Troy Hunt's Mailchimp List
March 25, 2025
•[ hack, phishing, technology ]
In March 2025, a phishing attack successfully gained access to Troy Hunt's Mailchimp account and automatically exported a list of people who had subscribed to the newsletter for his personal blog. The exported list contained 16k email addresses and other data automatically collected by Mailchimp including IP address and a derived latitude, longitude and time zone.
Kenton County School District
December 20, 2024
•[ social, phishing, education ]
Personal data from current and former students in Kenton County School District are compromised in a phishing scheme.
Boone County School District
December 19, 2024
•[ social, phishing, education ]
Personal data from current and former students in Boone County School District are compromised in a phishing scheme.
"Tony" (undisclosed crypto investor)
December 18, 2024
•[ social, phishing, finance ]
A scammer impersonating Google manages to phish 45 bitcoins approximately $4,725,000 at todays value from Tony, a 42-year-old professional from northern California.
Individuals in South Korea
December 11, 2024
•[ financial, phishing, finance ]
A South Korean law enforcement operation, dubbed Operation Midas, and carried out by the Korean Financial Security Institute (K-FSI), takes down a large-scale fraud network that extorted $6.3m from victims with fake online trading platforms.
Ukrainian Defense Companies and Security and Defense Forces
December 7, 2024
•[ social, phishing, government ]
The Computer Emergency Response Team of Ukraine (CERT-UA) discover a series of phishing emails targeting Ukrainian defense companies and security and defense forces with a fake NATO standards conference. Some recipients opened the phishing emails execiting the malicious RAR attachments.
Grand Forks Public Schools
November 21, 2024
•[ financial, phishing, education ]
Grand Forks Public Schools loses $2.2M to a phishing scam
City of Clark Fork
November 15, 2024
•[ social, phishing, government ]
The City of Clark Fork is scammed out of half a million dollars by a man posing as its construction contractor.
Kumamoto Prefecture Violence Prevention Movement Promotion Center
November 15, 2024
•[ social, phishing, government ]
The Kumamoto Prefecture Violence Prevention Movement Promotion Center says that 2,500 people who have used its counseling services (which aid with everything from evading extortion to disentangling romantically from Yakuza members) have been impacted by a data breach following a successful phishing attack.
Individuals
October 31, 2024
•[ financial, phishing, retail ]
Researchers at Human reveal that more than 1,000 legitimate shopping sites have been compromised to promote fake product listings in a credit card phishing scheme dubbed Phish n Ships,
Westmoreland County
October 16, 2024
•[ social, phishing, government ]
Municipal Authority of Westmoreland County officials say the water and sewer utility has recovered more than $826,000 that was stolen in what it called a vendor impersonator scheme.
General Dynamics
October 10, 2024
•[ social, phishing, manufacturing ]
Aerospace and defense giant General Dynamics says threat actors compromised dozens of employee benefits accounts after a successful phishing campaign targeting its personnel.
EigenLayer
October 4, 2024
•[ hack, phishing, finance ]
EigenLayer team says it is investigating an unapproved selling activity of about 1.6 million of EigenLayers EIGEN tokens, worth about $5.7 million. In a subsequent update the company reveals that the unapproved token-selling incident was due to a hack, after a malicious attacker compromised an email thread involving an investors token transfer into custody.
Senator Ben Cardin
September 26, 2024
•[ espionage, phishing, government ]
An advanced deepfake operation targets Sen. Ben Cardin, the Democratic chair of the Senate Foreign Relations Committee, who is involved in a Zoom conversation with a fake Dymtro Kuleba, the former Ukrainian Minister of Foreign Affairs.
Equiniti Trust Company, formerly known as American Stock Transfer & Trust Company
September 19, 2024
•[ financial, phishing, finance ]
Equiniti Trust Company agrees to pay $850K after an unknown threat actor, pretending to be an employee of a U.S.-based public issuer client of American Stock Transfer, instructed the Company to issue millions of new shares, liquidate those shares, and send the proceeds to an bank in Hong Kong, leading to a loss of roughly $4.78 million.
Fur Affinity
August 22, 2024
•[ hack, phishing, technology ]
Fur Affinity, a popular social networking website for the furry community, is compromised, after threat actors successfully gained control of the websites domain, redirecting users to phishing sites, crypto scams and other malicious content.
Locata
July 29, 2024
•[ social, phishing, technology ]
A cyber attack on software company Locata spreads across councils across Greater Manchester, leaving thousands of residents vulnerable to a phishing scam.
Bloom Health Centers
June 28, 2024
•[ hack, phishing, healthcare ]
Psych Associates of Maryland LLC d/b/a Bloom Health Centers ("Bloom Health") discloses a security breach after the compromise of an employee's email.
Domestic flight in Australia
June 28, 2024
•[ hack, phishing ]
The AFP charges an Australian man (42) with operating a fake Wi-Fi access point on a domestic flight to steal user credentials and data.
The Ambulatory Surgery Center of Westchester
June 26, 2024
•[ social, phishing, healthcare ]
The Mount Kisco Surgery Center LLC d/b/a The Ambulatory Surgery Center of Westchester ("ASCW") discloses a security breach after the compromise of an employee's email.
