LeetSwap
August 1, 2023
•[ hack, misconfiguration, finance ]
LeetSwap halts transactions, after an attacker exploits a smart contract function to inflate the price of $630,000 worth of ETH tokens on the platform before draining them
Michigan State University
July 24, 2023
•[ leak, misconfiguration, education ]
Michigan State University (MSU) posts a notice on its website describing a third-party data breach that occurred at two vendors used by the University: the Teachers Insurance and Annuity Association (TIAA) and the National Student Clearinghouse ("NSC") both data breaches were related to the file transfer program MOVEit, resulting in the potential exposure of student and retiree data.
Sound Community Bank
July 18, 2023
•[ hack, misconfiguration, finance ]
Sound Community Bank files a notice of potential data breach after discovering that one of the company's vendors used MOVEit to transfer Sound Community Bank customer information.
Cognizant / TMG
July 18, 2023
•[ hack, misconfiguration, technology ]
Cognizant / TMG files a notice of data breach after discovering that an unauthorized party accessed confidential consumer data stored on the company's computer network.
Netscout
July 17, 2023
•[ hack, misconfiguration, technology ]
Netscout is named on the Cl0p website, among the victims of the attacks exploiting the CVE-2023-34362 Vulnerability.
American Multi-Cinema (AMC Theatres)
July 14, 2023
•[ leak, misconfiguration, retail ]
American Multi-Cinema (AMC Theatres) files a notice of data breach after a cyber incident resulted in an unauthorized party being able to access consumers' sensitive information. According to some source the incident stemmed from the exploitation of the MOVEit vulnerability.
Sun Life Assurance Company of Canada (Sun Life)
July 13, 2023
•[ hack, misconfiguration, finance ]
Sun Life Assurance Company of Canada (Sun Life) posts a notice on its website revealing to have been hit by the CVE-2023-34362 MOVEit vulnerability.
Poly Network
July 2, 2023
•[ financial, misconfiguration, technology ]
Crypto platform Poly Network suspends service after hacker steals 4.4 millions of dollars in digital assets using compromised keys.
Advanced Medical Management
June 29, 2023
•[ hack, misconfiguration, healthcare ]
Advanced Medical Management files a notice of data breach after discovering that portions of the company's IT network that were designed and maintained by third-party vendors were accessible to an unauthorized party.
CareSource
June 27, 2023
•[ leak, misconfiguration, healthcare ]
CareSource notifies of a data breach involving the company's use of the MOVEit file transfer application.
Aurora National Life Assurance Company
June 25, 2023
•[ leak, misconfiguration, finance ]
Aurora National Life Assurance Company files a notice of data breach after discovering that an incident at a third-party vendor resulted in confidential consumer information being exposed to unauthorized access.
Omaha Health Insurance Company
June 21, 2023
•[ leak, misconfiguration, healthcare ]
Omaha Health Insurance Company files a notice of data breach after discovering that an incident at a third-party vendor compromised consumers enrolled in the Medicare Part D Prescription Drug Plan.
Lamont Hanley & Associates
June 20, 2023
•[ leak, misconfiguration, healthcare ]
Almost 2,800 patients at Catholic Medical Center may have had their files containing personal and health information exposed in a third-party "data security incident" occurred to Lamont Hanley & Associates.
BreachForums Clone
June 17, 2023
•[ leak, misconfiguration, technology ]
In June 2023, a clone of the previously shuttered popular hacking forum "BreachForums" suffered a data breach that exposed over 4k records. The breach was due to an exposed backup of the MyBB database which included email and IP addresses, usernames and Argon2 password hashes.
Colorado Department of Health Care Policy & Financing
June 15, 2023
•[ hack, misconfiguration, government ]
Colorado Department of Health Care Policy & Financing confirms that it is in the process of investigating an incident involving the data of state residents stolen exploiting the CVE-2023-34362 vulnerability, affecting the MOVEit file transfer tool.
Hashflow
June 14, 2023
•[ financial, misconfiguration, finance ]
An attacker exploits a smart contract vulnerability to steal at least $600,000 from trading firm Hashflow.
Starmount Life Insurance Company
June 1, 2023
•[ hack, misconfiguration, finance ]
Unum Group's subsidiary Starmount Life Insurance Company posts a notice of data breach on its website after discovering that the company's MOVEit server was accessed by an unauthorized party.
Kennedy Krieger Institute
May 31, 2023
•[ leak, misconfiguration, healthcare ]
The Johns Hopkins University and the Johns Hopkins Health System Corporation (collectively "Johns Hopkins'') file a notice of data breach on behalf of the Kennedy Krieger Institute after learning that a software vulnerability resulted in confidential consumer information being leaked.
University of Texas Southwestern Medical Center (UTSW)
May 30, 2023
•[ leak, misconfiguration, healthcare ]
Reports begin to emerge about a MOVEit data breach at the University of Texas Southwestern Medical Center (UTSW) resulting in an unauthorized party being able to access patients' sensitive information.
Bank of New York Mellon Corporation (BNY Mellon)
May 13, 2023
•[ leak, misconfiguration, finance ]
Bank of New York Mellon Corporation (BNY Mellon) files a notice of data breach after learning that confidential information that had been entrusted to the company was leaked in what appears to be a third-party data breach.
