Full List

Search

Recent Breaches

• Alaska Division of Retirement and Benefits November 4, 2024 • [ hack, financial, government ] The Alaska Division of Retirement and Benefits is hacked and State residents who work in the public sector, have employer contributions to their retirement accounts impacted
• The Plastic Surgery Center November 4, 2024 • [ data leak ] Names, dates of birth, Social Security numbers, passport and drivers license numbers, financial, biometric, and medical information
• At least one undisclosed government and/or tech company November 4, 2024 • [ state-sponsored, malware, backdoor ] Government cybersecurity reporting described PRC state-sponsored actors using BRICKSTORM malware to maintain long-term persistence in victim environments, primarily affecting government services/facilities and IT sector organizations. In a documented case, actors accessed a DMZ web server (with a web shell present), moved laterally using service account credentials, copied Active Directory databases, pivoted into VMware vCenter, accessed domain controllers and an ADFS server, and exported cryptographic keys. BRICKSTORM provided stealthy backdoor access for command-and-control and remote operations and was used for persistence from at least April 2024 through at least September 3, 2025. The specific victim organization name was not disclosed in the reporting.
• Washington State Administrative Office of the Courts (AOC) November 3, 2024 • [ hack, government ] Court systems across Washington are down after officials said "unauthorized activity" was detected on their networks.
• Middlesbrough Council November 3, 2024 Middlesbrough Council's website is affected by a distributed denial of service (DDoS) attack.
• Metawin November 3, 2024 • [ financial, malware, technology ] A threat actor steals over $4 million from crypto casino Metawin's Ethereum and Solana hot wallets
• Memorial Hospital and Manor November 2, 2024 Memorial Hospital and Manor posts an urgent message warning patients that the hospitals IT team discovered a ransomware attack the morning before. The attack is claimed by the Embargo ransomware gang, which threatens to leak 1.15 terabytes of purportedly stolen data.
• 1win November 2, 2024 In November 2024, the online betting platform 1win suffered a data breach that exposed 96M users. The exposed data included email and IP addresses, phone numbers, dates of birth, country and SHA-256 password hashes. The data was provided to HIBP by a source who requested it be attributed to "Leidhall".
• Lampard Community School November 1, 2024 • [ ransomware, malware, education ] Lampard Community School is hit by a cyber-attack and is being "blackmailed" by threat actors.
• Housing Authority of the City of Los Angeles November 1, 2024 • [ ransomware, malware, government ] The Housing Authority of the City of Los Angeles (HACLA), one of the largest public housing authorities in the United States, confirms that a cyberattack hit its IT network after recent breach claims from the Cactus ransomware gang.
• Mongolian Ministry of Defense November 1, 2024 • [ espionage, malware, government ] Researchers at Recorded Future observe the Chinese state-sponsored group RedDelta targeting Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia with an adapted infection chain to distribute its customized PlugX backdoor.
• Biomedical Caledonia Medical Laboratory November 1, 2024 • [ data leak, hacked, third-party breach ] In November 2024, unauthorized actors accessed Biomedical Caledonia Medical Laboratorys systems through an external vendor, prompting an investigation and cybersecurity upgrades. The lab confirmed the intrusion but did not disclose specific data types or quantities affected. No evidence of encryption or operational disruption has been reported.
• Fall Mountain Regional School District November 1, 2024 • [ phishing, data leak ] District warned community after phishing scam; vendor ids and emails exposed.
• Undisclosed South Korean company 2 November 1, 2024 • [ malware ] Compromise used injected malicious JavaScript on South Korean business sites to deliver malware to corporate visitors.
• Undisclosed South Korean company 6 November 1, 2024 • [ malware, watering hole attack, compromised web server ] Lazarus Group compromised web servers frequented by IT professionals, infecting visitors through malicious redirects.
• Undisclosed South Korean company 3 November 1, 2024 • [ watering hole ] Lazarus used watering-hole method to infect South Korean telecom employees via compromised industry web portals.
• Undisclosed South Korean company 4 November 1, 2024 • [ watering hole, exploit, threat actor ] Watering-hole campaign redirected visitors from financial industry websites to Lazarus-controlled exploit servers.
• Undisclosed South Korean company 1 November 1, 2024 • [ watering-hole, zero-day ] Watering-hole attack exploited zero-day vulnerabilities on legitimate South Korean websites, infecting visitors from IT and financial sectors.
• Undisclosed South Korean company 5 November 1, 2024 • [ supply chain, malware ] Lazarus leveraged infected supplier web pages to gain access to semiconductor sector organizations in Korea.
• M2 October 31, 2024 Threat actors compromise the centralized crypto exchange M2 to steal $13.7 million in assets, including Bitcoin, Ether and Solana.