-
City of Keokuk
February 4, 2018
•
[ leak, phishing, government ]
The City of Keokuk says a data breach resulted in the release of personal information of current and former city employees and elected leaders. An unauthorized party was able to obtain 2017 W-2 tax forms through the use of a "criminal phishing email."
-
Autocentrum.pl
February 4, 2018
•
[ leak, misconfiguration, automotive ]
In February 2018, data belonging to the Polish motoring website autocentrum.pl was found online. The data contained 144k email addresses and plain text passwords.
-
Ron's Pharmacy Services
February 2, 2018
•
[ leak, retail ]
Ron's Pharmacy Services notifies certain patients of the unauthorized access to certain limited pieces of patient information, including patient names, Ron's Pharmacy internal account numbers, and payment adjustment information.
-
Aperio
February 1, 2018
Aperio informs of a data breach that occurred when two employees' email accounts were compromised by successful phishing attacks that resulted in auto-forwarding email from those accounts to two external accounts.
-
City of Batavia
February 1, 2018
The city of Batavia reports employees' personal and financial information was compromised through an email phishing of W-2 tax forms. The information includes names, social security numbers, addresses and earnings.
-
Coastal Cape Fear Eye Associates
February 1, 2018
•
[ ransomware, malware, healthcare ]
Coastal Cape Fear Eye Associates notifies HHS of a ransomware incident that impacted 925 patients.
-
Purchase Line School District
February 1, 2018
•
[ social, phishing, education ]
The Purchase Line School District is the victim of a email spoofing attack by an individual pretending to be a school district employee.
-
City of Pittsburg, Kansas
February 1, 2018
•
[ social, phishing, government ]
The City of Pittsburg in Kansas reveals to have been subjected to a sophisticated phishing scheme targeting employee payroll data. The attack results in the release of sensitive information for current and former city employees who received a W-2 for the 2017 fiscal year.
-
Kinetics Systems
February 1, 2018
Kinetics Systems falls victim of a phishing attack. The personal information of 11 residents of New Hampshire, including their W-2 forms, is compromised.
-
HORNE LLP
February 1, 2018
•
[ leak, phishing, finance ]
HORNE LLP notifies an incident affecting the security of protected health information of certain Forrest General Hospital patients. On November 1, 2017, the company discovered that the email account of one of its employees was sending phishing emails.
-
Jobandtalent
February 1, 2018
•
[ hack, technology ]
In approximately February 2018, the employment website Jobandtalent suffered a data breach which then appeared for sale alongside other breaches a year later. The incident impacted 11 million subscribers and exposed their names, email and IP addresses and passwords stored as salted SHA-1 hashes.
-
MyFitnessPal
February 1, 2018
•
[ leak, misconfiguration, technology ]
In February 2018, the diet and exercise service MyFitnessPal suffered a data breach. The incident exposed 144 million unique email addresses alongside usernames, IP addresses and passwords stored as SHA-1 and bcrypt hashes (the former for earlier accounts, the latter for newer accounts). In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly. The data was provided to HIBP by a source who requested it to be attributed to "BenjaminBlue@exploit.im".
-
Users participating to the ICO of the Bee Token Crypto Currency
January 31, 2018
•
[ social, phishing, finance ]
Users who were aiming to buy Bee Tokens during a Token Generation Event (i.e., an initial coin offering) are tricked into sending the money to scammers instead. The attackers steal nearly $1M worth of cryptocurrency.
-
GoGet
January 31, 2018
•
[ hack, automotive ]
Car-sharing company GoGet discloses a major data breach seven months after it was first detected in June 2017 as the alleged hacker is arrested by Australian police this week. In an email sent to customers, the firm says its IT team identified "unauthorised activity" on its system on 27 June last year and immediately launched a full internal investigation.
-
ABN Ambro
January 30, 2018
•
[ hack, ddos, finance ]
ABN Ambro is targeted by a new DDoS attack. Now the fingers are pointed to Russia.
-
ING
January 30, 2018
•
[ hack, ddos, finance ]
And during the same wave of DDoS attacks, also ING is targeted (once again).
-
Spartanburg Public Library
January 30, 2018
•
[ ransomware, malware, education ]
The Spartanburg Public Library system is shut down after it is hit with a ransomware attack.
-
PropTiger
January 30, 2018
•
[ leak, misconfiguration, technology ]
In January 2018, the Indian property website PropTiger suffered a data breach which resulted in a 3.46GB database file being exposed and subsequently shared extensively on a popular hacking forum 2 years later. The exposed data contained both user records and login histories with over 2M unique customer email addresses. Exposed data also included additional personal attributes such as names, dates of birth, genders, IP addresses and passwords stored as MD5 hashes. PropTiger advised they believe the usability of the data is "limited" due to how certain data attributes were generated and stored. The data was provided to HIBP by dehashed.com.
-
JoomlArt
January 30, 2018
•
[ leak, misconfiguration, technology ]
In January 2018, the Joomla template website JoomlArt inadvertently exposed more than 22k unique customer records in a Jira ticket. The exposed data was from iJoomla and JomSocial, both services that JoomlArt acquired the previous year. The data included usernames, email addresses, purchases and passwords stored as MD5 hashes. When contacted, JoomlArt advised they were aware of the incident and had previously notified impacted parties.
-
Dutch tax authority
January 29, 2018
•
[ hack, ddos, government ]
The Dutch Tax Authority is also taken down by a DDoS attack.