Portend Breaches

The Real World November 21, 2024 Threat actors break into The Real World, far-right influencer Andrew Tates online university, steal user data on close to 800,000 users, and flood chats with emojis.

Blue Yonder November 21, 2024 • [ ransomware, malware, technology ] Supply chain management firm Blue Yonder warns that a ransomware attack caused significant disruption to its services, with the outages impacting grocery store chains in the UK.

Yonéma November 21, 2024 • [ leak, finance ] In November 2024, data from the Senegalese payment platform Yonma was posted to a popular hacking forum. The data included 36k unique email addresses alongside phone numbers, names and what appears to be encrypted passwords and dates of birth.

Concord Orthopaedics November 21, 2024 • [ data leak, third-party breach ] Vendor breach exposed patient Pii/phi; notifications sent months after discovery.

Hazleton Anesthesia Services November 21, 2024 • [ data leak ] On Nov 21, 2024, Somnia (management company) identified suspicious activity in its email environment and later confirmed unauthorized access to a limited number of accounts that included Hazleton Anesthesia Services. Review completed Mar 10, 2025; public substitute notice issued Mar 31, 2025. No encryption or operational disruption reported.

Central Group November 20, 2024 • [ leak, retail ] A threat actor with the moniker 0mid16B claims to have breached the1 Card membership system across every retail and consumer brand under the Central Group, and to have stolen 5,108,826 records.

Mexico Legal Affairs Office November 20, 2024 • [ ransomware, malware, government ] Mexicos president Claudia Sheinbaum says that the government is investigating an alleged ransomware hack of her administrations legal affairs office after what appeared to be samples of personal information from a database of government employees were posted online.

Minneapolis Park and Recreation Board November 20, 2024 • [ ransomware, malware, government ] The RansomHub operation takes credit for a damaging attack on the Minneapolis Park and Recreation Board.

Amazon users November 20, 2024 Amazon, Amazon Music, and Audible are flooded with bogus listings that push dubious "forex trading" sites, Telegram channels, and suspicious links claiming to offer pirated software.

Southeast Series Of Lockton Companies LLC November 20, 2024 • [ data leak ] Insurance brokerage reported unauthorized access to files on an employee computer

Behavioral Health Resources November 20, 2024 • [ data breach, data leak ] Unauthorized actor accessed Behavioral Health Resources network in Nov 2024, exfiltrating client PII and medical records; organization confirmed breach via Maine AG filing and began notifications in Apr 2025.

Converse University November 20, 2024 • [ data leak ] Class action alleges delayed notice following a late-2024 data breach.

Multiple Romanian election sites, including bec.ro (Central Election Bureau), roaep.ro, and registrulelectoral.ro (voter registration) November 19, 2024 A report from Romanias Intelligence Service (SRI) says that the countrys election infrastructure was targeted by more than 85,000 cyberattacks with threat actors also obtaining access credentials for election-related websites and leaked them on a Russian forum less than a week before the first presidential election round.

Undisclosed Hospital in France November 19, 2024 A threat actor using the nickname 'nears' (previously near2tlg) claims to have attacked multiple healthcare facilities in France, alleging that they have access to the patient records of over 1,500,000 people. The hacker claims they breached MediBoard by Software Medical Group, a company offering Electronic Patient Record (EPR) solutions across Europe. The company confirms that hackers have compromised a MediBoard account. However, it noted that this was not the result of a software vulnerability or misconfiguration on their part, but rather through the use of stolen credentials used by the hospital.

Undisclosed Law Firm November 19, 2024 • [ leak, misconfiguration, government ] A threat actor, who goes online with the name name Altam Beezley, gained access to a computer file shared in a secure link among lawyers whose clients have given damaging testimony related to Matt Gaetz, the former Florida congressman who is President-elect Donald J. Trumps choice to be attorney general.

Defense sector organization in Turkey November 18, 2024 Researchers at Proofpoint discover a sophisticated phishing attack targeting a Turkish defense sector organization via the MiyaRAT, carried out by the threat actor TA397, a.k.a. Bitter, using a Madagascar lure, and delivering malware through advanced mechanisms involving NTFS Alternate Data Streams (ADS) and scheduled tasks.

35 organizations worldwide November 18, 2024 • [ ransomware, malware ] The Akira ransomware-as-a-service gang publishes a record number (35) of new victims to its darknet leak site in a single day.

iLearningEngines November 18, 2024 • [ financial, hack, technology ] iLearningEngines, an artificial intelligence company, says that a threat actor breached its network and stole a $250,000 wire payment.

American Associated Pharmacies November 18, 2024 • [ ransomware, malware, retail ] Ransomware group Embargo threatens to publish nearly 1.5 terabytes of data allegedly stolen in an attack on American Associated Pharmacies, a collaborative of 2,000 independent pharmacies.

FlipaClip November 18, 2024 • [ leak, misconfiguration, technology ] In November 2024, the animation app FlipaClip suffered a data breach that exposed almost 900k records due to an exposed Firebase server. The impacted data included name, email address, country and date of birth. FlipaClip advised the issue has since been rectified.

Recent Breaches