Nemadji Research Corporation
July 11, 2019
•[ social, leak, phishing ]
The personal data of 14,591 L.A. County patients is exposed after an employee of Nemadji Research Corporation, a contractor that identifies and verifies patient eligibility for programs that reimburse care provided by DHS, is victim of a phishing attack.
Vedantu
July 8, 2019
•[ leak, misconfiguration, education ]
In mid-2019, the Indian interactive online tutoring platform Vedantu suffered a data breach which exposed the personal data of 687k users. The JSON formatted database dump exposed extensive personal information including email and IP address, names, phone numbers, genders and passwords stored as bcrypt hashes. When contacted about the incident, Vedantu advised that they were aware of the breach and were in the process of informing their customers.
Maryland Department of Labor
July 5, 2019
•[ leak, government ]
The Maryland Department of Labor (Maryland DoL) publishes a press release explaining that sensitive information of roughly 78,000 customers including names and social security numbers was accessed by an unauthorized party.
Dominion National
June 21, 2019
•[ leak, healthcare ]
Dominion National discloses a breach occurred as early as August 25, 2010. The breach was discovered on April 24, 2019, so ten years later.
SocialEngineered
June 20, 2019
•[ social, hack, leak ]
SocialEngineered.net, a forum dedicated to social engineering announces to have been breached and data from tens of thousands of members leaked online.
Artvalue
June 19, 2019
•[ leak, misconfiguration ]
In June 2019, the France-based art valuation website Artvalue.com left their 158k member subscriber base publicly exposed in a text file on their website. The exposed data included names, usernames, email addresses and passwords stored as MD5 hashes. The site operator did not respond when contacted about the incident, although the exposed file was subsequently removed.
U.S. Customs and Border Protection
June 11, 2019
•[ leak, government ]
The U.S. Customs and Border Protection says that a data breach exposed photos of the faces and license plates for more than 100,000 travelers. The breach is allegedly related to the one suffered by Perceptics earlier this year.
Wiener Büchereien
June 10, 2019
•[ hack, leak, government ]
In June 2019, the library of Vienna (Wiener Bchereien) suffered a data breach. The compromised data included 224k unique email addresses, names, physical addresses, phone numbers and dates of birth. The breached data was subsequently posted to Twitter by the alleged perpetrator of the breach.
Dave East
June 5, 2019
•[ leak ]
Rapper Dave East may have fallen victim to a nude leak after a series of explicit photos purportedly of the rapper emerge online.
Ministry of Intelligence and Security (MOIS) (APT 34 OilRig)
June 3, 2019
•[ leak, hack, malware ]
Jason, a tool for hijacking Microsoft Exchange email accounts allegedly used by the Iran-linked OilRig hacker group is leaked online.
Condo.com
June 1, 2019
•[ leak, misconfiguration, technology ]
In June 2019, now defunct website Condo.com suffered a data breach that was later redistributed as part of a larger corpus of data. The impacted data included 1.5M email addresses alongside names, phone numbers and for a small number of records, physical addresses.
People Inc.
May 30, 2019
•[ leak, healthcare ]
People Inc., a New York non-profit agency, reveals a data breach occurred on February 19, 2019 when two email accounts were compromised.
Iggy Azalea
May 28, 2019
•[ leak ]
Iggy Azalea has deactivated her social media accounts, after her topless photos were leaked online.
Perceptics
May 23, 2019
•[ hack, leak, manufacturing ]
Perceptics, the maker of vehicle license plate readers used by the US government is hacked. Its internal files are leaked and offered for free on the dark web to download.
Italian Union of State Police
May 21, 2019
•[ leak, government ]
In name of #OpPulizia, Anonymous Italia release leaks of the Italian Union of State Police and four additional national organizations.
LibertyBus
May 18, 2019
•[ financial, phishing, leak ]
Passwords and log-in details for hundreds of LibertyBus customers are obtained by attackers, who used a spoof website to divert those wanting to top up their pre-paid cards.
Minehut
May 17, 2019
•[ leak, technology ]
In May 2019, the Minecraft server website Minehut suffered a data breach. The company advised a database backup had been obtained after which they subsequently notified all impacted users. 397k email addresses from the incident were provided to HIBP. A data set with both email addresses and bcrypt password hashes was also later provided to HIBP.
Paterson Public Schools
May 15, 2019
•[ leak, education ]
The Paterson Public Schools is hit by a massive breach: 23,103 account passwords and other computer access tokens are stolen.
American Medical Collection Agency
May 10, 2019
•[ leak, misconfiguration, healthcare ]
A data breach involving a medical collection agency affects more than 200,000 patients who had used the firm's online payment portal between September, 2018 and the beginning of March, 2019. The data is found on the dark web.
Ordine Avvocati di Roma
May 7, 2019
•[ leak, government ]
In May 2019, the Lawyers Order of Rome suffered a data breach by a group claiming to be Anonymous Italy. Data on tens of thousands of Roman lawyers was taken from the breached system and redistributed online. The data included contact information, email addresses and email messages themselves encompassing tens of thousands of unique email addresses. A total of 42k unique addresses appeared in the breach.
