Directorate General of Population and Civil Registration (Dukcapil)
January 1, 2023
•[ leak, government ]
leaked and published
Seguros Equinoccial
December 28, 2022
•[ ransomware, leak, malware ]
Data from Seguros Equinoccial appear in the Vice Society ransomware leak site.
Undisclosed Company
December 27, 2022
•[ leak, government ]
A cybercrime forum listed for sale what a seller purports to be 30 million passenger records for users of India's railways, including names, email addresses, phone numbers and more.
RailYatri
December 26, 2022
•[ leak, misconfiguration, technology ]
In December 2022, Indias government-approved online travel agency RailYatri suffered a data breach. The incident impacted over 31M customers and exposed 23M unique email addresses. Also impacted were names, genders, phone numbers and tickets purchased, including travel information and fares.
Maybank
December 25, 2022
•[ leak, finance ]
Communications and Digital minister Fahmi Fadzil said his ministry through the Personal Data Protection Department in collaboration with CyberSecurity Malaysia is seeking feedback from Maybank and Astro on the alleged data leaks to ensure the legitimacy of data ownership
Astro
December 25, 2022
•[ leak, misconfiguration, technology ]
A website had listed details of 3.5 million Astro customers.
Election Comission
December 25, 2022
•[ leak, government ]
The Ministry of Communications and Digital (KKD) takes seriously the alleged data leak, via a website on December 25, that allegedly involves Maybank, Astro and the Election Commission (EC).
U.S. Branch of Toyota
December 25, 2022
•[ leak, manufacturing ]
Toyota confirms that customer data was exposed in a third-party data breach after a threat actor leaked an archive of 240GB of stolen data on a hacking forum.
PayPal
December 21, 2022
•[ leak, brute-force, finance ]
PayPal sends out data breach notifications to approximately 35,000 users who had their accounts accessed through credential stuffing attacks that exposed some personal data.
MedInform
December 21, 2022
•[ leak, misconfiguration, finance ]
MedInform files a notice of data breach after learning that an unauthorized user was able to access confidential information belonging to Cleveland Clinic patients that were stored on the company's computer network.
St. Rose Hospital
December 20, 2022
•[ leak, healthcare ]
A listing appeared on a popular forum that offered documents allegedly from St. Rose Hospital in Hayward, California.
Level Travel
December 15, 2022
•[ leak, technology ]
NLB, a Ukrainian-affiliated threat actor, has leaked information of 1.5 million clients of a Russian online platform providing travel services.
SevenRooms
December 15, 2022
•[ leak, technology ]
Restaurant customer management platform SevenRooms confirms it suffered a data breach after a threat actor began selling stolen data on a hacking forum.
Moscow Electronic School Service
December 13, 2022
•[ leak, education ]
NLB, a Ukrainian-affiliated threat actor, has leaked an extensive database containing data of students in educational institutions in Moscow. The leak includes names, birthdays, phone numbers, email addresses, and login details.
Gemini
December 13, 2022
•[ leak, phishing, finance ]
In late 2022, data allegedly taken from the Gemini crypto exchange was posted to a public hacking forum. The data consisted of email addresses and partial phone numbers, which Gemini later attributed to an incident at a third-party vendor (the vendor was not named). The data was provided to HIBP by a source who requested it be attributed to "ZAN @ BF".
