What is a data breach?
A data breach exposes a person’s or a company’s confidential information. It’s generally either performed by a cyberattack, ransomware, malware, or unintentional exposures. The data breach may result in identity theft and/or exposure of business trade secrets which results in a violation of industry/federal government compliance mandates.
Recent Data Breaches |
2020 Data Breach |
What are the different types of data breaches?
Depending on the source, there are several different ways of describing types of data breaches. Here are 4 common types:
• Cyber attacks – this is when hackers use various techniques to get unauthorized access to information that should be secure.
• Loss or theft of devices – If a laptop, smartphone, USB drive or other data storage devices gets stolen, lost or not disposed of properly and ends up in the wrong hands, this is a data breach.
• Employee theft – This can happen when employees, especially those about to move on from their position, deliberately get access to protected data with malicious intent.
• General human errors – Mistakes can happen to anyone, and some people accidentally send protected data to the wrong person, or upload it over public networks or compromise the servers where the data is stored.
A data breach exposes a person’s or a company’s confidential information. It’s generally either performed by a cyberattack, ransomware, malware, or unintentional exposures. The data breach may result in identity theft and/or exposure of business trade secrets which results in a violation of industry/federal government compliance mandates.
The following is a running list of data breaches in 2021.
Note: This page is updated continuously of the major data breaches reported in 2021. All data is provided from public resources. LogMeOnce provides the most comprehensive data breach news alerts and data breach statistics.
Known Data Breaches 2021
Gong’an County – (200,000,000)
Exposed on January 3rd, 2021 – Multiple popular Chinese services, including Gongan County, Weibo, and QQ data have been stolen and the stolen records include Id, Sex, Name, Birth, Mobile, Address, and Code number.
TransLink Transportation Agency – (Unknown)
Exposed on January 4th, 2021 – Canada based Metro Vancouver’s transportation agency TransLink suffered with ransomware attack. These issues impacted the company’s phones and online services, as well as the customers’ ability to pay for fares with a credit card or debit card.
Aurora Cannabis Inc – (Unknown)
Exposed on January 4th, 2021 – Aurora Cannabis suffered with cybersecurity incident that affected both current and former employees and exposed the personal information.
Apex Laboratory – (Unknown)
Exposed on January 5th, 2021 – New York-based clinical laboratory Apex suffered with ransomware attack resulted in the exfiltration of thousands of documents containing both protected health information of patients and personal identifiable information (PII) of Apex employees.
Amazon, Swiggy – (35,000,000)
Exposed on January 5th, 2021 – In India, Amazon, Swiggy and other companies suffered with data breach. The breach resulted in about 3.5 crore records with masked card numbers and personal data being compromised.
NameSouth LLC – (Unknown)
Exposed on January 5th, 2021 – NameSouth, a US-based auto parts shop suffered with data breach includes confidential company data and sensitive documents, including financial and accounting data, credit card statements, personally identifiable employee information, and various legal documents.
Indian government sites – (Unknown)
Exposed on January 5th, 2021 – Indian government departments, including national health and welfare agencies, are leaking COVID-19 lab test results for thousands of patients online.
American Express – (10,000)
Exposed on January 5th, 2021 – American Express company suffered with hacking. A threat actor leaked data of 10,000 Mexico-based American Express credit cardholders on a forum. The leaked sample data set of 10,000 records exposes full American Express account (credit card) numbers and customers’ personally identifiable information (PII) including name, full address, phone numbers, date of birth, gender, etc.
ClickIndia, ChqBook, WedMeGood – (10,000,000)
Exposed on January 7th, 2021 – ClickIndia, ChqBook and WedMeGood suffered with data breach and data of over 10 million users up for sale on the dark web.
Hackney London Borough Council – (Unknown)
Exposed on January 7th, 2021 – In UK, Hackney London Borough Council data has been stolen and published online. This includes sensitive personal data of staff and residents, such as passport documents.
Communauto – (Unknown)
Exposed on January 8th, 2021 – Communauto, the Montreal-based car-sharing service were hit with a cyber attack that compromised the personal information of some of its clients, including member numbers, names as well as email and civic addresses.
Dassault Falcon Jet – (Unknown)
Exposed on January 9th, 2021 – Dassault Falcon Jet has suffered with data breach that exposed personal information belonging to current and former employees. That data includes name, personal and company email address, personal mailing address, employee ID number, driver’s license number, passport information, financial account number, Social Security number, date of birth, work location, compensation and benefit enrollment information, and date of employment.
United Nations Environmental Programme – (1000,000)
Exposed on January 11th, 2021 – United Nations Environmental Programme suffered with data breach and the data set obtained by the group exposed travel history of UN staff, with each row containing: Employee ID, Names, Employee Groups, Travel Justification, Start and End Dates, Approval Status, Destination, and the Length of Stay.
Socialarks – (200,000,000)
Exposed on January 11th, 2021 – Chinese social media management company Socialarks has suffered a huge data leak leading to the exposure of over 400GB of personal data including several high-profile celebrities and social media influencers.
Ubiquiti Inc. – (Unknown)
Exposed on January 11th, 2021 – Ubiquiti Networks suffered with data breach and the data includes such as names, email addresses, and salted and hashed passwords, home addresses and phone numbers.
Capcom Co., Ltd. – (40,000)
Exposed on January 13th, 2021 – Capcom a video game company in Japan suffered with ransomware attack. Among the information exposed was names, addresses, phone numbers, email addresses of business partners, employees, and former employers, along with sales reports and game development documents.
Scottish Environment Protection Agency – (Unknown)
Exposed on January 15th, 2021 – Scottish Environment Protection Agency in Scotland suffered with ransomware attack where data related to business information, procurement information, project information and staff information are included.
Eneco Company – (Unknown)
Exposed on January 16th, 2021 – Eneco, a producer and supplier of natural gas, electricity and heat in the Netherlands suffered with data breach, it has warned tens of thousands of clients, including business partners, to change their passwords amid a recent data breach.
Capital Economics Company – (500,000)
Exposed on January 18th, 2021 – Capital Economics Company in UK suffered with data leak and the leaked data records include email IDs, password hashes, addresses, etc.
Nohow International – (12,000)
Exposed on January 19th, 2021 – Nohow International, a UK-based recruitment and staffing agency leaks sensitive documents of more than 12,000 construction workers, including scans of passports, national IDs, birth certificates, and tax returns. The cloud storage also contains self-employment contracts that include personally identifiable information such as full names, addresses, UK national insurance numbers, and signatures.
AnyVan Transport company – (Unknown)
Exposed on January 19th, 2021 – Anyvan, the European online marketplace has suffered with data breach. It was the victim of a digital burglary that involved the theft of customers’ personal data.
Pixlr – (1,921,141)
Exposed on January 20th, 2021 – Pixlr, a very popular and free online photo editing application suffered with data breach and the data contains 1,921,141 user records consisting of email addresses, login names, SHA-512 hashed passwords, a user’s country and other internal information.
Precision Spine Care – (20,000)
Exposed on January 20th, 2021 – In US, Precision Spine Care, a Texas-based spinal care center has suffered with data breach and US Department of Health and Human Services’ breach portal indicates that just over 20,000 individuals are potentially impacted.
Nitro Software, Inc. – (77,159,696)
Exposed on January 21st, 2021 – Nitro Software, Inc. suffered with data breach and the database contains 77,159,696 records with users’ email addresses, full names, encrypted hashed passwords, titles, company names, IP addresses, and other system-related information.
BuyUcoin – (325,000)
Exposed on January 21st, 2021 – India-based global cryptocurrency exchange and wallet, BuyUcoin suffered with data breach and the data leaked include names, e-mails, mobile numbers, encrypted passwords, user wallet details, order details, bank details, KYC details (PAN number, passport numbers) and deposit history.
MyFreeCams – (2,000,000)
Exposed on January 21st, 2021 – MyFreeCams.com, one of the top adult chat and web streaming communities suffered with data breach and the data contains users usernames, email addresses, MyFreeCams Token (MFC Token) amounts, and passwords in plain text.
United Parcel Service and Norfolk Southern Railroad – (Unknown)
Exposed on January 21st, 2021 – United Parcel Service and Norfolk Southern Railroad suffered with data leak and the leaked data includes full names, Social Security numbers, details of medical examinations, drug and alcohol testing reports, and scans of driver’s licenses.
Intel Semiconductor Company – (Unknown)
Exposed on January 22nd, 2021 – Intel Semiconductor Company suffered with hacking and the financially sensitive information was stolen by a hacker from its corporate website.
Croma and Tata Sky – (Unknown)
Exposed on January 22nd, 2021 – Tata group companies Croma and Tata Sky had fixed vulnerabilities in their websites after a cybersecurity researcher pointed out how the flaw could expose sensitive personally identifiable information to scammers even without hacking. The information — names, addresses, phone numbers and purchase history — included personal data of celebrities, popular businesspersons and doctors, among others.
Bonobos E-commerce Company – (Unknown)
Exposed on January 21st, 2021 – Bonobos E-commerce Company suffered with a massive data breach and the data includes customers’ addresses, phone numbers, partial credit card numbers (last four digits), order information, password histories.
MeetMindful.com- (2,280,000)
Exposed on January 24th, 2021 – MeetMindful.com, a dating website suffered with data leak and the leaked data includes a wealth of information that users provided when they set up profiles on the MeetMindful site and mobile apps.
Cook County Court – (323,277)
Exposed on January 25th, 2021 – Cook County Court, Illinois suffered with data breach and an unsecured Elasticsearch server exposing more than 323,277 Cook County court related records containing highly sensitive personal data.
Teespring, Inc. Company – (8,242,000)
Exposed on January 24th, 2021 – Teespring, an e-commerce platform suffered with data leak. The files contained in the leaked archive include email addresses and last update dates for 8,242,000 user accounts, as well as full names, phone numbers, locations, and other account details of more than 4 million Teespring users and apparel creators.
Dutch Health Ministry – (Unknown)
Exposed on January 25th, 2021 – Dutch Health Ministry in Netherlands suffered with data leak of COVID-19 patient which contains details about Dutch citizens such as home addresses, emails, telephone numbers, dates of birth, and a person’s BSN identifier (Dutch social security number).
VIPGames.com – (66,000)
Exposed on January 26th, 2021 – VIPGames.com, a popular free-to-play card and board game platform suffered with data leak of 66,000 user profiles including: usernames, emails, device details, IP addresses, hashed passwords, Facebook, Twitter and Google IDs, in-game transaction details, bets and details regarding banned players.
Facebook – (533,000,000)
Exposed on January 27th, 2021 – Facebook 533 million users phone numbers are currently being sold via a bot on encrypted messaging platform Telegram.
Zong, Warid, Ufone, Telenor, and Jazz – (176,000,000)
Exposed on January 27th, 2021 – Telecom companies including Zong, Warid, Ufone, Telenor, and Jazz containing the personal details of over 176 million Pakistani citizen mobile users data leaked online.
U.S. Cellular Mobile Network Operator Company – (Unknown)
Exposed on January 28th, 2021 – U.S. Cellular Mobile Network Operator Company suffered with data breach. The data contains information of customer account includes their name, address, PIN code, and cellular telephone numbers(s) as well as information about their wireless services including your service plan, usage and billing statements.
Bykea Comoany – (400,000,000)
Exposed on January 28th, 2021 – Bykea Company, a prominent vehicle-for-hire and parcel delivery company based in Pakistan has suffered with data breach which affected their user data containing more than 400 million records.
UK Research and Innovation – (Unknown)
Exposed on January 30th, 2021 – UK Research and Innovation is a public body of the Government of the United Kingdom suffered with a ransomware incident that encrypted data and impacted two of its services.
Florida Healthy Kids Corp. – (Unknown)
Exposed on February 1st, 2021 – Florida-based Florida Healthy Kids Corp. suffered with data breach. The personal information of several thousand insurance applicants was inappropriately accessed.
