Switch
October 1, 2024
•[ leak, misconfiguration, technology ]
In October 2024, the Hungarian IT headhunting service Switch inadvertently exposed thousands of customer records via a public GitHub repository. The exposed data contained job applications with names, email addresses and in some cases, commentary on the applicant.
Dell
September 25, 2024
•[ leak, technology ]
The threat actor going by the handle of 'grep' claims to have breached Dell for the third time and leaks 500 MB of sensitive data.
French Citizens
September 25, 2024
•[ leak, misconfiguration, finance ]
In September 2024, over 90M rows of data on French Citizens was found left exposed in a publicly facing database. Compiled from various data breaches, the corpus contained 28M unique email addresses with the various source breaches each exposing different fields including name, physical and IP address, phone number and partial credit card data including payment type and last 4 digits.
Deloitte
September 24, 2024
•[ leak, misconfiguration, technology ]
The threat actor known as IntelBroker announces late last week on the BreachForums cybercrime forum the availability of internal communications obtained from Deloitte, specifically an internet-exposed Apache Solr server that was accessible with default credentials. However the company replies that there is no thret to sensitive data.
U.S. Capitol
September 24, 2024
•[ leak, government ]
The personal information of over 3,000 congressional staffers is leaked on the dark web following a major breach on the U.S. Capitol.
Dell
September 19, 2024
•[ leak, technology ]
Dell confirms to be investigating recent claims that it suffered a data breach after a threat actor dubbed "grep" leaked the data for over 10,000 employees.
Regional Care
September 18, 2024
•[ leak, healthcare ]
Nebraska-based healthcare insurance firm Regional Care discloses a data breach impacting more than 225,000 individuals as a result of an incident identified in mid-September 2024.
Muah.AI
September 17, 2024
•[ leak, technology ]
In September 2024, the "AI girlfriend" website Muah.AI suffered a data breach. The breach exposed 1.9M email addresses alongside prompts to generate AI-based images. Many of the prompts were highly sexual in nature, with many also describing child exploitation scenarios.
Experience Engine
September 16, 2024
•[ leak, technology ]
The threat actor known as IntelBroker claims to have breached the UK-based company Experience Engine, allegedly exposing sensitive data. The hacker is selling the data on an online forum, raising concerns about data security for affected clients and businesses.
Kawasaki Motors Europe
September 13, 2024
•[ ransomware, leak, manufacturing ]
Kawasaki Motors Europe announces that it's recovering from a cyberattack that caused service disruptions as the RansomHub ransomware gang threatens to leak 487 GB of stolen data.
Fortinet
September 12, 2024
•[ leak, misconfiguration, technology ]
Fortinet confirms it suffered a data breach after a threat actor with the moniker of "Fortibitch" claims to have stolen 440GB of files from the company's Microsoft Sharepoint server.
Boulanger
September 8, 2024
•[ leak, retail ]
Boulanger, a French retailer, says in a statement that threat actors accessed customers' delivery addresses but no banking data was leaked.
Framingham Heart Study, managed by Boston University
September 8, 2024
•[ leak, education ]
Boston Universitys renowned Framingham Heart Study (FHS) is breached by threat actors, who gained access to the data of participantsboth living and deceasedof the countrys longest running, multigenerational heart study.
Physical Medicine & Rehabilitation Center
September 6, 2024
•[ leak, healthcare ]
The Physical Medicine & Rehabilitation Center posts a notice on its website about an incident in July that affected patients at their New Jersey and New York locations. The Meow Leaks claims responsibility for the attack.
Boulanger
September 6, 2024
•[ hack, leak, retail ]
In September 2024, French electronics retailer Boulanger suffered a data breach that exposed over 27M rows of data. The data included 2M unique email addresses along with names, physical addresses, phone numbers and latitude and longitude. The data was later publicly published to a popular hacking forum. The data was provided to HIBP by a source who requested it be attributed to "leidhall".
Cisco
September 4, 2024
•[ leak, malware, technology ]
Ciscos site for selling company-themed merchandise is offline and under maintenance due to threat actors compromising it with JavaScript code that steals sensitive customer details provided at checkout exploiting CVE-2024-34102.
VK
September 3, 2024
•[ leak, technology ]
A threat actor using the alias HikkI-Chan leaks the personal details of over 390 million VK users (specifically, 390,425,719) on the notorious cybercrime and hacker platform Breach Forums. The data was stolen from a third-party.
Tracelo
September 2, 2024
•[ leak, technology ]
A threat actor using the alias Satanic claims to have breached Tracelo, a smartphone geolocation tracking service. As a result, the hacker has leaked the personal details of over 1.4 million individuals (1,459,014) on the notorious Breach Forums.
Australian Cancer Research Foundation
August 30, 2024
•[ leak, healthcare ]
The Australian Cancer Research Foundation (ACRF) sent an email to its donors late on Friday afternoon, 30 August, warning them of a data security incident.
NHS
August 29, 2024
•[ leak, healthcare ]
Several NHS staff in Scotland have had their mobile phone numbers revealed in a cyber security incident involving a third-party supplier to several health boards.
