Full List

Search

Recent Breaches

• Loews Hotels July 6, 2017 • [ hospitality ] And the same happens for luxury hotel chain Loews Hotels.
• Hard Rock Hotel and Casino Las Vegas July 6, 2017 Another consequence of the Sabre breach, Hard Rock Hotels and & Casinos reveals that for seven months, attackers had unauthorized access to a third-party reservation system, which allowed them to attain unencrypted credit card payment information, as well as guest names, addresses and phone numbers.
• Four Seasons Hotels and Resorts July 6, 2017 And the list of the victims of the Sabre attack also includes Four Seasons Hotels and Resorts.
• China Digital Times July 5, 2017 • [ social, phishing, technology ] A threat actor targeted the China Digital Times, a civil-society and news organization based outside China that publishes English- and Chinese-language content, using phishing techniques with the goal of compromising its network.
• Google July 3, 2017 • [ leak, technology ] In the wake of the breach that occurred at Sabre Hospitality Solutions earlier in May, the personal details of a small number of Google staffers have been exposed, according to a notification letter Google sends out to affected employees.
• Medicare July 3, 2017 The Guardian reveals that a darknet trader is illegally selling the Medicare patient details of any Australian on request by "exploiting a vulnerability" in a government system.
• PVHS-ICM Employee Health and Wellness July 1, 2017 • [ ransomware, malware, healthcare ] PVHS-ICM Employee Health and Wellness notifies its patients to have been hit by a ransomware attack.
• Wolf Creek Nuclear Operating Corporation June 30, 2017 • [ hack, phishing, energy ] A threat actor targeted employees of companies that operate nuclear power plants in the United States, which prompted the Department of Homeland Security and the FBI to issue an alert to the industry. An administrative network of the Wolf Creek Nuclear Operating Corporation was compromised.
• Bithumb June 29, 2017 • [ hack, finance ] The largest bitcoin and ether exchange in South Korea by volume, Bithumb, is hacked. The losses could be in the billions of won.
• ClassicEtherWallet June 29, 2017 • [ financial, phishing, finance ] An unknown attacker gains control over the web domain of Classic Ether Wallet, a client-side wallet system for the Ethereum Classic (ETC) cryptocurrency, being able to phish credentials and redirect transactions. Based on reported cases, the hacker might have stolen nearly $300,000.
• Ventura County Office Of Education June 28, 2017 The websites of numerous school districts in Ventura County go offline amid an attack able to redirect users to a group's webpage where pro-ISIS views were posted.
• Undetermined June 27, 2017 • [ ransomware, malware, finance ] Threat actors deploy a tool, called NotPetya, with the purpose of encrypting data on victims' machines and rendering it unusable. The malware was spread through tax software that companies and individuals require for filing taxes in Ukraine and spread globally.'Australia, Estonia,'Denmark, Lithuania, Ukraine, the United Kingdom, and the United States issued statements attributing NotPetya to Russian state-sponsored actors.
• 8tracks June 27, 2017 • [ leak, technology ] Motherboard reveals that millions of accounts for internet radio service 8tracks are being traded on the digital underground. The total number of affected accounts could be as high as 18 million.
• 8tracks June 27, 2017 • [ hack, misconfiguration, technology ] In June 2017, the online playlists service known as 8Tracks suffered a data breach which impacted 18 million accounts. In their disclosure, 8Tracks advised that "the vector for the attack was an employees GitHub account, which was not secured using two-factor authentication". Salted SHA-1 password hashes for users who didn't sign up with either Google or Facebook authentication were also included. The data was provided to HIBP by whitehat security researcher and data analyst Adam Davies and contained almost 8 million unique email addresses. The complete set of 18M records was later provided by JimScott.Sec@protonmail.com and updated in HIBP accordingly.
• Ohio Gov. John Kasich's Website June 25, 2017 Ohio Gov. John Kasich's website is hacked, appearing to show pro-ISIS propaganda. Ohio first lady Karen Kasich's website, along with the Ohio Department of Rehabilitation and Corrections website, are also hacked.
• Microsoft June 23, 2017 • [ leak, technology ] A massive trove of Microsoft's internal Windows 10 operating system builds and portions of its core source code (a total of 32TB) are leaked online.
• UK Parliament June 23, 2017 • [ hack, brute-force, government ] Up to 90 email accounts are compromised amid a brute-force cyber-attack on UK Parliament.
• Microsoft June 22, 2017 British police announces to have arrested two suspects part of an international group that hacked into Microsoft's network.
• Airway Oxygen June 22, 2017 • [ ransomware, malware, healthcare ] Airway Oxygen notifies that a ransomware attack in mid-April resulted in the compromise of data belonging to 550,000 customers and employees.
• Cleveland Medical Associates June 22, 2017 • [ ransomware, malware, healthcare ] Cleveland Medical Associates reveals the details of a ransomware attack that happened on April 21, 2017.