Audi
August 14, 2019
•[ leak, misconfiguration, automotive ]
In August 2019, Audi USA suffered a data breach after a vendor left data unsecured and exposed on the internet. The data contained 2.7M unique email addresses along with names, phone numbers, physical addresses and vehicle information including VIN. In a disclosure statement from Audi, they also advised some customers had driver's licenses, dates of birth, social security numbers and other personal information exposed.
Argentine Naval Prefecture
August 12, 2019
•[ leak, hack, government ]
Hackers leak 700 GB of data obtained from the government of Argentina, including confidential documents, wiretaps and biometric information from the Argentine Federal Police, along with the personal data of police officers. The Twitter account of the Argentine Naval Prefecture was hacked as well and used to share the stolen information and post fake news stories.
Presbyterian Healthcare Services
August 2, 2019
•[ leak, phishing, healthcare ]
Presbyterian Healthcare Services is the victim of a phishing attack impacting around 183,000 patients and health plan members.
Facebook
August 1, 2019
•[ leak, technology ]
In April 2021, a large data set of over 500 million Facebook users was made freely available for download. Encompassing approximately 20% of Facebook's subscribers, the data was allegedly obtained by exploiting a vulnerability Facebook advises they rectified in August 2019. The primary value of the data is the association of phone numbers to identities; whilst each record included phone, only 2.5 million contained an email address. Most records contained names and genders with many also including dates of birth, location, relationship status and employer.
Pearson PLC
July 31, 2019
•[ leak, education ]
Pearson PLC, the British maker of educational software, warns school districts that a 2018 data breach has exposed details on thousands of students, chiefly in the U.S.
Sure
July 29, 2019
•[ leak, phishing, technology ]
Sure is the victim of a phishing attack that steals around 400 suppliers', employees' and former employees' data.
Club Penguin Rewritten
July 26, 2019
•[ insider, hack, leak ]
A disgruntled administrator leaves a backdoor in Club Penguin Rewritten (a kids' gaming website) that enabled hackers to steal login data for a little over 4 million accounts.
StockX
July 26, 2019
•[ leak, misconfiguration, retail ]
In July 2019, the fashion and sneaker trading platform StockX suffered a data breach which was subsequently sold via a dark webmarketplace. The exposed data included 6.8 million unique email addresses, names, physical addresses, purchases and passwords stored as salted MD5 hashes. The data was provided to HIBP by dehashed.com.
MGM Resorts
July 25, 2019
•[ hack, leak, misconfiguration ]
In July 2019, MGM Resorts discovered a data breach of one of their cloud services. The breach included 10.6M guest records with 3.1M unique email addresses stemming back to 2017. The exposed data included email and physical addresses, names, phone numbers and dates of birth and was subsequently shared on a popular hacking forum in February 2020 where it was extensively redistributed. The data was provided to HIBP by Under The Breach.
Tennessee Higher Education Commission
July 23, 2019
•[ leak, misconfiguration, education ]
The Tennessee Higher Education Commission investigates a possible data breach of a 3rd party vendor, that potentially has exposed personal information of thousands of students.
Nemadji Research Corporation
July 11, 2019
•[ social, leak, phishing ]
The personal data of 14,591 L.A. County patients is exposed after an employee of Nemadji Research Corporation, a contractor that identifies and verifies patient eligibility for programs that reimburse care provided by DHS, is victim of a phishing attack.
Vedantu
July 8, 2019
•[ leak, misconfiguration, education ]
In mid-2019, the Indian interactive online tutoring platform Vedantu suffered a data breach which exposed the personal data of 687k users. The JSON formatted database dump exposed extensive personal information including email and IP address, names, phone numbers, genders and passwords stored as bcrypt hashes. When contacted about the incident, Vedantu advised that they were aware of the breach and were in the process of informing their customers.
Maryland Department of Labor
July 5, 2019
•[ leak, government ]
The Maryland Department of Labor (Maryland DoL) publishes a press release explaining that sensitive information of roughly 78,000 customers including names and social security numbers was accessed by an unauthorized party.
Dominion National
June 21, 2019
•[ leak, healthcare ]
Dominion National discloses a breach occurred as early as August 25, 2010. The breach was discovered on April 24, 2019, so ten years later.
SocialEngineered
June 20, 2019
•[ social, hack, leak ]
SocialEngineered.net, a forum dedicated to social engineering announces to have been breached and data from tens of thousands of members leaked online.
Artvalue
June 19, 2019
•[ leak, misconfiguration ]
In June 2019, the France-based art valuation website Artvalue.com left their 158k member subscriber base publicly exposed in a text file on their website. The exposed data included names, usernames, email addresses and passwords stored as MD5 hashes. The site operator did not respond when contacted about the incident, although the exposed file was subsequently removed.
U.S. Customs and Border Protection
June 11, 2019
•[ leak, government ]
The U.S. Customs and Border Protection says that a data breach exposed photos of the faces and license plates for more than 100,000 travelers. The breach is allegedly related to the one suffered by Perceptics earlier this year.
Wiener Büchereien
June 10, 2019
•[ hack, leak, government ]
In June 2019, the library of Vienna (Wiener Bchereien) suffered a data breach. The compromised data included 224k unique email addresses, names, physical addresses, phone numbers and dates of birth. The breached data was subsequently posted to Twitter by the alleged perpetrator of the breach.
Dave East
June 5, 2019
•[ leak ]
Rapper Dave East may have fallen victim to a nude leak after a series of explicit photos purportedly of the rapper emerge online.
Ministry of Intelligence and Security (MOIS) (APT 34 OilRig)
June 3, 2019
•[ leak, hack, malware ]
Jason, a tool for hijacking Microsoft Exchange email accounts allegedly used by the Iran-linked OilRig hacker group is leaked online.
