Coinbase users
December 1, 2024
•[ phishing, social engineering ]
Between December 2024 and January 2025, criminal phishing campaigns impersonating Coinbase support stole approximately $65 million in cryptocurrency from hundreds of users worldwide. Attackers used fake login pages, wallet-draining scripts, and social-engineering messages to capture credentials and bypass two-factor authentication. Coinbase confirmed that its own systems were not breached.
Grand Forks Public Schools
November 21, 2024
•[ financial, phishing, education ]
Grand Forks Public Schools loses $2.2M to a phishing scam
City of Clark Fork
November 15, 2024
•[ social, phishing, government ]
The City of Clark Fork is scammed out of half a million dollars by a man posing as its construction contractor.
Kumamoto Prefecture Violence Prevention Movement Promotion Center
November 15, 2024
•[ social, phishing, government ]
The Kumamoto Prefecture Violence Prevention Movement Promotion Center says that 2,500 people who have used its counseling services (which aid with everything from evading extortion to disentangling romantically from Yakuza members) have been impacted by a data breach following a successful phishing attack.
Town of Webster, New York
November 15, 2024
•[ financial, social, phishing ]
The Town of Webster fell victim to a phishing scam in November 2024, when scammers impersonated a contractor and tricked officials into diverting $520,275.67. Criminal investigation recovered over $300,000, and cyber insurance is expected to cover the remainder. No sensitive or confidential data was compromised.
Northwest Asthma & Allergy Center
November 12, 2024
•[ hack, phishing, healthcare ]
An unauthorized party accessed an employees email account on November 12, 2024, compromising sensitive patient data at Northwest Asthma & Allergy Center. The breach was discovered and contained by November 13. At least ~1,000 patients were notified by January 2, 2025, and the incident was reported to HHS OCR. Investigation did not find evidence of exfiltration beyond what was accessible via the compromised mailbox.
Fall Mountain Regional School District
November 1, 2024
•[ phishing, data leak ]
District warned community after phishing scam; vendor ids and emails exposed.
Individuals
October 31, 2024
•[ financial, phishing, retail ]
Researchers at Human reveal that more than 1,000 legitimate shopping sites have been compromised to promote fake product listings in a credit card phishing scheme dubbed Phish n Ships,
Fillmore County Hospital
October 27, 2024
•[ phishing, data leak ]
An unauthorized party accessed an employee email account on 2024-10-27. Investigation completed 2024-12-18. Affected data includes personal, medical, payment, and insurance information. Individuals were notified 2025-02-13.
Ou Medicine (Ou Health)
October 18, 2024
•[ phishing, data leak ]
Ou Health reported unauthorized access to two email accounts impacting patient information.
Westmoreland County
October 16, 2024
•[ social, phishing, government ]
Municipal Authority of Westmoreland County officials say the water and sewer utility has recovered more than $826,000 that was stolen in what it called a vendor impersonator scheme.
The Good Life Medical Staff LLC
October 15, 2024
•[ phishing, data leak ]
Healthcare staffing firm reported email account compromise exposing sensitive information
General Dynamics
October 10, 2024
•[ social, phishing, manufacturing ]
Aerospace and defense giant General Dynamics says threat actors compromised dozens of employee benefits accounts after a successful phishing campaign targeting its personnel.
EigenLayer
October 4, 2024
•[ hack, phishing, finance ]
EigenLayer team says it is investigating an unapproved selling activity of about 1.6 million of EigenLayers EIGEN tokens, worth about $5.7 million. In a subsequent update the company reveals that the unapproved token-selling incident was due to a hack, after a malicious attacker compromised an email thread involving an investors token transfer into custody.
Charleston Area Medical Center
October 2, 2024
•[ phishing, data leak ]
Phishing attack on multiple email users; unauthorized access to one mailbox between Oct 23, 2024, possibly exposing personal and health information. No other systems impacted.
Onsite Mammography
October 1, 2024
•[ phishing, data leak ]
Phishing attack compromised a single employees email account, enabling exfiltration of PII and PHI data affecting over 350,000 individuals; no encryption involved.
Heartland Community Health Center
October 1, 2024
•[ phishing, data leak ]
Clinic reported email account breach exposing sensitive patient and insurance information.
Hunter Health Clinic
September 30, 2024
•[ phishing, data leak ]
Clinic said an unauthorized party accessed one employee mailbox around Sept 30, 2024; on May 1, 2025 it confirmed files with PHI/PII may have been accessed; notices issued May 15.
Dove Healthcare
September 29, 2024
•[ phishing, data leak ]
Healthcare provider disclosed email account compromise containing patient and employee information.
Senator Ben Cardin
September 26, 2024
•[ espionage, phishing, government ]
An advanced deepfake operation targets Sen. Ben Cardin, the Democratic chair of the Senate Foreign Relations Committee, who is involved in a Zoom conversation with a fake Dymtro Kuleba, the former Ukrainian Minister of Foreign Affairs.