Ramsey County’s Family Health Division – (8,700)
Exposed on February 2nd, 2021 – Minnesota based Ramsey County’s Family Health Division clients personal data have accessed by the hackers. The data include names, addresses, dates of birth, dates of service, telephone numbers, account numbers, health insurance information, and medical information.
Indian government sites – (500,000)
Exposed on February 2nd, 2021 – Police exam database exposes PII of 500,000 Indian citizens. The data includes sensitive data, i.e. name, mobile number, and PII, it makes the victims vulnerable to phishing campaigns, scams, and even identity theft.
Bharti Airtel – (2,500,000)
Exposed on February 3rd, 2021 – Bharti Airtel customers of Jammu and Kashmir suffered with data breach, their data has been leaked by the hackers including Aadhaar numbers, address and date of birth.
Foxtons Company – (16,000)
Exposed on February 3rd, 2021 – Foxtons Group customers personal information and payment card information have been uploaded to a dark web site.
EscortReviews.com – (472,695)
Exposed on February 3rd, 2021 – EscortReviews.com is an adult online Bulletin forum community that allows US and Mexico-based escorts to promote their services, share profile pictures, contact information, and biographies to prospective clients has suffered with data breach. This database contains the registration information for over 472,695 members, including their display name, email address, MD5 hashed passwords, optional Skype account names, optional birthday, and IP address.
Vermont Labor Department – (Unknown)
Exposed on February 3rd, 2021 – Vermont Labor Department suffered with massive data breach. This database contains tens of thousands of 1099-G unemployment tax forms sent to the wrong people.
Site Point Publishing Company – (1,000,000)
Exposed on February 5th, 2021 – SitePoint, a Australia based website that provides access to a wealth of web development tutorials and books, has disclosed a security breach and admitted to a breach after a hacker put up for sale a collection of one million SitePoint user details on a cybercrime forum in December 2020.
Leon Medical Centers – (10,000)
Exposed on February 6th, 2021 – Leon Medical Centers in US has suffered with data breach, the data includes patients personal, identifying information, like their names, addresses and birthdays, as well as their medical diagnoses.
SN Servicing Corporation – (Unknown)
Exposed on February 6th, 2021 – US based SN Servicing Corporation Company has suffered with ransomware attack and it effects the data related to billing statements and fee notices to customers from 2018, including names, address, loan numbers, balance information and billing information such as charges assessed, owed or paid.
University of Pittsburgh Medical Center – (36,000)
Exposed on February 8th, 2021 – University of Pittsburgh Medical Center (UPMC) suffered with data breach and it exposed data includes names, dates of birth, Social Security numbers, bank or financial account numbers, driver’s license numbers, state identification card numbers, electronic signatures, medical record numbers, patient account numbers, patient control numbers, visit numbers, and trip numbers.
Anime-style game – (10,365)
Exposed on February 8th, 2021 – Anime-style game were exposed during a data breach and 10,365 emails were exposed when the incident occurred on January 29.
American cable and internet giant Comcast – (1,500,000,000)
Exposed on February 9th, 2021 – American cable and internet giant Comcast suffered with data breach, the database contains visible records included dashboard permissions, logging, client IPs, @comcast email addresses, and hashed passwords.
Imobiliare.ro – (200,000)
Exposed on February 9th, 2021 – Imobiliare.ro, has suffered a data breach and the exposed data was stored within 35,738 .PDF and 165,316 .JPG files, which included Personal Identifying Information (PII) such as full names, phone numbers, home address, emails, CNP (social security), and personal signatures.
Syracuse University – (9,800)
Exposed on February 10th, 2021 – Syracuse University suffered with data breach and the names and Social Security numbers of about 9,800 Syracuse University students, alumni and applicants have been exposed.
PrivatBank – (40,000,000)
Exposed on February 12th, 2021 – Ukraine’s PrivatBank suffered with data breach and the database contains 40 million records of customers including their full name, DOB, TIN, Place of birth, passport details, including passport number, issue date, issuing department, Family status, Car availability, Viber contacts, mobile phone number etc.
Florida water-treatment plant- (Unknown)
Exposed on February 12th, 2021 – Florida water-treatment plant suffered with hacking. The collection was leaked on the RaidForums English-language cybercrime community on Feb. 2 and contains a staggering 3.27 billion unique combinations of cleartext email addresses and passwords in an aggregate database.
Yandex Internet company – (4,887)
Exposed on February 12th, 2021 – Europe’s largest internet company Yandex suffered with data breach that compromised 4,887 email accounts.
Hoffman Construction Company – (Unknown)
Exposed on February 16, 2021 – US building contractor Hoffman Construction has suffered with data breach and that affected the healthcare records of an unspecified number of employees.
Simon Fraser University – (200,000)
Exposed on February 16th, 2021 – Simon Fraser University suffered with cyberattack and in this cyberattack the stored information of student and employee ID numbers and other data, including admissions or academic standing was breached.
CityBee – (110,000)
Exposed on February 17th, 2021 – In Baltic states and Poland, CityBee, a car sharing service suffered with hacking and the hacked data contains 110,000 CityBee user IDs, usernames, hashed passwords, full names, as well as personal codes (national identification numbers) that belong to mostly Lithuanian CityBee users.
Amazon and eBay – (Unknown)
Exposed on February 17th, 2021 – Amazon and eBay suffered with data breach and the data includes the customer’s full name, postal code, delivery address, and shop name.
Sutter Buttes Imaging Medical Group – (100,000)
Exposed on February 17th, 2021 – Sutter Buttes Imaging Medical Group suffered with hacking and the data includes patient name, date of birth, type of imaging procedure, and the internal patient and study numbers created by the practice.
Orakulas – (257,510)
Exposed on February 18th, 2021 – Orakulas a online betting service company suffered with hacking and the data contains email addresses and hashed passwordsof 257,510 orakulas.
Automatic Funds Transfer Services – (Unknown)
Exposed on February 18th, 2021 – Automatic Funds Transfer Services a payment processor and address verification service suffered with data breach. The potential data exposed varies depending on the city or agency, but include names, addresses, phone numbers, license plate numbers, VIN numbers, credit card information, scanned paper checks, and billing details.
Automatic Funds Transfer Services – (Unknown)
Exposed on February 18th, 2021 – Automatic Funds Transfer Services a payment processor and address verification service suffered with data breach. The potential data exposed varies depending on the city or agency, but include names, addresses, phone numbers, license plate numbers, VIN numbers, credit card information, scanned paper checks, and billing details.
Automatic Funds Transfer Services – (Unknown)
Exposed on February 19th, 2021 – California-based Harvard Eye Associates suffered with data breach. Data stolen by the hackers included patients’ names, addresses, phone numbers, email addresses, dates of birth, medical history, health insurance information, medications and information about treatment.
Kroger Co. – (Unknown)
Exposed on February 22nd, 2021 – Kroger Co. suffered with data security breach and the data contains patient names, Email addresses, phone numbers, home addresses, dates of birth, social Security numbers, information used to process insurance claims, Prescription information such as prescription number, prescribing doctor, medication names and dates, medical history, as well as certain clinical services, such as whether the patient was ordered a flu test.
Cashalo – (Unknown)
Exposed on February 23rd, 2021 – Cashalo, a fintech company suffered with data breach and exposed details include the names, email addresses, phone numbers, device IDs, and passwords of customers.
Covenant Healthcare – (45,000)
Exposed on February 24th, 2021 – Covenant Healthcare suffered with data breach and impacted around 45,000 people’s information includes names, addresses, dates of birth, Social Security numbers, driver’s license numbers, medical diagnosis and clinical information, medical treatment, prescription information, doctors’ names, medical record numbers, patient account numbers, and medical insurance information.
Health and Welfare Department – (8,000,000)
Exposed on February 24th, 2021 – Health and Welfare Department of West Bengal, India suffered with data leakage of test reports of everyone who took a COVID-19 test in a particular state and these reports have sensitive information about the citizens in them like name, age, date and time of sample testing, residence address, etc.
Npower Energy Company – (Unknown)
Exposed on February 254th, 2021 – Npower Energy Company suffered with ransomware attack that exposed some customers financial and personal information.
T-Mobile Telecommunication Company – (Unknown)
Exposed on February 26th, 2021 – American telecommunications provider T-Mobile has suffered with data breach and an unknown attacker gained access to customers’ account information, including personal info and personal identification numbers (PINs).
Ministry of Finance and Banco Pichincha Private Banking Company – (Unknown)
Exposed on February 26th, 2021 – Ecuador’s Ministry of Finance and the country’s largest bank, Banco Pichincha suffered with hacking and the hackers have stolen “sensitive ministry information, emails, employee information, contracts.
SuperVPN, GeckoVPN, and ChatVPN – (21,000,000)
Exposed on February 26th, 2021 – Android VPN services – SuperVPN, GeckoVPN, and ChatVPN contain user credentials and device data hacked and 21 million user records being sold in total.
Gab Social Networking Service – (Unknown)
Exposed on March 1st, 2021 – A group of hackers has leaked a massive trove of data belonging to Gab.com.
Polecat, a Data Analytics Agency – (Unknown)
Exposed on March 1st, 2021 – Polecat a UK-based agency was exposing roughly 30TB of data on the web without any authentication required to access records, or any form of encryption in place including employee usernames and hashed passwords, over 6.5 billion tweets, social media records, and over one billion posts gathered from different blogs and websites.
Dutch e-Ticketing platform – (1,900,000)
Exposed on March 1st, 2021 – Dutch e-Ticketing platform has suffered a data breach and the data exposed can include full names, email addresses, phone numbers, IP addresses, and hashed passwords.
Mariana Tek – (150,000)
Exposed on March 2nd, 2021 – Mariana Tek, a US-based software company suffered with data breach and the data contained more than 1.5 million user records, including usernames, full names, street and email addresses, phone numbers, postal codes, account balances, and more.
Malaysia Airlines – (Unknown)
Exposed on March 2nd, 2021 – Malaysia Airlines has suffered a data breach and the breach involved “some personal data” with details that included members’ name, date of birth, contact information, and various frequent flyer data such as number, status, and tier level.
Oxfam Australia – (1,700,000)
Exposed on March 3rd, 2021 – Oxfam Australia has suffered with cyber attack and the data contained contact and donor information for about 1.7 million Oxfam Australia supporters.
Maza Cybercrime Forum – (Unknown)
Exposed on March 4th, 2021 – The Maza cybercriminal forum has suffered with data breach and the leak data contains user information, including user IDs, usernames, email addresses, messenger app links — including Skype, MSN, and Aim — and passwords, both hashed and obfuscated.
The Adecco Group – (5,000,000)
Exposed on March 4th, 2021 – Adecco Group, Swiss-based the second largest human resources and temp staffing provider in the world and also a Fortune 500 Global company has suffered with data breach and the leak data contains candidate’s full name, Email address, Passwords, Full name, Gender, Gender, Date of birth etc.
Cochise Eye and Laser – (100,000)
Exposed on March 4th, 2021 – Cochise Eye and Laser an optometrist located Arizona, US suffered with cyber-attack and affected up to 100,000 patients data stored in the billing software included names, dates of birth, addresses, phone numbers, and in some cases Social Security numbers.
UK schools – (Unknown)
Exposed on March 5th, 2021 – Online learning in 15 schools of UK shut due to cyber attack. As a result all existing phone, email, and website communication were leaked during the attack.
Sengrid Email Marketing Company – (3700)
Exposed on March 5th, 2021 – Colorado-Based Sengrid Email Marketing Company’s Account emails were hacked through Zoom invites.
Microsoft – (60,000)
Exposed on March 7th, 2021 – Chinese government-backed hacking group has hacked 60,000 accounts. Compromised information include business email.
Czech officials – (Unknown)
Exposed on March 8th, 2021 – Cyber attack on public administration systems of Czech officials in Prague resulted in little damage in Government server.
