Unnamed consulting firm in Japan
February 23, 2021
•[ ransomware, leak, malware ]
An unnamed consulting firm in Japan is hit by ransomware and the personal info of 350 households is leaked.
Bolton Street Pediatrics
February 23, 2021
•[ ransomware, leak, malware ]
Bolton Street Pediatrics files appear on PYSA data leak website, includes medical and personal data for over 1,000 patients.
Ticketcounter
February 22, 2021
•[ leak, misconfiguration, technology ]
In August 2020, the Dutch ticketing service Ticketcounter inadvertently published a database backup to a publicly accessible location where it was then found and downloaded in February 2021. The data contained 1.9M unique email addresses which were offered for sale on a hacking forum and in some cases included names, physical and IP addresses, genders, dates of birth, payment histories and bank account numbers. Ticketcounter was later held to ransom with the threat of the breached being released publicly. The data was provided to HIBP by a source who requested it be attributed to redredred@riseup.net.
Cashalo
February 20, 2021
•[ leak, finance ]
Fintech platform Cashalo is hit with a data breach and the data of 3.3 million users are on sale in the dark web.
Undisclosed French Adult site
February 19, 2021
•[ leak ]
An unknown attacker leaks the data stolen from an undisclosed French Adult site.
50,000 records of French healthcare professionals
February 18, 2021
•[ leak, healthcare ]
The data of 50,000 healthcare French professionals are on-sale in the underground market.
Gemplex
February 18, 2021
•[ leak, misconfiguration ]
In February 2021, the Indian streaming platform Gemplex suffered a data breach that exposed 4.6M user accounts. The impacted data included device information, names, phone numbers, email addresses and bcrypt password hashes.
CityBee
February 17, 2021
•[ leak, automotive ]
Police in Lithuania are investigating after the personal data of 110,000 customer of the CityBee car sharing service is leaked.
Club2Crd
February 16, 2021
•[ hack, leak, technology ]
The Club2Crd cybercrime forum is hacked and member data is leaked.
490,000 French patients
February 14, 2021
•[ leak, healthcare ]
The data of 490,000 French patients are on sale in the black market.
NurseryCam
February 12, 2021
•[ leak, misconfiguration, education ]
In February 2021, a series of egregiously bad security flaws were identified in the NurseryCam system designed for parents to remotely monitor their children whilst attending nursery. The flaws led to the exposure of over 10k parent records before the service was shut down. The email addresses alone were provided to Have I Been Pwned to ensure parents were properly notified of the incident.
Airtel
February 6, 2021
•[ leak, technology ]
Airtel continues to deny that it had a breach affecting more than 2.5 million subscribers' data, despite reports and seeming evidence to the contrary.
Ifmal
February 6, 2021
•[ leak, retail ]
A database containing 200,000 users of Ifmal, a Malaysian e-commerce platform is put on sale on a forum.
CityBee
February 5, 2021
•[ leak, misconfiguration, automotive ]
In February 2021, the Lithuanian car-sharing service CityBee announced they'd suffered a data breach that exposed 110k customers' personal information. The breach exposed names, email addresses, government issued IDs and passwords stored as unsalted SHA-1 hashes.
E-Pay Malaysia
February 4, 2021
•[ leak, finance ]
A significant number of user accounts belonging to local e-payment provider, E-Pay Malaysia has made their way to a popular database marketplace forum. According to the listing, the seller claims that the database which was dated January 2020 contained information belonging to 380,000 accounts.
Stormshield
February 4, 2021
•[ leak, technology ]
French cyber-security firm Stormshield, a major provider of security services and network security devices to the French government, said that a threat actor gained access to one of its customer support portals and stole information on some of its clients. The company is also reporting that attackers managed to steal parts of the source code for the Stormshield Network Security (SNS) firewall.
Emsisoft
February 3, 2021
•[ leak, misconfiguration, technology ]
Antivirus solutions provider Emsisoft reveals last that a third-party had accessed a publicly exposed database containing technical logs.
Nocona General Hospital
February 1, 2021
•[ leak, healthcare ]
The Florida-based Leon Medical Center and Nocona General Hospital in Texas have suffered attacks from hackers that have resulted in extensive information about their patients being published on the internet.
Metromile
February 1, 2021
•[ leak, misconfiguration, finance ]
Car insurance startup Metromile says it has fixed a security flaw on its website that allowed a hacker to obtain driver license numbers.
KomplettFritid
February 1, 2021
•[ leak, misconfiguration, retail ]
In January 2023, the online Norwegian store KomplettFritid was reported as having had a data breach dating back to February 2021. The incident exposed 140k customer records including physical, email and IP addresses, names, phone numbers and passwords. Most passwords were stored as bcrypt hashes with a small number appearing in plain text.
