La Clinica de la Raza
February 8, 2023
•[ hack, phishing, healthcare ]
La Clinica de La Raza files a notice of data breach after learning that certain employee email accounts containing confidential patient information were accessed by an unauthorized party over the course of a two-week period.
Ukrainian government agencies
February 6, 2023
•[ espionage, phishing, government ]
The Ukraine's computer emergency response team (CERT-UA) reveals that in a recent phishing campaign against Ukrainian government agencies, attackers attempted to install the Remcos surveillance software on victims' computers.
Gateway First Bank
February 1, 2023
•[ leak, phishing, finance ]
Gateway First Bank files a notice of data breach after confirming that unusual activity within multiple employee email accounts resulted in confidential customer information being leaked.
CRC Insurance Services
January 18, 2023
•[ hack, phishing, finance ]
CRC Insurance Services files a notice of data breach after discovering that an unauthorized party had accessed several employee email accounts.
United Health Services
January 18, 2023
•[ leak, phishing, healthcare ]
United Health Services of Delaware (UHS of Delaware) files a notice of data breach after learning that a vendor experienced a phishing attack compromising UHS of Delaware patient information.
Brookhaven Nuclear Laboratory (BNL)
January 6, 2023
•[ espionage, phishing, energy ]
The Russian group Cold River targeted the Brookhaven Nuclear Laboratory with a spear phishing campaign creating fake login pages.
Moldovan Govermental Institutions
January 2, 2023
•[ social, phishing, government ]
Moldova's government institutions are hit by a wave of phishing attacks after it pledged support for Ukraine in its defense against Russia.
U-Haul
January 1, 2023
•[ hack, phishing ]
stolen credentials
Minuteman Senior Services
December 22, 2022
•[ hack, phishing, healthcare ]
Minuteman Senior Services confirms that an unauthorized individual gained access to the email account of an employee.
Highmark Health
December 15, 2022
•[ social, phishing, finance ]
Highmark Health files a notice of data breach after learning that an employee's email account had been compromised following a phishing attack.
Gemini
December 13, 2022
•[ leak, phishing, finance ]
In late 2022, data allegedly taken from the Gemini crypto exchange was posted to a public hacking forum. The data consisted of email addresses and partial phone numbers, which Gemini later attributed to an incident at a third-party vendor (the vendor was not named). The data was provided to HIBP by a source who requested it be attributed to "ZAN @ BF".
Ukrainian Government Entities
December 12, 2022
•[ espionage, phishing, government ]
Ukrainian government agencies and the state railway are the latest victims of a new wave of phishing attacks, Ukraine's Computer Emergency Response Team (CERT-UA) reported last week.
HawaiiUSA Federal Credit Union (HawaiiUSA)
December 12, 2022
•[ leak, phishing, finance ]
HawaiiUSA Federal Credit Union (HawaiiUSA) files a notice of data breach after a phishing incident leaks the personal information of more than 20,000 bank customers.
Epic Management LLC
December 9, 2022
•[ hack, phishing, healthcare ]
The healthcare management company, Epic Management LLC, has recently announced that unauthorized individuals gained access to its digital environment and accessed files and data stored in its email system.
Activision
December 4, 2022
•[ social, phishing, technology ]
In December 2022, attackers socially engineered an Activision HR employee into disclosing information which led to the breach of almost 20k employee records. The data contained 16k unique email addresses along with names, phone numbers, job titles and the office location of the employee. Activision advised that no sensitive employee information was included in the breach.
Legacy Hospice
November 30, 2022
•[ hack, phishing, healthcare ]
Legacy Hospice in Alabama notified 21,202 individuals of a breach that stemmed from unauthorized access to a limited number of employee email accounts.
The Kelberman Center
November 1, 2022
•[ hack, phishing, healthcare ]
The Kelberman Center, a provider of services to individuals with autism, notifies 3,501 patients about a breach of employee email accounts.
Large U.S. car maker
November 1, 2022
•[ financial, phishing, manufacturing ]
Researchers from Blackberry reveal that the financially motivated threat actor FIN7 targeted a large U.S. car maker with spear-phishing emails for employees in the IT department to infect systems with the Anunak backdoor.
Three Rivers Provider Network (TRPN)
October 31, 2022
•[ hack, phishing, finance ]
Three Rivers Provider Network (TRPN) submits notice of a data breach after the company determined that an unauthorized party was able to access an employee's email account containing sensitive information belonging to certain individuals.
St. Luke's Health
October 30, 2022
•[ hack, phishing, healthcare ]
St. Luke's Health notifies 16,906 individuals of a third-party data breach that impacted Adelanto Healthcare Ventures (AHCV), a consulting services vendor, after two of its employee email accounts were compromised by a third party.
