Emby
May 1, 2023
•[ hack, misconfiguration, technology ]
Emby says it remotely shut down an undisclosed number of user-hosted media server instances that were recently hacked by exploiting a previously known vulnerability and an insecure admin account configuration.
Heritage Group
May 1, 2023
•[ hack, misconfiguration ]
Heritage Group files a notice of data breach after an unauthorized party gained access to the company's computer network and was able to access confidential information belonging to certain current and former employees and their dependents.
Western Sydney University
May 1, 2023
•[ hack, misconfiguration, education ]
Western Sydney University (WSU) notifies students and academic staff about a data breach after threat actors breached its Microsoft 365 and Sharepoint environment.
United Healthcare (UHC)
April 28, 2023
•[ hack, misconfiguration, finance ]
UnitedHealthcare (UHC) reports a data breach after the organization identified suspicious activity on the UHC mobile application.
Terravision
April 23, 2023
•[ leak, misconfiguration ]
The Airport transfers service Terravision suffers a data breach, exposing over 2M records of customer data including names, phone numbers, email addresses, salted password hashes and in some cases, date of birth and country of origin.
Europa
April 20, 2023
•[ hack, misconfiguration, government ]
Even the Europa.eu website is observed serving Fortnite spam within the same campaign.
Ukraine Coffee Shops
April 11, 2023
•[ espionage, misconfiguration, retail ]
The National Security Agency reveals that Russian threat actors have logged into private security cameras in Ukraine coffee shops to collect intelligence on aid convoys.
PRGX Global
April 9, 2023
•[ leak, misconfiguration, finance ]
PRGX Global files a notice of data breach after discovering that an unauthorized party was able to access confidential consumer data stored on the company's computer network.
Minimum Data Set Consultants
March 31, 2023
•[ leak, misconfiguration, healthcare ]
Catholic Health posted notice of a third-party data breach following an incident at one of the organization's vendors, Minimum Data Set Consultants.
Tigo
March 31, 2023
•[ leak, misconfiguration, technology ]
In Mid-2023, 300GB of data containing over 100M records from the Chinese video chat platform "Tigo" dating back to March that year was discovered. The data contained over 700k unique names, usernames, email and IP addresses, genders, profile photos and private messages. Tigo did not respond to multiple attempts to disclose the incident.
Crown Resorts
March 27, 2023
•[ ransomware, misconfiguration, entertainment ]
Crown Resorts, Australia's largest gambling and entertainment company, confirms that it suffered a ransomware attack after its GoAnywhere secure file-sharing server was breached using the CVE-2023-0669 zero-day vulnerability.
SLT Lending SPV
March 25, 2023
•[ leak, misconfiguration, retail ]
SLT Lending SPV, the company that owns and operates Sur La Table, files a notice of data breach after confirming that an unauthorized party accessed certain files on the company's computer network that contained confidential employee information.
University of the People (UoPeople)
March 24, 2023
•[ hack, misconfiguration, education ]
The University of the People (UoPeople) files a notice of data breach after learning that an unauthorized party was able to access confidential information stored on the school's SharePoint platform.
Homewood Health
March 22, 2023
•[ ransomware, misconfiguration, healthcare ]
Rehab and mental health provider Homewood Health joins the list of the victims of the Clop ransomware attack carried out exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability,
Consejo Nacional de Supervision del Sistema Financiero (CONASSIF)
March 20, 2023
•[ hack, misconfiguration, finance ]
The website of the Costa Rican Consejo Nacional de Supervision del Sistema Financiero (CONASSIF) is defaced.
Kroger Postal Prescription Services
March 15, 2023
•[ leak, misconfiguration ]
Kroger Postal Prescription Services (Kroger PPS) files a notice of data breach after learning that confidential consumer information in the company's possession was subject to unauthorized access.
Voya Financial Advisors (VFA)
March 14, 2023
•[ leak, misconfiguration, finance ]
Voya Financial Advisors (VFA) files a notice of data breach after learning that sensitive consumer information stored on the company's computer system was accessible to an unauthorized party.
Community Health Systems Professional Services Company (CHSPSC)
March 10, 2023
•[ leak, misconfiguration, healthcare ]
Community Health Systems Professional Services Company (CHSPSC) files a notice of data breach after the organization learned that a cybersecurity event at Fortra, one of the company's vendors, subjected patient information to unauthorized access.
Carvin Software
March 9, 2023
•[ leak, misconfiguration, technology ]
Carvin Software files a notice of data breach after learning that an unauthorized party was able to copy files containing confidential consumer information from the company's computer network.
Accreditation Commission for Education in Nursing
March 9, 2023
•[ leak, misconfiguration, education ]
The Accreditation Commission for Education in Nursing (ACEN) files a notice of data breach after learning that its managed file transfer server was compromised, resulting in an unauthorized party being able to access consumers' sensitive information, including their names and Social Security numbers.
