Full List

Search

Recent Breaches

• Amazon third-party sellers April 10, 2017 • [ hack, phishing, retail ] Amazon third-party sellers, are hit repeatedly by hackers who post fake deals on legitimate sellers' pages.
• Wonga April 9, 2017 Over 250,000 Wonga customers are affected by a data breach. The payday lender says it is investigating 'illegal and unauthorised access' to some of its customers' personal information in both Britain and Poland. Stolen data may include account numbers, sort codes, addresses and the last four digits of users' bank cards. Around 245,000 customers in the UK and 25,000 in Poland may have been affected.
• NSA April 8, 2017 The Shadow Brokers (TSB) are back, and release the password for the rest of the hacking tools they claim to have stolen from the NSA last year.
• Sirens in Dallas April 8, 2017 • [ hack, government ] A computer hack sets off all the emergency sirens in Dallas for about 90 minutes.
• University of Louisville April 7, 2017 • [ hack, education ] Tax information for dozens of University of Louisville employees is compromised after a hack of the online system the university uses to give employees access to tax documents.
• Gamestop April 7, 2017 • [ hack, malware, retail ] Video game giant GameStop Corp says it is investigating reports that hackers may have siphoned credit card and customer data from its website gamestop.com.
• Internal Revenue Service April 6, 2017 • [ government, hack, social ] The Internal Revenue Service says that the personal data of as many as 100,000 taxpayers could have been compromised through a scheme in which hackers posed as students using an online tool to apply for financial aid.
• National Foreign Trade Council (NFTC) April 6, 2017 • [ espionage, government ] Fidelis Cybersecurity reveals that ahead of the trade summit between US President Donald Trump and his Chinese counterpart, Xi Jinping, a nation-state hacking group conducted espionage on a number of key industry players and lobbyists with links to the talks.
• Anonymous April 5, 2017 • [ espionage, technology ] Anonymous members who want to participate in this year's annual #OpIsrael cyber-attacks are the targets of an intelligence gathering operation carried out by an unknown threat actor.
• Defense Integrated Data Center April 5, 2017 • [ hack, espionage, government ] North Korean hackers have reportedly accessed OPlan 5027, the secretive war-plans drawn up by South Korea and the United States, detailing how the allied military forces would respond to the outbreak of war in the region " including first strike targets and troop deployments.
• Unnamed Russian bank April 4, 2017 • [ financial, malware, finance ] Kaspersky reveals the details of ATMitch, a fileless malware used to steal cash from ATMs. The researchers have only tracked down two incidents where ATMitch was used. The first is in a Russian bank.
• Unnamed Brazilian bank April 4, 2017 • [ hack, phishing, finance ] Kaspersky reveals that on October 2016, a group of hackers rerouted all the traffic of an unnamed Brazilian bank's customers to perfectly reconstructed fakes of the bank's properties.
• ABCD Pediatrics April 4, 2017 While investigating ransomware incident, ABCD Pediatrics uncovers evidence of other intrusion: more than 55,000 patients are notified.
• Unnamed Kazakh bank April 4, 2017 • [ financial, malware, finance ] Kaspersky reveals the details of ATMitch, a fileless malware used to steal cash from ATMs. The researchers have only tracked down two incidents where ATMitch was used. The second is in a Kazakh bank.
• IAAF April 3, 2017 • [ leak, healthcare ] IAAF, the governing body of global athletics says it has suffered a cyber attack that it believes has compromised information about athletes' medical records.
• German Bundeswehr (armed forces) April 2, 2017 • [ hack, government ] The head of the German military's new cyber command, Lieutenant General Ludwig Leinhos, reveals that army computers were targeted hundreds of thousands of times in the first nine weeks of 2017.
• New York Post April 1, 2017 • [ hack, technology ] The New York Post issues an apology after its app is hacked in an April Fool's Day prank and sends out a flurry of bizarre news alerts including one that read, "Heil President Donald Trump".
• Bill Marczak March 29, 2017 • [ espionage, malware, technology ] A threat actor targeted Ethiopian dissidents for the purpose of espionage, using commercially available spyware sold by Cyberbit, an Israel-based company. Most notably, the actor targeted the Oromia Media Network and some individuals associated with it.
• Dueling Network March 29, 2017 • [ hack, misconfiguration, technology ] In March 2017, the Flash game based on the Yu-Gi-Oh trading card game Dueling Network suffered a data breach. The site itself was taken offline in 2016 due to a cease-and-desist order but the forum remained online for another year. The data breach exposed usernames, IP and email addresses and passwords stored as MD5 hashes. The data was provided to HIBP by a source who requested it be attributed to "burger vault".
• Appartoo March 25, 2017 • [ leak, technology ] In March 2017, the French Flatsharing site known as Appartoo suffered a data breach. The incident exposed an extensive amount of personal information on almost 50k members including email addresses, genders, ages, private messages sent between users of the service and passwords stored as SHA-256 hashes. Appartoo advised that all subscribers were notified of the incident in early 2017.