In 2020, data leaks, also known as”data breaches”, have now become a term that we hear about in the news more often than ever before. What is a data breach, exactly, and why are these becoming common? Data breaches are a growing cybersecurity concern for both businesses and individuals alike.
What is a data breach?
A data breach exposes a person’s or a company’s confidential information. It’s generally either performed by a cyberattack, ransomware, malware, or unintentional exposures. The data breach may result in identity theft and/or exposure of business trade secrets which results in a violation of industry/federal government compliance mandates.
What are the different types of data breaches?
Depending on the source, there are several different ways of describing types of data breaches. Here are 4 common types:
• Cyber attacks – this is when hackers use various techniques to get unauthorized access to information that should be secure.
• Loss or theft of devices – If a laptop, smartphone, USB drive or other data storage devices gets stolen, lost or not disposed of properly and ends up in the wrong hands, this is a data breach.
• Employee theft – This can happen when employees, especially those about to move on from their position, deliberately get access to protected data with malicious intent.
• General human errors – Mistakes can happen to anyone, and some people accidentally send protected data to the wrong person, or upload it over public networks or compromise the servers where the data is stored.
A data breach exposes a person’s or a company’s confidential information. It’s generally either performed by a cyberattack, ransomware, malware, or unintentional exposures. The data breach may result in identity theft and/or exposure of business trade secrets which results in a violation of industry/federal government compliance mandates.
The following is a running list of data breaches in 2020.
Note: This page is updated continuously of the major data breaches reported in 2020. All data is provided from public resources. LogMeOnce provides the most comprehensive data breach news alerts and data breach statistics.
Landry’s, Inc. – (Unknown Number of Records)
Exposed on January 2, 2020 – Landry’s, Inc., a Houston-based restaurant, steakhouse, and hospitality company has disclosed a point-of-sale malware attack that collected payment card data from swiped cards on an order-entry system at its bars and restaurants.
Alomere Health – (49351 Records)
Exposed on January 7, 2020 – Minnesota-based hospital Alomere Health notified patients of a data breach affecting the personal and medical information of 49,351 individuals after unauthorized access gained to two employee email accounts. Compromised data include patient names, addresses, dates of birth, medical record numbers, health insurance information and diagnosis and treatment details information. A limited number of patients also had their SSN and driver’s license numbers exposed.
Amazon Web Services S3 – (Unknown Records)
Exposed on January 14, 2020 – Thousands of British Passports left exposed on open cloud of Amazon Web Services. Exposed data included thousands of scans of passports, tax documents, job applications, proof of address, background checks, expense forms, scanned contracts complete with signatures, salary information, emails and more. The files contained a wide range of personally identifiable information, including names, addresses, phone numbers, dates of birth, gender, national insurance number.
LimeLeads – (49,000,000 Records)
Exposed on January 1, 2020 – A hacker is selling database of 49 million business contacts stolen from company LimeLeads, a San Francisco based B2B Lead generator company. It is noticed that data was stolen due to insecure database of the company. Stolen data include full name, title, user email, employer/company name, company address, city, state, ZIP, phone number, website URL, company total revenue, and the company’s estimated number of employees.
PlanetsDrugsDirect – (Unknown Records)
Exposed on January 15th, 2020 – Canadian online pharmacy PlanetDrugsDirect notified its customers of a data security incident that might have exposed their names, addresses, e-mail addresses, phone numbers, medical information including prescription(s), and payment information.
Mitsubishi Electric Corp – (Unknown Records)
Exposed on January 20th, 2020 – A massive cyber-attack targeted Mitsubishi Electric Corp resulting in information compromise through email exchanges pertaining to government agencies and other business partners.
Greenville Water – (500,000 Records)
Exposed on January 27th, 2020 – An international cyber attack affected online payments of half a million residents having water supplier “ Greenville Water Supply” based in South Carolina.
SexPanther – (11,000 Records)
Exposed on January 24th, 2020 – Arizona based adult site SexPanther exposed identity information of 11,000 models and sex workers containing names, home address, date of birth, bio metrics, driving license, social security numbers on an unprotected Amazon Web Services (AWS) storage bucket.
