Southern Illinois Healthcare - Harrisburg Medical Center
December 19, 2023
•[ hack, misconfiguration, healthcare ]
Southern Illinois Healthcare - Harrisburg Medical Center (SIH HMC) files a notice of data breach after discovering that an unknown and unauthorized party was able to access its computer network.
GLAMIRA
December 16, 2023
•[ hack, misconfiguration, retail ]
In late 2023, the online jewellery store GLAMIRA suffered a data breach they attributed to "an unauthorised individual [who] briefly accessed one of our servers". The data was subsequently published on a popular hacking forum and included 875k email addresses, names, phone numbers and purchases. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".
Fairway Independent Mortgage Corporation
December 4, 2023
•[ hack, misconfiguration, finance ]
Fairway Independent Mortgage Corporation (Fairway) files a notice of data breach after discovering that an unauthorized user had accessed a third-party system utilized by Fairway.
General Electric
November 25, 2023
•[ hack, misconfiguration, technology ]
General Electric is investigating claims that a threat actor named IntelBroker breached the company's development environment in a cyberattack and leaked allegedly stolen data.
Berglund Management Group
November 22, 2023
•[ hack, misconfiguration, retail ]
Berglund Management Group files a notice of data breach with the Attorney General of Maine after discovering that an unauthorized party was able to gain access to portions of the company's computer network.
Bangladesh National Telecommunication Monitoring Center
November 16, 2023
•[ leak, misconfiguration, government ]
The National Telecommunication Monitoring Center (NTMC) in Bangladesh publishes people's personal information through an unsecured database until anonymous threat actors attack the exposed database, wiping details from the system and claiming to have stolen the trove of information.
Adams Bank & Trust
November 15, 2023
•[ hack, misconfiguration, finance ]
Adams Bank & Trust (ABT) files a notice of data breach after confirming that the bank's computer system was accessed by an unauthorized party.
KitchenPal
November 14, 2023
•[ leak, misconfiguration, technology ]
In November 2023, the kitchen management application KitchenPal suffered a data breach that exposed 146k lines of data. When contacted about the incident, KitchenPal advised the corpus of data came from a staging environment, although acknowledged it contained a small number of users for debugging purposes and included passwords that could not be used. Impacted data included almost 100k email addresses, names, geolocations and incomplete data on dates of birth, genders, height and weight, social media profile identifiers and bcrypt password hashes.
Harris Center for Mental Health and IDD
November 7, 2023
•[ hack, misconfiguration, healthcare ]
The Harris Center for Mental Health and IDD files a notice of data breach after discovering that an unauthorized party was able to access portions of the organizations computer network.
Nissan North America
November 7, 2023
•[ ransomware, misconfiguration, manufacturing ]
Nissan has confirmed that the cyber attack on its North American subsidiary resulted in a data breach impacting over 53,000 current and former employees.. Nissan had determined that the threat actor exploited an external virtual private network (VPN), exfiltrated data from local network shares, shut down certain non-production systems, and demanded a ransom without encrypting devices.
LinkedIn Scraped and Faked Data (2023)
November 4, 2023
•[ leak, misconfiguration, technology ]
In November 2023, a post to a popular hacking forum alleged that millions of LinkedIn records had been scraped and leaked. On investigation, the data turned out to be a combination of legitimate data scraped from LinkedIn and email addresses constructed from impacted individuals' names.
BHS Physicians Network
November 2, 2023
•[ hack, misconfiguration, healthcare ]
BHS Physicians Network confirms a breach of a Microsoft Office 365-hosted business email account that was used by a medical assistant.
Casio
October 17, 2023
•[ hack, misconfiguration, education ]
Japanese electronics manufacturer Casio discloses a data breach impacting customers from 149 countries after hackers gained to the servers of its ClassPad education platform.
Smart billboards
October 12, 2023
•[ hack, misconfiguration, technology ]
For a few minutes, threat actors access two smart billboards in the Holon settlement near Tel Aviv and manage to switch the commercials into anti-Israeli, pro-Hamas footage.
Individuals in Israel
October 8, 2023
•[ hack, misconfiguration, technology ]
AnonGhost exploits an API vulnerability in the RedAlert app, which provides real-time rocket alerts for Israelis, to intercept requests, expose vulnerable servers and APIs, and send spam messages to some users of the app, including fake messages about a "nuclear bomb"
Auto Club Trust
October 6, 2023
•[ financial, misconfiguration, finance ]
Auto Club Trust files notice describing a third-party data breach related to the file-transfer program MOVEit.
Russian branch of the Red Cross
October 4, 2023
•[ hack, misconfiguration, healthcare ]
The pro-Ukrainian hacker group Hdr0 defaces the website of the Russian branch of the Red Cross, replacing the content of the main page with its own message.
BeyondTrust
October 2, 2023
•[ hack, misconfiguration, technology ]
BeyondTrust reveals to have detected an identity-centric attack on an in-house Okta administrator account
Zscaler
October 1, 2023
•[ hack, misconfiguration, technology ]
Zscaler says that they discovered an exposed "test environment" that was taken offline for analysis after rumors circulated that a threat actor was selling access to the company's systems.
