Full List

Search

Recent Breaches

• Pemiblanc April 2, 2018 In April 2018, a credential stuffing list containing 111 million email addresses and passwords known as Pemiblanc was discovered on a French server. The list contained email addresses and passwords collated from different data breaches and used to mount account takeover attacks against other services. Read more about the incident.
• Quebec teachers April 1, 2018 • [ hack, education ] Three Montrealers have been arrested in connection with a 2018 data breach that exposed the information of 360,000 current and former teachers in Quebec.
• Guardian Pharmacy of Jacksonville April 1, 2018 • [ leak, phishing, healthcare ] Guardian Pharmacy of Jacksonville notifies 11,521 patients of email compromise of protected health information.
• Hudson's Bay Company April 1, 2018 Retailer Hudson's Bay Company discloses that it was the victim of a security breach that compromised data on payment cards used at Saks and Lord & Taylor stores in North America. Millions of cards may have been compromised (5 millions are already offered
• Emuparadise April 1, 2018 In April 2018, the self-proclaimed "biggest retro gaming website on earth", Emuparadise, suffered a data breach. The compromised vBulletin forum exposed 1.1 million email addresses, IP address, usernames and passwords stored as salted MD5 hashes. The data was provided to HIBP by dehashed.com.
• AerServ April 1, 2018 In April 2018, the ad management platform known as AerServ suffered a data breach. Acquired by InMobi earlier in the year, the AerServ breach impacted over 66k unique email addresses and also included contact information and passwords stored as salted SHA-512 hashes. The data was publicly posted to Twitter later in 2018 after which InMobi was notified and advised they were aware of the incident.
• Artsy April 1, 2018 In April 2018, the online arts database Artsy suffered a data breach which consequently appeared for sale on a dark web marketplace. Over 1M accounts were impacted and included IP and email addresses, names and passwords stored as salted SHA-512 hashes. The data was provided to HIBP by a source who requested it be attributed to "nano@databases.pw".
• Wendy's March 31, 2018 • [ hack, retail ] In March 2018, Wendy's in the Philippines suffered a data breach which impacted over 52k customers and job applicants. The breach exposed extensive personal information including names, email and IP addresses, physical addresses, phone numbers and passwords stored as MD5 hashes.
• CareFirst BlueCross BlueShield March 30, 2018 • [ social, phishing, healthcare ] A phishing email attack on Baltimore-based CareFirst BlueCross BlueShield may have comprised nearly 6,800 members' personal data. The insurer learned on March 12 that one of its employees fell victim to a phishing email that compromised his or her email account.
• Under Armour March 29, 2018 Under Armour, Inc. announces that it is notifying users of MyFitnessPal - the company's food and nutrition application and website, about a data security issue. On March 25, the MyFitnessPal team became aware that an unauthorized party acquired data associated with MyFitnessPal user accounts in late February 2018.
• Bank Negara Malaysia March 29, 2018 • [ financial, phishing, finance ] Bank Negara Malaysia reveals to have foiled cyberattack in which fraudulent messages to transfer funds were sent on the SWIFT transactions platform.
• Unnamed bestiality website March 29, 2018 Thousands of user account details "many related to a bestiality website "are circulating on public image boards, according to data obtained by Motherboard.
• S.S. Lazio March 28, 2018 Italian newspaper "Il Tempo" reports that Italian football team Lazio have fallen for an email scam and paid 1.75m ( 2m) of the final instalment for defender Stefan de Vrij's transfer from Dutch club Feyenoord to fraudsters.
• Boeing March 28, 2018 • [ ransomware, malware, manufacturing ] A Boeing facility in South Carolina is hit by the Wannacry ransomware.
• Stormont (Northern Ireland Parliament) March 27, 2018 • [ government ] Stormont (the Northern Irish Parliament) issues a warning to all staff, including political parties, after discovering its email service was hit by a cyber attack.
• Naukri March 27, 2018 • [ hack, technology ] Nigerian hackers hack into Naukri.com's servers, stealing 100,000 resumes and contacting 10,000 job seekers for fake interviews.
• UK Anti-Doping Agency March 26, 2018 The UK Anti-Doping Agency revels to have foiled an attempted cyberattack during the weekend that tried to access confidential medical and drug?testing data.
• Baltimore's Automated Dispatch System March 24, 2018 • [ hack, healthcare ] Unknown actors temporarily cause a shutdown of Baltimore's automated dispatch system, impacting the messaging functions within the Computer Aided Dispatch (CAD) system used by both of the city's 911 and 311 services.
• City of Atlanta March 22, 2018 • [ ransomware, malware, government ] IT systems used by the City of Atlanta, are hit by a SamSam ransomware attack, cutting off some online city services and potentially putting the personal information of employees and citizens at risk.
• Russian Defense Ministry March 22, 2018 • [ hack, ddos, government ] The Russian Defense Ministry reveals that a total of 7 DDoS attacks are carried out against its website during the final vote of the general elections.