The Royal Yachting Association – (Unknown Records)
Exposed on January 24th, 2020 – An unauthorized access has stolen data from The Royal Yachting Association (RYA) . Stolen information from RYA 2015 members database included names, email addresses and hashed passwords”.
Oman United Insurance Company SAOG – (Unknown Records)
Exposed on January 1st, 2020 – Oman United Insurance Company SAOG is attacked by ransomware on 1st January 2020 resulted in infecting some of the data. Fortunately company recovered the data lost during attack.
Florida Library – (600 Records)
Exposed on January 9th, 2020 – Florida Library affected by cyber attack resulted in taking down 600 staff and public access computers at Volusia County Public Library (VCPL) branches from Daytona Beach, Florida. It was notified that devices were tried to be encrypted during the cyber attack.
Munson Healthcare group – (Unknown Records)
Exposed on January 16th, 2020 – The northern-Michigan based Munson Healthcare group notified hacking of Protected Health Information. The exposed information included email id, names, dates of birth, patient financial account numbers, driver’s license numbers and Social Security number, insurance information along with treatment and diagnostic information.
Microsoft – (Unknown Records)
Exposed on January 23rd, 2020 – Microsoft misconfigured five Elasticsearch servers last December where each data set contained 250 million customer support logs of interaction.This exposed information resulted in leakage of email addresses, contract numbers, payment information and some other PII information.
Perth Mint – (1480 Records)
Exposed on January 31st, 2020 – Data breach at Perth Mint has compromised the details of its visitors. The stolen information included contact details of 1480 people who filled out feedback surveys at the West Australian government-owned mint’s depository. These surveys were including email addresses, visitor names, home addresses and telephone numbers.
Social Captain – (Unknown Records)
Exposed on February 1st, 2020 – Social Captain which is a startup that helped Instagram users to increase followers has mistakenly exposed thousands of Instagram accounts and passwords. Data was stored in unencrypted plaintext format in the company’s source code.
Yarra Trams – (Unknown Records)
Exposed on February 3rd, 2020 – The personal email addresses of 91 people have been exposed by Yarra Trams by mistake. Information was shared with a large number of other public members.
Bouygues Construction – (Unknown Records)
Exposed on February 3rd, 2020 – A massive ransomware attack hit Bouygues Group’s construction subsidiary resulted in stealing of 200 GB of data.
Fondren Orthopedic Group – (30,049 Records)
Exposed on February 4th, 2020 – Fondren Orthopedic Group notified to its patients that a malware attack may have damaged the medical information of 30,049 patients. Exposed data included names, addresses, telephone numbers, diagnosis and treatment information and health insurance information of patients.
St. Louis Community College – (5,127 Records)
Exposed on February 5th, 2020 – Phishing campaign in St. Louis Community College resulted in the exposure of names, student ID numbers, dates of birth, addresses, home phone numbers, cell phone numbers, and college, Social Security numbers and personal email addresses for 5,127 people.
Joker’s Stash – (461,976 Records)
Exposed on February 7th, 2020 – Fresh database of 461,976 payment card records currently on sale on Joker’s Stash which is a popular underground cardshop in the dark web has been listed. Stolen information include exposed card numbers, expiration dates, CVV/CVC codes and, in this case, some additional information such as cardholders’ full name, as well as their emails, phone numbers and addresses.
Israeli Netanyahu’s party – (65,000,000 Records)
Exposed on February 9th, 2020 – Elector voting management app exposed the Israel’s entire voter registry wide open for days. The affected data included personal details such as addresses and ID numbers for around 6.5 million Israelis, including Netanyahu and other top politicians.
Enrichment Systems, Inc – (Unknown Records)
Exposed on February 10th, 2020 – An unauthorized access to California-based preschool education provider Enrichment Systems, Inc (EES) resulted in data breach. Affected information includes “name, address, Social Security number, financial information, health insurance information, student education records, as well as medical history and treatment information of parents and students.
The Estée Lauder Companies Inc. – (440,000,000 Records)
Exposed on February 11th, 2020 –The Estée Lauder Companies Inc. exposed more than 440 million records to public accidentally after failing to password-protect a corporate database. The exposed information include emails, references to reports and internal documents, and IP addresses ports, pathways and storage information.