Flagstar Bank – (Unknown)
Exposed on March 8th, 2021 – Hackers enter the hospital’s computer system and encrypt all the data which makes them unreadable to their services and then sends a ransom demand message in exchange for their original return.
Spanish labor agency – (Unknown)
Exposed on March 9th, 2021 – Spanish Labour Agency suffers with ransomware attack, disrupting “hundreds of thousands” of appointments at the agency.
University of Central Lancashire – (Unknown)
Exposed on March 10th, 2021 – University of Central Lancashire suffered with incident theft leading to a downtime for the entire system for sometime but fortunately no data was lost.
Molson Coors – (Unknown)
Exposed on March 11th, 2021 – Molson Coors, the brewer behind the Miller and Coors brands suffered with Incident/theft making system offline. It resulted in delaying and disrupting parts of Molson Coors’ operations, including its production and shipments.
Netgain Technologies – (210,000)
Exposed on March 11th, 2021 – Netgain Technologies suffered with ransomware attack. Compromised information include personal information of woodcreek employees, healthcare providers, applicants, contractors.
Utah Company – (50,000)
Exposed on March 12th, 2021 – Utah company has exposed sensitive information accidently by storing data on an unsecured server. Exposed information include passport scans, healthcare insurance ID cards and Driving license.
Fastway Couriers – (450,000)
Exposed on March 15th, 2021 – Fastway Couriers suffered with cyber attack resulting in leaking of names, postal addresses, email addresses, phone numbers of approximately 450,000 people.
Canada Revenue Agency – (800,000)
Exposed on March 15th, 2021 – More than 800,000 taxpayer have been locked from The Canada Revenue Agency by unauthorized access using email IDs received from different external links.
Birmingham college – (Unknown)
Exposed on March 15th, 2021 – A ransomware cyber attack that disabled its core IT systems made Burmingham college to close all its campuses.
Pimpri-Chinchwad Municipal Corporation – (Unknown)
Exposed on March 16th, 2021 – Pimpri-Chinchwad Municipal Corporation Smart City suffered with data loss due to a ransomware attack.
Telecom companies – (Unknown)
Exposed on March 16th, 2021 – Telecom companies suffer with malicious attack resulting in stealing of sensitive data including information about 5G technology from compromised victims.
Acer Computers – (Unknown)
Exposed on March 19th, 2021 – REvil ransomware attacked computer company Acer and where they stole images. Stolen images include financial spreadsheets, bank balances, and bank communications.
MangaDex – (Unknown)
Exposed on March 22nd, 2021 – The website is taken offline after hackers gained access to an administrator account. Compromised information include passwords.
Energy Giant Shell – (Unknown)
Exposed on March 22nd, 2021 – Shall company hit with data breach resulting in leakage of some of the data accessed during the attack belonging to stakeholders and Shell subsidiaries.
Local councils of UK – (Unknown)
Exposed on March 23rd, 2021 – Local councils across the UK sent bulk messages contained weblinks , leading to the exposure of thousands of taxpayers’ names, addresses, and outstanding debts accidently.
Sierra Wireless Factories – (Unknown)
Exposed on March 23rd, 2021 – Unauthorized attack hit the Canadian multinational Sierra Wireless and encrypted internal IT network, making it to halt production.
Fat Face – (Unknown)
Exposed on March 23rd, 2021 – Fat Face company is suffered with data exposure due to an unauthorized access resulting in compromise of some employee and customer information, including names, addresses, email addresses and the last four digits of credit card numbers, plus the expiration dates.
Hobby Lobby – (300,000)
Exposed on March 24th, 2021 – Hobby Lobby suffered with cloud-bucket misconfiguration resulting in exposure of customer names, partial payment-card details, phone numbers, employee names, email addresses and physical and email addresses.
Apollo – (10,930,000)
Exposed on March 25th, 2021 – Apollo, a digital marketing company suffered with data loss. Exposed information include their full names, phone numbers, location coordinates, workplace information, social media profiles etc.
RDC – (Unknown)
Exposed on March 25th, 2021 – Garage and maintenance services provider Dutch company suffered with data breach. Exposed information includes details such as (company/individual) names, home addresses, email addresses, telephone numbers, dates of birth, but also vehicle registration numbers, car makes & models, and license plates.
German Parliament – (Unknown)
Exposed on March 26th, 2021 – Email accounts of multiple German Parliament members were targeted in a phishing attack, resulting in gaining access to 7 members of Parliament.
Maryland, California Universities – (Unknown)
Exposed on March 30th, 2021 – University of Maryland and the University of California suffered with data breach resulting in online publishing of snapshots of financial documents and passport information. Exposed information includes individuals name, home addresses, Social Security numbers, immigration status, dates of birth, and passport numbers.
Inter-Parliamentary Alliance on China – (Unknown)
Exposed on April 1st, 2021 – The global coalition of MPs of the Inter-Parliamentary Alliance on China has suffered a major cyber attack, leading to slow the site significantly.
Boggi Milano – (Unknown)
Exposed on April 1st, 2021 – Boggi Milano suffered with 40GB data loss due to a Ragnarok ransomware attack. Compromised information include 40 gigabytes of data, including human resources files and salary information
Asteelflash electronics – (Unknown)
Exposed on April 2nd, 2021 – Electronics Manufacturing Services suffered a cyberattack by the REvil ransomware. Fortunately no details compromised.
Facebook – (533,000,000)
Exposed on April 4th, 2021 – Facebook data is leaked from Facebook Users’ due to unauthorized access. Exposed information includes phone numbers, full names, location, email address, and biographical information.
Applus – (Unknown)
Exposed on April 4th, 2021 – Applus Technologies is suffered with Cyberattack prevented vehicle inspections.
Broward County Public Schools- (40,000,000)
Exposed on April 5th, 2021 – Broward County Public Schools suffered with data breach. As a result it exposed students and staff sensitive personal data like students, teachers, and employees’ social security numbers, addresses, birth dates, and school district financial contact information.
Vhive – (300,000)
Exposed on April 5th, 2021 – Local furniture retailer Vhive suffered with data breach resulted in expose of customers’ personal information such as phone numbers and physical addresses.
Employment and Employability Institute – (30,000)
Exposed on April 6th, 2021 – Employment and Employability Institute (e2i) suffered with Security Breach leading to the compromise of 30,000 individual details. Exposed information include names, identification number, contact information, educational qualifications, and employment history.
LinkedIn users – (780,000)
Exposed on April 6th, 2021 – LinkedIn user information is leaked by a hacker forum. Exposed information include their full names, email addresses, phone numbers, workplace information, and more.
TU Dublin and National College of Ireland – (Unknown)
Exposed on April 6th, 2021 – The National College of Ireland (NCI) and the Technological University of Dublin suffered with a Ransomware attack resulting in system disruption of Moodle, the Library service and the current students’ My Details service.
Centene Corp – (1,318,000)
Exposed on April 7th, 2021 – Centene Corp suffered with data breach by unpatched Accellion FTA on Health Net Community Solutions, Health Net of California, California Health & Wellness and Health Net Life Insurance Co. affected nearly 1,318,000 Users.
Office Depot Europe – (974,050)
Exposed on April 8th, 2021 – A non-password protected Elasticsearch database that contained just under a million records discovered online. Exposed information include customer names, phone, physical addresses and more.
Manufacturing Facilities in Italy – (Unknown)
Exposed on April 8th, 2021 – A ransomware incident temporarily shut down production for two days at a pair of manufacturing facilities in Italy as servers with the databases required for production were encrypted by Ransomware.
Michigan State University – (Unknown)
Exposed on April 8th, 2021 – Michigan State University affected by Data Breach by an Unauthorized party. Compromised data includes names, adddresses, and in certain instances medical related information, driver’s license number and SSN.
Popular Carding Site – (300,000)
Exposed on April 8th, 2021 – Credit card hackers have stolen data from 300,000 User accounts. Exposed information include email addresses, hashed passwords, usernames, and IP addresses of 297,744 carding site users.
Belden – (Unknown)
Exposed on April 9th, 2021 – Specialty networking solutions provider Belden attacked with data breach. Exposed information accessed and stolen may have contained such information as names, birthdates, government-issued identification numbers (for example, social security / national insurance), bank account information of North American employees on Belden payroll, home addresses, email addresses and other general employment-related information. Limited company information accessed and stolen related to some of our business partners include bank account data and, for U.S. partners, their taxpayer ID numbers too.
Community Health Plan District of Columbia – (Unknown)
Exposed on April 9th, 2021 – have included names, addresses, phone numbers, dates of birth, Medicaid identification numbers, and other medical information
Kentucky Unemployment Insurance – (300,000)
Exposed on April 9th, 2021 – The Kentucky Office of Unemployment Insurance suffered with cyberattack resulting in shut down of its account operations for four days. Company has reset 300,000 PINs to stop fraudsters from gaining access to accounts and diverting benefit payments.
The American Society for Clinical Pathology – (100,000)
Exposed on April 10th, 2021 – The American Society for Clinical Pathology (ASCP) disclosed a payment card data online due to cyberattack. Exposed information include Customer names, credit or debit card numbers, card expiration dates, and CVV (the three or four digit code on the front or back of the cards).
Upstox – (Unknown)
Exposed on April 12th, 2021 – Trading app Upstox exposed contact data and KYC details of customers due to security breach. Compromised information include Customers name, address, DOB and Contact details.
Pierre – (Unknown)
Exposed on April 12th, 2021 – Pierre Fabre suffered with unauthorized access which stole unencrypted data, and then encrypted devices. Compromised information showed images of allegedly stolen passports, a company contact list, government identification cards, and immigration documents.
LogicGate – (Unknown)
Exposed on April 14th, 2021 – Data breach to LogicGate lead to the decryption of stored files in AWS S3 buckets by an Unauthorized Access.
ParkMobile – (21,000,000)
Exposed on April 14th, 2021 – The account information of 21 million customers leaked due to vulnerability in third party software used in Park Mobile App. Compromised information includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords, and mailing addresses
Celsius Network – (Unknown)
Exposed on April 15th, 2021 – Celsius Network suffered with data breach leading to expose customer details.
Swinburne University – (5,000)
Exposed on April 16th, 2021 – Swinburne University of Technology has suffered with data breach. Exposed information included during breach are names, email addresses, and phone numbers of some staff, students, and external parties.
European Union institutions, European Commissioner – (18,000)
Exposed on April 17th, 2021 – SolarWinds supply chain suffered with cyber attack affected European Union institutions, European Commissioner for Budget and Administration.
Codecov – (Unknown)
Exposed on April 17th, 2021 – Codecov suffered by a serious cyber attach using unauthorized access to the company’s Bash Uploader script and modified it, allowing them to potentially access any credentials, tokens, or keys stored in customers’ continuous integration environments as well as any services, datastores, or application code that could be accessed with those credentials, tokens, or keys.
Domino’s India – (1,000,000)
Exposed on April 19th, 2021 – India based Domino is hacked by an Unauthorized access resulting in leakage of credit card details of 10 lakh Users.
Geico – (Unknown)
Exposed on April 19th, 2021 – Auto insurer company Geico suffered with data theft resulting in stealing of customer’s driving license numbers trough the online sales system from their website.
Ukrainian official – (Unknown)
Exposed on April 19th, 2021 – Russian hackers targeted Ukrainian officials capitalizing on current events as part of the likely spear phishing attempts.
Eversource Energy – (Unknown)
Exposed on April 20th, 2021 – Energy supplier company, Eversource suffered with data breach resulting in publishing of their customers’ information on an unsecured cloud server. Exposed information include their name, address, phone number, social security number, service address, and account number.
Quanta Computer Incorporated – (Unknown)
Exposed on April 21st, 2021 – Quanta Computer Incorporated suffered with unauthorized access resulting in top-secret tech designs stealing.
Windows RDP servers – (1300000)
Exposed on April 21st, 2021 – Login names and passwords for 1.3 million Windows RDP servers is stolen and made available on hacker market.
