Greater Amsterdam School District
February 23, 2024
•[ leak, education ]
The Greater Amsterdam School District discloses that a data breach potentially led to the unauthorized access of protected student information.
Maryville
February 21, 2024
•[ leak, healthcare ]
Maryville, which operates several addiction recovery centers around South Jersey, announces it was the victim of a data breach that accessed Social Security numbers and other personal information,
Tangerine
February 18, 2024
•[ leak, misconfiguration, technology ]
In February 2024, the Australian Telco Tangerine suffered a data breach that exposed over 200k customer records. Attributed to a legacy customer database, the data included physical and email addresses, names, phone numbers and dates of birth. Whilst the Tangerine login process involves sending a one-time password after entering an email address and phone number, it previously used a traditional password which was also exposed as a bcrypt hash.
DemandScience (formerly Pure Incubation)
February 15, 2024
•[ leak, government ]
The business contact information for 122 million people circulating since February 2024 is now confirmed to have been stolen from DemandScience, a B2B demand generation platform.
Undisclosed Meta contractor
February 13, 2024
•[ leak, hack, technology ]
The IntelBroker threat actor leals 200,000 records on a hacker forum, claiming they contain the mobile phone numbers, email addresses, and other personal information of Facebook Marketplace users.
Doxbin (TOoDA)
February 12, 2024
•[ leak ]
In February 2025, the "doxing" website Doxbin was compromised by a group calling themselves "TOoDA" and the data dumped publicly. Included in the breach were 336k unique email addresses alongside usernames. The data was provided to HIBP by a source who requested it be attributed to "emo.rip".
Iraq Independent High Electoral Commission (IHEC)
February 12, 2024
•[ leak, government ]
Researchers from Resecurity identify an individual who claimed to be selling a 21.58 database containing information about 24.3 million Iraqi citizens.
Elector
February 12, 2024
•[ government, leak, technology ]
Researchers from Resecurity identify a data leak of 6,453,254 Israeli voter records due to the breach of Elector, an Israeli software application used to manage political campaigns.
Japanese Ministry of Foreign Affairs
February 5, 2024
•[ leak, espionage, government ]
A government source reveals that classified Japanese diplomatic documents were leaked after a Chinese cyberattacks on the Ministry of Foreign Affairs.
State Street
February 4, 2024
•[ leak, finance ]
State Street files a notice of data breach after discovering that an unauthorized party was able to access confidential information in the companys possession.
SurveyLama
February 1, 2024
•[ leak, technology ]
In February 2024, the paid survey website SurveyLama suffered a data breach that exposed 4.4M customer email addresses. The incident also exposed names, physical and IP addresses, phone numbers, dates of birth and passwords stored as either salted SHA-1, bcrypt or argon2 hashes. When contacted about the incident, SurveyLama advised that they had already "notified the users by email".
Hewlett Packard Enterprise
February 1, 2024
•[ leak, technology ]
Hewlett Packard Enterprise (HPE) is investigating a potential new breach after a threat actor put allegedly stolen data up for sale on a hacking forum, claiming it contains HPE credentials and other sensitive information.
Emmanuel College
January 31, 2024
•[ leak, education ]
Emmanuel College files a notice of data breach after discovering that a cybersecurity incident affected the personal information of nearly 90k individuals.
Viamedis
January 31, 2024
•[ leak, healthcare ]
French healthcare services firm Viamedis suffers a cyberattack that exposed the data of policyholders and healthcare professionals in the country.
Spoutible
January 31, 2024
•[ leak, misconfiguration, technology ]
In January 2024, Spoutible had 207k records scraped from a misconfigured API that inadvertently returned excessive personal information. The data included names, usernames, email and IP addresses, phone numbers (where provided to the platform), genders and bcrypt password hashes. The incident also exposed 2FA secrets and backup codes along with password reset tokens.
Bankers Life and Casualty Company
January 30, 2024
•[ leak, finance ]
Bankers Life and Casualty Company files a notice of data breach after discovering that an unauthorized party was able to access personal information that had been entrusted to the company.
Unknown Healthcare organization in Thailand
January 22, 2024
•[ leak, misconfiguration, healthcare ]
A threat actor named Soni posts a leaked database related to healthcare. The data breach consists of 25.5k records of user information including ID, user URL, encrypted passwords (phpass), user emails, login details, account status, display names, registration dates, and user activation keys.
Bangkok Industrial Gas Company Limited
January 22, 2024
•[ leak, energy ]
The Bangkok Industrial Gas Company Limited suffers a leak.
Trello
January 22, 2024
•[ leak, misconfiguration, technology ]
A threat actor with the moniker of 'emo' leaks the private emails of 15,115,516 Trello members, using an exposed Trello API to link private email addresses with Trello accounts, enabling the creation of millions of data profiles containing both public and private information.
Stock trading platform in Thailand
January 22, 2024
•[ leak, finance ]
A threat actor named Ghostr leaks about 186GB of data with 5.3 million records from a stock trading platform.
