Elite Fitness
July 5, 2024
•[ ransomware, leak, malware ]
The DragonForce ransomware group says on its leak site that it stole 5.31 gigabytes of data from Elite Fitness, New Zealand's leading fitness equipment retailer.
AnimeLeague
July 4, 2024
•[ leak, sqlinjection, technology ]
In July 2024, AnimeLeague disclosed a data breach of their services. The data was posted for sale on a popular hacking forum and included 2 databases covering both event registration records and a dump of the phpBB bulletin board. The impacted data included passwords in various hashed formats including SHA-1, salted md5 and bcrypt, as well as usernames, private messages, dates of birth, purchases and 192k unique email addresses.
FNTECH
July 4, 2024
•[ leak, technology ]
In July 2024, the events management platform FNTECH suffered a data breach that exposed 10k unique email addresses. The data contained registrants from various events, including participants of the Roblox Developer Conference registration list. The data also included names and IP addresses.
Husky Owners
July 4, 2024
•[ hack, leak ]
In July 2024, the Husky Owners forum website was defaced and linked to a breach of user data containing 16k records. The exposed data included usernames, email addresses, dates of birth and time zones.
Ladies.com
July 3, 2024
•[ leak, misconfiguration, technology ]
In 2024, the lesbian dating website ladies.com suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 119k users of the service including email addresses, photos, sexual orientation, genders, dates of birth and precise latitude and longitude, among other personal attributes. The website was shut down in mid-2024 and the breach later acknowledged by the site operator in December, along with a breach of the "Senior Dating" website run by the same organisation.
Fairfield Memorial Hospital
July 2, 2024
•[ ransomware, leak, malware ]
The LockBit ransomware gang claims to have breached Fairfield Memorial Hospital in Illinois and adds it to their Tor leak site.
Hellenic Cadastre (Greek Land Registry Agency)
July 1, 2024
•[ leak, government ]
The Land Registry agency in Greece announces that it suffered a limited-scope data breach following a wave of 400 cyberattacks targeting its IT infrastructure with the attackers able to steal steal 1.2 GB of data.
Central Tickets
July 1, 2024
•[ leak, misconfiguration, retail ]
In September 2024, data from the ticketing service Central Tickets was publicly posted to a hacking forum. The data suggests the breach occurred several months earlier and exposed 723k unique email addresses alongside names, phone numbers, IP addresses, purchases and passwords stored as unsalted SHA-1 hashes.
Kadokawa
June 28, 2024
•[ ransomware, leak, malware ]
Japanese media giant Kadokawa confirms that some of its data was leaked in a ransomware attack early June 2024. The BlackSuit ransomware gang claims responsibility for the attack.
Landmark Admin
June 27, 2024
•[ leak, finance ]
Life insurance company Landmark Admin sends notifications to an unknown number of individuals about a data breach impacting personal, medical, and insurance information.
SpyX
June 24, 2024
•[ leak, malware, technology ]
In June 2024, spyware maker SpyX suffered a data breach that exposed almost 2M unique email addresses. The breach also exposed IP addresses, countries of residence, device information and 6-digit PINs in the password field. Further, a collection of iCloud credentials likely used to monitor targets directly via the cloud were also in the breach and contained the target's email address and plain text Apple password.
Jollibee Group
June 23, 2024
•[ leak, retail ]
The Jollibee Group begins investigates a cybersecurity incident that may have compromised the records of millions of customers.
Zacks (2024)
June 22, 2024
•[ leak, finance ]
In June 2024, the investment research company Zacks was allegedly breached, and data was later published to a popular hacking forum. This comes after a separate Zacks data breach confirmed by the organisation in 2023 with the subsequent breach disclosing millions of additional records representing a superset of data from the first incident. The 2024 breach included 12M unique email addresses along with IP and physical addresses, names, usernames, phone numbers and unsalted SHA-256 password hashes. Zacks did not respond to multiple attempts to contact them about the incident.
Undisclosed third-party of Accenture
June 20, 2024
•[ leak, misconfiguration, technology ]
A threat actor named '888' claims to have extracted contact details of 33,000 current and former employees of Accenture in a breach that involves a third-party firm.
Z-lib
June 20, 2024
•[ leak, misconfiguration, technology ]
In June 2024, almost 10M user records from Z-lib were discovered exposed online. Now defunct, Z-lib was a malicious clone of Z-Library, a well-known shadow online platform for pirating books and academic papers. The exposed data included usernames, email addresses, countries of residence, Bitcoin and Monero cryptocurrency wallet addresses, purchases and bcrypt password hashes.
Maxicare
June 16, 2024
•[ leak, healthcare ]
The health maintenance organization (HMO) Maxicare reports a data breach affecting the personal information of some 13,000 members.
Keytronic
June 14, 2024
•[ ransomware, leak, malware ]
PCBA manufacturing giant Keytronic warns it suffered a data breach after the Black Basta ransomware gang leaked 530GB of the company's stolen data two weeks ago.
Gramercy Surgery Center
June 14, 2024
•[ leak, healthcare ]
The threat actor(s) known as Everest Team add Gramercy Surgery Center (Gramercy) to its leak site, and claims to have acquired more than 460 GB of files.
Truist Bank
June 13, 2024
•[ hack, leak, finance ]
Truist Bank, a leading U.S. commercial bank, confirms this week that its systems were breached in an October 2023 cyberattack after a threat actor posted some of the company's data for sale on a hacking forum.
mSpy (2024)
June 9, 2024
•[ hack, leak, technology ]
In June 2024, a huge trove of data from spyware maker mSpy was obtained by hacktivists and published online. Comprising of 142GB of user data and support tickets along with 176GB of more than half a million attachments, the data contained 2.4M unique email addresses, IP addresses names and photos. The data was predominantly support tickets seeking help to install the spyware on target devices, whilst the attachments contained various data including screen grans of financial transactions, photos of credit cards and nude selfies.
