January 2021

• Market Harborough school finds wiped hard drives on devices connected to the network (unknown)

• Two-year data breach hits employees’ email at WTTW, WFMT (40)

• Personal data of ANWB customers may have been stolen after a cyber attack(unknown)

• Corporate secrets at risk in the hack of U.S. courts documents (unknown)

• Tasmania Police called in after ambulance patient details published online(unknown)

• Communauto car-sharing service victim of a cyber attack (unknown)

• Parler is gone, but hackers say they downloaded everything first (unknown)

• Jefferson Healthcare hit by ‘phishing’ cyberattack (2,550)

• Networking giant Ubiquiti alerts customers of a potential data breach (unknown)

• Pennsylvania-based Clearfield Co. hit by a cyber attack (unknown)

• Eneco warns customers after suffering security incident (1,700)

• Unauthorized access of Stormont Vail’s internal vaccine scheduling site(unknown)

• Email security firm Mimecast says hackers hijacked its products to spy on customers (unknown)

• National Board for Certified Counselors discloses malware attack (unknown)

• Puget Sound Educational Service District reports cyber attack (unknown)

• Ultrapar, attacked on Monday, operates under a contingency regime (unknown)

• Irish schools on security alert as gardaí probe online class breach (unknown)

• Gainwell Technologies says medical data was accessed by an unauthorised party(unknown)

• Hendrick computer network breach compromised some patients’ information(unknown)

• OpenWRT reports data breach after a hacker gained access to the forum admin account (unknown)

• Hackers attack major Bangladeshi conglomerate Beximco (unknown)

• Okanogan Co. government hit with a cyber attack (unknown)

• Diponegoro University responds to a security incident (125,000)

• A Chinese hacking group is stealing airline passenger details (unknown)

• Einstein Healthcare network notifies patients of 2020 email hack (unknown)

• Colliers International Group gets slammed by the cyber attack (unknown)

• Security firm Malwarebytes infected by the same hackers who hit SolarWinds(unknown)

• SonicWall says it was hacked using zero-days in its own products (unknown)

• Services of the Vienne department affected after a cyber attack (unknown)

• Hacker leaks data of MeetMindful.com users (2.28 million)

• Australia’s securities regulator says server hit by cybersecurity breach(unknown)

• Palfinger Group crippled by the massive attack (unknown)

• Dutch COVID-19 patient data sold on the criminal underground (unknown)

• Georgetown County computer network down after cyber attack (unknown)

• Florida Healthy Kids website breached; vendor blamed for not patching(unknown)

• USCellular breached after hackers access CRM software (unknown)

• Canada-based Premier Tech victim of a cyber attack (unknown)

• Wentworth golf club hit by ransomware (unknown)

• Trafford bin collection firm suffers major cyber attack with contracts, passports, financial details leaked(unknown)

• UK Research and Innovation issues statement about ransomware attack (unknown)

• British Mensa website hacked after it failed to secure passwords(18,000)

• Ransomware attack cripples NYC DOE’s teacher disciplinary system (unknown)

• Belgian consultancy Finalyse emerges unscathed from ransomware attack(unknown)

• Ben-Gurion University targeted by the cyber attack (unknown)

• Delaware County officials paid $25,000 in ransom to hackers who infiltrated the county’s computer system (unknown)

• Ransomware attack hits short line rail operator OmniTRAX (unknown)

• Ransom demanded after AKVA group victim of a ransomware attack (unknown)

• SEPA systems knocked offline by ‘ongoing’ ransomware attack (unknown)

• cheap hospital hit by ransomware; operations cancelled (unknown)

• Vehicle rental firm Ucar reveals cyberattack earlier this year (unknown)

• Nygard hit with ransomware that permanently compromised their IT system(unknown)

• Montagne battling ransomware infection (unknown)

• WestRock reports ransomware incident (unknown)

• Tennessee Wesleyan University systems recovering after ransomware attack(unknown)

• Thai media and content conglomerate Mono Next Public Company hit by hackers (unknown)

• Brazil’s Municipality of Balneário Camboriú hit by ransomware (unknown)

• Crisp Regional Health Services falls victim to ransomware attack (unknown)

• Ransomware attack on Netgain Technology compromised info of home visit clients (8,700)

• Cybersecurity incident at Peel District School Board causes system outage(unknown)

• UK government loses arrest records during the routine clearing of databases (150,000)

• Indian government sites leaking patient COVID-19 test results (unknown)

• Anti-secrecy activists publish a trove of ransomware victims’ data (750,000)

• Names of students who use University of Ottawa Students’ Union Food Bank made public (111)

• United Nations data breach exposed over staff records (100,000)

• Chinese start-up Socialarks leaked scraped data, exposing Facebook, Instagram and LinkedIn users (214 million)

• Australian police release firearm owner details in email bcc gaffe (500)