Rutter’s convenience stores . – (Unknown Records)
Exposed on February 14th, 2020 -Rutter’s convenience stores suffered with POS data breach. Issue was discovered by the company in December 2019. This malware was used for tracking the data that include card number, card expiry, cvv.
South-central Iowa medical system – (7,500 Records)
Exposed on February 17th, 2020 -Personal information is leaked for approximately 7500 patients during a data breach in Monroe County Hospital & Clinics. This unauthorized access resulted in stealing of patients’ full names, dates of birth, addresses, insurance information and clinical information (such as the reason for a visit) and SSN for some of the patients.
MGM Resorts– (10,600,000 Records)
Exposed on February 20th, 2020 – An unauthorized access to one of the MGM Resorts’s cloud servers affected the information of possibly 10.6 million guests. Exposed data included full names, home addresses, phone numbers, emails, and dates of birth, posted to a hacking forum.
Ministère de l’Éducation et de l’Enseignement supérieur – (360,000 Records)
Exposed on February 24th, 2020 –A malicious attack in Ministère de l’Éducation et de l’Enseignement supérieur lead to breach of atleast 360,000 educators in Quebec Province. Exposed information include Social Insurance Number, last name, first name, date of birth of teachers who completed a contract of 20 days or more.
Decathlon – (123,000,000 Records)
Exposed on February 25th, 2020 –French sporting retail giant Decathlon has accidentally exposed the user data via a misconfigured. Exposed data contain the information from Decathlon’s UK and Spanish business. Leaked information include customer and employee information, possibly employee usernames, unencrypted passwords and personally identifiable information (PII) including social security numbers, full names, addresses, mobile phone numbers, email addresses, addresses and birth dates.
Britain’s Financial Conduct Authority – (Unknown Records)
Exposed on February 25th, 2020 –Britain’s Financial Conduct Authority (FCA) has accidentally leaked the private information, including the names and some contact details of people who had made complaints against the watchdog in 2018 and 2019, on its website.
Slickwraps – (850,000 Records)
Exposed on February 25th, 2020 –Slickwraps, a Kansas-based mobile device case retailer affected with an unauthorized access. The leaked information included names, email addresses, physical addresses, phone numbers, and purchase histories of the customers. Company stated that only the data entered as “Guest” wasn’t exposed.
Transavia – (80,000 Records)
Exposed on February 25th, 2020 – Dutch low-cost airline Transavia notified that as many as 80,000 Transavia passengers’ data was exposed following a cyber-attack. The exposed data contained passengers’ full names, their date of birth, luggage reservations, and whether or not they required assistance at the airport, such as a wheelchair.
Company Clearview AI – (3,000,000,000 Records)
Exposed on February 27th, 2020 – Hackers stole entire client data list from the facial recognition company Clearview AI by gaining unauthorized access to its customers list.
LINCOLN COUNTY – (Unknown Records)
Exposed on February 28th, 2020 –Personal information of some of the Lincoln County Schools workers’ has been exposed in a phishing scam by some unauthorized third party. This breach exposed names and social security numbers of a couple of school employees.
RailWorks Corporation – (Unknown Records)
Exposed on February 28th, 2020 – RailWorks Corporation notified a ransomware attack that led to the exposure of PII of current and former employees, their beneficiaries and dependents, as well as that of independent contractors.
Straffic – (49,000,000 Records)
Exposed on February 28th, 2020 – An Israeli marketing firm exposed 49 million user’s data from an unprotected web server. The information exposed was customer’s email IDs.
Walgreens – (Unknown Records)
Exposed on March 1st, 2020 –Official mobile app Walgreens leaked exposed details such as first and last name, prescription details, store number, and shipping addresses, where available of some of its users. Some database bug lead to this breach.
UK railway stations – (10,000 Records)
Exposed on March 2nd, 2020 – About 10,000 email ids of people who used free wi-fi at UK railway stations have been exposed online. The data was leaked from unsecured Amazon web services storage.
J. Crew – (Unknown Records)
Exposed on March 3rd, 2020 – An unauthorized third-party accessed J.Crew and obtained personal information. Impacted information include the last four digits of payment card numbers, expiration dates, card types and billing addresses as well as order numbers, shipping confirmation numbers and shipment status. accounts nearly a year ago.
