January 2021
-
Market Harborough school finds wiped hard drives on devices connected to the network (unknown)
-
Two-year data breach hits employees’ email at WTTW, WFMT (40)
-
Personal data of ANWB customers may have been stolen after a cyber attack(unknown)
-
Corporate secrets at risk in the hack of U.S. courts documents (unknown)
-
Tasmania Police called in after ambulance patient details published online(unknown)
-
Communauto car-sharing service victim of a cyber attack (unknown)
-
Parler is gone, but hackers say they downloaded everything first (unknown)
-
Networking giant Ubiquiti alerts customers of a potential data breach (unknown)
-
Pennsylvania-based Clearfield Co. hit by a cyber attack (unknown)
-
Eneco warns customers after suffering security incident (1,700)
-
Unauthorized access of Stormont Vail’s internal vaccine scheduling site(unknown)
-
Email security firm Mimecast says hackers hijacked its products to spy on customers (unknown)
-
National Board for Certified Counselors discloses malware attack (unknown)
-
Puget Sound Educational Service District reports cyber attack (unknown)
-
Ultrapar, attacked on Monday, operates under a contingency regime (unknown)
-
Irish schools on security alert as gardaí probe online class breach (unknown)
-
Gainwell Technologies says medical data was accessed by an unauthorised party(unknown)
-
Hendrick computer network breach compromised some patients’ information(unknown)
-
OpenWRT reports data breach after a hacker gained access to the forum admin account (unknown)
-
Hackers attack major Bangladeshi conglomerate Beximco (unknown)
-
Diponegoro University responds to a security incident (125,000)
-
A Chinese hacking group is stealing airline passenger details (unknown)
-
Einstein Healthcare network notifies patients of 2020 email hack (unknown)
-
Colliers International Group gets slammed by the cyber attack (unknown)
-
Security firm Malwarebytes infected by the same hackers who hit SolarWinds(unknown)
-
SonicWall says it was hacked using zero-days in its own products (unknown)
-
Services of the Vienne department affected after a cyber attack (unknown)
-
Hacker leaks data of MeetMindful.com users (2.28 million)
-
Australia’s securities regulator says server hit by cybersecurity breach(unknown)
-
Dutch COVID-19 patient data sold on the criminal underground (unknown)
-
Georgetown County computer network down after cyber attack (unknown)
-
Florida Healthy Kids website breached; vendor blamed for not patching(unknown)
-
USCellular breached after hackers access CRM software (unknown)
-
Canada-based Premier Tech victim of a cyber attack (unknown)
-
Wentworth golf club hit by ransomware (unknown)
-
UK Research and Innovation issues statement about ransomware attack (unknown)
-
British Mensa website hacked after it failed to secure passwords(18,000)
-
Ransomware attack cripples NYC DOE’s teacher disciplinary system (unknown)
-
Belgian consultancy Finalyse emerges unscathed from ransomware attack(unknown)
-
Ben-Gurion University targeted by the cyber attack (unknown)
-
Ransomware attack hits short line rail operator OmniTRAX (unknown)
-
Ransom demanded after AKVA group victim of a ransomware attack (unknown)
-
SEPA systems knocked offline by ‘ongoing’ ransomware attack (unknown)
-
cheap hospital hit by ransomware; operations cancelled (unknown)
-
Vehicle rental firm Ucar reveals cyberattack earlier this year (unknown)
-
Nygard hit with ransomware that permanently compromised their IT system(unknown)
-
Montagne battling ransomware infection (unknown)
-
WestRock reports ransomware incident (unknown)
-
Tennessee Wesleyan University systems recovering after ransomware attack(unknown)
-
Thai media and content conglomerate Mono Next Public Company hit by hackers (unknown)
-
Brazil’s Municipality of Balneário Camboriú hit by ransomware (unknown)
-
Crisp Regional Health Services falls victim to ransomware attack (unknown)
-
Ransomware attack on Netgain Technology compromised info of home visit clients (8,700)
-
Cybersecurity incident at Peel District School Board causes system outage(unknown)
-
UK government loses arrest records during the routine clearing of databases (150,000)
-
Indian government sites leaking patient COVID-19 test results (unknown)
-
Anti-secrecy activists publish a trove of ransomware victims’ data (750,000)
-
Names of students who use University of Ottawa Students’ Union Food Bank made public (111)
-
United Nations data breach exposed over staff records (100,000)
-
Chinese start-up Socialarks leaked scraped data, exposing Facebook, Instagram and LinkedIn users (214 million)
-
Australian police release firearm owner details in email bcc gaffe (500)
-
Saskatchewan privacy commissioner investigates a potential breach of hunting licensing system (33,000)
-
Colorado’s Pitkin County COVID-19 case investigations inadvertently exposed online (unknown)
-
Amazon’s Ring Neighbors app exposed users’ precise locations and home addresses (unknown)
-
Ronald McDonald House notifying almost guests of Blackbaud breach (17,373)
-
Now-defunct social media app Fleek exposes users in a massive data breach(377,000)
-
Giant leak exposes data from almost all Brazilians (660 million)
-
Leaks of personal information from epidemiological survey cast shadow over anti-epidemic work (unknown)
-
Cook County, IL, exposes court database containing domestic violence case details (323,000)
DECEMBER 2020
-
Leonardo SpA: Italian police arrested suspects believed to have stolen up to 10GB in sensitive corporate and military data from the defence contractor.
