Firstmac Limited
May 1, 2024
•[ leak, finance ]
Firstmac Limited warns customers that it suffered a data breach a day after the new Embargo cyber-extortion group leaked over 500GB of data allegedly stolen from the firm.
City of Helsinki
April 30, 2024
•[ leak, education ]
The City of Helsinki discloses it is investigating a data breach in its education division, which it discovered in late April 2024, impacting tens of thousands of students, guardians, and personnel.
Sport 2000
April 18, 2024
•[ leak, retail ]
In April 2024, the French sporting equipment manufacturer Sport 2000 announced it had suffered a data breach. The data was subsequently put up for sale on a popular hacking forum and included 4.4M rows with 3.2M unique email addresses alongside names, physical addresses, phone numbers, dates of birth and purchases made by store name. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".
Argentina's driver licenses
April 16, 2024
•[ hack, leak, government ]
A threat actor allegedly hacks a database holding 5.7M Argentinas drivers licenses, requesting a payment of $3,000 USD for whoever wishes to purchase the images of Argentine licenses.
Albatross
April 15, 2024
•[ hack, leak, manufacturing ]
Ukrainian hackers from Cyber Resistance claim to have breached the Russian drone developer Albatross, leaking 100 gigabytes of data, including internal documentation, technical data and drawings of various types of unmanned aerial vehicles.
MovieBoxPro
April 15, 2024
•[ leak, misconfiguration, technology ]
In April 2024, over 6M records from the streaming service MovieBoxPro were scraped from a vulnerable API. Of questionable legality, the service provided no contact information to disclose the incident, although reportedly the vulnerability was rectified after being mass enumerated.
Le Slip Français
April 13, 2024
•[ leak, retail ]
In April 2024, the French underwear maker Le Slip Franais suffered a data breach. The breach included 1.5M email addresses, physical addresses, names and phone numbers.
Form I-9 Compliance
April 12, 2024
•[ leak ]
Employee eligibility verification solutions provider Form I-9 Compliance suffers a data breach and its impact is far bigger than initially believed, reaching 190,000 people.
National Public Data
April 9, 2024
•[ leak, technology ]
In April 2024, a large trove of data made headlines as having exposed "3 billion people" due to a breach of the National Public Data background check service. The initial corpus of data released in the breach contained billions of rows of personal information, including US social security numbers. Further partial data sets were later released including extensive personal information and 134M unique email addresses, although the origin and accuracy of the data remains in question. This breach has been flagged as "unverified" and a full description of the incident is in the link above.
Home Depot
April 6, 2024
•[ leak, misconfiguration, retail ]
Home Depot confirms that it suffered a data breach after one of its SaaS vendors mistakenly exposed a small sample of limited employee data, which could potentially be used in targeted phishing attacks.
boAt
April 5, 2024
•[ leak, retail ]
A threat actor, with the moniker "ShopifyGUY," leaks personal information belonging to 7.5 million of customers of boAt, a consumer electronics company in India.
Diabetes WA
April 2, 2024
•[ leak, healthcare ]
Diabetes WA discloses a data breach affecting people who engaged with its telehealth service.
City of Hope
April 2, 2024
•[ leak, healthcare ]
Cancer treatment and research center City of Hope warns that a data breach exposed the sensitive information of over 820,000 patients.
Undisclosed organizations in El Salvador
April 1, 2024
•[ leak ]
Researchers from Resecurity identify a massive leak of the personally identifiable information (PII) of over five million citizens from El Salvador on the Dark Web, impacting more than 80% of the countrys population.
Nottingham Rehab Supplies Healthcare
March 30, 2024
•[ ransomware, leak, malware ]
Multiple UK councils warned that citizens personal data may have been breached following a ransomware attack on a medical equipment supplier Nottingham Rehab Supplies (NRS) Healthcare. RansomHub said it successfully breached the firm on 30 March, stealing hundreds of thousands of sensitive documents.
"More than 600k private documents was downloaded, including: Accounting, HR, Financial reports, Reception, Contracts and much more, the group said on its leak site.
Samsung Germany Customer Tickets
March 30, 2024
•[ leak, malware, technology ]
In March 2025, data from Samsung Germany was compromised in a data breach of their logistics provider, Spectos. Allegedly due to credentials being obtained by malware running on a Spectos employee's machine, the breach included 216k unique email addresses along with names, physical addresses, items purchased from Samsung Germany and related support tickets and shipping tracking numbers.
Giant Tiger
March 25, 2024
•[ leak, retail ]
A threat actor claims responsibility for a data breach to Giant Tiger and leaks 2.8 million customer records on a forum.
boAt
March 25, 2024
•[ leak, manufacturing ]
In March 2024, the Indian audio and wearables brand boAt suffered a data breach that exposed 7.5M customer records. The data included physical and email address, names and phone numbers, all of which were subsequently published to a popular clear web hacking forum.
Emergency Medical Services Authority
March 22, 2024
•[ leak, malware, healthcare ]
Emergency Medical Services Authority (EMSA) says, it identified suspicious activity in its IT network and is mailing letters to patients whose information may have been involved.
KIM
March 20, 2024
•[ leak, technology ]
The Russian threat actors from UAC-0165 disrupts the network of KIM, a local ISP in Ukraine and claims to have obtained the client database and internal documentation.
