Unnamed individual
October 7, 2020
•[ insider, misconfiguration, government ]
A Welsh police officer plead guilty to misusing Dyfed-Powys Police computers to unlawfully access information about the ex-partner of a woman he was in a relationship with.
Pitkin County
October 1, 2020
•[ leak, misconfiguration, government ]
Pitkin County has disclosed a data sercurity incident where a file was left accessible via the Internet and was subject to unauthorized access.
RedDoorz
September 26, 2020
•[ leak, misconfiguration, technology ]
Singapore-based hospitality start-up RedDoorz acknowledged on Saturday (Sept 26) that one of its IT databases suffered a breach. In November, a threat actor began selling the stolen database.
Games Box
September 21, 2020
•[ leak, misconfiguration, technology ]
In September 2020, now defunct website Games Box suffered a data breach that was later redistributed as part of a larger corpus of data. The impacted data included 1.4M email addresses alongside usernames, genders, ages and passwords stored as either a hash or plain text.
Horse Isle
September 19, 2020
•[ leak, misconfiguration ]
In June 2020 then again in September that same year, Horse Isle "The Secrent Land of Horses" suffered a data breach. The incident exposed 28k unique email addresses along with names, usernames, IP addresses, genders, purchases and plain text passwords. The system also stored and exposed failed password attempts for each user with the password retained in plain text.
Atlanta federal district court
September 14, 2020
•[ hack, misconfiguration, government ]
An Atlanta court hearing on election security was Zoombombed with porn, swastikas and images of the 9/11 attacks.
Chesterfield County Public Schools
September 11, 2020
•[ hack, misconfiguration, education ]
Unknown users are disrupting virtual classrooms in Chesterfield County public schools.
Toledo Public Schools
September 9, 2020
•[ hack, misconfiguration, education ]
Toledo Public Schools also experience a security breach where a hacker got ahold of a classroom passcode and broke in to post racially and sexually offensive comments.
San Juan Regional Medical Center
September 8, 2020
•[ hack, misconfiguration, healthcare ]
San Juan Regional Medical Center suffers an exploitive attack in which the personal and medical information of nearly 70,000 patients was stolen from servers.
Hopamedia
August 30, 2020
•[ leak, misconfiguration, technology ]
In 2024, data relating to an unknown service referred to as "Hopamedia" and dating back to 2020 appeared in a publicly exposed database. The data included almost 24M records of email address, name, phone number, the country of the individual and their telecommunications carrier.
Lee County High School
August 24, 2020
•[ hack, misconfiguration, education ]
A virtual Spanish class was interrupted with offensive content at Lee County High School.
Instacart
August 20, 2020
•[ insider, misconfiguration, retail ]
US-based grocery delivery and pick-up service Instacart has disclosed a security incident that involved unauthorized access of customer information by two support agents from a third-party vendor retained by the company.
Yunrun Big Data Service
August 20, 2020
•[ hack, misconfiguration, technology ]
A group of hackers says they have obtained internal files from three Chinese social media monitoring companies. The victims are Knowlesys, Yunrun Big Data Service, and OneSight.
Santander
August 19, 2020
•[ financial, misconfiguration, finance ]
Tens of suspects have been arrested for exploiting a glitch in the software of Santander ATMs to cash-out more money than was stored on cards.
Rochester City School District
August 15, 2020
•[ hack, misconfiguration, education ]
The Rochester City School District's first parent forum of the 2020-2021 school year, which was held over Zoom, was interrupted by attackers posting racist comments and hurtful symbols.
RailYatri
August 12, 2020
•[ leak, misconfiguration, technology ]
One of India's most popular travel booking hubs has suffered a significant data breach that led to the loss of over 43GB of data as a result of a Meow bot attack. Preceding the attack, the affected Elastic search server was left publicly exposed for several days.
Archer High School
August 12, 2020
•[ hack, misconfiguration, education ]
A virtual class in Gwinnett County's Archer High School gets Zoom-bombed by two men.
Kariyer
August 12, 2020
•[ leak, misconfiguration, technology ]
A file containing the information of 50,000 members of Kariyer.net is found on the web by LVKK, the Turkish data protection authority.
Adit
August 11, 2020
•[ hack, misconfiguration, healthcare ]
An unsecured database with 3.1 million patients' details is exposed by a medical software company and subsequently destroyed by a "meow" attack.
