Condo.com
June 1, 2019
•[ leak, misconfiguration, technology ]
In June 2019, now defunct website Condo.com suffered a data breach that was later redistributed as part of a larger corpus of data. The impacted data included 1.5M email addresses alongside names, phone numbers and for a small number of records, physical addresses.
People Inc.
May 30, 2019
•[ leak, healthcare ]
People Inc., a New York non-profit agency, reveals a data breach occurred on February 19, 2019 when two email accounts were compromised.
Iggy Azalea
May 28, 2019
•[ leak ]
Iggy Azalea has deactivated her social media accounts, after her topless photos were leaked online.
Perceptics
May 23, 2019
•[ hack, leak, manufacturing ]
Perceptics, the maker of vehicle license plate readers used by the US government is hacked. Its internal files are leaked and offered for free on the dark web to download.
Italian Union of State Police
May 21, 2019
•[ leak, government ]
In name of #OpPulizia, Anonymous Italia release leaks of the Italian Union of State Police and four additional national organizations.
LibertyBus
May 18, 2019
•[ financial, phishing, leak ]
Passwords and log-in details for hundreds of LibertyBus customers are obtained by attackers, who used a spoof website to divert those wanting to top up their pre-paid cards.
Minehut
May 17, 2019
•[ leak, technology ]
In May 2019, the Minecraft server website Minehut suffered a data breach. The company advised a database backup had been obtained after which they subsequently notified all impacted users. 397k email addresses from the incident were provided to HIBP. A data set with both email addresses and bcrypt password hashes was also later provided to HIBP.
Paterson Public Schools
May 15, 2019
•[ leak, education ]
The Paterson Public Schools is hit by a massive breach: 23,103 account passwords and other computer access tokens are stolen.
American Medical Collection Agency
May 10, 2019
•[ leak, misconfiguration, healthcare ]
A data breach involving a medical collection agency affects more than 200,000 patients who had used the firm's online payment portal between September, 2018 and the beginning of March, 2019. The data is found on the dark web.
Ordine Avvocati di Roma
May 7, 2019
•[ leak, government ]
In May 2019, the Lawyers Order of Rome suffered a data breach by a group claiming to be Anonymous Italy. Data on tens of thousands of Roman lawyers was taken from the breached system and redistributed online. The data included contact information, email addresses and email messages themselves encompassing tens of thousands of unique email addresses. A total of 42k unique addresses appeared in the breach.
Wyzant
May 6, 2019
•[ leak, education ]
Wyzant, an online marketplace that connects parents and students reveals a data breach which has led to the compromise of user data including Facebook profile information. The breach occurred on April 27.
SkyMed
April 29, 2019
•[ leak, ransomware, misconfiguration ]
A detailed list or 137,000 SkyMed members accounts is found, on March 27th, into an unsecured Elasticsearch database. The leak also shows evidence of ransomware inside the network.
Deezer
April 22, 2019
•[ leak, misconfiguration, technology ]
In late 2022, the music streaming service Deezer disclosed a data breach that impacted over 240M customers. The breach dated back to a mid-2019 backup exposed by a 3rd party partner which was subsequently sold and then broadly redistributed on a popular hacking forum. Impacted data included 229M unique email addresses, IP addresses, names, usernames, genders, DoBs and the geographic location of the customer.
Bodybuilding
April 22, 2019
•[ leak, phishing, retail ]
{"richText":[{"text":"Bodybuilding.com"},{"font":{"size":10,"color":{"argb":"FF000000"},"name":"Helvetica Neue","scheme":"minor"},"text":" notifies its customers of a security breach detected during February 2019 which was the direct result of a phishing email received back in July 2018. Potentially 18M users are impacted."}]}
Ministry of Intelligence and Security (MOIS) (APT 34 OilRig)
April 18, 2019
•[ espionage, leak, government ]
A collective dubbed Lab Dookhtegan reveal details about the inner workings of the cyber-espionage group known as OilRig, APT34, and HelixKitten, linked to the Iranian government. The source code of their tools is leaked on Telegram.
ApexSMS
April 15, 2019
•[ leak, misconfiguration, technology ]
In May 2019, news broke of a massive SMS spam operation known as "ApexSMS" which was discovered after a MongoDB instance of the same name was found exposed without a password. The incident leaked over 80M records with 23M unique email addresses alongside names, phone numbers and carriers, geographic locations (state and country), genders and IP addresses.
Truth Finder
April 12, 2019
•[ leak, technology ]
In 2019, the public records search service TruthFinder suffered a data breach that later came to light in early 2023. The data included over 8M unique customer email addresses, names, phone numbers and passwords stored as scrypt hashes.
Instant Checkmate
April 12, 2019
•[ leak, technology ]
In 2019, the public records search service Instant Checkmate suffered a data breach that later came to light in early 2023. The data included almost 12M unique customer email addresses, names, phone numbers and passwords stored as scrypt hashes.
Matrix
April 10, 2019
•[ leak, technology ]
Matrix.org is the victim of a cyberattack which forces the organization to overhaul its entire production infrastructure and inform users of a widespread credentials leak.
Minnesota Department of Human Services
April 9, 2019
•[ leak, government ]
Minnesota Department of Human Services announced to have suffered a data breach that may have exposed the personal information of about 11,000 people after an employee's email is compromised on March 26, 2019.