ClickStudios – (Unknown)
Exposed on April 23rd, 2021 – Password manager Password state of an Australian company ClickStudios suffered a breach affecting big supply chain.
Gyrodata – (Unknown)
Exposed on April 23rd, 2021 – Gyrodata suffered with potential unauthorized access resulting in leakage of the sensitive information of current and former employees. Compromised information include names, addresses, dates of birth, drivers’ license numbers, social security numbers, passport numbers, W-2 tax forms, and information related to health plan enrolment.
Reverb- (Unknown)
Exposed on April 26th, 2021 – Reverb has suffered a data breach after an unsecured database containing customers’ information exposed online. Exposed information include customers’ names, addresses, phone numbers, and email addresses.
Guilderland Central School – (Unknown)
Exposed on April 27th, 2021 – Guilderland Central School suffered a ransomware attack resulted in encrypting the information on some of its systems.
Merseyrail – (Unknown)
Exposed on April 28th, 2021 – UK rail network Merseyrail has suffered a cyberattack where company’s email system is used to email employees and journalists about the attack.
Microsoft Azure Blob – (Unknown)
Exposed on April 28th, 2021 – A misconfigured Microsoft Azure cloud storage account lead to a data breach of source codes for the software products.
E-commerce online shops – (Unknown)
Exposed on April 28th, 2021 – E-commerce online shops in Japan, Australia, and European countries have been attacked by ransomware “Water pamola” resulted in information exposure that include names, credit card numbers, card expiration dates, and credit card security codes, were potentially leaked
Experian API – (Unknown)
Exposed on April 28th, 2021 – Experian API accidently exposed credit score with just publically provided information for most of the American users.
First Horizon – (Unknown)
Exposed on April 28th, 2021 – First Horizon Corp suffered a data breach resulting in access to 200 online customer bank accounts.
Paleo Lifestyle – (70,000)
Exposed on April 29th, 2021 – Paleohacks suffered a massive data breach resulting in exposure of User information like Full name, User names, email id, Hashed passwords, IP addresses, location, timestamp, personal websites, DOB, profile picture, profile Bio etc.
Federal agencies – (Unknown)
Exposed on April 30th, 2021 – Data is breached during latest hack to hit the US government resulted in compromise of thousands of servers.
D.C. police – (Unknown)
Exposed on April 30th, 2021 – D.C. police computer network department is hacked by anonymous hackers. Compromised information include names, Social Security numbers, phone numbers, financial and housing records, job histories and polygraph assessments.
Brazil’s Tribunal de Justiça do Estado do Rio Grande do Sul – (Unknown)
Exposed on April 30th, 2021 – Brazil’s Rio Grande do Sul court suffered a ransomware attack resulting in encrypting employee’s files and force shutting down of the court.
First Horizon bank – (Unknown)
Exposed on April 30th, 2021 – Online banking of First Horizon bank is breached to steal funds from customers’ account.
Whistler resort municipality – (12,000)
Exposed on May 1st, 2021 – The Whistler municipality in British Columbia, Canada, has suffered a cyberattack that forced them to shut down their network, website, email, and phone systems.
Virgin Active – (Unknown)
Exposed on May 1st, 2021 – Virgin Active suffered a sophisticated cyberattack resulting in disruption of online services. Company said it had put all systems offline including its App and website, while they are investigating the incident.
Filipino Solicitor-General’s Office – (345,000)
Exposed on May 3rd, 2021 – Solicitor-general of the Philippines suffered a data breach resulting in the data stealing. Exposed information included staff training documents, internal passwords and policies, staffing payment information, information on financial processes, and activities including audits, and several hundred files.
Alaska court system – (Unknown)
Exposed on May 3rd, 2021 – The Alaska Court System (ACS) suffered a cyberattack resulting in disruption of virtual court hearings. Compromised information may include the ability of the public to view court hearings over Zoom, online bail payments, submitting juror questionnaires and sending or receiving emails to or from an ACS email address.
Raychat app – (150,000,000)
Exposed on May 3rd, 2021 – Iranian Raychat app suffered a data breach. Compromised information may include full names, IP addresses, Email addresses, Bcrypt passwords, Telegram messenger IDs, etc.
Telstra service provider – (Unknown)
Exposed on May 4th, 2021 – Telstra service provider suffered a massive cyber attack resulting in accessing ‘tens of thousands’ of SIM cards. Exposed information include customer phone numbers and addresses.
Glovo – (Unknown)
Exposed on May 4th, 2021 – Barcelona-based Glovo hit by a cyberattack resulted in access to administrative platform. Company says no financial information compromised during the breach.
Twilio – (Unknown)
Exposed on May 4th, 2021 – Cloud communications company Twilio is affected with codecov attack resulting in tampering Bash Uploader.
Belgian government websites – (Unknown)
Exposed on May 4th, 2021 – Most of the Belgium government’s IT network are attacked by a massive DDoS attack resulting in knocking offline internal systems.
U.S. Agency for Global Media – (Unknown)
Exposed on May 4th, 2021 – The U.S. Agency for Global Media suffered a data breach resulting in exposure of personal information ( full names and Social Security numbers of employees and possibly their beneficiaries and dependents.)
Faxton St. Luke’s Healthcare – (17,655)
Exposed on May 5th, 2021 – Faxton St. Luke’s Healthcare suffered a data breach resulting in compromise in First Name, Last Name, Date of Birth, Prescription Information, and for some patients, the Medical Record Number.
Amazon – (13,124,962)
Exposed on May 5th, 2021 – More than 13 million records are breached in amazon fake review scam. Exposed information include Email addresses, WhatsApp and Telegram phone numbers of vendors asking for reviews and PayPal account details (email addresses), Email addresses, Fan names’ – supposedly usernames, often containing names & surnames and 75K links to Amazon accounts/profiles of reviewers.
CaptureRx – (24,000)
Exposed on May 6th, 2021 – Three american health providers have suffered a data breach after a cyber attack. Exposed information included are names, date of birth, prescription information, and for a limited number of patients, medical record numbers.
BlueForce – (Unknown)
Exposed on May 6th, 2021 – U.S. defense contractor BlueForce hit by a ransomware attack and resulted in encryption of all the data files. Hackers are asking for ransom in order to decrypt the data.
WedMeGood – (Unknown)
Exposed on May 6th, 2021 – WedMeGood suffered a data breach resulting in expose of city, gender, Full names, Phone numbers, email addresses, hashed passwords, booking leads, last login and account creation date of the users.
US Physics Laboratory – (Unknown)
Exposed on May 7th, 2021 – The Fermilab physics laboratory in the U.S. has exposed information due to its system vulnerability. Exposed information include documents, proprietary applications, personal information, project details and credentials.
City of Tulsa – (Unknown)
Exposed on May 9th, 2021 – City of Tulsa hit by a ransomware attack resulting in affecting the city government’s network and bringing down official websites.
City of Chicago – (Unknown)
Exposed on May 10th, 2021 – The city of Chicago suffered a data breach resulting in compromise of employee emails, exact amount of information compromised is still unknown.
Yamabiko – (Unknown)
Exposed on May 11th, 2021 – Manufacturing company Yamabiko suffered with data breach resulting in exposure of PII information, product schematics, financial data and more.
University of California – (Unknown)
Exposed on May 11th, 2021 – University of California suffered a massive cyberattack resulting in exposure of names and addresses, Social Security numbers, phone numbers, driver’s license and passport information, financial data (including bank routing and account numbers), birthdates, health and related benefit details, disability information, and other data.
Manchester City Council – (60,000)
Exposed on May 13th, 2021 – Manchester City Council accidently exposed online the number plates of more than 60,000 cars in the open data section of its website in a misguided attempt.
Green Energy Company Volue – (2,200)
Exposed on May 13th, 2021 – Green Energy Company Volue hit by Ransomware resulting in shut down of affected applications.
Health Service Executive – (Unknown)
Exposed on May 14th, 2021 – The Health Service Executive (HSE) suffered a ransomware attack. This attack impacted its staff’s ability to access online systems and patients’ electronic records.
Toshiba Corp – (Unknown)
Exposed on May 14th, 2021 – A Toshiba Corp unit was attacked by Colonial Pipeline resulting in compromise of 740 gigabytes of information.
Clark County – (Unknown)
Exposed on May 14th, 2021 – Clark County confirmed the shut down of computer servers after the impact of the malware activity.
Insurer AXA – (Unknown)
Exposed on May 16th, 2021 – Branches of Insurance company are attacked by Ransomware. Exposed information during the theft include customer medical reports (exposing their sexual health diagnosis), copies of ID cards, bank account statements, claim forms, payment records, contracts, and more.
Acer Finance – (Unknown)
Exposed on May 16th, 2021 – France-based Acer Finance and AXA Asia attacked by avaddon Ransomware gang resulting in compromise of ID cards, personal documents, contracts, and a screenshot of the folders containing stolen data
Herff Jones – (Unknown)
Exposed on May 16th, 2021 – A popular cap and gown maker Herff Jones suffered with data breach resulting in the compromise of credit and debit card details of its customers.
Buffalo Public Schools – (Unknown)
Exposed on May 17th, 2021 – Personal information about an unknown number of students, parents and employees has been exposed during a ransomware hit in Buffalo Public School. Compromised information include Student names, district ID numbers, birthdates, grade levels, schools, addresses, phone numbers and parent names.
Guard.me – (Unknown)
Exposed on May 17th, 2021 – Guard.me suffered data breach resulting in compromise of policyholders’ personal information. This vulnerability allowed to access students’ dates of birth, genders, and encrypted passwords. For some students, their email addresses, mailing addresses, and phone numbers were also exposed.
Monday.com – (Unknown)
Exposed on May 18th, 2021 – Monday.com affected with Codecov supply-chain attack resulting in modification of the legitimate Codecov Bash Uploader tool to exfiltrate environment variables (containing sensitive information such as keys, tokens, and credentials) from Codecov customers’ CI/CD environments.
New Zealand hospitals – (Unknown)
Exposed on May 19th, 2021 – New Zealand’s Waikato District Health Board suffered Ransomware attack resulting in disabling all IT services except email. Patient notes became inaccessible, clinical services were disrupted, and surgeries were postponed. Phone lines went down and hospitals were forced to accept urgent patients only during the attack.
Ardagh – (Unknown)
Exposed on May 19th, 2021 – European glass and metal packaging manufacturer Ardagh Group suffered a data breach resulting in shutting down certain IT systems and applications.
UK Recruitment Firm – (Unknown)
Exposed on May 20th, 2021 – FastTrack Reflex Recruitment firm affected by data leaks. Compromised information include passports, citizen ID cards, driver’s licenses, and skilled worker IDs. All of these constitute direct and indirect applicant PII. Full names, Email addresses, Home addresses, Dates of birth, Passport numbers, Applicant photos, Mobile phone numbers, Social network URLs for some applicants.
Alaska Health Department Services – (Unknown)
Exposed on May 20th, 2021 – Alaska Health Department Services suffered ransomware attack making the site to go offline. It also resulted offline disruption and harm to its servers.
Mercari – (27,883)
Exposed on May 21st, 2021 – Japanese company Mercari suffered cyber attack. Exposed data leak includes customers financial information, names, date of birth, email addresses, employee ID, telephone number etc.
Florida water treatment plant – (Unknown)
Exposed on May 21st, 2021 – Hackers gained remote access to Florida water treatment plant systems and hosted their code.
Mobile App Developers – (100,000,000)
Exposed on May 22nd, 2021 – Mobile App Developers exposed 100 Million Android Users’ Data. The sensitive data included chat messages, emails, location details, gender, date of birth, phone numbers, passwords, photos, and payment details.
Air India – (4,500,000)
Exposed on May 22nd, 2021 – Air India suffered data breach. Exposed information include name, date of birth, contact information, passport information, ticket information, Star Alliance, and Air India frequent flyer data (but no passwords data were affected) as well as credit cards data.
