Email
April 5, 2020
•[ leak, technology ]
The data of more than 600,000 Email.it users is currently being sold on the dark web. The breach allegedly occurred two years ago.
Puget Sound Educational Service District
April 5, 2020
•[ leak, misconfiguration, education ]
The Puget Sound Educational Service District (PSESD) sends out a notice to current and former students, and employees of King and Pierce County Schools, after learning of a data breach within their computer network.
HomeRefill
April 2, 2020
•[ leak, retail ]
In April 2020, now defunct Brazilian e-commerce platform HomeRefill suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 187k unique email addresses along with names, phone numbers, dates of birth and salted password hashes.
Ticketclub
April 1, 2020
•[ leak ]
Bl@ckt0r drops data on leak site.
Teespring
April 1, 2020
•[ leak, retail ]
In April 2020, the custom printed apparel website Teespring suffered a data breach that exposed 8.2 million customer records. The data included email addresses, names, geographic locations and social media IDs.
Glofox
March 27, 2020
•[ leak, misconfiguration, technology ]
In March 2020, the Irish gym management software company Glofox suffered a data breach which exposed 2.3M membership records. The data included email addresses, names, phone numbers, genders, dates of birth and passwords stored as unsalted MD5 hashes.
Magnolia Pediatrics
March 26, 2020
•[ leak, healthcare ]
Magnolia Pediatrics has disclosed a March data breach.
College of DuPage
March 16, 2020
•[ leak, education ]
College of DuPage offers nearly free credit monitoring to over 1,700 current and former employees following a data breach.
Aerial Direct
March 13, 2020
•[ leak, misconfiguration, technology ]
Aerial Direct reveals that an unauthorized third party had been able to access customer data on 26 February through an external backup database, which included personal information on both current and expired subscribers from the last six years.
Open Exchange Rates
March 12, 2020
•[ leak, misconfiguration, finance ]
Open Exchange Rates announces a data breach that exposed the personal information and salted and hashed passwords for customers of its API service. The breach occurred between February 9th, 2020, and March 2nd, 2020.
Trident Crypto Fund
March 6, 2020
•[ leak, finance ]
The usernames and passwords of more than a quarter of a million Trident Crypto Fund customers have been stolen and published online.
Entercom
March 6, 2020
•[ leak, misconfiguration, technology ]
US radio giant Entercom reports a data breach that took place in August 2019 after an unauthorized party was able to access database backup files stored in a third-party cloud hosting service and containing Radio.com user credentials.
Lead Hunter
March 4, 2020
•[ leak, misconfiguration ]
In March 2020, a massive trove of personal information referred to as "Lead Hunter" was provided to HIBP after being found left exposed on a publicly facing Elasticsearch server. The data contained 69 million unique email addresses across 110 million rows of data accompanied by additional personal information including names, phone numbers, genders and physical addresses. At the time of publishing, the breach could not be attributed to those responsible for obtaining and exposing it. The data was provided to HIBP by dehashed.com.
Vijay Sales
March 2, 2020
•[ leak, misconfiguration, retail ]
A threat actor posts a leaked Vijay Sales, a large electronics retail store chain in India, database on a popular dark web hacker forum. The threat actor claims the source was from an "exposed backup server" breached in February 2020.
GeoCloud
March 2, 2020
•[ leak, misconfiguration, technology ]
A threat actor posts another database, this time from technology company GeoCloud, leaked through a public Amazon server. The data contains users' names, email addresses, and passwords as well as the company's social media keys and company information.
Microsoft
March 2, 2020
•[ leak, technology ]
The Syrian Electronic Army publishes some invoices leaked from Microsoft indicating that the company charges the FBI to view customers' information.
Catho
March 1, 2020
•[ leak, misconfiguration, technology ]
In approximately March 2020, the Brazilian recruitment website Catho was compromised and subsequently appeared alongside 20 other breached websites listed for sale on a dark web marketplace. The breach included almost 11 million records with 1.2 million unique email addresses. Names, usernames and plain text passwords were also exposed. The data was provided to HIBP by breachbase.pw.
Rady's Children's Hospital
February 26, 2020
•[ leak, misconfiguration, healthcare ]
Rady's Children's Hospital notifies patients whose data were accessed via an "open port" on June 2019, and January 2020.
Transmit Security
February 24, 2020
•[ leak, technology ]
Transmit Security is breached after a security researcher contacts some of its customers and reports unauthorized access to the data.
Defence Information Systems Agency (DISA)
February 20, 2020
•[ leak, government ]
The U.S. Defence Information Systems Agency reveals that Social Security numbers and other personal data in its network may have been compromised between May and July 2019.