J. Crew – (2,66,000 Records)
Exposed on March 5th, 2020 – A data breach has occurred at Trident Crypto Fund , where hacker decrypted and published the data of around 1,20,000 passwords. Exposed data is said to have included email addresses, cell phone numbers, encrypted passwords, and IP addresses.
Princess Cruises and Holland America Line – (Unknown Records)
Exposed on March 5th, 2020 – An unauthorized party access to the email accounts of employees working for Princess Cruises and Holland America Line — both divisions of Carnival Corporation & plc , resulted in the leaking of names, Social Security numbers, passport numbers, national identity card numbers, credit card and financial account information and health information.
T-Mobile – (Unknown Records)
Exposed on March 5th, 2020 – A malicious cyber attack targeted its email vendors resulting in unauthorized access to employees email ids. Exposed data included customer names phone numbers, addresses, account numbers, rate plans and features, and billing information.
Carnival Corporation & plc – (Unknown Records)
Exposed on March 5th, 2020 – An unauthorized party gained access to the employees’ email accounts working for Princess Cruises and Holland America Line — both divisions of Carnival Corporation & plc
Affected data include names, Social Security numbers, passport numbers, national identity card numbers, credit card and financial account information and health information.
Virgin Media – (900,000 Records)
Exposed on March 6th, 2020 –Unauthorized persons breached to incorrectly configured database that was used to store marketing information. Exposed information include names, home and email addresses, phone numbers and in some cases birth dates.
Orsegups Participações – (Unknown Records)
Exposed on March 6th, 2020 – The data exposed due to configuration failure on a server of Orsegups Participações leading to the revealing of series of tax documents, showing contract values and staff information of clients. Affected data is including the clients’ full names, social security numbers, addresses and telephone numbers.
Open Exchange Rates – (Unknown Records)
Exposed on March 16th, 2020 – A disclosed data breach in Open Exchange Rates resulted in exposing of name, email addresses, encrypted/hashed passwords, IP addresses, App IDs
European Union – (Unknown Records)
Exposed on March 16th, 2020 – A database hosted on Amazon Web Services accidentally left open and hence resulted in leaking of customer names, email addresses, shipping addresses, purchases and the last four digits of credit card numbers.
Blisk browser – (2,900,000 Records)
Exposed on March 17th, 2020 – The web-development browser Blisk suffered a data leaking of over 2.9 million records through an open Elasticsearch database that was left open. The exposed information also include a ca.gov email address, IP addresses and user agent details.
Rogers Communications – (Unknown Records)
Exposed on March 19th, 2020 –Customer names, addresses, account numbers, email addresses and telephone numbers were accidentally exposed by third party vendor which handles promotional offer fulfillment for Rogers Communications, Canadian telecom provider.
Tupperware – (Unknown Records)
Exposed on March 20th, 2020 – Malicious code was hidden by hackers at the checkout page of tupperware.com resulting in collecting customer payment information.
University of Utah – (Unknown Records)
Exposed on March 23rd, 2020 – An unauthorized access to some employees email accounts of University of Utah leading to the exposure of some patient information, such as names, dates of birth, medical record numbers, and clinical information about received care
GE and Canon – (Unknown Records)
Exposed on March 24th, 2020 – GE and Canon suffered with phishing attach by an unauthorized third party leading to the exposure of Direct deposit forms, driver’s licenses, birth certificates, passports, marriage certificates, medical child support orders, tax withholding forms applications for benefits such as retirement or severance and these documents may have contained Social Security numbers, banks account numbers, birth dates, names, addresses and drivers’ licenses among other information contained in relevant forms.
OZARK ORTHOPEDICS – (15,240 Records)
Exposed on March 30th, 2020 – Data is breached at OZARK ORTHOPEDICS, PA resulted in affecting 15240 patients. Exposed information include patient names and treatment information, diagnosis information, prescription information, medication information, health insurance information, Medicare/Medicaid identification numbers, social security numbers, and/or financial account information.
Marriott International – (5,200,000 Records)
Exposed on March 31st, 2020 – An unauthorized party access stole login credentials of one of the app used by Marriott International resulted in leaking of names, mailing addresses, email addresses, phone numbers, loyalty account numbers and point balances, employers, genders, birthdays (day and month only), airline loyalty program information, and hotel preferences such as room and language selections.