Indonesia’s national health insurance scheme – (100,000)
Exposed on May 24th, 2021 – Indonesia’s national health insurance scheme suffered with breach resulting in leakage personal data.
Bergen Logistics – (467,979)
Exposed on May 24th, 2021 – Bergen Logistics suffered data breach. Exposed information include names, City, Zip, Addresses, Surnames, Order number, Email addresses, Plain-text passwords to customers accounts.
DailyQuiz – (13,000,000)
Exposed on May 24th, 2021 – DailyQuiz suffered data breach resulted in leakage and stealing of content of about 12.8 million users, including plaintext passwords, emails, and IP addresses for 8.3 million accounts.
Rehoboth McKinley Christian Health Care Services – (200,000)
Exposed on May 25th, 2021 – Rehoboth McKinley Christian Health Care Services suffered data breach resulted in exposure of names, dates of birth, postal addresses, telephone numbers, and email addresses, as well as Social Security, driver’s license, passport, and (for Native Americans) tribal ID numbers.
New Zealan Hospitals – (Unknown)
Exposed on May 26th, 2021 – Hospitals in New Zealand’s Waikato district have been targeted by hackers. Exposed information contain names, phone numbers, and addresses of patients and staff, Radio New Zealand and other local media reported
Canada Post – (950,000)
Exposed on May 26th, 2021 – Canada Post’s suppliers suffered malware attack. Affected information include names, addresses, email addresses and/or phone numbers of receiving customers.
JBS Foods – (Unknown)
Exposed on May 31st, 2021 – JBS Foods suffered cyber attack resulted in complete shutdown of the facility.
The Swedish Public Health Agency – (Unknown)
Exposed on May 31st, 2021 – The Swedish Public Health Agency hacked and resulted in complete database shutdown.
Scripps Health – (147,000)
Exposed on June 1st, 2021 – Scripps Health sufferd ransomware breach resulting in exposure of Social Security and/or driver’s license numbers.
Blizzard Entertainment – (Unknown)
Exposed on June 2nd, 2021 – Blizzard Entertainment suffered DDoS attack resulting in encountering the same issues with high latency and disconnections.
Steamship Authority – (Unknown)
Exposed on June 2nd, 2021 – The Massachusetts Steamship Authority suffered ransomware attack making it unable for customers to book or change vehicle reservations online or by phone.
Fujifilm – (37,151)
Exposed on June 2nd, 2021 – Fujifilm suffered cyberattack resulting in shutting down their complete network.
Audio House – (Unknown)
Exposed on June 2nd, 2021 – Consumer electronics retailer Audio House suffered hacking resulting in leaking of their personal details, such as names and contact numbers.
UK Special Forces soldiers – (Unknown)
Exposed on June 2nd, 2021 – Personal data of Special Forces soldiers is leaked mistakenly on whatsapp and is available for downloaded.
UF Health – (Unknown)
Exposed on June 3rd, 2021 – UF Health Central Florida has suffered a massive cyber attack forcing the hospitals to shut down.
Furniture Village – (Unknown)
Exposed on June 4th, 2021 – Furniture Village from UK hit with ransomware attack resulting in shutting down the affected systems.
TV news stations – (Unknown)
Exposed on June 4th, 2021 – TV news stations suffered with cyber attack resulting in shutting down the entire system and making it offline.
German cooperative banks – (Unknown)
Exposed on June 4th, 2021 – German cooperative banks suffered with cyber attack resulting in disrupting more than 800 financial instituions.
NSW Health – (Unknown)
Exposed on June 6th, 2021 – New South Wales Health suffered data breach. Exposed information include identity information and health-related personal information.
LineStar Integrity Services – (Unknown)
Exposed on June 7th, 2021 – LineStar Integrity services suffered with cyberattack resulted in stealing of 70 gigabytes of its internal files.
Navistar International Corporation – (Unknown)
Exposed on June 7th, 2021 – Navistar International Corporation suffered with cybersecurity breach resulting in stealing victim data. Type of compromised information is not disclosed.
Capitol Hill – (Unknown)
Exposed on June 8th, 2021 – Capitol Hill contractor suffered a ransomware attack resulting in system disruption by disabling the emails.
Spain’s Ministry of Labor and Social Economy – (Unknown)
Exposed on June 9th, 2021 – The Spanish Ministry of Labor and Social Economy (MITES) suffered with cyberattack. Compromised information is not disclosed yet.
Dutch Police Systems – (Unknown)
Exposed on June 9th, 2021 – Russian hackers breached a server belonging to the Dutch Police Academy, from where they pivoted to the main Dutch police network.
Edward Don – (Unknown)
Exposed on June 10th, 2021 – Foodservice supplier Edward Don has suffered a ransomware attack resulting in shutting down portions of the network to prevent the attack’s spread.
McDonald – (Unknown)
Exposed on June 11th, 2021 – Hackers have stolen data, including customer emails, phone numbers and addresses, from McDonald’s computer systems in the U.S., South Korea and Taiwan
African Bank – (Unknown)
Exposed on June 11th, 2021 – Hackers from Iran attacked the websites of Sierra Leone Commercial African Bank and US Federal Library resulting in shutting down the system.
Volkswagen – (3,300,000)
Exposed on June 11th, 2021 – Volkswagen America suffered with data breach resulting in exposing of personal details of 3.3 million of its customers. Compromised information include driver’s license numbers, dates of birth, Social Security or social insurance numbers, account or loan numbers, and tax identification numbers.
Microsoft – (Unknown)
Exposed on June 13th, 2021 – Kubernetes clusters are attacked resulting in deploying malicious containers mining Monero and Ethereum.
Intuit – (Unknown)
Exposed on June 13th, 2021 – Intuit suffered data breach allowing hackers to access some of their personal and financial information.
Union Benefits Administrator – (140,000)
Exposed on June 14th, 2021 – Union Benefits Administrator suffered data breach where where unauthorized access gained to data systems and deleted personally identifiable information and PHI.
AmeriGas – (123)
Exposed on June 15th, 2021 – America’s largest propane provider, AmeriGas suffered data breach resulting in full access to an internal email with spreadsheet attachments containing 123 AmeriGas employees’ information, including Lab IDs, social security numbers, driver’s license numbers, and dates of birth.
Alibaba Group Holding Ltd – (1,100,000,000)
Exposed on June 15th, 2021 – Alibaba Group Holding Ltd suffered with data breach resulting in exposure of phone numbers and a portion of usernames.
HMM – (Unknown)
Exposed on June 15th, 2021 – South Korea’s HMM suffered with data breach resulting in leading to limited access to the email outlook system.
Verizon – (Unknown)
Exposed on June 15th, 2021 – One of the largest water agencies, Verizon is hacked by cyber data breach. No information is disclosed on compromised information.
Poland’s parliament – (Unknown)
Exposed on June 16th, 2021 – Poland’s parliament suffered with cyber attack resulting in the leaking of PII information and emails through the instant messaging system Telegram.
Gateley – (Unknown)
Exposed on June 16th, 2021 – British company Gateley suffered data breach resulting in deletion from the location.
Volkswagen Group of America, Inc – (Unknown)
Exposed on June 17th, 2021 – Audi and Volkswagen suffered with data breach resulting in compromising of customer data. Exposed information include first and last name, personal or business mailing address, email address, or phone number.
Eggfree Cake Box – (Unknown)
Exposed on June 17th, 2021 – Eggfree Cake Box suffered data breach resulting in stealing of credit card numbers.
Wegmans – (Unknown)
Exposed on June 18th, 2021 – Wegmans Food Markets is cyberattacked. Exposed information include names, addresses, phone numbers, birth dates, Shoppers Club numbers, and Wegmans.com account e-mail addresses and passwords.
Fertility clinic – (38,000)
Exposed on June 20th, 2021 – Georgia-based fertility clinic suffered ransomware attack resulting in compromise of sensitive patient information. Exposed information include Full name, Address, Social Security Number, Laboratory results and Information relating to the handling of human tissue.
Korea Atomic Energy Research Institute – (Unknown)
Exposed on June 21st, 2021 – Korea Atomic Energy Research Institute is hacked by North Korea hackers. No information is shared related to breach.
Asia Pacific Network Information Centre – (Unknown)
Exposed on June 22nd, 2021 – The Asia Pacific Network Information Centre (APNIC) suffered cyber attack resulting in compromise of its SQL database in a public Google Cloud bucket.
City of Liege – (Unknown)
Exposed on June 22nd, 2021 – City of Liege suffered ransomware attack resulted in disruption of the municipality’s IT network and online services.
Wolfe Eye Clinic – (500,000)
Exposed on June 23rd, 2021 – Wolfe Eye Clinic is suffered with ransomware attack. Affected patients information is stolen during breach.
Patari – (260,000)
Exposed on June 23rd, 2021 – Patari.pk, a Pakistani music streaming site has suffered a data breach containing personal data and login credentials. Exposed information include Full names/Usernames, Email addresses, Password hashes (unsalted md5), Playlists, Avatar links.
Mercedes-Benz – (1,000)
Exposed on June 25th, 2021 – Sensitive personal information of nearly 1,000 customers and interested buyers was exposed on cloud storage platform mistakenly by Mercedes-Benz USA.
Technisanct – (3,400,000)
Exposed on June 25th, 2021 – Technisanct suffered data breach resulting in compromising personal information of approx. 3.4 million customers. Exposed information include name, customer ID, contact number, email ID, trade login ID, branch ID, city and country.
Altus Group – (Unknown)
Exposed on June 26th, 2021 – Altus Group suffered security breach resulted in making the entire IT back-office and communications systems, such as email system offline.
AcadeME – (280,000)
Exposed on June 28th, 2021 – AcadeME company sufferred massive data breach resulting in leaking of about 280,000 students throughout Israel. Compromised information include emails, passwords, first and last names, addresses and even phone numbers of students.
NewsBlur – (Unknown)
Exposed on June 28th, 2021 – The hacker was able to gain access to the database while the RSS reader was being transitioned to Docker making them to copy the database and delete the original.
LinkedIn – (500000000)
Exposed on June 28th, 2021 – Data-scraping incident of LinkedIn is leaked and posted online for sale on dark websites. Exposed information include full names, gender, email addresses, phone numbers and industry information.
Denmark’s Central Bank – (Unknown)
Exposed on June 30th, 2021 – Danmarks Nationalbank is infected Russia-linked threat actors resulting in gaining access to its network for more than six months.
MasMovil – (Unknown)
Exposed on July 1st, 2021 – Spain’s 4th largest telecom operator MasMovil Ibercom or MasMovil suffered data breach. Hackers downloaded databases and other important data.
QSure insurance company – (Unknown)
Exposed on July 2nd, 2021 – QSure insurance company in South Africa suffered data breach. The compromised information include bank account numbers, branch information, and the account holder’s name.
Members of Parliament – (Unknown)
Exposed on July 2nd, 2021 – The email accounts of about a dozen members of parliament from Poland are hacked recently.
AJG – (33,300)
Exposed on July 2nd, 2021 – Arthur J. Gallagher (AJG) suffered a ransomware attack. Exposed information include personal details (e.g., name, date of birth), contact details (e.g., phone number, email address, postal address or mobile number), government-issued identification details (e.g., social security and national insurance numbers, passport details), health and medical details (e.g., health certificates), policy details (e.g., policy numbers and types), bank details (e.g., payment details, account numbers, and sort codes), driving license details, online log-in information (e.g., username, password, answers to security questions), information relating to any claims, other information received from applications or required questionnaires (e.g., occupation, current employer)
Coop – (Unknown)
Exposed on July 3rd, 2021 – Coop, one of Sweden’s largest supermarket store chains is forced to shutdown following Kaseya ransomware attack.
Apex Legends game – (Unknown)
Exposed on July 4th, 2021 – Apex Legends game defaced by hackers in Respawn Entertainment where they complained complain Titanfall cheaters.
