Full List

Search

Recent Breaches

• Fredericksburg School System May 2, 2018 • [ social, phishing, education ] A Fredericksburg school system employee falls for phishing attack.
• Greek Foreign Ministry May 2, 2018 The Turkish hacker group Akincilar ("Invaders") starts its offensive against Greece and defaces four websites (Greek Foreign Ministry, Athens-Macedonia News Agency - ANA -, the Greek Handball Federation, and Suzuki-Greece).
• Knox County's website May 1, 2018 • [ hack, ddos, government ] The Tennessee county's website is taken down by a DDoS attack on election night.
• Rail Europe North America May 1, 2018 • [ financial, malware, retail ] Rail Europe, a site used by Americans to buy train tickets in Europe, reveals a three-month data breach of credit cards and debit cards. Hackers implanted credit card-skimming malware on its website between late-November 2017 and mid-February 2018.
• Linux Forums May 1, 2018 • [ leak, misconfiguration, technology ] In May 2018, the Linux Forums website suffered a data breach which resulted in the disclosure of 276k unique email addresses. Running on an old version of vBulletin, the breach also disclosed usernames, IP addresses and salted MD5 password hashes. Linux Forums did not respond to multiple attempts to contact them about the breach.
• Creative May 1, 2018 • [ hack, misconfiguration, technology ] In May 2018, the forum for Singaporean hardware company Creative Technology suffered a data breach which resulted in the disclosure of 483k unique email addresses. Running on an old version of vBulletin, the breach also disclosed usernames, IP addresses and salted MD5 password hashes. After being notified of the incident, Creative permanently shut down the forum.
• Chegg April 28, 2018 • [ hack, misconfiguration, education ] In April 2018, the textbook rental service Chegg suffered a data breach that impacted 40 million subscribers. The exposed data included email addresses, usernames, names and passwords stored as unsalted MD5 hashes. A small number of records also contained physical address or phone number. The data was provided to HIBP by a source who requested it be attributed to "JimScott.Sec@protonmail.com".
• Funny Games April 28, 2018 • [ leak, misconfiguration, technology ] In April 2018, the online entertainment site Funny Games suffered a data breach that disclosed 764k records including usernames, email and IP addresses and salted MD5 password hashes. The incident was disclosed to Funny Games in July who acknowledged the breach and identified it had been caused by legacy code no longer in use. The record count in the breach constitute approximately half of the user base.
• Highway Sign in Arizona April 27, 2018 • [ hack, misconfiguration, government ] Someone hacks a highway sign in Arizona and defaces it with 'Hail Hitler' text.
• Zippy's Restaurants April 27, 2018 • [ hack, malware, retail ] The Hawaii-based Zippy's Restaurants reports that its point-of-sale system at 25 of its locations have been compromised exposing customer data from November 23, 2017, to March 29, 2018.
• Billings Clinic April 27, 2018 • [ hack, misconfiguration, healthcare ] Billings Clinic notifies 949 patients of a breach affecting its email security system causing an unknown individual to access patients' information back in February.
• SPEI April 27, 2018 • [ financial, finance ] Three banks in Mexico are targeted by a cyber attack aimed to penetrate Mexico's electronic payment systems (SPEI).
• City of Bologna April 27, 2018 • [ hack, government ] The website of the City of Bologna is defaced by AnonPlus.
• Leominster Schools District April 27, 2018 • [ ransomware, malware, education ] Leominster Schools District pays $10,000 worth of Bitcoins ransom following a cyberattack on their system.
• Scenic Bluffs Community Health Centers April 27, 2018 • [ hack, phishing, healthcare ] Scenic Bluffs Community Health Centers notifies 2,889 patients of a potential breach of personal patient information after discovering March 1, 2018, that one staff email account had been hacked on Feb. 28, 2018, by an unauthorized party.
• Sen. Richard Pan April 26, 2018 • [ financial, hack, government ] Sen. Richard Pan, D-Sacramento, claims that thieves hacked his email account and stole $46,000 from his re-election campaign in a "sophisticated" scheme earlier this year.
• Americas Cardroom April 24, 2018 • [ hack, ddos ] Poker tournaments are disrupted after a spite of DDoS attacks on Americas Cardroom.
• MyEtherWallet April 24, 2018 • [ hack, financial, misconfiguration ] A hacker (or group of hackers) hijacks the Amazon DNS servers of MyEtherWallet.com, a web-based Ether wallet service. Users accessing the site are redirected to a fake version of the website. Those who logged in had their wallet private keys stolen, which the attacker used to empty accounts.
• Ukraine's Energy Ministry Website April 24, 2018 Unknown hackers use ransomware to take the website of Ukraine's energy ministry offline and encrypt its files.
• Japanese defense companies April 23, 2018 • [ espionage, government ] According to FireEye, the Chinese group APT10 has targeted Japanese defense companies, possibly to get information on Tokyo's policy toward resolving the North Korean nuclear impasse.