Various law enforcement agencies (Philippine National Police, National Bureau of Investigation, Bureau of Internal Revenue)
January 1, 2023
•[ leak, misconfiguration, government ]
poor security
Hub International Limited
December 31, 2022
•[ hack, misconfiguration, finance ]
Hub International Limited files a notice of data breach after discovering that files on the company's IT network were accessed and copied by an unauthorized party.
UnitedHealthcare
December 29, 2022
•[ hack, misconfiguration, healthcare ]
UnitedHealthcare notifies individuals across the country of a recent data breach after an unauthorized party was able to access a UHC broker portal.
Bay Bridge Administrators
December 29, 2022
•[ hack, misconfiguration, finance ]
Bay Bridge Administrators, LLC ("BBA") filed notice of a data breach after an unauthorized party was able to access sensitive consumer information stored on the company's computer network.
CGM
December 28, 2022
•[ hack, misconfiguration, technology ]
CGM files a notice of data breach after learning that an unauthorized party was able to access confidential personal information stored on the company's computer system.
Slack
December 27, 2022
•[ hack, misconfiguration, technology ]
Threat actors gained access to Slack's externally hosted GitHub repositories via a "limited" number of Slack employee tokens that were stolen.
RailYatri
December 26, 2022
•[ leak, misconfiguration, technology ]
In December 2022, Indias government-approved online travel agency RailYatri suffered a data breach. The incident impacted over 31M customers and exposed 23M unique email addresses. Also impacted were names, genders, phone numbers and tickets purchased, including travel information and fares.
Astro
December 25, 2022
•[ leak, misconfiguration, technology ]
A website had listed details of 3.5 million Astro customers.
Twitter
December 23, 2022
•[ hack, misconfiguration, technology ]
A threat actor claims to be selling public and private data of 400 million Twitter users scraped in 2021 using a now-fixed API vulnerability.
MedInform
December 21, 2022
•[ leak, misconfiguration, finance ]
MedInform files a notice of data breach after learning that an unauthorized user was able to access confidential information belonging to Cleveland Clinic patients that were stored on the company's computer network.
Israeli CCTV cameras
December 19, 2022
•[ hack, misconfiguration, government ]
An Iranian group of hackers, known as Moses Staff, had seized control of dozens of Israeli CCTV cameras.
Teleperformance USA
December 8, 2022
•[ hack, misconfiguration, technology ]
On December 8, 2022, Teleperformance USA reported a data breach with the Texas Attorney General after learning that an unauthorized party had accessed confidential consumer information that was entrusted to the company.
CloudSEK
December 7, 2022
•[ hack, misconfiguration, technology ]
Indian cybersecurity firm CloudSEK says a threat actor gained access to its Confluence server using stolen credentials for one of its employees' Jira accounts.
GunAuction.com
December 3, 2022
•[ hack, misconfiguration, retail ]
In December 2022, the online firearms auction website GunAuction.com suffered a data breach which was later discovered left unprotected on the hacker's server. The data included over 565k user records with extensive personal data including email, IP and physical addresses, names, phone numbers, genders, years of birth, credit card type and passwords stored in plain text. The leaked identities could subsequently be matched to firearms listed for sale on the website.
