Dedalus Biologie (a division of Dedalus Global[92])
January 1, 2021
•[ leak, misconfiguration, healthcare ]
poor security
Dedalus Biologie (a division of Dedalus Global[95])
January 1, 2021
•[ leak, misconfiguration, healthcare ]
poor security
Knockcrm
December 31, 2020
•[ leak, technology ]
A data broker is selling 368.8 million stolen user records from twenty-six companies on a hacker forum. One of these victims is Knockcrm.com.
ModaOperandi
December 31, 2020
•[ leak, retail ]
A data broker is selling 368.8 million stolen user records from twenty-six companies on a hacker forum. One of these victims is ModaOperandi.com.
Eventials
December 31, 2020
•[ leak, technology ]
A data broker is selling 368.8 million stolen user records from twenty-six companies on a hacker forum. Of these victims, eight are new alleged data breaches including Eventials.com.
Ho Mobile
December 31, 2020
•[ leak, technology ]
The personal data of over 2.5 million customers of Italian phone service company Ho-Mobile, are being sold on the dark web.
Unknown Organization
December 31, 2020
•[ leak, hack, technology ]
A data broker is selling 368.8 million stolen user records from twenty-six companies on a hacker forum. One of these victims is Hybris.com (SAP.com).
MyON
December 31, 2020
•[ leak, hack, technology ]
A data broker is selling 368.8 million stolen user records from twenty-six companies on a hacker forum. Of these victims, eight are new alleged data breaches including MyON.com.
Al-Qard Al-Hassan
December 30, 2020
•[ financial, hack, leak ]
A hacker group called Spiderz claims to have successfully hacked into the Hezbollah's Al-Qard Al-Hassan financial organization and leaks details on depositors and borrowers from the lender.
T-Mobile
December 30, 2020
•[ leak, technology ]
T-Mobile has revealed a data breach that has exposed customers' proprietary network information, including phone numbers and call records. Approximately 200,000 people are affected.
Office of the Washington State Auditor
December 25, 2020
•[ leak, misconfiguration, government ]
Washington's State Auditor office has suffered a data breach that exposed the personal information in 1.6 million employment claims. The Office of the Washington State Auditor ("SAO") states that they suffered a data breach after a threat actor exploited a vulnerability in a secure file transfer service from Accellion.
Aurora Cannabis
December 25, 2020
•[ leak ]
A data breach at Aurora Cannabis has exposed the personal information of an unknown number of the Canadian company's current and former employees.
Freedom Finance
December 24, 2020
•[ leak, finance ]
Russian broker Freedom Finance has admitted to a data leak after the information of 16,000 clients appeared on several shadow forums.
MEO
December 24, 2020
•[ leak, misconfiguration, retail ]
In early 2023, a corpus of data sourced from the New Zealand based face mask company MEO was discovered. Dating back to December 2020, the data contained over 8k customer records including names, addresses, phone numbers and passwords stored as MD5 Wordpress hashes. MEO did not respond to multiple attempts to report the breach.
ELTA Systems Limited
December 21, 2020
•[ leak, hack, government ]
Iranian-linked hackers leaked sensitive data on the dark web. The attack comes in the backdrop of Iranian pledge to retaliate against the killing of key Iranian nuclear scientist Mohsen Fakhrizadhe last month.
NetGalley
December 21, 2020
•[ leak, misconfiguration, technology ]
NetGalley " a website that gives book reviewers pre-release access to new titles " has warned users about a data breach that may have exposed their passwords and other personal data. NetGalley's website was also defaced.
Commport Communications
December 20, 2020
•[ ransomware, leak, malware ]
Lorenz executed exfiltration of data and ransomeware in targeted network. Data presented on dark web "leak site"
MMG Fusion
December 20, 2020
•[ leak, misconfiguration, healthcare ]
In December 2020, the dental practice management service MMG Fusion was the victim of a data breach which exposed 2.6M unique email addresses. The data also included patient appointments, names, phone numbers, dates of birth, genders and physical addresses. A small number of records also included passwords stored as bcrypt hashes.
Koei Tecmo
December 18, 2020
•[ leak, technology ]
Japanese game developer Koei Tecmo suffered a data breach in which a hacker stole a forum database. The attacker attempted to sell the database, but then stated that he leaked it for free because Koei Tecmo failed to follow GDPR guidelines.
Travel Oklahoma
December 17, 2020
•[ leak, government ]
In December 2020, the Oklahoma state Tourism and Recreation Department suffered a data breach. The incident exposed 637k email addresses across a variety of tables including age ranges against brochure orders and dates of birth against contest entries. Genders, names and physical addresses were also exposed. The data was provided to HIBP by a source who requested it be attributed to "badhou3a".
