St. Johns River Water Management District
November 1, 2023
•[ leak, government ]
St. Johns River Water Management District, a regulatory agency in Florida that oversees the long-term supply of drinking water, confirms that it responded to a cyberattack after the Cyber Av3ngers said it attacked the organization, providing samples of what it stole.
Clinique
November 1, 2023
•[ leak, manufacturing ]
The Spanish branch of Skincare products maker Clinique, a subsidiary of cosmetics giant Este Lauder, reportedly experiences a significant data breach, with the personal information of over 700,000 customers exposed by a threat actor with the moniker of Pwned.
Western Washington Medical Group
October 26, 2023
•[ healthcare, leak ]
Western Washington Medical Group (WWMG) files a notice of data breach after discovering that an unauthorized party was able to access information that had been entrusted to the company.
Kearny Bank
October 25, 2023
•[ leak, sqlinjection, finance ]
Kearny Bank joins the list of the victims of the massive MOVEit attack.
Airbnb
October 25, 2023
•[ leak, technology ]
A threat actor going by the name 'Sheriff' on the darkweb puts on sale 1.2 million records allegedly stolen from Airbnb, including sensitive details such as names, email addresses, countries of residence, cities, and more.
Fredericksburg Foot & Ankle Center
October 25, 2023
•[ leak, healthcare ]
Fredericksburg Foot & Ankle Center reports a data breach that has affected up to 14,912 individuals.
Rao Hondo College
October 24, 2023
•[ ransomware, leak, malware ]
Rao Hondo College in Southern California is listed in the Lockbit ransomware leak site.
University of Tokyo
October 24, 2023
•[ leak, malware, education ]
A computer at the University of Tokyo is infected with malware, possibly leaking up to 4,341 files containing addresses and grades of students from the academic years of 2003 to 2022.
Dakota Eye Institute
October 23, 2023
•[ leak, healthcare ]
Dakota Eye Institute (DEI) files a notice of data breach after discovering that patients' personal information was compromised following a cyberattack.
Toumei
October 18, 2023
•[ leak ]
In October 2023, the Japanese consultancy firm Toumei suffered a data breach. The breach exposed over 100M lines and 10GB of data including 77k unique email addresses along with names, phone numbers and physical addresses.
Gillette Children's Specialty Healthcare
October 16, 2023
•[ leak, zero-day, healthcare ]
Gillette Children's Specialty Healthcare confirms that the protected health information of 542 patients was compromised as part of the mass exploitation of the zero day vulnerability in Progress Software's MOVEit Transfer application.
Morrison Community Hospital
October 13, 2023
•[ ransomware, leak, malware ]
The ALPHV/BlackCat ransomware group adds the Morrison Community Hospital to its dark web leak site and claims to have stolen 5TB of patients' and employee's information.
Cognisight
October 13, 2023
•[ leak, sqlinjection, healthcare ]
Cognisight files notice of data breach after discovering that the CVE-2023-34362 vulnerability within MOVEit resulted in the exposure of consumers' personal information.
Shadow PC
October 11, 2023
•[ leak, manufacturing ]
Shadow PC, a provider of high-end cloud computing services, warns customers of a data breach that exposed customers' private information, as a threat actor claims to be selling the stolen data for over 500,000 customers.
FBI's Law Enforcement Enterprise Portal (LEEP)
October 3, 2023
•[ leak, government ]
A dark web user dubbed @FEDCREDS is found selling account credentials allegedly from the Law Enforcement Enterprise Portal (LEEP).
Prestige Care and Prestige Senior Living
October 2, 2023
•[ ransomware, leak, healthcare ]
The ALPHV (BlackCat) ransomware lists Prestige Care and Prestige Senior Living in their leak site, claiming to have 260 GB of files.
23andMe
October 2, 2023
•[ leak, brute-force, healthcare ]
23andMe confirms to be aware of user data from its platform circulating on hacker forums and attributes the leak to a credential-stuffing attack.
Cascade Family Dental
October 1, 2023
•[ ransomware, leak, healthcare ]
The Monti ransomware group adds Cascade Family Dental to their leak site
Facebook Marketplace
October 1, 2023
•[ leak, hack, technology ]
In February 2024, 200k Facebook Marketplace records allegedly obtained from a Meta contractor in October 2023 were posted to a popular hacking forum. The data contained 77k unique email addresses alongside names, phone numbers, Facebook profile IDs and geographic locations. The data also contained bcrypt password hashes, although there is no indication these belong to the corresponding Facebook accounts.
Fairmont Federal Credit Union
September 30, 2023
•[ leak, financial, finance ]
Between September 30 and October 18, 2023, Fairmont Federal Credit Union in West Virginia experienced unauthorized access to its internal file servers and databases. Attackers exfiltrated sensitive personal, financial, and limited medical information of about 187,000 members. No data encryption or ransomware activity was reported.