Wiregrass Electric Cooperative – (Unknown)
Exposed on July 4th, 2021 – Wiregrass Electric Cooperative suffered a ransomware attack. Company verified later on that no data have been compromised.
Kaseya supply-chain – (Unknown)
Exposed on July 5th, 2021 – Kaseya supply-chain suffered ransomware attack resulted in encrypting all systems. Company deals in customer systems and for patch management.
WSSC Water – (Unknown)
Exposed on July 5th, 2021 – WSSC Water suffered ransomware attack. The incident had no impact on the company.
Practicefirst – (Unknown)
Exposed on July 5th, 2021 – Practice management vendor Practicefirst suffered healthcare ransomware attack, that may have exposed birthdates, names, addresses, driver’s license numbers, Social Security numbers, email addresses and tax identification numbers of patients and employees.
Kaseya – (Unknown)
Exposed on July 6th, 2021 – U.S. information technology firm Kaseya suffered ransomware attack resulted in affecting between 800 to 1,500 businesses around the world.
Pacific Market Research – (16,000)
Exposed on July 7th, 2021 – Pacific Market Research accessed by an unauthorized party and encrypted their servers and an L&I file with sensitive information during the attack.
Maryland – (Unknown)
Exposed on July 8th, 2021 – A Maryland town was taken completely offline after a massive ransomware attack.
Telecommunications Organizations – (Unknown)
Exposed on July 8th, 2021 – Telecommunications organizations in Taiwan, Nepal and the Philippines have been affected by china based ransomware, affecting operations.
CNA Financial Corporation – (75,000)
Exposed on July 9th, 2021 – CNA Financial Corporation suffered data breach affecting approximately 75,000 users. Compromised information include names and Social Security numbers.
Comparis – (Unknown)
Exposed on July 10th, 2021 – Swiss online consumer outlet suffered a ransomware attack. This attack blocked some of its information technology systems.
Mint Mobile – (Unknown)
Exposed on July 10th, 2021 – Unauthorized hackers gained access to subscribers of Mint Mobile. Exposed information include personal information, like call history, names, addresses, emails, and passwords.
Bank of Oak Ridge – (Unknown)
Exposed on July 11th, 2021 – Bank of Oak Ridge suffered cyberattack resulting in exposing PII details of customers. Exposed information include addresses, social security numbers, or phone numbers.
Tehran – (Unknown)
Exposed on July 12th, 2021 – Tehran, Iran’s Transport Ministry suffered a cyberattack resulting in infiltrating systems displaying arrivals and departures.
Spreadshop – (Unknown)
Exposed on July 12th, 2021 – Spreadshop hit by malicious cyber-attack resulting in compromise of personal user data, including bank account details, Emails, and Passwords.
Nepal Telecom – (Unknown)
Exposed on July 13th, 2021 – Chinese hackers have stolen call details of Nepalis by hacking the Oracle Glass Fish Server used by the telecom company.
Practicefirst – (120,000)
Exposed on July 13th, 2021 – Practice management vendor Practicefirst suffered healthcare ransomware attack resulting in exposure of approximately 1.2 million users. Stolen information include name, address, email address, date of birth, driver’s license number, Social Security number, diagnosis, laboratory and treatment information, patient identification number, medication information, health insurance identification and claims information, tax identification number, employee username with password, employee username with security questions and answers, and bank account and/or credit card/debit card information
Forefront Dermatology – (240,000)
Exposed on July 14th, 2021 – Forefront Dermatology S.C suffered a data breach with 2.4 million patients, employees and clinicians. Compromised information includes name, address, date of birth, patient account number, health insurance plan member ID number, medical record number, dates of service, provider names, and/or medical and clinical treatment information.
Tulsa – (27)
Exposed on July 15th, 2021 – Hackers gained access to Tulsa resulting in exposure of PII details such as names, birth dates, addresses and driver’s license numbers, but not Social Security numbers.
Facebook – (200)
Exposed on July 15th, 2021 – A group of Iranian hackers targeted U.S. military personnel on Facebook resulted in compromise of personal email accounts.
Corporación Nacional de Telecomunicación – (Unknown)
Exposed on July 17th, 2021 – Nacional de Telecomunicación suffered a ransomware attack. Screenshots from the hacking include contact lists, contracts, and support logs.
Virginia Tech – (Unknown)
Exposed on July 18th, 2021 – Virginia Tech targeted by cyberattacks. Virginia Tech spokesman informed that there is no information leaked during the breach.
Lake County Health Department – (25,000)
Exposed on July 18th, 2021 – Lake County Health Department suffered data breach. Compromised information include names, dates of birth, phone numbers, email addresses and vaccination status of seniors seeking information on the COVID-19 vaccine.
Cloudstar – (Unknown)
Exposed on July 19th, 2021 – Cloudstar company suffered a highly sophesticated ransomware attack resulted in disrupting the activities of hundreds of companies.
Saudi Aramco – (14,254)
Exposed on July 19th, 2021 – 1 TB of proprietary data belonging to Saudi Aramco is stolen and available for sale on dark web. Compromised information include full name, photo, passport copy, email, phone number, residence permit (Iqama card) number, job title, ID numbers, family information, etc. of employees along with list of Aramco’s clients, along with invoices and contracts.
US Municipalities- (Unknown)
Exposed on July 20th, 2021 – A major breach exposed a number of US cities, resulting in exposing of Resident’s Personal Data. Compromised information include citizens’ physical addresses, phone numbers, IDs, tax documents etc.
Jefferson Health- (Unknown)
Exposed on July 21st , 2021 – Jefferson Health’s systems suffered third party data breach resulting in exposure of patients’ names, dates of birth, medical record numbers, social security number, and clinical information related to treatment – such as physician name and department, treatment plans, and diagnosis and/or prescription information.
Humana- (6,000)
Exposed on July 22nd, 2021 – US insurance giant Humana suffered massive data breach and exposed information includes patients’ names, IDs, email addresses, password hashes, Medicare Advantage Plan listings, medical treatment data, and more.
Guntrader.uk– (111,000)
Exposed on July 23rd, 2021 – Guntrader.uk suffered CRM database hacking resulting in making 111,000 users’ information online. Compromised information include names, mobile phone numbers, email addresses, user geolocation data, and more including bcrypt-hashed passwords.
The Mobile County Commission – (Unknown)
Exposed on July 23rd, 2021 – The Mobile County Commission suffered data breach where employee data and sensitive information leaked.
UK National Lottery Community Fund- (Unknown)
Exposed on July 23rd, 2021 – The National Lottery Community Fund suffered data breach exposing the sensitive personal data, including bank account information, of grant holders and applicants. Exposed data includes names, physical addresses, email addresses, landline and mobile numbers, dates of birth, bank account details, and applicant organizations’ addresses and websites.
Florida’s Department of Economic Opportunity – (58,000)
Exposed on July 26th, 2021 – Florida’s Department of Economic Opportunity suffered data breach, targeting 57,920 claimant accounts. Exposed information include Social Security number, driver’s license number, bank account numbers, claim information, and other personal data including address, phone number, and date of birth.
Raven Hengelsport – (246,000)
Exposed on July 27th, 2021 – Dutch fishing supply specialist Raven Hengelsport exposed customer data from misconfigured Microsoft Azure cloud server accidently. Leaked information include customer IDs, delivery dates, discounts, shipping fees, payments, and shipment tracking numbers. Customer PII [Personally Identifiable Information] – names, surnames, addresses, genders, phone numbers, email addresses, and even the titles of some customers.
UC San Diego Health – (Unknown)
Exposed on July 27th, 2021 – UC San Diego Health suffered data breach after compromising of some of employees’s email accounts resulted in leaking of Personal info of patients, students, and employees. Exposed information is full name, address, date of birth, email, fax number, claims information (date and cost of health care services and claims identifiers), laboratory results, medical diagnosis and conditions, Medical Record Number and other medical identifiers, prescription information, treatment information, medical information, Social Security number, government identification number, payment card number or financial account number and security code, student ID number, and username and password.
Express MRI – (Unknown)
Exposed on July 27th, 2021 – Express MRI suffered data breach due to an unauthorized attack. This data may include names, addresses, email addresses, dates of birth, and ages of patients as well as the name of the referring physician, which body part was scanned, and whether the scan was related to a workers’ compensation claim or motor vehicle accident investigation.
Homewood Health – (Unknown)
Exposed on July 27th, 2021 – Homewood Health is hacked by an unauthorized access resultig in exposure of personal information.
BRI Life – (460,000)
Exposed on July 28th, 2021 – BRI Life suffered data breach. Exposed information included bank account details, as well as copies of Indonesian identification cards and taxpayer details.
Chipotle – (Unknown)
Exposed on July 29th, 2021 – Hackers have compromised an email marketing account belonging to the Chipotle food chain. Compromised information include other logins, trade secrets, financial details, and other intelligence.
Identity Documents Database – (286,438)
Exposed on July 29th, 2021 – 286,438 Estonians ID Scans are downloaded from the Identity Documents Database (KMAIS). Exposed information include names and personal ID codes (available from various public databases).
School District No. 73 – (Unknown)
Exposed on July 31st, 2021 – SD73’s insurance provider for international students suffered cybersecurity breach. Personal information that may be impacted by this incident includes identity information, contact information, and other information provided to support submitted claims.
Elasticsearch database – (35,000,000)
Exposed on August 2nd, 2021 – The Elasticsearch database was left exposed without any security authentication. Exposed information include Gender, Full names, Ethnicities, Date of birth, Marital status, Email addresses, Contact information, Residential addresses.
Advanced Technology Ventures – (300)
Exposed on August 3rd, 2021 – Advanced Technology Ventures suffered data breach. Names, email addresses, phone numbers and Social Security numbers of the individual investors in ATV’s funds were stolen during attack.
Reindeer – (300,000)
Exposed on August 3rd, 2021 – Reindeer, an American marketing company suffered breach of 32 GB data due to misconfigured Amazon S3 bucket. This incident lead to the compromise of 1400 profile photos and personal details of approximately 306,000 customers. Exposed information included name, surname, email address, date of birth, physical address, phone number, hashed passwords, and Facebook IDs.
Isle of Wight Schools– (Unknown)
Exposed on August 4th, 2021 – Six schools and the Isle of Wight of Education Federation suffered ransomware attack resulted in the encryption of data.
Americans– (63,000,000)
Exposed on August 4th, 2021 – An unsecured online database accidently exposed information of 63 million americans on public internet. Exposed information include full names, job titles, personal email and home addresses, work email and office addresses, personal and work phone numbers, home IP addresses and employer names.
StarHub– (57,191)
Exposed on August 6th, 2021 – Starhub suffered data breach resulted in exposure customers’ personal details like email addresses and mobile numbers.
GIGABYTE – (Unknown)
Exposed on August 6th, 2021 – Taiwanese motherboard maker Gigabyte has been hit by cyber attack, who threaten to publish 112GB of stolen data unless a ransom is paid. This incident forced the company to shut down systems including its support site and portions of the Taiwanese website.
FOID card portal– (Unknown)
Exposed on August 9th, 2021 – FOID (Firearm Owners Identification) card portal suffered data breach resulting in compromise of their personal information.
Crytek– (Unknown)
Exposed on August 10th, 2021 – Game developer and publisher Crytek suffered ransomware data breach. Compromised information include individuals’ first and last name, job title, company name, email, business address, phone number and country.
Georgia Health System– (Unknown)
Exposed on August 11th, 2021 – Georgia Health system suffered data breach resulted in compromise of patient names in combination with their address, date of birth, SSN, driver’s license number, patient account number, billing account number, financial information, health insurance plan member ID, provider names and date of service etc.
US waste management firm– (Unknown)
Exposed on August 12th, 2021 – US waste management firm has exposed information of current and former employees, as well as their dependents during a data breach. Compromised information include names, Social Security numbers, taxpayer identification numbers, government and state ID numbers, driver’s license numbers, dates of birth, bank account numbers, debit and credit card numbers.
