School District 42 Maple Ridge-Pitt Meadows
January 17, 2023
•[ leak, misconfiguration, education ]
The School District 42 has 19,126 records released in a breach when the documents appear to have been uploaded to a popular hacker forum.
Citi Trends
January 14, 2023
•[ hack, misconfiguration, retail ]
Citi Trends files a notice of data breach after discovering that an unauthorized party was able to access confidential employee information stored on the company's IT network.
Autotrader
January 6, 2023
•[ hack, misconfiguration, automotive ]
In January 2023, 1.4M records from the Autotrader online vehicle marketplace appeared on a popular hacking forum. Autotrader stated that the "data in question relates to aged listing data that was generally publicly available on our site at the time and open to automated collection methods". The data contained 20k unique email addresses alongside physical addresses and phone numbers of dealers and vehicle details including VIN numbers. The data was provided to HIBP by a source who requested it be attributed to "IntelBroker".
AT&T
January 6, 2023
•[ leak, misconfiguration, technology ]
A threat actor named IntelBroker claims to have found a third-party vendor's unsecured cloud storage containing 37 million AT&T client records. The threat actor shares a sample of 5 million records.
T-Mobile
January 5, 2023
•[ hack, misconfiguration, technology ]
T-Mobile discloses a new data breach after a threat actor stole the personal information of 37 million current postpaid and prepaid customer accounts through one of its Application Programming Interfaces (APIs).
Various law enforcement agencies (Philippine National Police, National Bureau of Investigation, Bureau of Internal Revenue)
January 1, 2023
•[ leak, misconfiguration, government ]
poor security
Hub International Limited
December 31, 2022
•[ hack, misconfiguration, finance ]
Hub International Limited files a notice of data breach after discovering that files on the company's IT network were accessed and copied by an unauthorized party.
Bay Bridge Administrators
December 29, 2022
•[ hack, misconfiguration, finance ]
Bay Bridge Administrators, LLC ("BBA") filed notice of a data breach after an unauthorized party was able to access sensitive consumer information stored on the company's computer network.
UnitedHealthcare
December 29, 2022
•[ hack, misconfiguration, healthcare ]
UnitedHealthcare notifies individuals across the country of a recent data breach after an unauthorized party was able to access a UHC broker portal.
CGM
December 28, 2022
•[ hack, misconfiguration, technology ]
CGM files a notice of data breach after learning that an unauthorized party was able to access confidential personal information stored on the company's computer system.
Slack
December 27, 2022
•[ hack, misconfiguration, technology ]
Threat actors gained access to Slack's externally hosted GitHub repositories via a "limited" number of Slack employee tokens that were stolen.
RailYatri
December 26, 2022
•[ leak, misconfiguration, technology ]
In December 2022, Indias government-approved online travel agency RailYatri suffered a data breach. The incident impacted over 31M customers and exposed 23M unique email addresses. Also impacted were names, genders, phone numbers and tickets purchased, including travel information and fares.
Astro
December 25, 2022
•[ leak, misconfiguration, technology ]
A website had listed details of 3.5 million Astro customers.
