Gramercy Surgery Center
June 14, 2024
•[ leak, healthcare ]
The threat actor(s) known as Everest Team add Gramercy Surgery Center (Gramercy) to its leak site, and claims to have acquired more than 460 GB of files.
Truist Bank
June 13, 2024
•[ hack, leak, finance ]
Truist Bank, a leading U.S. commercial bank, confirms this week that its systems were breached in an October 2023 cyberattack after a threat actor posted some of the company's data for sale on a hacking forum.
mSpy (2024)
June 9, 2024
•[ hack, leak, technology ]
In June 2024, a huge trove of data from spyware maker mSpy was obtained by hacktivists and published online. Comprising of 142GB of user data and support tickets along with 176GB of more than half a million attachments, the data contained 2.4M unique email addresses, IP addresses names and photos. The data was predominantly support tickets seeking help to install the spyware on target devices, whilst the attachments contained various data including screen grans of financial transactions, photos of credit cards and nude selfies.
New York Times
June 8, 2024
•[ leak, misconfiguration, technology ]
The New York Times confirms that internal source code and data was leaked on the 4chan message board after being stolen from the company's GitHub repositories in January 2024.
CoinGecko
June 7, 2024
•[ leak, finance ]
CoinGecko, the worlds largest independent cryptocurrency data aggregator, experiences a data breach through its third-party email platform, GetResponse.
Los Angeles Unified School District
June 6, 2024
•[ leak, education ]
Los Angeles Unified School District (LAUSD) officials are investigating a threat actor's claims that they're selling stolen databases containing records belonging to millions of students and thousands of teachers. 24 million records are allegedly compromised.
Dubai Municipality
June 5, 2024
•[ leak, government ]
Daixin Team adds the Dubai Municipality to its dark web leak site.
Advance Auto Parts
June 5, 2024
•[ leak, misconfiguration, automotive ]
In June 2024, Advance Auto Parts confirmed they had suffered a data breach which was posted for sale to a popular hacking forum. Linked to unauthorised access to Snowflake cloud services, the breach exposed a large number of records related to both customers and employees. In total, 79M unique email addresses were included in the breach, alongside names, phone numbers, addresses and further data attributes related to company employees.
Ticketek
May 31, 2024
•[ leak, misconfiguration, retail ]
In May 2024, the Australian event ticketing company Ticketek reported a data breach linked to a third party cloud-based platform. The following month, the data appeared for sale on a popular hacking forum and was later linked to a series of breaches of the Snowflake cloud storage service. The data contained almost 30M rows with 17.6M unique email addresses alongside names, genders, dates of birth and hashed passwords.
Michigan Medicine
May 23, 2024
•[ leak, healthcare ]
Michigan Medicine, the academic medical center of the University of Michigan, notifies roughly 57,000 individuals that their personal and health information might have been compromised in a data breach.
BBC
May 21, 2024
•[ leak, misconfiguration, technology ]
The BBC discloses a data security incident that occurred on May 21, involving unauthorized access to files hosted on a cloud-based service, compromising the personal information of BBC Pension Scheme members.
Patriot Mobile
May 21, 2024
•[ leak, technology ]
U.S. cell carrier Patriot Mobile experiences a data breach that included subscribers personal information, including full names, email addresses, home ZIP codes and account PINs.
Forth
May 21, 2024
•[ leak, finance ]
Debt relief solutions provider Forth (Set Forth) notifies 1.5 million individuals that their personal information was compromised in a May 2024 data breach.
Ticketmaster
May 20, 2024
•[ leak, misconfiguration, technology ]
Live Nation confirms that Ticketmaster suffered a data breach after its data was stolen from a third-party cloud database provider, which is believed to be Snowflake. The data of 560 million users is potentially affected.
Cooler Master
May 18, 2024
•[ leak, manufacturing ]
Computer hardware manufacturer Cooler Master suffers a data breach after a threat actor breached the company's website and claimed to steal the Fanzone member information of 500,000 customers.
Banco Santander
May 14, 2024
•[ leak, misconfiguration, finance ]
Banco Santander announces it suffered a data breach impacting customers after an unauthorized actor accessed a database hosted by one of its third-party service providers. ShinyHunters claims Santander breach, selling data for 30M customers
City of St. Helena
May 13, 2024
•[ leak, government ]
The city of St. Helena notifies 975 people that a May data breach exposed their personal information.
Landmark Admin
May 13, 2024
•[ leak, hack, government ]
Insurance administrative services company Landmark Admin warns that a data breach impacted over 800,000 people from a May cyberattack.
ConnectOnCall (a subsidiary of Phreesia)
May 12, 2024
•[ leak, healthcare ]
Healthcare software as a service (SaaS) company Phreesia notifies over 910,000 people that their personal and health data was exposed in a May breach of its subsidiary ConnectOnCall, acquired in October 2023.
Sumo
May 11, 2024
•[ leak ]
Sumo said that the following customer information was compromised by the breach: names, addresses, dates of birth, phone numbers, credit scores, as well as either passport, Medicare, or drivers licence details.