Microsoft Exchange servers– (Unknown)
Exposed on August 12th, 2021 – Microsoft Exchange servers are exploited using ProxyShell vulnerability to install backdoors for later access.
Lithuanian Ministry of Foreign Affairs – (160,000)
Exposed on August 13th, 2021 – The Lithuanian Ministry of Foreign Affairs emails are stolen and available for trading on data-trading forum. Compromised information include highly sensitive conversations.
Ford Motor Company – (Unknown)
Exposed on August 15th, 2021 – A bug on Ford Motor Company’s website exposed sensitive information such as customer databases, employee records, internal tickets. Exposed information included Customer and employee records, Finance account numbers, Database names and tables, OAuth access tokens, Internal support tickets, User profiles within the organization, Pulse actions, Internal interfaces and Search bar history.
New York university – (47,000)
Exposed on August 16th, 2021 – New York university has potentially exposed the personal information of approximately 47,000 individuals.
Chase Bank – (Unknown)
Exposed on August 17th, 2021 – JPMorgan Chase Bank accidently allowed leakage of customer banking information to other customers. Exposed information include statements, transaction list, names, and account numbers of its customers.
Brazilian National Treasury – (Unknown)
Exposed on August 17th, 2021 – Brazilian National Treasury suffered ransomware attack. So far no information shared on the compromise.
Indiana Contact Tracing – (Unknown)
Exposed on August 17th, 2021 – Indiana contact tracing survey company suffered data breach. Compromised information include names, addresses, emails, gender, race, ethnicity and date of birth.
Tokio Marine – (Unknown)
Exposed on August 17th, 2021 – Japan’s largest property and casualty insurer, Tokio Marine Holdings suffered Ransomware attack. No information shared on the data leak during the incident.
AT&T database – (70,000,000)
Exposed on August 20th, 2021 – AT&T suffered data breach resulting in leaking of 70 million users data. Compromised data include users’ full names, social security numbers, email addresses, and dates of birth.
Liquid Global Exchange – (Unknown)
Exposed on August 25th, 2021 – Japan’s Liquid Global exchange hacked, resulted in suspended deposits and withdrawals.
Chinese developers – (Unknown)
Exposed on August 26th, 2021 – The Chinese developers of Android gaming apps exposed information belonging to users through an unsecured server. Exposed information include IP and IMEI numbers, device information, phone numbers, the OS in use, mobile device event logs, whether or not a handset was rooted; game purchase and transaction reports, email addresses, EskyFun account passwords stored in plaintext, and support requests, among other data.
Palantir – (Unknown)
Exposed on August 26th, 2021 – A glitch in company Palantir’s secretive software program used by the FBI allowed unauthorized personnel to access private data.
Boston Public Library – (Unknown)
Exposed on August 27th, 2021 – The Boston Public Library (BPL) suffered data breach and currently experiencing significant system outage and online library services that require login are unavailable.
Puma – (Unknown)
Exposed on August 29th, 2021 – About 1GB of data stolen from the company PUMA is available for sale on dark web.
eHAC – (1,300,000)
Exposed on August 30th, 2021 – The ‘test and trace app’, named electronic Health Alert Card or eHAC has exposed sensitive data of more than one million people through an open server by mistake. Exposed information include person’s health status, personal information, contact information, COVID-19 test results and other data.
Michigan hospital – (1,500)
Exposed on August 31st, 2021 – A major Michigan hospital system sufffered hacking resulting in data exposure of 1500 patients. Exposed information include patient name, procedure name, physician name, internal medical record number and dates of service.
Francetest – (700,000)
Exposed on September 1st, 2021 – The online platform to conduct test left exposed accidently resulting in making personal details of 700,000 patients public. Exposed information include Full name, gender, DOB, social security number, contact details, email addresses, and postal address.
New York credit union– (Unknown)
Exposed on September 1st, 2021 – The former employee of a New York credit union accessed institution’s computer system and stole 21GB data and destryoed it. Deleted information include mortgage loan applications and other sensitive information on that server.
Voip Unlimited – (Unknown)
Exposed on September 2nd, 2021 – South Coast-based Voip Unlimited suffered DDoS attack resulting in outages on voice, inbound and outbound calls, and SMS services.
Autodesk – (Unknown)
Exposed on September 2nd, 2021 – The US software and services company, AutoDesk suffered massive data breach by unauthorized access, where hackers gained access to the networks of multiple US federal agencies and private tech sector firms.
MarkMonitor – (60,000)
Exposed on September 3rd, 2021 – Domain registrar MarkMonitor had accidently left more than 60,000 parked domains vulnerable to domain hijacking. These parked domains were seen pointing to nonexistent Amazon S3 bucket addresses, hinting that there existed a domain takeover weakness.
Dallas Independent School – (153,861)
Exposed on September 3rd, 2021 – The Dallas Independent School District (Dallas ISD) suffered a data breach exposing sensitive personal data belonging to students and employees enrolled or employed. Stolen data belonging to employees or contractors included first and last names, addresses, phone numbers, Social Security numbers, dates of birth, dates of employment, salary information, and reasons for ending employment. Data pertaining to students comprised first and last names, Social Security numbers, dates of birth, parent or guardian contact information, and grades.
Bilaxy– (Unknown)
Exposed on September 3rd, 2021 – Bilaxy, crypto exchange suffered a “serious hack” resulting in the transfer of 295 different ERC-20 tokens. As a result, Bilaxy suspended its website to take emergency measures.
Babuk Locker – (Unknown)
Exposed on September 3rd, 2021 – A threat actor has leaked the complete source code for the Babuk ransomware on a Russian-speaking hacking forum.
Beaumont Health – (6,000)
Exposed on September 4th, 2021 – Goodwin Procter LLP suffered data breach resulting in leakage of patient personal data. Exposed information include patient name, procedure name, physician name, the internal medical record number, and the date of service.
Pacific City Bank – (Unknown)
Exposed on September 5th, 2021 – Pacific City Bank hit by Ransomware operators and they claim to have stolen sensitive documents from the financial institution.
Office 365 – (Unknown)
Exposed on September 6th, 2021 – APT group has attacked the client’s Office 365 environment and discovered a way to bypass authentication controls so that they can fully access the environment of the directory server. As a result they gained access to Azure / Azure AD, Office 365 , Azure Applications (which they can further backdoor), Defender Security Center
Visa Applicants – (8,700)
Exposed on September 6th, 2021 – A cyber attack has compromised the data of 8,700 applied for Visa visiting to France. Exposed information include their Names, DOB, Passport and Identity card numbers.
Howard University – (Unknown)
Exposed on September 7th, 2021 – Howard University suffered ransomware attack resulting in Online and hybrid classes cancellation.
Moroccans – (2,000,000)
Exposed on September 7th, 2021 – Hackers stole ersonal data of more than 2 million Moroccans. Exposed information include identity, profession, employer name, and email address.
Dotty’s – (Unknown)
Exposed on September 7th, 2021 – An unauthorized hackers gained access to Dotty’s and exposed personal data of customers. Exposed information include customer names, dates of birth, Social Security numbers, driver’s license or state ID numbers, passport numbers, financial account and/or routing numbers, health insurance information, treatment information, biometric data, medical records, taxpayer identification numbers, and credit card numbers and/or expiration dates.
McDonald – (Unknown)
Exposed on September 7th, 2021 – A bug in the McDonald’s Monopoly VIP game in the United Kingdom made the the login names and passwords for the game’s database available to all winners.
PeduliLindungi and eHAC – (1,300,000)
Exposed on September 7th, 2021 – The personal data of approximately 1.3 million Indonesian residents, stored on two government-developed COVID-19 tracking apps, PeduliLindungi and eHAC, has been leaked online. Exposed information include personal data, travel information, medical records and COVID-19 status of the app’s users.
Right to Life- (Unknown)
Exposed on September 7th, 2021 – A bug in Anti-abortion group Texas Right to Life exposed the personal information of hundreds of job applicants. The resumes contained names, phone numbers, addresses and details of a person’s employment history.
Bhumirajanagarindra Kidney Institute Hospital – (40,000)
Exposed on September 8th, 2021 – Bhumirajanagarindra Kidney Institute Hospital suffered cyber attack resulted in leaking of patients’ personal information and treatment history.
New Zealand Banks – (Unknown)
Exposed on September 8th, 2021 – Websites of a number of financial institutions in New Zealand and its national postal service were forced to shut down by DDoS attack.
Bridgeport City Government – (Unknown)
Exposed on September 9th, 2021 – Bridgeport city government hacked by a ransomware attack. Exposed information includes social security numbers, birth dates, addresses, driver’s license numbers and any other information used to establish any city account.
Russian publication Yandex – (Unknown)
Exposed on September 9th, 2021 – Russian internet giant Yandex has been targeted in a DDoS attack. This attack made company to experience “record scale”.
Fortinet – (87,000)
Exposed on September 9th, 2021 – Network security solutions provider Fortinet unauthorizedly disclosed VPN login names and passwords associated with 87,000 FortiGate SSL-VPN devices. Compromised information include files, session file, which contains usernames and passwords stored in plaintext.
Virginia National Guard – (Unknown)
Exposed on September 10th, 2021 – Virginia Defense Force and the Virginia Department of Military Affairs affected by cyber attack. 1GB of data made available for purchase.
LifeLong Medical Care – (115,000)
Exposed on September 10th, 2021 – LifeLong Medical Care suffered data breach. Exposed information include social security numbers, treatment information and diagnosis data
Netgain and LifeLong Medical Car – (35,000)
Exposed on September 10th, 2021 – Netgain and LifeLong Medical Car suffered cyberattack. Compromised information include full names, Social Security numbers, dates of birth, patient cardholder numbers, treatment and diagnosis information.
Puma – (Unknown)
Exposed on September 12th, 2021 – Sportswear maker Puma source code hacked by hackers. Stolen information is made available for sale in dark web portal. Hackers have 1GB of data.
GetHealth – (60,000,000)
Exposed on September 13th, 2021 – An unsecured database containing over 61 million records related to wearable technology and fitness services was left exposed online.
Krita art app – (Unknown)
Exposed on September 14th, 2021 – Krita, an open-source cross-platform digital painting application suffered ransomware attack. But instead of direct attack, company’s name was used in spreading spam.
Austin (Texas) Cancer Centers – (36,503)
Exposed on September 16th, 2021 – Austin (Texas) Cancer Centers suffered cyber-attack forced it to shut down its IT networks.
Paris Hospitals – (1,400,000)
Exposed on September 16th, 2021 – Personal data of around 1.4 million people who took Covid-19 tests in the Paris region in the middle of 2020. Stolen were the identities, social security numbers and contact details of people tested as well as the identities and contact details of health professionals who dealt with them, along with the test results, the hospital organization said.
Alaska Department of Health – (Unknown)
Exposed on September 17th, 2021 – The Alaska Department of Health and Social Services (DHSS) suffered data breach resulted in leakage of residents’ personal data, including financial information. Exposed information include full names, dates of birth, Social Security numbers, addresses, phone numbers, driver’s license numbers, health information, and financial information.
NEISD – (8,800)
Exposed on September 18th, 2021 – Thousands of Northeast ISD employees data is leaked during a massive attack. Exposed information include payroll information, including names and social security numbers.
Walgreens – (Unknown)
Exposed on September 20th, 2021 – Walgreens added an authentication screen. With the new authentication screen, anyone who wants to access the test confirmation pages must now enter the patient’s date of birth first. That authentication screen is hacked resulting in exposing of name, date of birth, gender identity, phone number, address, and email of users.
Scoupy – (Unknown)
Exposed on September 20th, 2021 – The Dutch cashback app Scoupy suffered data breach impacting 2 million customers. Exposed information include Private information resembling identify, handle, place of residence, cellphone quantity, e mail handle, date of beginning, receipt and encrypted password, and encrypted checking account quantity (IBAN)
Voicenter – (Unknown)
Exposed on September 21st 2021 – A major cyberattack hit Voicenter and stole 15 terabytes of data. The hacker put that information for sale including screenshots of stolen information as a proof.
