Renton School District
August 3, 2023
•[ ransomware, data leak ]
Washington school district listed by Akira with threats to leak stolen data
Wojeski & Company
July 28, 2023
•[ ransomware, phishing, data leak ]
NY AG says Wojeski suffered a phishing-led ransomware incident that locked access to files, followed by a second breach when a vendors employee improperly accessed and exfiltrated client data. Notifications lagged by over a year. Settlement requires encryption, inventorying locations of personal data, stronger access controls, vulnerability management, and a formal IR plan; $60,000 penalty and credit monitoring for affected New Yorkers.
RadÃÆ'Ã'ÂÂÂ
June 20, 2023
•[ data leak, Breach Forums, database ]
A database with 25,000 records of the Italian jewelry firm Rad'', is published on Breach Forums.
Belgian State Security Service (VSSE)
May 31, 2023
•[ data leak, nation-state attack, vulnerability exploit ]
China-linked threat actors compromised VSSEs Barracuda Email Security Gateway between February 2021 and May 2023, exfiltrating around 10% of all staff email communications and employee personal data. No encryption or operational disruption was reported.
Prizm Media Inc.
April 28, 2023
•[ data leak ]
Investigation notice details Prizm Media email breach affecting PHI and PII.
VisitFaroeIslands.com
March 4, 2023
•[ defacement, data leak, employee data ]
The SeigedSec hacking group claims to have defaced the tourist website for the Faroe Islands '" a self-governing territory of the Kingdom of Denmark '" and to have stolen employee data and other sensitive information.
AssociaÃÆ'Ã'§ÃÆ'Ã'£o de Advogados de SÃÆ'Ã'£o Paulo (AASP)
February 22, 2023
•[ ransomware, data leak, personal information ]
The Ragnar Locker ransomware gang leaks 200 GB of files from the Associa o de Advogados de S''o Paulo (AASP) plus numerous screenshots with personal information after the association denies it was hacked.
Christensen Group Insurance
October 10, 2022
•[ phishing, data leak ]
Company posted 24-02-2025 notice about 2022 email-account breach; data breach letters now being sent.
Government Communications Headquarters
August 24, 2022
•[ insider threat, data leak ]
Former intern admitted unauthorized transfer of top secret data from Gchq.
iMenu360
August 11, 2022
•[ data leak, customer records, PII ]
In approximately late 2022, 3.4M customer records from iMenu360 ("The world's #1 most trusted online ordering platform") were exposed. The data appeared to be from ordering systems using the platform and contained email and physical addresses, latitudes and longitudes, names and phone numbers. Numerous attempts were made to contact iMenu360 about the incident between April and August 2023, but no response was received.
Advanced Computer Software Group Ltd
August 4, 2022
•[ ransomware, data leak ]
Ico fined Advanced after 2022 ransomware that disrupted Nhs services and leaked data.
Vultr
July 8, 2022
•[ data leak, third-party ]
In March 2023, the "AI-first global cloud platform" Vultr disclosed a security incident at a third-party vendor. Dating back to the previous year, the incident was attributed to the ActiveCampaign email marketing service provider and resulted in the exposure of 188k unique email addresses. A small number of records also included name, IP address and country of origin. No Vultr systems or additional customer data were impacted. Vultr subsequently self-submitted the impacted data to HIBP.
Russian Ministry of Construction, Housing and Utilities (minstroyrf.gov.ru)
June 4, 2022
•[ hacking, defacement, ransomware ]
The Russian Ministry of Construction, Housing and Utilities (minstroyrf.gov.ru) is hacked. When searched on the internet, the site's address leads to a sign in the Ukrainian language that read- Glory to Ukraine.'' The attackers also demanded ransom to prevent the leaking of personal data of the site users.
Russian Ministry of Construction, Housing and Utilities (minstroyrf.gov.ru)
June 4, 2022
•[ hack, defacement, ransom ]
The Russian Ministry of Construction, Housing and Utilities (minstroyrf.gov.ru) is hacked. When searched on the internet, the sites address leads to a sign in the Ukrainian language that read- Glory to Ukraine.'' The attackers also demanded ransom to prevent the leaking of personal data of the site users.
Медицинская лаборатория Гемотест (Gemotest)
April 22, 2022
•[ data leak ]
In April 2022, Russian pharmaceutical company Gemotest suffered a data breach that exposed 31 million patients. The data contained 6.3 million unique email addresses along with names, physical addresses, dates of birth, passport and insurance numbers. Gemotest was later fined for the breach.
KinoKong
March 25, 2021
•[ data leak ]
In March 2021, the Russian online streaming service KinoKong suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed over 800k unique email addresses along with names, usernames, IP addresses and MD5 password hashes.
Windows93 / Myspace93
January 1, 2021
•[ data leak, plaintext passwords, credential theft ]
In January 2021, trusted members of the Windows93 Discord community allegedly abused access to a Myspace93 beta application to exploit and download server files, including an unencrypted credential store. The compromised data was later leaked in June 2021 and contained 46,105 Myspace93 accounts with usernames, plaintext passwords, email addresses, and IP addresses.
Westend Dental
October 20, 2020
•[ ransomware, data leak, exposed PHI ]
A ransomware attack attributed to Medusa Locker encrypted patient data on Westend Dentals servers in October 2020. The breach went unreported for years, leading to a 20242025 Indiana AG and HHS settlement requiring patient notification. There is no clear evidence of exfiltration beyond encryption, but PHI exposure was confirmed.
Utair
March 21, 2019
•[ data leak ]
In August 2020, news broke of a data breach of Russian airline Utair that dated back to the previous year. The breach contained over 400k unique email addresses along with extensive personal information including names, physical addresses, dates of birth, passport numbers and loyalty program details.
Knuddles.de
November 23, 2018
•[ hack, data leak, social network ]
Following a hack that resulted in leaking about 808,000 email addresses and over 1.8 million usernames and passwords, a social network website in Germany received a fine of EUR 20,000 from the Baden-W rttemberg Data Protection Authority.
