CoinTracker
December 1, 2022
•[ leak, misconfiguration, finance ]
In December 2022, the Crypto & NFT taxes service CoinTracker reported a data breach that impacted over 1.5M of their customers. The company later attributed the breach to a compromise SendGrid in an attack that targeted multiple customers of the email provider. The breach exposed email addresses and partially redacted phone numbers, with CoinTracker advising that the later did not originate from their service.
Suffolk University
November 30, 2022
•[ leak, misconfiguration, education ]
Suffolk University reports a data breach after learning that an unauthorized party was able to access and remove certain files containing sensitive student information from the school's computer network.
Movie Forums
November 24, 2022
•[ hack, misconfiguration, technology ]
In December 2022, the Movie Forums website suffered a data breach that affected 40k users. The breach exposed email and IP addresses, usernames, dates of birth and passwords stored as easily crackable salted MD5 hashes. The data was subsequently posted a popular clear web hacking forum.
Upper Peninsula Power Company (UPPCO)
November 23, 2022
•[ leak, misconfiguration, energy ]
Upper Peninsula Power Company (UPPCO) reports a data breach after the company learned that an unauthorized party was able to access sensitive consumer information by gaining access to its computer network.
Ingalls & Snyder
November 23, 2022
•[ hack, misconfiguration, finance ]
Ingalls & Snyder reports a data breach after an unauthorized party was able to bypass the company's data security system and access sensitive client information stored on the company's computer network.
TAFE South Australia (TAFE SA)
November 15, 2022
•[ leak, misconfiguration, education ]
The personal information of more than 2,000 TAFE SA students is stolen in a serious data breach, when the South Australia police finds a USB drive containing students' data.
Connexin Software (Office Practicum)
November 14, 2022
•[ leak, misconfiguration, healthcare ]
Connexin Software (Office Practicum) reports a data breach after the company learned that an unauthorized party was able to access sensitive patient information that had been entrusted to the company.
Malaysian Election Commission
November 11, 2022
•[ leak, misconfiguration, government ]
67 gb with the the personal details of 800,000 Malaysian voters are posted online on a forum. The data should belong to the Malaysian Election Commission, which denies the breach.
Stanley Street Treatment and Resources
November 11, 2022
•[ hack, misconfiguration, healthcare ]
Stanley Street Treatment and Resources (SSTAR) reports a data breach after learning that an unauthorized party accessed the organization's computer system and removed confidential patient information.
Benefit Administrative Systems
November 1, 2022
•[ leak, misconfiguration, finance ]
Benefit Administrative Systems notifies certain individuals about the exposure of an electronic file that contained sensitive personally identifiable information and was accessed by unauthorized individuals,
DotHouse Health
November 1, 2022
•[ hack, misconfiguration, healthcare ]
DotHouse Health files notice of a data breach after learning that an unauthorized party was able to access confidential information stored on the company's computer systems.
Ethos Group
October 31, 2022
•[ leak, misconfiguration, automotive ]
Ethos Group announces that the company recently experienced a data breach impacting the security of consumer information stored on its computer systems.
Lakeside Software, LLC
October 26, 2022
•[ hack, misconfiguration, technology ]
On December 13, 2022, Lakeside Software, LLC reported a data breach with the Massachusetts Office of Consumer Affairs and Business Regulation after learning of unauthorized connections between a third party's device and Lakeside's computer servers.
Pinnacle Claims Management
October 25, 2022
•[ hack, misconfiguration, healthcare ]
Pinnacle Claims Management reports a data breach after the company determined that an unauthorized party had gained access to files containing sensitive consumer information.
Church of Jesus Christ of Latter-day Saints
October 13, 2022
•[ hack, misconfiguration ]
The Church of Jesus Christ of Latter-day Saints detect unauthorized activity that affected personal data of some Church members, employees, contractors, and friends.?The attack was part of a large-scale, state-sponsored scheme targeting organizations and governments worldwide.
Elevate
October 13, 2022
•[ hack, misconfiguration, technology ]
Messaging app Snap has employee data exposed by a breach at a third-party document analysis firm Elevate, after an unauthorized party had accessed some of Elevate's computer systems.
Northern Data Systems
October 10, 2022
•[ leak, misconfiguration, technology ]
Northern Data Systems files notice of a data breach, after the company confirmed that sensitive consumer data stored on its computer system was accessible to an unauthorized party.
Sequoia One
October 6, 2022
•[ misconfiguration, technology ]
THE HUMAN RESOURCES, payroll, and benefits management company Sequoia said in disclosures to customers at the beginning of the month that it detected unauthorized access to a cloud storage repository that contained an array of sensitive and personal data related to the company's Sequoia One customers.
University of Limerick (UL)
October 5, 2022
•[ leak, misconfiguration, education ]
Hundreds of people have their personal email addresses exposed in a data breach at the University of Limerick (UL).
Pegasus Group Australia
October 4, 2022
•[ leak, misconfiguration, technology ]
Australia's largest telecommunications company Telstra discloses a data breach through Pegasus Group Australia, a third-party supplier.
