1Password
September 29, 2023
•[ hack, misconfiguration, technology ]
1Password, a popular password management platform used by over 100,000 businesses, suffers a security incident after hackers gained access to its Okta ID management tenant.
OpenSea
September 23, 2023
•[ leak, misconfiguration, finance ]
A third-party security incident may have reportedly exposed user information of NFT marketplace OpenSea, including API keys.
Nansen
September 22, 2023
•[ leak, misconfiguration, technology ]
Ethereum blockchain analytics firm Nansen asks a subset of its users to reset passwords following a recent data breach at its authentication provider.
Johnson Financial Group
September 22, 2023
•[ financial, misconfiguration, finance ]
Johnson Financial Group files a notice of data breach after discovering that the vulnerability in the file-transfer application MOVEit allowed attackers to access the personal information of more than 750,000 people.
United HealthCare Services
September 7, 2023
•[ hack, misconfiguration, finance ]
United Healthcare Services files a notice of data breach involving "Unauthorized Access/Disclosure'' of sensitive information that was being stored on an affected network server.
Sourcegraph
August 31, 2023
•[ leak, misconfiguration, technology ]
AI-powered coding platform Sourcegraph reveals that its website was breached this week using a site-admin access token accidentally leaked online on July 14th.
Planet Home Lending
August 31, 2023
•[ leak, misconfiguration, finance ]
Planet Home Lending files a notice of data breach after discovering that files containing personally identifiable information of some customers were compromised as a result of the MOVEit vulnerability.
Unknown Organization
August 31, 2023
•[ hack, misconfiguration, government ]
The department of health for Hawai?i (healthybydefault.hawaii.gov) is defaced.
University of Sydney
August 31, 2023
•[ leak, misconfiguration, education ]
The University of Sydney (USYD) announces that a breach at a third-party service provider exposed personal information of recently applied and enrolled international applicants.
Italian region of Lazio
August 28, 2023
•[ hack, misconfiguration, government ]
A subdomain of the Italian region of Lazio (salute.lazio.it) is compromised to serve adult content.
Forever 21
August 28, 2023
•[ hack, misconfiguration, retail ]
Forever 21 clothing and accessories retailer sends data breach notifications to more than half a million individuals who had their personal information exposed to network intruders.
Data Media Associates
August 23, 2023
•[ hack, misconfiguration, technology ]
Data Media Associates files a notice of data breach after discovering that an unauthorized party was able to access confidential consumer information stored on the MOVEit platform.
University of Massachusetts Chan Medical School (UMass Chan)
August 15, 2023
•[ leak, misconfiguration, education ]
University of Massachusetts Chan Medical School (UMass Chan) posts a website notice describing a data breach impacting 134,000 users and resulting from the organization's use of MOVEit.
Alogent Holdings
August 14, 2023
•[ hack, misconfiguration, technology ]
Alogent Holdings files a notice of data breach related to an incident occurred exploiting the vulnerability in MOVEit, resulting in an unauthorized party being able to access consumers' sensitive information, which includes their names, account and routing numbers, addresses, phone numbers, check payees and remittance amounts.
PlayCyberGames
August 9, 2023
•[ leak, misconfiguration, technology ]
In August 2023, PlayCyberGames which "allows users to play any games with LAN function or games using IP address" suffered a data breach which exposed 3.7M customer records. The data included email addresses, usernames and MD5 password hashes with a constant value in the "salt" field. PlayCyberGames did not respond to multiple attempts to disclose the breach.
Chhattisgarh State Biodiversity Board
August 4, 2023
•[ hack, misconfiguration, government ]
In name of OpIndia, Team R70 claims responsibility for defacing the website of the Chhattisgarh State Biodiversity Board.
Radius Global Solutions
August 4, 2023
•[ hack, misconfiguration, technology ]
Radius Global Solutions files a notice of data breach after learning that an unauthorized party was able to access the company's MOVEit server.
LeetSwap
August 1, 2023
•[ hack, misconfiguration, finance ]
LeetSwap halts transactions, after an attacker exploits a smart contract function to inflate the price of $630,000 worth of ETH tokens on the platform before draining them
Michigan State University
July 24, 2023
•[ leak, misconfiguration, education ]
Michigan State University (MSU) posts a notice on its website describing a third-party data breach that occurred at two vendors used by the University: the Teachers Insurance and Annuity Association (TIAA) and the National Student Clearinghouse ("NSC") both data breaches were related to the file transfer program MOVEit, resulting in the potential exposure of student and retiree data.
Sound Community Bank
July 18, 2023
•[ hack, misconfiguration, finance ]
Sound Community Bank files a notice of potential data breach after discovering that one of the company's vendors used MOVEit to transfer Sound Community Bank customer information.
