Portend Breaches

35 organizations worldwide November 18, 2024 • [ ransomware, malware ] The Akira ransomware-as-a-service gang publishes a record number (35) of new victims to its darknet leak site in a single day.

iLearningEngines November 18, 2024 • [ financial, hack, technology ] iLearningEngines, an artificial intelligence company, says that a threat actor breached its network and stole a $250,000 wire payment.

American Associated Pharmacies November 18, 2024 • [ ransomware, malware, retail ] Ransomware group Embargo threatens to publish nearly 1.5 terabytes of data allegedly stolen in an attack on American Associated Pharmacies, a collaborative of 2,000 independent pharmacies.

FlipaClip November 18, 2024 • [ leak, misconfiguration, technology ] In November 2024, the animation app FlipaClip suffered a data breach that exposed almost 900k records due to an exposed Firebase server. The impacted data included name, email address, country and date of birth. FlipaClip advised the issue has since been rectified.

Library of Congress November 17, 2024 The Library of Congress says that threat actors broke into its communications systems and were able to read its email correspondence with congressional offices for most of this year.

International Game Technology November 17, 2024 • [ hack, technology ] International Game Technology (IGT), one of the largest gambling companies in the U.S. says that a cyberattack caused massive disruptions to their operations, forcing them to take some systems offline.

Ford Motor Company November 17, 2024 Ford is investigating allegations that it suffered a data breach after a threat actor claimed to leak 44,000 customer records on a hacking forum.

Manufacturing industry in Pakistan November 16, 2024 • [ espionage, malware, manufacturing ] Researchers at Cyble discover a campaign linked to the known APT group DONOT, targeting the manufacturing industry that supports the countrys maritime and defense sectors.

City of Clark Fork November 15, 2024 • [ social, phishing, government ] The City of Clark Fork is scammed out of half a million dollars by a man posing as its construction contractor.

Thala November 15, 2024 • [ financial, misconfiguration, finance ] Thala reveals it had suffered a security breach due to an isolated vulnerability related to its v1 farming contracts, which allowed the attacker to withdraw liquidity tokens. The company is able to recover $25.5 million of liquidity pool tokens

Kumamoto Prefecture Violence Prevention Movement Promotion Center November 15, 2024 • [ social, phishing, government ] The Kumamoto Prefecture Violence Prevention Movement Promotion Center says that 2,500 people who have used its counseling services (which aid with everything from evading extortion to disentangling romantically from Yakuza members) have been impacted by a data breach following a successful phishing attack.

T-Mobile November 15, 2024 T-Mobile confirms it was hacked in the wave of recently reported telecom breaches conducted by the Chinese threat actors from Salt Typhoon to gain access to private communications, call records, and law enforcement information requests.

Multiple organizations in Canada November 15, 2024 The Canadian government announces that state-sponsored threat actors from China have been performing broad network scans over the past couple of months, targeting a wide spectrum of organizations.

The Real World November 15, 2024 In November 2024, the online course founded by Andrew Tate known as "The Real World" (previously "Hustler's University" suffered a data breach that exposed almost 325k users of the platform. The impacted data was limited to usernames, email addresses and chat logs.

PoinCampus November 14, 2024 • [ leak, education ] In November 2024, the South Korean education platform PoinCampus suffered a data breach which was later published to a popular hacking forum. The data included 89k unique email addresses, names and a small number of phone numbers and dates of birth. The data was provided to HIBP by a source who requested it be attributed to "Threat Actor 888".

LKQ Corporation November 13, 2024 Automobile parts giant LKQ Corporation disclosed that one of its business units in Canada was hacked, allowing threat actors to steal data from the company.

DeltaPrime November 11, 2024 • [ financial, finance ] DeltaPrime, the decentralized finance borrowing protocol suffers a cyber attack with a loss of $4.8 million worth of crypto assets.

Nuclear scientist and senior Israeli officials November 11, 2024 • [ espionage, government ] Threat actors believed to be affiliated with Iranian intelligence expose the personal details of a nuclear scientist who worked at the Soreq Nuclear Research Center, and private photos and emails of senior Israeli officials, including a former Defense Ministry director general.

Hyp November 10, 2024 • [ financial, ddos, finance ] Devices used across Israel to read credit cards malfunction after a suspected DDoS targets the payment gateway company Hyps CreditGuard product.

Tibber November 10, 2024 • [ hack, energy ] In November 2024, the German electricity provider Tibber suffered a data breach that exposed the personal information of 50k customers. The data included names, email addresses, geographic locations (city and postcode) and total spend on purchases. The data was provided to HIBP by a source who requested it be attributed to "Threat Actor 888".

Recent Breaches