Full List

Search

Recent Breaches

• The Wayback Machine October 20, 2024 The Internet Archive is breached again, this time on their Zendesk email support platform after repeated warnings that threat actors stole exposed GitLab authentication tokens.
• Undisclosed cryptocurrency market-making firm October 20, 2024 • [ data exfiltration, cryptocurrency, state-sponsored attack ] Recorded Future observed C2 reconnaissance followed by FTP exfiltration from a market-making firm in the UAE during the Contagious Interview campaign (OctNov 2024). Attributed to the NGB 3rd Technical Surveillance Bureau (North Korea).
• Undisclosed online casino operator October 20, 2024 • [ Data exfiltration, State-sponsored attack, Reconnaissance ] Recorded Future analysis identified reconnaissance and FTP exfiltration traffic from a Costa Rican online casino targeted in the Contagious Interview campaign (OctNov 2024), attributed to the NGB 3rd Technical Surveillance Bureau (North Korea).
• Hot Topic October 19, 2024 In October 2024, retailer Hot Topic suffered a data breach that exposed 57 million unique email addresses. The impacted data also included physical addresses, phone numbers, purchases, genders, dates of birth and partial credit data containing card type, expiry and last 4 digits.
• Grupo Aeroportuario del Centro Norte October 18, 2024 Grupo Aeroportuario del Centro Norte announces that a cyber incident forced its IT team to turn to backup systems. The RansomHub operation claims to be responsible for the incident, and threatens to leak 3 terabytes of stolen data.
• Cyprus’ critical infrastructure and government websites October 18, 2024 • [ hack, government ] Cyprus critical infrastructure and government websites are targeted in a series of coordinated cyberattacks claimed by several pro-Palestine hacker groups.
• Social October 18, 2024 • [ financial, misconfiguration, finance ] Tapioca DAO suffers a $4.5 million exploit after an attacker compromised its native token's vesting contract.
• Ou Medicine (Ou Health) October 18, 2024 • [ phishing, data leak ] Ou Health reported unauthorized access to two email accounts impacting patient information.
• Moldova’s parliamentary email servers October 17, 2024 Moldovas parliamentary email servers are hit by a cyberattack just ahead of the countrys presidential election and a referendum on joining the European Union.
• Free October 17, 2024 • [ leak, technology ] In October 2024, French ISP "Free" suffered a data breach which was subsequently posted for sale and later, leaked publicly. The data included 14M unique email addresses along with names, physical addresses, phone numbers, genders, dates of birth and for many records, IBAN bank account numbers. Free advised that the numbers were "not enough to make a direct debit from a bank".
• DoctorsToYou October 16, 2024 • [ ransomware, malware, healthcare ] The RansomHub ransomware group adds a listing for DoctorsToYou in New York to their leak site. After they realize the organization is non-profit, they claim to return the data and provide a decryptor.
• Undisclosed organization October 16, 2024 An undisclosed company is hacked after accidentally hiring a North Korean cyber criminal as a remote IT worker.
• Radiant Capital October 16, 2024 More than $50 million worth of cryptocurrency is stolen from decentralized finance platform Radiant Capital.
• Westmoreland County October 16, 2024 • [ social, phishing, government ] Municipal Authority of Westmoreland County officials say the water and sewer utility has recovered more than $826,000 that was stolen in what it called a vendor impersonator scheme.
• Johnson & Johnson October 16, 2024 • [ leak, finance ] Insurance company Johnson & Johnson discloses a data breach impacting the personal information of thousands of people.
• Earth 2 October 16, 2024 In October 2024, 421k unique email addresses from the virtual earth game Earth 2 were derived from embedded Gravatar images. Appearing alongside player usernames, the root cause was related to how Gravatar presents links to avatars as MD5 hashes within consuming services, a feature Earth 2 advised has now been disabled on their platform. This incident did not expose any further personal information, passwords or financial data.
• Central Kentucky Radiology October 16, 2024 • [ data leak, healthcare, PII ] Unauthorized actor accessed CKRs network Oct 1618 2024 and copied files; ~167k people impacted; notifications issued mid-June 2025; data stolen from Lexington-based servers; no encryption or operational shutdown confirmed.
• Goglia Nutrition LLC d/b/a FuturHealth, Inc. October 16, 2024 • [ data leak ] Goglia Nutrition LLC, doing business as FuturHealth Inc., reported a long-running data security incident involving its data hosting environment for the G-Plans personalized nutrition platform. Investigations found that an Undetermined attacker acquired subscriber data on or before October 16, 2024, but FuturHealth did not complete its internal review and begin notifying customers until October 2025. The compromised information consists mainly of subscriber names and health or lifestyle information submitted through G-Plans, while Social Security numbers, driver licenses and financial account details were not involved. FuturHealth has implemented additional security measures and is sending breach notification letters and offering guidance to affected customers.
• Volkswagen Group October 15, 2024 • [ ransomware, malware, manufacturing ] The Volkswagen Group issues a statement after the 8Base ransomware group claims to have stolen valuable information from the carmakers systems.
• AnnieMac Home Mortgage October 15, 2024 • [ leak, finance ] New Jersey-based mortgage loan provider AnnieMac Home Mortgage (American Neighborhood Mortgage Acceptance Company) informs over 171,000 individuals of a recent data breach.