Bcycle
July 6, 2020
•[ financial, leak, malware ]
BCycle, a bicycle sharing service, suffered a malware attack in April and launched an investigation, according to a company letter. The stolen information may have included names, credit card numbers and addresses.
PEI-Genesis, Inc.
July 3, 2020
•[ leak ]
PEI-Genesis, Inc. ("PEI-Genesis") recently announced an event that may have impacted the privacy of personal information relating to certain individuals and businesses.
Wattpad
June 29, 2020
•[ hack, leak, technology ]
In June 2020, the user-generated stories website Wattpad suffered a huge data breach that exposed almost 270 million records. The data was initially sold then published on a public hacking forum where it was broadly shared. The incident exposed extensive personal information including names and usernames, email and IP addresses, genders, birth dates and passwords stored as bcrypt hashes.
Delhi State Health Mission website
June 27, 2020
•[ leak, government ]
The Kerala Cyber Hackers claim they have accessed the personal data of 80,000 COVID-19 patients in New Delhi, in protest at the treatment of healthcare workers.
Brazilian government officials including president Jair Bolsonaro
June 26, 2020
•[ leak, government ]
The Brazilian federal police are investigating the leak of personal details of senior government officials including president Jair Bolsonaro.
Ledger
June 25, 2020
•[ leak, misconfiguration, finance ]
Crypto-wallet firm Ledger reveals a major security breach of its e-commerce and marketing database, resulting in the compromise of one million customer email addresses and the personal details of thousands after the vulnerability was exploited on June 25, 2020.
Havenly
June 25, 2020
•[ leak, retail ]
In June 2020, the interior design website Havenly suffered a data breach which impacted almost 1.4 million members of the service. The exposed data included email addresses, names, phone numbers, geographic locations and passwords stored as SHA-1 hashes, all of which was subsequently shared extensively throughout online hacking communities. The data was provided to HIBP by dehashed.com.
Frost & Sullivan
June 24, 2020
•[ leak, misconfiguration, technology ]
U.S. business consulting firm Frost & Sullivan is breached after data from an unsecured backup folder exposed on the Internet is sold on a hacker forum.
Kreditplus
June 23, 2020
•[ leak, finance ]
In June 2020, the Indonesian credit service Kreditplus suffered a data breach which exposed 896k records containing 769k unique email addresses. The breach exposed extensive personal information including names, family makeup, information on spouses, income and expenses, religions and employment information. The data was provided to HIBP by breachbase.pw.
Not Acxiom
June 21, 2020
•[ leak, misconfiguration, technology ]
In 2020, a corpus of data containing almost a quarter of a billion records spanning over 400 different fields was misattributed to database marketing company Acxiom and subsequently circulated within the hacking community. On review, Acxiom concluded that "the claims are indeed false and that the data, which has been readily available across multiple environments, does not come from Acxiom and is in no way the subject of an Acxiom breach". The data contained almost 52M unique email addresses.
Florida Orthopedic Institute
June 19, 2020
•[ leak, healthcare ]
The Florida Orthopedic Institute warns of a data breach that occured on or around April 9.
LiveAuctioneers
June 19, 2020
•[ leak, misconfiguration, retail ]
In June 2020, the online antiques marketplace LiveAuctioneers suffered a data breach which was subsequently sold online then extensively redistributed in the hacking community. The data contained 3.4 million records including names, email and IP addresses, physical addresses, phones numbers and passwords stored as unsalted MD5 hashes. The data was provided to HIBP by breachbase.pw.
Acuity
June 18, 2020
•[ leak ]
In mid-2020, a 437GB corpus of data attributed to an entity named "Acuity" was created and later extensively distributed. However, the source could not be confidently verified as any known companies named Acuity. The data totalled over 14M unique email addresses with each row containing extensive personal information across more than 400 columns of data including names, phone numbers, physical addresses, genders and dates of birth.
Far Eastern University (FEU)
June 17, 2020
•[ leak, education ]
1,000 student accounts from the Far Eastern University (FEU) are made public, with details such as names, student numbers, and passwords exposed.
www
June 12, 2020
•[ leak, healthcare ]
A data leak that contains sensitive information of 12,472 Indian blood donors is posted on two forums.
puebla
June 12, 2020
•[ hack, ransomware, leak ]
A Russian hacker named m1x breaches a Mexican government web portal (puebla.gob.mx) and three days later once the government refused to pay a ransom, publicly-releases some 14,000 Mexican taxpayer ID numbers.
Bharat Earth Movers Limited (BEML)
June 9, 2020
•[ leak, government ]
Researchers from Cyble report that a threat actor is offering documents of the Indian defence contractor Bharat Earth Movers Limited (BEML) on a dark web black-market.
Preen.Me
June 8, 2020
•[ leak, technology ]
Researchers from Risk Based Security reveal that personal data of an estimated 350,000 social media influencers and users has been accessed and partially leaked following a breach at social media marketing firm Preen.Me.
ST Engineering
June 5, 2020
•[ ransomware, leak, malware ]
The threat actors behind the Maze ransomware steal and leak the data of ST Engineering.
Kentucky Employees' Health Plan (KEHP)
June 2, 2020
•[ leak, healthcare ]
Nearly a thousand members of Kentucky Employees' Health Plan (KEHP) are victims of two connected data breaches that took place in late April and mid-May.
