ABIM (American Board of Internal Medicine)
June 6, 2023
•[ hack, sqlinjection, healthcare ]
ABIM confirm to have been hit by a cyber attack exploiting the MOVEit CVE-2023-34362 Vulnerability
Realm IDX
June 5, 2023
•[ leak, sqlinjection, healthcare ]
Realm IDX, a diagnostics company, confirms to have suffered a data breach occurred exploiting the MOVEit CVE-2023-34362 vulnerability.
Government of Nova Scotia
June 3, 2023
•[ leak, sqlinjection, government ]
The government of Nova Scotia confirms a data theft as a result of the exploitation of the CVE-2023-34362 vulnerability affecting popular file transfer tool MOVEit.
University of Rochester
June 2, 2023
•[ hack, sqlinjection, education ]
The University of Rochester confirms a data theft as a result of the exploitation of the CVE-2023-34362 vulnerability affecting popular file transfer tool MOVEit.
Harris Health System
June 2, 2023
•[ hack, sqlinjection, healthcare ]
Harris Health System notifies patients and employees that some of their protected health information may have been compromised during a cyberattack exploiting the CVE-2023-34362 MOVEit vulnerability.
Allegiant Air
June 1, 2023
•[ hack, sqlinjection ]
Allegiant Air confirms that 1,405 people had information accessed through the exploitation of the MOVEit vulnerability.
Ofcom
June 1, 2023
•[ hack, sqlinjection, government ]
Britain's communications regulator Ofcom announces that confidential information which it held on companies it regulates was downloaded by hackers exploiting the CVE-2023-34362 vulnerability in the MOVEit file transfer tool.
Pathology Resource Network
June 1, 2023
•[ leak, sqlinjection, healthcare ]
Pathology Resource Network (PRN) adds a website notice on its homepage after discovering that Cadence Bank, which provides treasury management services to PRN, experienced a MOVEit-related data breach.
AlohaCare
May 31, 2023
•[ leak, sqlinjection, healthcare ]
AlohaCare files a notice of data breach after confirming that a vulnerability in the file-transfer program MOVEit resulted in confidential patient information being accessible to an unauthorized party.
Indiana Family and Social Services Administration
May 31, 2023
•[ leak, sqlinjection, government ]
The Indiana Family and Social Services Administration (FSSA) posts a notice announcing that the protected health information of an estimated 212,193 Indiana Medicaid members was impacted by the MOVEit data breach affecting CareSource.
Centers for Medicare & Medicaid Services
May 31, 2023
•[ leak, sqlinjection, healthcare ]
The Centers for Medicare & Medicaid Services (CMS) notified 612,000 Medicare beneficiaries of a data breach stemming from a vulnerability in Progress Software's MOVEit Transfer software.
BORN Ontario
May 31, 2023
•[ hack, sqlinjection, government ]
BORN Ontario (Better Outcomes Registry & Network) reveals to have been hit by a data breach related to MOVEit CVE-2023-34362 vulnerability.
Illinois Department of Innovation & Technology (DoIT)
May 31, 2023
•[ hack, sqlinjection, government ]
The Illinois Department of Innovation & Technology (DoIT) reveals to be investigating the impact of a data breach related to MOVEit CVE-2023-34362 vulnerability.
Global Atlantic Financial Group
May 30, 2023
•[ leak, sqlinjection, finance ]
Global Atlantic Financial Group files a notice of data breach after discovering the MOVEit-related data breach at Pension Benefit Information.
National Institutes of Health Federal Credit Union
May 19, 2023
•[ leak, sqlinjection, finance ]
The National Institutes of Health Federal Credit Union confirm to have suffered a data breach occurred exploiting the MOVEit CVE-2023-34362 vulnerability.
Undetermined
April 15, 2022
•[ leak, sqlinjection, finance ]
GhostSec exfiltrated over 100MB of data from a Russian internet domain registration provider. The leak includes screenshots of sensitive files and excel spreadsheet data. During the breach, GhostSec identified over 4TB of SQL databases, but the company's intrusion detection systems and kicked them off the network before the SQL data could be harvested.
SirHurt
April 23, 2021
•[ hack, sqlinjection, technology ]
In April 2021, the the Roblox cheats website SirHurt suffered a data breach that exposed over 90k customer records. The exposed data included email and IP addresses, usernames and passwords stored as MD5 hashes.
Atmeltomo
April 16, 2021
•[ hack, sqlinjection, technology ]
In April 2021, "Japan's largest e-mail friend search site" Atmeltomo suffered a data breach that was later sold on a popular hacking forum. The breach exposed 1.3M records with 580k unique email addresses along with usernames, IP addresses and unsalted MD5 password hashes.
University of California
March 31, 2021
•[ hack, sqlinjection, education ]
The University of California joins the list of the victims hit via the exploitation of the Accellion FTA vulnerability.
Bourse des Vols
January 12, 2021
•[ leak, sqlinjection, retail ]
In January 2021, the French travel company Bourse des Vols suffered a data breach that exposed 1.46M unique email addresses across more than 1.2k .sql files and over 9GB of data. The impacted data exposed personal information and travel histories including names, phone numbers, IP and physical addresses, dates of birth along with flights taken and purchases.
