilder Huntington Ingalls Industries, and travel reservation system Sabre.
-
Caribou Coffee
December 20, 2018
•
[ hack, malware, retail ]
US coffee store chain Caribou Coffee announces a security breach after it discovered unauthorized access of its POS systems. The breach was discovered on November 28, and the company listed 239 stores of its total 603 locations as impacted.
-
DrBenLynch
December 20, 2018
DrBenLynch.com notifies customers of payment card compromise after detecting a code injection into their web site that captured order information placed between September 8 and October 2.
-
The Podiatric Offices of Bobby Yee
December 20, 2018
•
[ ransomware, malware, healthcare ]
The Podiatric Offices of Bobby Yee notifies 24,000 patients after ransomware attack.