Cook County Public Health & Human Services
September 11, 2025
•[ insider, healthcare ]
PHHS reported an insider breach in which a now-terminated employee accessed social-services records without authorization; county issued notices and will mail letters to affected individuals; questions directed to county administrator.
Federal Emergency Management Agency (FEMA)
August 29, 2025
•[ hack, insider, misconfiguration ]
DHS revealed on Aug 29, 2025 that a threat actor gained unauthorized access to FEMAs IT systems by exploiting unpatched vulnerabilities, outdated protocols, and lack of multi-factor authentication. No citizen data was stolen or exfiltrated. As a result, 24 FEMA IT employees, including the CIO and CISO, were terminated for negligence in cybersecurity oversight.
Nigerian National Identity Management Commission (NIMC)
August 17, 2025
•[ insider, government ]
Insider breach at Nigerias digital ID system (NIMC) on August 17, 2025 involved a staff member abusing access to extract sensitive personal data tied to national identity numbers. No disruption or encryption reported, only data exfiltration.
Sree Padmanabhaswamy Temple
June 13, 2025
•[ hack, insider, financial ]
On June 13, 2025, the Sree Padmanabhaswamy Temples computer system in Kerala, India, was hacked, suspected to involve a former IT staff member retaining access after transfer. Critical operational and financial records were accessed and tampered with, though no encryption or ransomware-style disruption was reported. The breach was discovered by temple officials and reported to police, with a forensic probe launched.
BitView
December 14, 2024
•[ insider, misconfiguration, technology ]
In December 2024, the video sharing Community BitView suffered a data breach that exposed 63k customer records. Attributed to a backup taken by a previous administrator earlier in the year, the breach exposed email and IP addresses, bcrypt password hashes, usernames, bios, private messages, video comments and for some records, gender, date of birth and country of location.
FinWise
May 31, 2024
•[ insider, finance ]
Former FinWise employee accessed AFF customer files after termination, impacting 689k individuals; discovered June 18, 2025; investigation and credit monitoring offered; multiple lawsuits filed.
Pump.fun
May 16, 2024
•[ insider, financial, finance ]
Solana-based memecoin launchpad Pump.fun says that a former employee was behind an exploit that resulted in the misappropriation of approximately 12,300 SOL, valued at about $1.9 million.
MinnesotaWorks
September 6, 2023
•[ insider, government ]
{"text":"The Department of Employment and Economic Development (DEED) in Minnesota notifies jobseekers of a data breach involving unauthorized access to their personal information at the MinnesotaWorks.net platform, after a person claiming to be an employee allegedly, viewed and copied user resume information without authorization.","hyperlink":"http://minnesotaworks.net/"}
Orqa
April 29, 2023
•[ insider, malware, manufacturing ]
Orqa, a maker of First Person View (FPV) drone racing goggles, claims that a contractor introduced code into its devices' firmware that acted as a time bomb designed to brick them.
DonorView
January 1, 2023
•[ insider ]
poor security
FTX
November 11, 2022
•[ hack, insider, finance ]
FTX, the massive crypto exchange that went bankrupt, suffers a hack exceeding $400 million, probably the work of an insider.
Yandex Food
April 1, 2022
•[ hack, leak, insider ]
Yandex blames one of its employees for the hacking and subsequent leak of data from Yandex Food, a popular food delivery service in Russia.
Conti
February 27, 2022
•[ leak, insider, government ]
A Ukrainian cybersecurity researcher published the biggest leak ever of files and data from Conti following Conti's publicly supporting Russia's invasion of Ukraine. Conti is a syndicate of Russian and Eastern Europe cybercriminals wanted by the FBI for conducting attacks on hundreds of US organizations and causing millions of dollars in losses. The thousands of internal documents and communications leaked include evidence that appears to suggest Conti operatives have contacts within the Russian government, including the FSB intelligence service.
LaRue County High School students
January 6, 2021
•[ insider, leak, education ]
A former Kentucky prinicpal has been ordered to pay $3.6 million for confiscating students' phones, and downloading and trading their nude photos online.
Mobile users in China
December 7, 2020
•[ insider, malware, technology ]
A court in China finds a Gionee subsidiary guilty of intentionally installing malware on millions of smartphones. The company knowingly infected nearly 21.75 million devices with a Trojan and made $4.2 million in profit.
Sherman Independent School District
November 20, 2020
•[ insider, misconfiguration, education ]
The Sherman Independent School District is investigating a data breach after two Sherman High School students accessed private information.
Amazon
October 28, 2020
•[ insider, leak, retail ]
Amazon fires an employee after they disclosed customer emails to an unauthorized third party.
My Health Record
October 28, 2020
•[ insider, healthcare ]
In itsannual report, the Australian Digital Health Agency (ADHA), the agency responsible for oversigth of My Health Record has revealed two incidents that compromised the medical records system during FY 2020. The second incident involved unauthorized access to an individual's My Health Record by a member of the person's treatment team.
Trillium Health
October 28, 2020
•[ insider, healthcare ]
A former technology employee at Trillium Health is accused of accessing the personal information of numerous co-workers and stealing nude photographs and videos of them
