Full List

Search

Recent Breaches

• City of Clark Fork November 15, 2024 • [ social, phishing, government ] The City of Clark Fork is scammed out of half a million dollars by a man posing as its construction contractor.
• Thala November 15, 2024 • [ financial, misconfiguration, finance ] Thala reveals it had suffered a security breach due to an isolated vulnerability related to its v1 farming contracts, which allowed the attacker to withdraw liquidity tokens. The company is able to recover $25.5 million of liquidity pool tokens
• Kumamoto Prefecture Violence Prevention Movement Promotion Center November 15, 2024 • [ social, phishing, government ] The Kumamoto Prefecture Violence Prevention Movement Promotion Center says that 2,500 people who have used its counseling services (which aid with everything from evading extortion to disentangling romantically from Yakuza members) have been impacted by a data breach following a successful phishing attack.
• T-Mobile November 15, 2024 T-Mobile confirms it was hacked in the wave of recently reported telecom breaches conducted by the Chinese threat actors from Salt Typhoon to gain access to private communications, call records, and law enforcement information requests.
• Multiple organizations in Canada November 15, 2024 The Canadian government announces that state-sponsored threat actors from China have been performing broad network scans over the past couple of months, targeting a wide spectrum of organizations.
• The Real World November 15, 2024 In November 2024, the online course founded by Andrew Tate known as "The Real World" (previously "Hustler's University" suffered a data breach that exposed almost 325k users of the platform. The impacted data was limited to usernames, email addresses and chat logs.
• Town of Webster, New York November 15, 2024 • [ financial, social, phishing ] The Town of Webster fell victim to a phishing scam in November 2024, when scammers impersonated a contractor and tricked officials into diverting $520,275.67. Criminal investigation recovered over $300,000, and cyber insurance is expected to cover the remainder. No sensitive or confidential data was compromised.
• PoinCampus November 14, 2024 • [ leak, education ] In November 2024, the South Korean education platform PoinCampus suffered a data breach which was later published to a popular hacking forum. The data included 89k unique email addresses, names and a small number of phone numbers and dates of birth. The data was provided to HIBP by a source who requested it be attributed to "Threat Actor 888".
• LKQ Corporation November 13, 2024 Automobile parts giant LKQ Corporation disclosed that one of its business units in Canada was hacked, allowing threat actors to steal data from the company.
• Pound Road Medical Centre November 13, 2024 • [ ransomware, data leak ] On November 13, 2024, PRMC reported a cyber incident and later Anubis publicly claimed it as a victim, alleging patient data may have been accessed and taken. No public confirmation of encryption or operational disruption was made.
• Northwest Asthma & Allergy Center November 12, 2024 • [ hack, phishing, healthcare ] An unauthorized party accessed an employees email account on November 12, 2024, compromising sensitive patient data at Northwest Asthma & Allergy Center. The breach was discovered and contained by November 13. At least ~1,000 patients were notified by January 2, 2025, and the incident was reported to HHS OCR. Investigation did not find evidence of exfiltration beyond what was accessible via the compromised mailbox.
• DeltaPrime November 11, 2024 • [ financial, finance ] DeltaPrime, the decentralized finance borrowing protocol suffers a cyber attack with a loss of $4.8 million worth of crypto assets.
• Nuclear scientist and senior Israeli officials November 11, 2024 • [ espionage, government ] Threat actors believed to be affiliated with Iranian intelligence expose the personal details of a nuclear scientist who worked at the Soreq Nuclear Research Center, and private photos and emails of senior Israeli officials, including a former Defense Ministry director general.
• Eckerd Youth Alternatives Inc November 11, 2024 • [ unauthorized access, network intrusion, data breach ] Eckerd Connects reported that it observed suspicious activity within its network environment on or around November 11, 2024. In response, it took steps to mitigate the threat (including taking certain systems offline) and engaged outside specialists to investigate. Following an extensive forensic investigation and manual document review, Eckerd Connects determined on November 17, 2025 that personal information may have been accessed or acquired by an unauthorized party during the period from November 3, 2024 through November 11, 2024. Potentially involved data elements include first/last name, address, date of birth, Social Security number, drivers license/state ID number, tax identification number, and medical information.
• Hyp November 10, 2024 • [ financial, ddos, finance ] Devices used across Israel to read credit cards malfunction after a suspected DDoS targets the payment gateway company Hyps CreditGuard product.
• Tibber November 10, 2024 • [ hack, energy ] In November 2024, the German electricity provider Tibber suffered a data breach that exposed the personal information of 50k customers. The data included names, email addresses, geographic locations (city and postcode) and total spend on purchases. The data was provided to HIBP by a source who requested it be attributed to "Threat Actor 888".
• Legends International November 9, 2024 • [ data leak ] On November 9 2024, Legends International detected unauthorized access to its internal systems. The investigation confirmed that an external actor exfiltrated files containing sensitive personal and financial data of employees and customers. No ransomware, encryption, or operational disruption was reported.
• Ahold Delhaize November 8, 2024 • [ hack, retail ] Ahold Delhaize, the Dutch parent company of Stop & Shop, Hannaford, Food Lion, and Giant Food releases a statement warning that it recently discovered a cyberattack within its U.S. network.
• Hungary Defense Procurement Agency November 8, 2024 • [ ransomware, malware, government ] Hungarian officials confirm to local media that the countrys defense procurement agency (VB) was attacked by an international group of hackers. The INC Ransom group claims responsibility for the attack.
• Government Websites and Private Companies in South Korea November 8, 2024 • [ hack, ddos, government ] Pro-Russian hacktivists target South Korea with DDoS attacks as North Korea joins the Ukraine war.