New Cooperative – (Unknown)
Exposed on September 21st, 2021 – New Cooperative has been hit with a ransomware attack resulting in leakage of financial documents. Exposed information include network information for multiple companies involved with New Cooperative, the social security numbers and personal information for employees, R&D files and the source code for a farmer technology platform called Soil Map.
Marketron marketing services – (Unknown)
Exposed on September 21st, 2021 – BlackMatter ransomware gang attacked Marketron marketing services resulting in shutting down its all services. The only platforms remained online were Pitch, Email Marketing, and Mobile Messaging.
Simon Eye– (144000)
Exposed on September 21st, 2021 – An unauthorized access to employee email accounts resulted in data breach. Exposed information include patients’ names, medical histories, treatment and diagnosis information, health insurance policy and/or subscriber information, and insurance application and/or claims information. Even for a limited number of people Social Security numbers, dates of birth, and/or financial account are also leaked.
The United Kingdom of Ministry– (250)
Exposed on September 21st, 2021 – The United Kingdom’s Ministry of defence mistakenly exposed the data of more than 250 Afghan interpreters, working for British forces. Exposed information include email addresses, names, linked profile images.
Microsoft Exchange– (100000)
Exposed on September 22nd, 2021 – Bugs in the implementation of Microsoft Exchange’s Autodiscover feature have leaked approx 100,000 login names and passwords for Windows domains globally.
Marcus & Millichap– (Unknown)
Exposed on September 22nd, 2021 – Marcus & Millichap suffered a recent cyber attack. However there is no evidence of any material risk or misuse relating to personal information.
Crystal Valley Cooperative– (Unknown)
Exposed on September 22nd, 2021 – Crystal Valley Cooperative suffered cyber attack resuulting in infection in computer systems and interrupted daily operations of the company, as a result company is forced to shut down its services.
African Bank– (Unknown)
Exposed on September 22nd, 2021 – African Bank’s professional debt recovery partners, Debt-IN suffered data breach resulted in compromise of details of a number of African Bank Loan customers.
Coninsa Ramon H– (100,000)
Exposed on September 23rd, 2021 – Coninsa Ramon H left the data un-encypted mistakenly resulted in leaking personal information of over 100,000 customers of a Colombian real estate firm. Exposed information include Full name, phone numbers, email addresses, residential addresses, amount paid for estates and asset values.
SushiSwap’s MISO cryptocurrency platform– (Unknown)
Exposed on September 24th, 2021 – A supply-chain attacker stole $3 million worth of cryptocurrency from SushiSwap’s MISO cryptocurrency platform by infecting Sushi’s private GitHub repository.
Clubhouse and Facebook– (3,800,000,000)
Exposed on September 24th, 2021 – Clubhouse ‘secret database’ with users’ Facebook profiles has been hacked and the compiled data appears to include names, phone numbers, and other data.
GSS– (Unknown)
Exposed on September 24th, 2021 – GSS, the Spanish and Latin America division of Covisian suffered a massive ransomware attack resulting in shutting down the system.
viant Group suffered massive cyber attack forced company to bring down its systems.
pcTattleTale– (Unknown)
Exposed on September 28th, 2021 – pcTattleTale uploads the screenshots to an unsecured AWS bucket as a result anyone can view what’s inside the bucket as it doesn’t require any form of authentication—such as a user name and password.
Aquila Technology– (Unknown)
Exposed on September 29th, 2021 – Aquila Technology affected by a data breach resulted in compromise of customers’ personal and credit card information.
Automotive group of dealerships– (Unknown)
Exposed on September 29th, 2021 – Automotive group of dealerships from US suffered data breach, where attackers stole 200 GB data.
Portpass App– (650,000)
Exposed on September 29th, 2021 – Private proof-of-vaccination app Portpass exposed personal information of hundreds of thousands of users by leaving its website unsecured. Exposed information include driver’s licences, personal information, email addresses, names, blood types, phone numbers, birthdays.
Navistar– (Unknown)
Exposed on September 29th, 2021 – Data breach on Navistar exposed employee healthcare information. Exposed information include the full names, addresses, dates of birth, and Social Security numbers of an unspecified number of Navistar employees past and present.
Forward Air– (Unknown)
Exposed on September 29th, 2021 – Data breach on Trucking giant Forward Air accessed employees personal information. Exposed information include employees’ names, addresses, date of births, Social Security numbers, driver’s license numbers, passport numbers, or bank account numbers.
JVCKenwood– (Unknown)
Exposed on September 30th, 2021 – JVCKenwood has suffered ransomware attack where 1.7 TB of data is stolen.
Stonington Schools– (Unknown)
Exposed on September 30th, 2021 – Stonington Public Schools suffered ransomware attack resulting in isolating the school from the internet.
Hawaii Company– (4,500)
Exposed on October 1st, 2021 – Honolulu payroll company suffered ransomware attack. Exposed information included Social Security numbers, dates of birth, the full names of clients and bank account information.
Coinbase– (Unknown)
Exposed on October 1st, 2021 – Crypto exchange Coinbase suffered data breach and resulted in stealing of cryptocurrency. To conduct the attack, Coinbase says the attackers needed to know the customer’s email address, password, and phone number associated with their Coinbase account
Coinbase– (6,000)
Exposed on October 2nd, 2021 – Hackers stole from the accounts of at least 6,000 customers of Coinbase Global Inc (COIN.O). Hackers used email addresses, passwords and phone numbers linked to the affected Coinbase accounts, and have access to personal emails.
Apache Airflow servers– (Unknown)
Exposed on October 4th, 2021 – Misconfigured instances leaked thousands of credentials to well-known services. These instances were seen leaking sensitive data, including thousands of user credentials to popular platforms and services such as Slack, PayPal, and Amazon Web Services (AWS), among others, claim the researchers.
Sandhill Global– (Unknown)
Exposed on October 4th, 2021 – Sandhills Global suffered ransomware attack, as a result company is forced to shut down and phone were also switched off.
The Telegraph – (Unknown)
Exposed on October 5th, 2021 – ‘The Telegraph’, one of the UK’s largest newspapers suffered data breach. It resulted in leaking of 10 TB of data. The exposed information included internal logs, full subscriber names, email addresses, device info, URL requests, IP addresses, authentication tokens, and unique reader identifiers.
Fimmick – (Unknown)
Exposed on October 6th, 2021 – Fimmick has been hit with a ransomware attack. It is resulting in shutting down the website.
Next Level Apparel– (Unknown)
Exposed on October 6th, 2021 – Next Level Apparel suffered data breach. Exposed information include names accompanied by Social Security numbers, financial/checking account numbers, payment card numbers, driver’s license numbers, and limited medical/health information”.
Welland Park Academy– (Unknown)
Exposed on October 6th, 2021 – Welland Park Academy in Market Harborough, Leicestershire suffered data breach from a fired ex-IT employee. He changed passwords of staff members.
Twitch– (Unknown)
Exposed on October 7th, 2021 – Twitch suffered massive data leak resulted in 125 GB of source code being stolen.
Weir– (Unknown)
Exposed on October 8th, 2021 – Engineering firm Weir hit by major ransomware attack resulted in shutting down IT systems, including engineering applications.
BrewDog– (200,000)
Exposed on October 8th, 2021 – BrewDog, the Scottish brewery and pub chain famous for its crowd-ownership model has exposed the details of 200,000 of its shareholders and customers. Exposed information include Name, Date of Birth, Email address, Gender, All previously used delivery addresses, Telephone number, Number of shares held, Shareholder number, Bar discount amount, Bar discount ID – used to create the QR code, Number of referrals and Type of beer previously purchased.
Elite Hollywood School– (Unknown)
Exposed on October 9th, 2021 – Elite Hollywood School was hacked and exposed. Compromised information include files from the last decade concerning roughly 150 alumni. It covered children of Oscar winners, media chieftains, household names, assorted billionaires and influential political donors of both major political parties.
Sky.com– (Unknown)
Exposed on October 9th, 2021 – Sky.com exposed data via misconfiguration file that included plain text access credentials to multiple databases on a domain hosted by the Sky media conglomerate.
Pacific City Bank– (Unknown)
Exposed on October 11th, 2021 – Pacific City Bank (PCB) has suffered a ransomware attack. Exposed Sensitive details are Loan application forms, Tax return documents, W-2 information of client firms, Payroll records of client firms, Full names, Addresses, Social Security Numbers and Wage and tax details.
Oregon Eye Specialists– (Unknown)
Exposed on October 11th, 2021 – US optometry group has disclosed a data breach. Exposed customers’ names , dates of birth, dates of service, medical record numbers, financial account information, and health insurance provider names and/or policy numbers.
Quest Diagnostics– (350,000)
Exposed on October 12th, 2021 – Quest Diagnostics has suffered a ransomware attack. Exposed information include driver’s license numbers, passport numbers, Social Security numbers, financial account numbers, and/or credit card numbers, test reports and/or medical history information, health insurance or group plan identification names and numbers and other information leaked in the attack.
Olympus– (Unknown)
Exposed on October 12th, 2021 – Olympus, a leading medical technology company suffered cyberattack resulting in taking down company’s system.
Banco Pichincha– (Unknown)
Exposed on October 12th, 2021 – Ecuador’s largest private bank Banco Pichincha has suffered a massive cyberattack, resulting the bank to shut down portions of their network and ATMs no longer working.
Premier Patient Healthcare– (38000)
Exposed on October 12th, 2021 – The Premier Patient Healthcare suffered data breach. The information in the file included name, age, sex, race, county and state of residence, and zip code, as well as Medicare beneficiary information, such as Medicare eligibility period, spend information, and hierarchical condition.
Meliá Hotels International– (Unknown)
Exposed on October 13h, 2021 – Meliá Hotels International suffered massive cyberattack resulting in taking down parts of the internal network and some web-based servers, including its reservation system and public websites.
Mumbai cyber cell– (Unknown)
Exposed on October 13th, 2021 – The email ID of the east region cyber cell of Mumbai police was hacked with an infected PDF attachment. Exposed information is email ID and password.
Visible– (Unknown)
Exposed on October 13th, 2021 – Verizon-owned company Visible suffered hacking resulted in email and address associated with an account left exposed.
Acer– (13000)
Exposed on October 14th, 2021 – Taiwanese computer giant Acer suffered data breach in India. Compromised information include client, corporate, and financial data and login details.
Thingiverse– (228000)
Exposed on October 14th, 2021 – Thingiverse suffered data leak. Compromised information include 36GB backup file that contains 228,000 unique email addresses and other personally identifiable information.
Israel’s National Cyber Directorate– (Unknown)
Exposed on October 15th, 2021 – Israel’s National Cyber Directorate (INCD) suffered ransomware attack resulted in cancellation of non-urgent procedures.
Twitch– (Unknown)
Exposed on October 17th, 2021 – Twitch suffered security breach resulted in impacting small number of Users. The exposed data primarily contained documents from Twitch’s source code repository, as well as a subset of creator payout data.
Sinclair Broadcast Group– (Unknown)
Exposed on October 18th, 2021 – Sinclair Broadcast Group hit by a ransomware attack resulted in stealing data from the company’s network.
Donald Trump’s Website– (Unknown)
Exposed on October 18th, 2021 – Donald Trump’s Website is hacked and defaced former President Donald Trump.
MakerBot’s Thingiverse 3D printing repository – (50,000)
Exposed on October 18th, 2021 – More than 2 million people whose usernames at minimum were leaked in a Thingiverse Breach. Compromised data consisted of non-production, non-sensitive information.
Professional Dental Alliance– (Unknown)
Exposed on October 19th, 2021 – Professional Dental Alliance suffered data breach resulted in exposure of PHI information of patients. Exposed information include name, address, email address, phone number , dental information, insurance information, social security numbers and financial account numbers.