-
Flight Centre: A 2017 hackathon launched by the company was found to be the source of a leak involving credit card records and passport numbers belonging to close to 7,000 people.
-
Vancouver TransLink: A ransomware attack disrupted Compass metro cards and Compass ticketing kiosks for two days.
-
HMRC: The UK tax office was branded 'incompetent' due to 11 serious data breaches impacting close to 24,000 people.
-
FireEye: FireEye disclosed a cyberattack, suspected to be the work of a nation-state group. The cybersecurity firm said the hack resulted in penetration tools being stolen.
NOVEMBER 2020
-
Manchester United: Manchester United football club said it was investigating a security incident impacting internal systems.
-
Campari: Campari was knocked offline following a ransomware attack.
-
$100 million botnet: A Russian hacker was jailed for operating a botnet responsible for draining $100 million from victim bank accounts.
-
Mashable: A hacker published a copy of a Mashable database online.
-
Capcom: Capcom became a victim of the Ragnar Locker ransomware, disrupting internal systems.
-
Home Depot: The US retailer agreed to a $17.5 million settlement after a PoS malware infection impacted millions of shoppers.
-
Embraer: The Brazilian aerospace company was struck by a cyberattack leading to data theft.
OCTOBER 2020
-
Barnes & Noble: The bookseller experienced a cyberattack, believed to be the handiwork of the ransomware group Egregor. Stolen records were leaked online as proof.
-
UN IMO: The United Nations International Maritime Organization (UN IMO) disclosed a security breach affecting public systems.
-
Boom! Mobile: The telecom service provider became the victim of a Magecart card-skimming attack.
-
Google: Google said it mitigated a 2.54 Tbps DDoS attack, one of the largest ever recorded.
-
Dickey's: The US barbeque restaurant chain suffered a point-of-sale attack between July 2019 and August 2020. Three million customers had their card details later posted online.
-
Ubisoft, Crytek: Sensitive information belonging to the gaming giants was released online by the Egregor ransomware gang.
-
Amazon insider trading: A former Amazon finance manager and their family were charged for running a $1.4 million insider trading scam.
SEPTEMBER 2020
-
German hospital ransomware: A hospital patient passed away after being redirected away from a hospital suffering an active ransomware infection.
-
Belarus law enforcement: The private information of 1,000 high-ranking police officers was leaked.
-
NS8: The CEO of the cyberfraud startup was accused of defrauding investors out of $123 million.
-
Satellites: Iranian hackers were charged for compromising US satellites.
-
Cerberus: The developers of the Cerberus banking Trojan released the malware's source code after failing to sell it privately.
-
BancoEstado: The Chilean bank was forced to close down branches due to ransomware.
AUGUST 2020
-
Cisco: A former engineer pleaded guilty to causing massive amounts of damage to Cisco networks, costing the company $2.4 million to fix.
-
Canon: The photography giant was struck by ransomware gang Maze.
-
LG, Xerox: Maze struck again, publishing data belonging to these companies after failing to secure blackmail payments.
-
Intel: 20GB of sensitive, corporate data belonging to Intel was published online.
-
The Ritz, London: Fraudsters posed as staff in a clever phishing scam against Ritz clients.
-
Freepik: The free photos platform disclosed a data breach impacting 8.3 million users.
-
University of Utah: The university gave in to cybercriminals and paid a $457,000 ransom to stop the group from publishing student information.
-
Experian, South Africa: Experian's South African branch disclosed a data breach impacting 24 million customers.
-
Carnival: The cruise operator disclosed a ransomware attack and subsequent data breach.
JULY 2020
-
CouchSurfing: 17 million records belonging to CouchSurfing were found on an underground forum.
-
University of York: The UK university disclosed a data breach caused by Blackbaud. Staff and student records were stolen.
-
MyCastingFile: A US casting platform for actors exposed the PII of 260,000 users.
-
SigRed: Microsoft patched a 17-year-old exploit that could be used to hijack Microsoft Windows Servers.
-
MGM Resorts: A hacker put the records of 142 million MGM guests online for sale.
-
V Shred: The PII of 99,000 customers and trainers was exposed online and V Shred only partially resolved the problem.
