United Health Services
January 18, 2023
•[ leak, phishing, healthcare ]
United Health Services of Delaware (UHS of Delaware) files a notice of data breach after learning that a vendor experienced a phishing attack compromising UHS of Delaware patient information.
Brookhaven Nuclear Laboratory (BNL)
January 6, 2023
•[ espionage, phishing, energy ]
The Russian group Cold River targeted the Brookhaven Nuclear Laboratory with a spear phishing campaign creating fake login pages.
Moldovan Govermental Institutions
January 2, 2023
•[ social, phishing, government ]
Moldova's government institutions are hit by a wave of phishing attacks after it pledged support for Ukraine in its defense against Russia.
U-Haul
January 1, 2023
•[ hack, phishing ]
stolen credentials
Minuteman Senior Services
December 22, 2022
•[ hack, phishing, healthcare ]
Minuteman Senior Services confirms that an unauthorized individual gained access to the email account of an employee.
Highmark Health
December 15, 2022
•[ social, phishing, finance ]
Highmark Health files a notice of data breach after learning that an employee's email account had been compromised following a phishing attack.
Gemini
December 13, 2022
•[ leak, phishing, finance ]
In late 2022, data allegedly taken from the Gemini crypto exchange was posted to a public hacking forum. The data consisted of email addresses and partial phone numbers, which Gemini later attributed to an incident at a third-party vendor (the vendor was not named). The data was provided to HIBP by a source who requested it be attributed to "ZAN @ BF".
Ukrainian Government Entities
December 12, 2022
•[ espionage, phishing, government ]
Ukrainian government agencies and the state railway are the latest victims of a new wave of phishing attacks, Ukraine's Computer Emergency Response Team (CERT-UA) reported last week.
HawaiiUSA Federal Credit Union (HawaiiUSA)
December 12, 2022
•[ leak, phishing, finance ]
HawaiiUSA Federal Credit Union (HawaiiUSA) files a notice of data breach after a phishing incident leaks the personal information of more than 20,000 bank customers.
Epic Management LLC
December 9, 2022
•[ hack, phishing, healthcare ]
The healthcare management company, Epic Management LLC, has recently announced that unauthorized individuals gained access to its digital environment and accessed files and data stored in its email system.
Activision
December 4, 2022
•[ social, phishing, technology ]
In December 2022, attackers socially engineered an Activision HR employee into disclosing information which led to the breach of almost 20k employee records. The data contained 16k unique email addresses along with names, phone numbers, job titles and the office location of the employee. Activision advised that no sensitive employee information was included in the breach.
Legacy Hospice
November 30, 2022
•[ hack, phishing, healthcare ]
Legacy Hospice in Alabama notified 21,202 individuals of a breach that stemmed from unauthorized access to a limited number of employee email accounts.
The Kelberman Center
November 1, 2022
•[ hack, phishing, healthcare ]
The Kelberman Center, a provider of services to individuals with autism, notifies 3,501 patients about a breach of employee email accounts.
Large U.S. car maker
November 1, 2022
•[ financial, phishing, manufacturing ]
Researchers from Blackberry reveal that the financially motivated threat actor FIN7 targeted a large U.S. car maker with spear-phishing emails for employees in the IT department to infect systems with the Anunak backdoor.
Three Rivers Provider Network (TRPN)
October 31, 2022
•[ hack, phishing, finance ]
Three Rivers Provider Network (TRPN) submits notice of a data breach after the company determined that an unauthorized party was able to access an employee's email account containing sensitive information belonging to certain individuals.
St. Luke's Health
October 30, 2022
•[ hack, phishing, healthcare ]
St. Luke's Health notifies 16,906 individuals of a third-party data breach that impacted Adelanto Healthcare Ventures (AHCV), a consulting services vendor, after two of its employee email accounts were compromised by a third party.
Bed Bath & Beyond
October 29, 2022
•[ social, phishing, retail ]
Bed Bath & Beyond reveals in an SEC filing that it recently suffered a data breach after an employee fell victim to a phishing attack.
Zendesk
October 26, 2022
•[ hack, phishing, technology ]
Customer service solutions provider Zendesk suffers a data breach that resulted from employee account credentials getting phished by hackers.
Australian Institute of Company Directors (AIDC)
October 24, 2022
•[ social, phishing, education ]
Unknown threat actors flood the LinkedIn Chat with a fake Eventbrite link to a conference by the Australian Institute of Company Directors (AIDC).
Ukranian state organizations
October 21, 2022
•[ hack, phishing, government ]
According to Ukrainian CERT, Ukrainian state organizations have been targeted by cyberattacks using the RomCom malware. The attack vector was a phishing email, allegedly sent on behalf of the Press Service of the General Staff of the Ukrainian Armed Forces.
