Syracuse University
September 24, 2020
•[ hack, leak, phishing ]
The names and Social Security numbers of about 9,800 Syracuse University students, alumni and applicants have been exposed after someone gained unauthorized access to an employee's email account.
Games Box
September 21, 2020
•[ leak, misconfiguration, technology ]
In September 2020, now defunct website Games Box suffered a data breach that was later redistributed as part of a larger corpus of data. The impacted data included 1.4M email addresses alongside usernames, genders, ages and passwords stored as either a hash or plain text.
Belarusian police officers
September 19, 2020
•[ leak, government ]
A group of hackers has leaked the names and personal details of more than 1,000 high-ranking Belarusian police officers in response to violent police crackdowns against anti-government demonstrations.
Horse Isle
September 19, 2020
•[ leak, misconfiguration ]
In June 2020 then again in September that same year, Horse Isle "The Secrent Land of Horses" suffered a data breach. The incident exposed 28k unique email addresses along with names, usernames, IP addresses, genders, purchases and plain text passwords. The system also stored and exposed failed password attempts for each user with the password retained in plain text.
University Hospital New Jersey
September 15, 2020
•[ ransomware, leak, malware ]
University Hospital New Jersey (UHNJ) has suffered a massive data leak with over 48,000 documents floating on the dark web after a ransomware attack.
Overseas Express Shipping Company
September 14, 2020
•[ ransomware, leak, malware ]
LockBit announces its entry into the ransomware "big leagues" by launching its own blog and publishing a database from Overseas Express Shipping Company.
Shopper+
September 14, 2020
•[ leak, retail ]
In March 2023, "Canada's online shopping mall" Shopper+ disclosed a data breach discovered on a public hacking forum. The breach dated back to September 2020 and included 878k customer records with email and physical addresses, names, phone numbers and in some cases, genders and dates of birth.
AspenPointe
September 12, 2020
•[ hack, leak, healthcare ]
AspenPointe, a Colorado provider of outpatient and inpatient crisis, mental health, substance abuse, and behavioral services suffered a data breach in September that involved the exfiltration of certain information including name, date of birth, Social Security number, driver's license number, and/or bank account information.
Secure Data Technologies, Inc.
September 11, 2020
•[ hack, insider, leak ]
Secure Data Technologies, Inc. sued a former employee for hacking the company's emai system and removing confidential and proprietary information.
Fairfax County Public Schools
September 11, 2020
•[ ransomware, leak, malware ]
There was nothing on the homepage of Fairfax County Public Schools in Virginia that would indicate any cyberattack or problem, but the ransomware threat actors known as Maze had listed the FCPS on its leak site this week and provided some files as proof of access/acquisition.
Guthrie Clinic
September 9, 2020
•[ leak, healthcare ]
Guthrie Clinic is hit by the Blackbaud data breach and 92,064 patients are affected.
Northwestern Memorial HealthCare
September 8, 2020
•[ leak, healthcare ]
Northwestern Memorial HealthCare has notified the U.S. Department of Health and Human Services about a data breach, which the provider says was initiated via one of its vendors, Blackbaud.
Planned Parenthood of Metropolitan Washington, D.C
September 3, 2020
•[ leak, healthcare ]
Planned Parenthood of Metropolitan Washington, D.C., on Friday reveals it had a breach of patient information last fall.
Staples
September 2, 2020
•[ leak, retail ]
Giant office retail company Staples informed some of its customers that data related to their orders has been accessed without authorization.
Hopamedia
August 30, 2020
•[ leak, misconfiguration, technology ]
In 2024, data relating to an unknown service referred to as "Hopamedia" and dating back to 2020 appeared in a publicly exposed database. The data included almost 24M records of email address, name, phone number, the country of the individual and their telecommunications carrier.
Livpure
August 29, 2020
•[ leak, retail ]
In August 2020, the Indian retailer Livpure suffered a data breach which exposed over 1 million customer purchases with 270 thousand unique email addresses. The data also included names, phone numbers, physical addresses and details of purchased items. The data was provided to HIBP by a source who requested it be attributed to "white_peacock@riseup.net".
Clark County School District
August 28, 2020
•[ leak, education ]
Clark County schools in Las Vegas notify parents of a "data security incident" involving district computers.
Tesla's Nevada Gigafactory
August 28, 2020
•[ ransomware, insider, leak ]
The FBI thwarted the plans of 27-year-old Russian national Egor Igorevich Kriuchkov to recruit an insider within Tesla's Nevada Gigafactory, persuade him to plant malware on the company's network, and then ransom Tesla under threat that he would leak data stolen from their systems.
New South Wales drivers
August 26, 2020
•[ leak, government ]
A data leak containing 54,000 scanned New South Wales (NSW) driver's licenses and various tolling notice statutory declarations was discovered by security researcher Bob Diachenko last week.
Utah Gun Exchange
August 17, 2020
•[ leak, retail ]
Earlier this month, datasets containing over 240,000 records of the Utah Gun Exchange website were posted openly on a popular hacking forum.