-
BlueLeaks: Law enforcement closed down a portal used to host 269 GB in stolen files belonging to US police departments.
-
MongoDB: A hacker attempted to ransom 23,000 MongoDB databases.
JUNE 2020
-
Amtrak: Customer PII was leaked and some Amtrak Guest Rewards accounts were accessed by hackers.
-
University of California SF: The university paid a $1.14 million ransom to hackers in order to save COVID-19 research.
-
AWS: AWS mitigated a massive 2.3 Tbps DDoS attack.
-
Postbank: A rogue employee at the South African bank obtained a master key and stole $3.2 million.
-
NASA: The DopplePaymer ransomware gang claimed to have breached a NASA IT contractor's networks.
-
Claire's: The accessories company fell prey to a card-skimming Magecart infection.
MAY 2020
-
EasyJet: The budget airline revealed a data breach exposing data belonging to nine million customers, including some financial records.
-
Blackbaud: The cloud service provider was hit by ransomware operators who hijacked customer systems. The company later paid a ransom to stop client data from being leaked online.
-
Mitsubishi: A data breach suffered by the company potentially also resulted in confidential missile design data being stolen.
-
Toll Group: The logistics giant was hit by a second ransomware attack in three months.
-
Pakistani mobile users: Data belonging to 44 million Pakistani mobile users was leaked online.
-
Illinois: The Illinois Department of Employment Security (IDES) leaked records concerning citizens applying for unemployment benefits.
-
Wishbone: 40 million user records were published online by the ShinyHunters hacking group.
-
EasyJet: An £18 billion class-action lawsuit was launched to compensate customers impacted by a data breach in the same month.
APRIL 2020
-
US Small Business Administration (SBA): Up to 8,000 applicants for emergency loans were embroiled in a PII data leak.
-
Nintendo: 160,000 users were affected by a mass account hijacking campaign.
-
Email.it: The Italian email provider failed to protect the data of 600,000 users, leading to its sale on the Dark Web.
-
Nintendo: Nintendo said 160,000 users were impacted by a mass account hijacking account caused by the NNID legacy login system.
-
US Small Business Administration (SBA): The SBA revealed as many as 8,000 business emergency loan applicants were involved in a data breach.
MARCH 2020
-
T-Mobile: A hacker gained access to employee email accounts, compromising data belonging to customers and employees.
-
Marriott: The hotel chain suffered a cyberattack in which email accounts were infiltrated. 5.2 million hotel guests were impacted.
-
Whisper: The anonymous secret-sharing app exposed millions of users' private profiles and datasets online.
-
UK Home Office: GDPR was breached 100 times in the handling of the Home Office's EU Settlement Scheme.
-
SIM-swap hacking rings: Europol made arrests across Europe, taking out SIM-swap hackers responsible for the theft of over €3 million.
-
Virgin Media: The company exposed the data of 900,000 users through an open marketing database.
-
Whisper: Millions of users' private profiles and datasets were left, exposed and online, for the world to see.
-
MCA Wizard: 425GB in sensitive documents belonging to financial companies was publicly accessible through a database linked to the MCA Wizard app.
-
NutriBullet: NutriBullet became a victim of a Magecart attack, with payment card skimming code infecting the firm's e-commerce store.
-
Marriott: Marriott disclosed a new data breach impacting 5.2 million hotel guests.
FEBRUARY 2020
-
Estée Lauder: 440 million internal records were reportedly exposed due to middleware security failures.
-
Denmark's government tax portal: The taxpayer-identification numbers of 1.26 million Danish citizens were accidentally exposed.
-
DOD DISA: The Defense Information Systems Agency (DISA), which handles IT for the White House, admitted to a data breach potentially compromising employee records.
-
UK Financial Conduct Authority (FCA): The FCA released sensitive information belonging to roughly 1,600 consumers by accident as part of an FOIA request.
-
Clearview: Clearview AI's entire client list was stolen due to a software vulnerability.
-
General Electric: GE warned workers that an unauthorized individual was able to access information belonging to them due to security failures with supplier Canon Business Process Service.
JANUARY 2020
● Travelex: Travelex services were pulled offline following a malware infection. The company itself and businesses using
the platform to provide currency exchange services were all affected.
-
IRS tax refunds: A US resident was jailed for using information leaked through data breaches to file fraudulent tax returns worth $12 million.
-
Manor Independent School District: The Texas school district lost $2.3 million during a phishing scam.
-
Wawa: 30 million records containing customers' details were made available for sale online.
-
Microsoft: The Redmond giant disclosed that five servers used to store anonymized user analytics were exposed and open on the Internet without adequate protection.
-
Medical marijuana: A database backing point-of-sale systems used in medical and recreational marijuana dispensaries was compromised, impacting an estimated 30,000 US users.