Full List

Search

Recent Breaches

• Legendas.TV October 1, 2017 • [ hack, misconfiguration ] In October 2017, the now defunct Brazilian service for retrieving subtitles in Portuguese Legendas.TV suffered a data breach that exposed nearly 4M customer records. The impacted data included names, usernames, email and IP addresses and unsalted SHA-1 hashes.
• North Korea's Reconaissance General Bureau September 30, 2017 • [ hack, ddos, government ] U.S. government officials told the Washington Post that the United States had launched a denial of service campaign against North Korea's Reconnaissance General Bureau, the country's intelligence agency.
• General Confederation of Italian Industry September 30, 2017 The director of the General Confederation of Italian Industry group in Brussels falls victim of an email scam and transfers 500,000 EUR (590,000 USD) to an unknown bank account.
• national-lottery September 30, 2017 • [ hack, ddos, government ] Camelot reveals that a DDoS attack took down the website of the National Lottery.
• R6DB September 30, 2017 • [ ransomware, hack ] R6DB, a fan-powered online gaming service that provides statistics for players of Ubisoft's tactical FPS Rainbow Six Siege, is hit by hackers, who wipe its databases and hold the data for ransom.
• Saudi Arabia's General Entertainment Authority (GEA) September 29, 2017 • [ hack, government ] Saudi Arabia's General Entertainment Authority (GEA), says that its website had been the target of cyber attacks from outside the kingdom.
• San Ysidro School District September 29, 2017 • [ hack, malware, education ] Malware infects the San Ysidro School District, deleting emails and forcing the district to temporarily shut down part of its systems.
• Minsk Operational Administration of the Armed Forces September 28, 2017 • [ espionage, malware, government ] A threat actor targeted the government of Belarus for espionage purposes, using a tool known as Travle or PYLOT, which is believed to be an update of malware used by NetTraveler. Between June and August the threat actor sent a total of 20 unique emails to various government entities. The emails contained a series of subject lines revolving around Zapad-2017, a joint exercise between the Russian and Belarusian militaries.
• Toms River Police Department September 28, 2017 • [ leak, government ] The township of Toms River plans to notify about 3,700 people that their personal information may have been compromised by a data breach inside the police department over the summer.
• Danish Ministry Foreign Affairs September 28, 2017 • [ hack, ddos, government ] The Ministry of Immigration and the Ministry of Foreign Affairs of Denmark, are hit by a DDoS attack thought to have come from a Turkish hacker group dubbed Aslan Neferler Tim.
• Whole Foods Market September 28, 2017 Whole Foods Market says payment card information has been stolen from taprooms, restaurants and other venues located within some of its stores.
• Free Press Fight For the Future September 27, 2017 The Electronic Frontier Foundation (EFF) reveals the details of "Phish For The Future," an advanced persistent spearphishing campaign targeting digital civil liberties activists at Free Press and Fight For the Future discovered between July 7th and August 8th of 2017.
• Arkansas Oral & Facial Surgery Center September 27, 2017 • [ ransomware, malware, healthcare ] Arkansas Oral & Facial Surgery Center disclose a ransomware incident that may or may not have resulted in access to protected health information of as many as 128,000 patients.
• Sonic Drive-In September 26, 2017 Sonic Drive-In, a fast-food chain with nearly 3,600 locations across 45 U.S. states, acknowledges a breach affecting an unknown number of store payment systems.
• Auburn Eye Care Associates September 26, 2017 • [ hack, healthcare ] TheDarkOverlord reveal another hack involving patient data. This time the victim is Auburn Eye Care Associates, despite the original hack dating back to June.
• Deloitte September 25, 2017 The Guardian reveals that Deloitte, one of the world's "big four" accountancy firms has been targeted by a sophisticated hack that compromised the confidential emails and plans of some of its blue-chip clients.
• showtimeanytime September 25, 2017 • [ hack, malware, technology ] Two Showtime domains are found serving Coinhive, a JavaScript library that mines Monero using the CPU resources of users visiting Showtime's websites. It is not clear if the event is the consegue of a hack or an experiment.
• SMART Physical Therapy September 23, 2017 • [ hack, healthcare ] SMART ("Sports Medicine and Rehabilitation Therapy") Physical Therapy is the n-th victim of The Dark Overlord.
• Columbia Falls High School September 21, 2017 • [ ransomware, education ] The Dark Overlord sends a threatening ransom note to the Columbia Falls (Montana) school district forcing officials to shutter its schools to ensure the safety of the students.
• U.S. Securities and Exchange Commission September 20, 2017 The U.S Securities and Exchange Commission reveals that its computer system had been hacked last year, giving the attackers private information that could have been exploited for trading. The breach was discovered in August.