French Citizens
September 25, 2024
•[ leak, misconfiguration, finance ]
In September 2024, over 90M rows of data on French Citizens was found left exposed in a publicly facing database. Compiled from various data breaches, the corpus contained 28M unique email addresses with the various source breaches each exposing different fields including name, physical and IP address, phone number and partial credit card data including payment type and last 4 digits.
Deloitte
September 24, 2024
•[ leak, misconfiguration, technology ]
The threat actor known as IntelBroker announces late last week on the BreachForums cybercrime forum the availability of internal communications obtained from Deloitte, specifically an internet-exposed Apache Solr server that was accessible with default credentials. However the company replies that there is no thret to sensitive data.
U.S. Capitol
September 24, 2024
•[ leak, government ]
The personal information of over 3,000 congressional staffers is leaked on the dark web following a major breach on the U.S. Capitol.
Dell
September 19, 2024
•[ leak, technology ]
Dell confirms to be investigating recent claims that it suffered a data breach after a threat actor dubbed "grep" leaked the data for over 10,000 employees.
Regional Care
September 18, 2024
•[ leak, healthcare ]
Nebraska-based healthcare insurance firm Regional Care discloses a data breach impacting more than 225,000 individuals as a result of an incident identified in mid-September 2024.
Muah.AI
September 17, 2024
•[ leak, technology ]
In September 2024, the "AI girlfriend" website Muah.AI suffered a data breach. The breach exposed 1.9M email addresses alongside prompts to generate AI-based images. Many of the prompts were highly sexual in nature, with many also describing child exploitation scenarios.
Experience Engine
September 16, 2024
•[ leak, technology ]
The threat actor known as IntelBroker claims to have breached the UK-based company Experience Engine, allegedly exposing sensitive data. The hacker is selling the data on an online forum, raising concerns about data security for affected clients and businesses.
Kawasaki Motors Europe
September 13, 2024
•[ ransomware, leak, manufacturing ]
Kawasaki Motors Europe announces that it's recovering from a cyberattack that caused service disruptions as the RansomHub ransomware gang threatens to leak 487 GB of stolen data.
Fortinet
September 12, 2024
•[ leak, misconfiguration, technology ]
Fortinet confirms it suffered a data breach after a threat actor with the moniker of "Fortibitch" claims to have stolen 440GB of files from the company's Microsoft Sharepoint server.
Boulanger
September 8, 2024
•[ leak, retail ]
Boulanger, a French retailer, says in a statement that threat actors accessed customers' delivery addresses but no banking data was leaked.
Framingham Heart Study, managed by Boston University
September 8, 2024
•[ leak, education ]
Boston Universitys renowned Framingham Heart Study (FHS) is breached by threat actors, who gained access to the data of participantsboth living and deceasedof the countrys longest running, multigenerational heart study.
Physical Medicine & Rehabilitation Center
September 6, 2024
•[ leak, healthcare ]
The Physical Medicine & Rehabilitation Center posts a notice on its website about an incident in July that affected patients at their New Jersey and New York locations. The Meow Leaks claims responsibility for the attack.
Boulanger
September 6, 2024
•[ hack, leak, retail ]
In September 2024, French electronics retailer Boulanger suffered a data breach that exposed over 27M rows of data. The data included 2M unique email addresses along with names, physical addresses, phone numbers and latitude and longitude. The data was later publicly published to a popular hacking forum. The data was provided to HIBP by a source who requested it be attributed to "leidhall".
Cisco
September 4, 2024
•[ leak, malware, technology ]
Ciscos site for selling company-themed merchandise is offline and under maintenance due to threat actors compromising it with JavaScript code that steals sensitive customer details provided at checkout exploiting CVE-2024-34102.
VK
September 3, 2024
•[ leak, technology ]
A threat actor using the alias HikkI-Chan leaks the personal details of over 390 million VK users (specifically, 390,425,719) on the notorious cybercrime and hacker platform Breach Forums. The data was stolen from a third-party.
Tracelo
September 2, 2024
•[ leak, technology ]
A threat actor using the alias Satanic claims to have breached Tracelo, a smartphone geolocation tracking service. As a result, the hacker has leaked the personal details of over 1.4 million individuals (1,459,014) on the notorious Breach Forums.
Australian Cancer Research Foundation
August 30, 2024
•[ leak, healthcare ]
The Australian Cancer Research Foundation (ACRF) sent an email to its donors late on Friday afternoon, 30 August, warning them of a data security incident.
NHS
August 29, 2024
•[ leak, healthcare ]
Several NHS staff in Scotland have had their mobile phone numbers revealed in a cyber security incident involving a third-party supplier to several health boards.
MC2 Data
August 18, 2024
•[ leak, misconfiguration, technology ]
In August 2024, data aggregator MC2 Data left a database publicly accessible without a password which was subsequently discovered by a security researcher. The breach exposed the personal information of 2.1M subscribers to the service which was marketed under a series of different brand names. The data included email addresses, names and salted SHA-256 password hashes.
Explore Talent (August 2024)
August 15, 2024
•[ leak, misconfiguration, technology ]
In August 2024, a slew of security vulnerabilities were identified with a conglomerate of online services which included the talent network Explore Talent. A vulnerable API exposed the personal records of 11.4M users of the service of which 8.9M unique email addresses were provided to HIBP. This incident is separate to the Explore Talent breach which occurred in 2022 and was loaded into HIBP in July 2024.