• Saskatchewan privacy commissioner investigates a potential breach of hunting licensing system (33,000)

• Colorado’s Pitkin County COVID-19 case investigations inadvertently exposed online (unknown)

• Amazon’s Ring Neighbors app exposed users’ precise locations and home addresses (unknown)

• Ronald McDonald House notifying almost guests of Blackbaud breach (17,373)

• Now-defunct social media app Fleek exposes users in a massive data breach(377,000)

• Giant leak exposes data from almost all Brazilians (660 million)

• Leaks of personal information from epidemiological survey cast shadow over anti-epidemic work (unknown)

• Cook County, IL, exposes court database containing domestic violence case details (323,000)

DECEMBER 2020 

• Leonardo SpA: Italian police arrested suspects believed to have stolen up to 10GB in sensitive corporate and military data from the defence contractor. 

• Flight Centre: A 2017 hackathon launched by the company was found to be the source of a leak involving credit card records and passport numbers belonging to close to 7,000 people. 

• Vancouver TransLink: A ransomware attack disrupted Compass metro cards and Compass ticketing kiosks for two days. 

• HMRC: The UK tax office was branded 'incompetent' due to 11 serious data breaches impacting close to 24,000 people.

• FireEye: FireEye disclosed a cyberattack, suspected to be the work of a nation-state group. The cybersecurity firm said the hack resulted in penetration tools being stolen. 

NOVEMBER 2020  

• Manchester United: Manchester United football club said it was investigating a security incident impacting internal systems.

• Campari: Campari was knocked offline following a ransomware attack.

• $100 million botnet: A Russian hacker was jailed for operating a botnet responsible for draining $100 million from victim bank accounts. 

• Mashable: A hacker published a copy of a Mashable database online.

• Capcom: Capcom became a victim of the Ragnar Locker ransomware, disrupting internal systems.

• Home Depot: The US retailer agreed to a $17.5 million settlement after a PoS malware infection impacted millions of shoppers.

• Embraer: The Brazilian aerospace company was struck by a cyberattack leading to data theft.

OCTOBER 2020  

• Barnes & Noble: The bookseller experienced a cyberattack, believed to be the handiwork of the ransomware group Egregor. Stolen records were leaked online as proof. 

• UN IMO: The United Nations International Maritime Organization (UN IMO) disclosed a security breach affecting public systems.

• Boom! Mobile: The telecom service provider became the victim of a Magecart card-skimming attack.

• Google: Google said it mitigated a 2.54 Tbps DDoS attack, one of the largest ever recorded.

• Dickey's: The US barbeque restaurant chain suffered a point-of-sale attack between July 2019 and August 2020. Three million customers had their card details later posted online.  

• Ubisoft, Crytek: Sensitive information belonging to the gaming giants was released online by the Egregor ransomware gang.

• Amazon insider trading: A former Amazon finance manager and their family were charged for running a $1.4 million insider trading scam.

SEPTEMBER 2020 ​

• German hospital ransomware: A hospital patient passed away after being redirected away from a hospital suffering an active ransomware infection.

• Belarus law enforcement: The private information of 1,000 high-ranking police officers was leaked. 

• NS8: The CEO of the cyberfraud startup was accused of defrauding investors out of $123 million.

• Satellites: Iranian hackers were charged for compromising US satellites. 

• Cerberus: The developers of the Cerberus banking Trojan released the malware's source code after failing to sell it privately. 

• BancoEstado: The Chilean bank was forced to close down branches due to ransomware.

AUGUST 2020 

• Cisco: A former engineer pleaded guilty to causing massive amounts of damage to Cisco networks, costing the company $2.4 million to fix.

• Canon: The photography giant was struck by ransomware gang Maze.

• LG, Xerox: Maze struck again, publishing data belonging to these companies after failing to secure blackmail payments.

• Intel: 20GB of sensitive, corporate data belonging to Intel was published online.

• The Ritz, London: Fraudsters posed as staff in a clever phishing scam against Ritz clients.

• Freepik: The free photos platform disclosed a data breach impacting 8.3 million users. 

• University of Utah: The university gave in to cybercriminals and paid a $457,000 ransom to stop the group from publishing student information.

• Experian, South Africa: Experian's South African branch disclosed a data breach impacting 24 million customers. 

• Carnival: The cruise operator disclosed a ransomware attack and subsequent data breach.

JULY 2020

• CouchSurfing: 17 million records belonging to CouchSurfing were found on an underground forum.

• University of York: The UK university disclosed a data breach caused by Blackbaud. Staff and student records were stolen.

• MyCastingFile: A US casting platform for actors exposed the PII of 260,000 users.

• SigRed: Microsoft patched a 17-year-old exploit that could be used to hijack Microsoft Windows Servers.

• MGM Resorts: A hacker put the records of 142 million MGM guests online for sale.

