Full List

Search

Recent Breaches

• Southern Graphics November 18, 2024 • [ leak ] Cybersecurity breach at SGS & Co. starting Nov 18, 2024, exposing PII/PHI of over 31,000 individuals. Enterprise-wide forensic review conducted; notifications in early September 2025; multiple law firms investigating possible claims.
• Erickson Companies November 18, 2024 • [ data leak ] Company notified individuals after data breach potentially exposing Social Security numbers.
• Library of Congress November 17, 2024 The Library of Congress says that threat actors broke into its communications systems and were able to read its email correspondence with congressional offices for most of this year.
• International Game Technology November 17, 2024 • [ hack, technology ] International Game Technology (IGT), one of the largest gambling companies in the U.S. says that a cyberattack caused massive disruptions to their operations, forcing them to take some systems offline.
• Ford Motor Company November 17, 2024 Ford is investigating allegations that it suffered a data breach after a threat actor claimed to leak 44,000 customer records on a hacking forum.
• Laborers’ International Union of North America (LIUNA) Local 1184 November 17, 2024 • [ ransomware ] On March 31, 2025, Laborers International Union of North America Local 1184 (LiUNA) filed a notice of data breach with the Attorney General of California after discovering that the organization was the target of a November 2024 ransomware attack.
• Manufacturing industry in Pakistan November 16, 2024 • [ espionage, malware, manufacturing ] Researchers at Cyble discover a campaign linked to the known APT group DONOT, targeting the manufacturing industry that supports the countrys maritime and defense sectors.
• Systematic Financial Management November 16, 2024 • [ data leak ] Intrusion confirmed; files with PII may have been accessed; discovery Nov 16, 2024; PII confirmed Jan 10, 2025.
• City of Clark Fork November 15, 2024 • [ social, phishing, government ] The City of Clark Fork is scammed out of half a million dollars by a man posing as its construction contractor.
• Thala November 15, 2024 • [ financial, misconfiguration, finance ] Thala reveals it had suffered a security breach due to an isolated vulnerability related to its v1 farming contracts, which allowed the attacker to withdraw liquidity tokens. The company is able to recover $25.5 million of liquidity pool tokens
• Kumamoto Prefecture Violence Prevention Movement Promotion Center November 15, 2024 • [ social, phishing, government ] The Kumamoto Prefecture Violence Prevention Movement Promotion Center says that 2,500 people who have used its counseling services (which aid with everything from evading extortion to disentangling romantically from Yakuza members) have been impacted by a data breach following a successful phishing attack.
• T-Mobile November 15, 2024 T-Mobile confirms it was hacked in the wave of recently reported telecom breaches conducted by the Chinese threat actors from Salt Typhoon to gain access to private communications, call records, and law enforcement information requests.
• Multiple organizations in Canada November 15, 2024 The Canadian government announces that state-sponsored threat actors from China have been performing broad network scans over the past couple of months, targeting a wide spectrum of organizations.
• The Real World November 15, 2024 In November 2024, the online course founded by Andrew Tate known as "The Real World" (previously "Hustler's University" suffered a data breach that exposed almost 325k users of the platform. The impacted data was limited to usernames, email addresses and chat logs.
• Town of Webster, New York November 15, 2024 • [ financial, social, phishing ] The Town of Webster fell victim to a phishing scam in November 2024, when scammers impersonated a contractor and tricked officials into diverting $520,275.67. Criminal investigation recovered over $300,000, and cyber insurance is expected to cover the remainder. No sensitive or confidential data was compromised.
• PoinCampus November 14, 2024 • [ leak, education ] In November 2024, the South Korean education platform PoinCampus suffered a data breach which was later published to a popular hacking forum. The data included 89k unique email addresses, names and a small number of phone numbers and dates of birth. The data was provided to HIBP by a source who requested it be attributed to "Threat Actor 888".
• LKQ Corporation November 13, 2024 Automobile parts giant LKQ Corporation disclosed that one of its business units in Canada was hacked, allowing threat actors to steal data from the company.
• Pound Road Medical Centre November 13, 2024 • [ ransomware, data leak ] On November 13, 2024, PRMC reported a cyber incident and later Anubis publicly claimed it as a victim, alleging patient data may have been accessed and taken. No public confirmation of encryption or operational disruption was made.
• Northwest Asthma & Allergy Center November 12, 2024 • [ hack, phishing, healthcare ] An unauthorized party accessed an employees email account on November 12, 2024, compromising sensitive patient data at Northwest Asthma & Allergy Center. The breach was discovered and contained by November 13. At least ~1,000 patients were notified by January 2, 2025, and the incident was reported to HHS OCR. Investigation did not find evidence of exfiltration beyond what was accessible via the compromised mailbox.
• DeltaPrime November 11, 2024 • [ financial, finance ] DeltaPrime, the decentralized finance borrowing protocol suffers a cyber attack with a loss of $4.8 million worth of crypto assets.