AT&T
March 16, 2024
•[ leak, technology ]
Two threat actors (ShinyHunters and MajorNelson) put on sale 71 million records allegedly stolen from AT&T in 2021. However the company claims the data did not originate from its systems. Approximately one month later AT&T confirms the breach adding that the real number of impacted users is 51 million.
National Diagnostic Imaging
March 16, 2024
•[ leak, healthcare ]
Birth Choice of San Marcos notifies patients of a breach at National Diagnostic Imaging.
France Travail
March 13, 2024
•[ leak, government ]
France Travail, formerly known as Ple Emploi, warns that threat actors breached its systems and may leak or exploit personal details of an estimated 43 million individuals.
Mintlify
March 13, 2024
•[ leak, misconfiguration, technology ]
Documentation startup Mintlify says dozens of customers had GitHub tokens exposed in a data breach at the start of the month.
Panda Restaurant Group
March 10, 2024
•[ leak ]
Panda Restaurant Group discloses a data breach after threat actors compromised its corporate systems and stole the personal information of an undisclosed number of associates.
Giant Tiger
March 4, 2024
•[ leak, misconfiguration, retail ]
In March 2024, Canadian discount store Giant Tiger suffered a data breach that exposed 2.8M customer records. Attributed to a vendor of the retailer, the breach included physical and email addresses, names and phone numbers.
Fair Vote Canada
March 2, 2024
•[ leak, misconfiguration, government ]
In March 2024, the Canadian national citizens' campaign for proportional representation Fair Vote Canada suffered a data breach. The incident was attributed to "a well-meaning volunteer" who inadvertently exposed data from 2020 which included 134k unique email addresses, names, physical addresses, phone numbers and, for some individuals, date and amount of a donation.
Mr Green Gaming
March 1, 2024
•[ leak, misconfiguration ]
Mr Green Gaming, a game community, suffers a breach when an inactive admin account is exploited, resulting in the leak of personal details belonging to 27,000 members.
Life360
March 1, 2024
•[ leak, misconfiguration, manufacturing ]
A threat actor has leaked a database containing the personal information of 442,519 Life360 customers collected by abusing a flaw in the login API.
Telefónica
March 1, 2024
•[ leak, technology ]
Telefnica investigates the claims of a possible cyberattack occurred in March that allowed criminals to access more than 2 million records of clients and collaborators of the company.
Life360
March 1, 2024
•[ leak, misconfiguration, technology ]
In July 2024, data scraped from a misconfigured Life360 API was posted online after being obtained several months earlier. The records included 443k unique email addresses and in most cases, corresponding names and phone numbers (some records were null or obfuscated). Life360 promptly notified impacted users after the incident was discovered.
Mr. Green Gaming
March 1, 2024
•[ leak, technology ]
In March 2024, the online games community Mr. Green Gaming suffered a data breach that exposed 27k user records. Acknowledged on their Discord server, the incident exposed email and IP addresses, usernames, geographic locations and dates of birth.
Chunghwa Telecom
February 29, 2024
•[ espionage, leak, government ]
The Taiwan ministry of national defense says that threat actors stole sensitive information including military and government documents from Chunghwa Telecom, Taiwans largest telecom company and sold it on the dark web.
SurveyLama
February 29, 2024
•[ leak, technology ]
SurveyLama suffers a data breach in February 2024, which exposes the sensitive data of 4.4 million users.
Dohman, Akerlund & Eddy
February 28, 2024
•[ leak, healthcare ]
Accounting firm Dohman, Akerlund & Eddy ("DA&E") announces a data incident that impacted some protected health information of 82,000 people.
Greater Amsterdam School District
February 23, 2024
•[ leak, education ]
The Greater Amsterdam School District discloses that a data breach potentially led to the unauthorized access of protected student information.
Maryville
February 21, 2024
•[ leak, healthcare ]
Maryville, which operates several addiction recovery centers around South Jersey, announces it was the victim of a data breach that accessed Social Security numbers and other personal information,
Tangerine
February 18, 2024
•[ leak, misconfiguration, technology ]
In February 2024, the Australian Telco Tangerine suffered a data breach that exposed over 200k customer records. Attributed to a legacy customer database, the data included physical and email addresses, names, phone numbers and dates of birth. Whilst the Tangerine login process involves sending a one-time password after entering an email address and phone number, it previously used a traditional password which was also exposed as a bcrypt hash.
DemandScience (formerly Pure Incubation)
February 15, 2024
•[ leak, government ]
The business contact information for 122 million people circulating since February 2024 is now confirmed to have been stolen from DemandScience, a B2B demand generation platform.
Undisclosed Meta contractor
February 13, 2024
•[ leak, hack, technology ]
The IntelBroker threat actor leals 200,000 records on a hacker forum, claiming they contain the mobile phone numbers, email addresses, and other personal information of Facebook Marketplace users.
