Baltimore Archdiocese (via Stinson LLP & BRG)
February 1, 2025
•[ leak, finance ]
Protected survivor data exposed from law firm (Stinson LLP) and financial advisor (BRG) systems supporting Archdiocese bankruptcy cases
Individual
January 27, 2025
•[ social, phishing, finance ]
Police began investigating when a 90-year-old man told authorities he gave $49,900 to a courier purportedly acting on behalf of PayPal. Victim was deceived via fake PayPal email & link leading to remote access of computer/password theft
Let's Secure Insurance Brokers
January 27, 2025
•[ ransomware, finance ]
Let's Secure Insurance Brokers is hit with a ransomware attack.
Individual in Austria
January 26, 2025
•[ financial, phishing, finance ]
Eine Sdoststeirerin hat sich im Jnner an die Polizei gewandt, nachdem sie vermutet hatte, Opfer eines Phishing-Betrugs geworden zu sein. Sie fiel einem Link in einer SMS zum Opfer, eine Betrgerbande behob daraufhin Geld von ihrem Konto. Die Polizei verffentlichte nun Fotos der mutmalichen Betrger aus Wien.
Phemex
January 23, 2025
•[ financial, hack, finance ]
Singapore-based cryptocurrency platform Phemex is forced to pause some of its operations after a suspected cyberattack led to the theft of more than $85 million in digital coins.
Zürcher Kantonalbank (ZKB)
January 21, 2025
•[ hack, ddos, finance ]
Erneut hat die Hackergruppe NoName aus Russland eine Reihe von Schweizer Websites mit DDoS-Attacken lahmgelegt. Der Zeitpunkt der Angriffe hat wohl vor allem mit der Durchfhrung des WEF zu tun.
Multiple organizations in the Crypto Space
January 15, 2025
•[ espionage, financial, finance ]
Researchers at SecurityScorecard uncovered Operation 99, a campaign by the Lazarus Group, North Koreas state-sponsored hacking unit, targeting software developers looking for freelance Web3 and cryptocurrency work.
The Idols NFT
January 15, 2025
•[ financial, hack, finance ]
The Idols NFT contract on Ethereum suffers an exploit resulting in a loss of approximately $340K.
Bank of America
January 10, 2025
•[ leak, finance ]
Bank of America notifies 414 individuals that their names, addresses, phone numbers, passport numbers, Social Security numbers, and their mortgage load numbers might have been compromised in a data breach at an unnamed third-party provider.
Moby Trade
January 8, 2025
•[ financial, hack, finance ]
Moby Trade is the victim of a $2.5 million hack exploiting a compromised private key. However, a mistake by the attacker allows a whitehat to steal $1.5 million back and return it to the protocol.
Orange Finances
January 8, 2025
•[ financial, hack, finance ]
Orange Finances announces that a threat actor compromised the admin address, upgraded contracts, and transferred funds to their wallet for an estimated loss of more than $840K.
Federal Board of Revenue
January 1, 2025
•[ hack, finance ]
hacked
Mitsubishi UFJ Financial Group (MUFG Bank)
January 1, 2025
•[ ddos, finance ]
MUFG faced a temporary outage in internet banking services, which was later attributed to a suspected distributed denial-of-service (DDoS) attack.
Mizuho Bank
January 1, 2025
•[ financial, hack, ddos ]
Mizuho Bank, Japan's third largest financial company, suffers a denial-of-service attack that disrupts online banking services for three hours.
Habib Bank Limited
January 1, 2025
•[ hack, finance ]
hacked
Italian banks
January 1, 2025
•[ hack, ddos, finance ]
Pro-Russia threat actors from Noname057(16) target again Italian ministries, institutions, critical infrastructures websites and private organizations in coincidence with the visit of Ukrainian President Volodymyr Zelensky to Italy.
Resona Bank
January 1, 2025
•[ hack, ddos, finance ]
Osaka-based Resona Bank says a DDoS attack resulted in a network malfunction and impacted the functioning of its customer-facing My Gate application. The parent company Resona Holdings confirms the incident temporarily disrupted services at other company-owned banks, including Minato Bank, Kansai Mirai Bank and Saitama Resona Bank.
Fondo Genesis (MetLife)
December 31, 2024
•[ ransomware, malware, finance ]
The ransomware group RansomHub claims responsibility for a breach of MetLife's operations in Latin America. MetLife denies the allegations, acknowledging a separate cyber incident involving Fondo Genesis, a subsidiary operating solely in Ecuador. Claims to have exfiltrated 1TB of data.
Trusteed Plans Service Corporation
December 26, 2024
•[ leak, finance ]
TPSC detected a breach on 12/26/2024; investigation found unauthorized access and data acquisition. A data review completed 08/07/2025 identified 19,775 impacted individuals. Notices sent 09/1509/16/2025 detail exposure of PII/PHI (DOB, SSN, health info; sometimes insurance IDs). No outage or misuse evidence reported.
Crown Mortgage Company
December 20, 2024
•[ ransomware, finance ]
Unauthorized access was discovered on Dec 20, 2024, at Crown Mortgage Company, exposing customer names and Social Security numbers. Breach notifications were sent on Jan 2, 2025, and the company offered 24 months of identity monitoring. A ransomware group has claimed responsibility, but this remains unconfirmed.