• V Shred: The PII of 99,000 customers and trainers was exposed online and V Shred only partially resolved the problem.

• BlueLeaks: Law enforcement closed down a portal used to host 269 GB in stolen files belonging to US police departments.

• MongoDB: A hacker attempted to ransom 23,000 MongoDB databases.

JUNE 2020 

• Amtrak: Customer PII was leaked and some Amtrak Guest Rewards accounts were accessed by hackers.

• University of California SF: The university paid a $1.14 million ransom to hackers in order to save COVID-19 research.

• AWS: AWS mitigated a massive 2.3 Tbps DDoS attack. 

• Postbank: A rogue employee at the South African bank obtained a master key and stole $3.2 million.

• NASA: The DopplePaymer ransomware gang claimed to have breached a NASA IT contractor's networks. 

• Claire's: The accessories company fell prey to a card-skimming Magecart infection.

MAY 2020

• EasyJet: The budget airline revealed a data breach exposing data belonging to nine million customers, including some financial records.

• Blackbaud: The cloud service provider was hit by ransomware operators who hijacked customer systems. The company later paid a ransom to stop client data from being leaked online.

• Mitsubishi: A data breach suffered by the company potentially also resulted in confidential missile design data being stolen.

• Toll Group: The logistics giant was hit by a second ransomware attack in three months. 

• Pakistani mobile users: Data belonging to 44 million Pakistani mobile users was leaked online.

• Illinois: The Illinois Department of Employment Security (IDES) leaked records concerning citizens applying for unemployment benefits.

• Wishbone: 40 million user records were published online by the ShinyHunters hacking group.

• EasyJet: An £18 billion class-action lawsuit was launched to compensate customers impacted by a data breach in the same month.

APRIL 2020

• US Small Business Administration (SBA): Up to 8,000 applicants for emergency loans were embroiled in a PII data leak.

• Nintendo: 160,000 users were affected by a mass account hijacking campaign.

• Email.it: The Italian email provider failed to protect the data of 600,000 users, leading to its sale on the Dark Web.

• Nintendo: Nintendo said 160,000 users were impacted by a mass account hijacking account caused by the NNID legacy login system.

• US Small Business Administration (SBA): The SBA revealed as many as 8,000 business emergency loan applicants were involved in a data breach.

MARCH 2020 

• T-Mobile: A hacker gained access to employee email accounts, compromising data belonging to customers and employees. 

• Marriott: The hotel chain suffered a cyberattack in which email accounts were infiltrated. 5.2 million hotel guests were impacted. 

• Whisper: The anonymous secret-sharing app exposed millions of users' private profiles and datasets online.

• UK Home Office: GDPR was breached 100 times in the handling of the Home Office's EU Settlement Scheme.

• SIM-swap hacking rings: Europol made arrests across Europe, taking out SIM-swap hackers responsible for the theft of over €3 million.

• Virgin Media: The company exposed the data of 900,000 users through an open marketing database.

• Whisper: Millions of users' private profiles and datasets were left, exposed and online, for the world to see.

• MCA Wizard: 425GB in sensitive documents belonging to financial companies was publicly accessible through a database linked to the MCA Wizard app.

• NutriBullet: NutriBullet became a victim of a Magecart attack, with payment card skimming code infecting the firm's e-commerce store.

• Marriott: Marriott disclosed a new data breach impacting 5.2 million hotel guests.

FEBRUARY 2020 

• Estée Lauder: 440 million internal records were reportedly exposed due to middleware security failures. 

• Denmark's government tax portal: The taxpayer-identification numbers of 1.26 million Danish citizens were accidentally exposed.

• DOD DISA: The Defense Information Systems Agency (DISA), which handles IT for the White House, admitted to a data breach potentially compromising employee records.

• UK Financial Conduct Authority (FCA): The FCA released sensitive information belonging to roughly 1,600 consumers by accident as part of an FOIA request.

• Clearview: Clearview AI's entire client list was stolen due to a software vulnerability.

• General Electric: GE warned workers that an unauthorized individual was able to access information belonging to them due to security failures with supplier Canon Business Process Service.

 JANUARY 2020

  ● Travelex: Travelex services were pulled offline following a malware infection. The company itself and businesses using

     the platform to provide currency exchange services were all affected.

• IRS tax refunds: A US resident was jailed for using information leaked through data breaches to file fraudulent tax returns worth $12 million. 

• Manor Independent School District: The Texas school district lost $2.3 million during a phishing scam.

• Wawa: 30 million records containing customers' details were made available for sale online. 

• Microsoft: The Redmond giant disclosed that five servers used to store anonymized user analytics were exposed and open on the Internet without adequate protection.

• Medical marijuana: A database backing point-of-sale systems used in medical and recreational marijuana dispensaries was compromised, impacting an estimated 30,000 US users.