Telegram – (42,000,000 Records)
Exposed on March 31st, 2020 – A third party version of a popular messaging app Telegram leaked online information of 42 million records due to misconfigured cloud. Exposed information is account IDs, phone numbers, names and hashes along with secret keys.
Origin unknown– (4,900,000 Records)
Exposed on April 1st, 2020 –Data corresponding to over 4.9 million of citizens from the country of Georgia, both living and dead has been posted by a member of hacking forum. Compromised information includes names, birth dates, home addresses, ID numbers and mobile phone numbers.
Key Ring– (14,000,000 Records)
Exposed on April 2nd, 2020 –Key Ring’s misconfigured Amazon Web Services S3 bucket resulted in exposing of 14 million Users of the App. Compromised information include payment, driving license, government IDs, credit card, NRA Club membership and medical card information.
Berkine– (Unknown Records)
Exposed on April 6th, 2020 –Berkine is cyber attacked by Maze ransomware. Breached data include information related to budgets, organizational strategies, production quantities, and similar sensitive data.
Wolfe & Associates – (Unknown Records)
Exposed on April 6th, 2020 –A California Property Management Company belongs to Wolfe & Associates is compromised with data breach. Compromised information include rental applications having customer names, date of birth, SSN, home address and driving license number.
Email.it – (600,000 Records)
Exposed on April 7th, 2020 – The Email.it is hacked by A No Name hacker and the stolen data is placed in dark web for sale. As per hacker’s claim stolen information include plaintext passwords of the databases, security questions, email content, and email attachments for more than 600,000 users who signed up and used the service between 2007 to 2020.
Saint Francis Ministries – (Unknown Records)
Exposed on April 13th, 2020 – Saint Francis Ministries, Kansas based non-profit organization suffered by an unauthorized party attack. Exposed information includes social security numbers, birth dates, driver’s licenses and state IDs, bank and financial account numbers, payment card numbers, treatment and diagnosis information, prescription information, provider names, medical record numbers and patient IDs, Medicare and Medicaid numbers, health insurance information, treatment cost information, and credentials (usernames and passwords).
Webkinz – (23,000,000 Records)
Exposed on April 20th, 2020 – Massive data breach at children’s website Webkinz resulted in exposure of 23 million user login credentials. Although just the User names are visible and passwords are still encrypted as per Webkinz tweet.
Michigan State University – (Unknown Records)
Exposed on May 28th, 2020 – Michigan State University is breached by an unknown ransomware. Stolen information mainly include passport information, date of birth, names, address etc.
Advanced Info Service – (1,300,000 Records)
Exposed on May 28th, 2020 – Unknown hackers have stolen the data for 1.3 million civil servants approximately at the Education and Culture Ministry. Leaked information include full names, citizenship identification numbers (NIK), Family Card numbers, home addresses, mother’s names, father’s names, marital status, birthplace and date and other personal information.
The Education and Culture Ministry – (8,000,000,000 Records)
Exposed on May 28th, 2020 – More than 8 billion real-time Internet records of users of Thailand’s largest cell network, Advanced Info Service (AIS), were leaked due to a misconfigured Elasticsearch database. The affected information included a combination of NetFlow data and DNS query logs.
Minted – (5,000,000 Records)
Exposed on May 28th, 2020 – Minted, a US-based marketplace has disclosed a data breach after a hacker sold a database on darkweb. Exposed information include mailing addresses and phone numbers, user names , email ids , Telephone number, billing address, shipping address, date of birth and hashed passwords.
New Mexico County Government – (Unknown Records)
Exposed on May 28th, 2020 – The ransomware attack against Rio Arriba County encrypted network servers, electronic files, and databases. The damage extent is under investigation.
Government data of Taiwanese – (29,000,000 Records)
Exposed on May 29th, 2020 – Government data of Taiwanese citizens is leaked and recovered from dark web. Exposed information includes full name, full address, ID, gender, date of birth, and other info.
The Kentucky Education & Workforce Development Cabinet – (Unknown Records)
Exposed on May 29th, 2020 – The Kentucky Education & Workforce Development Cabinet (EWDC) suffered with a data leak in its Unemployment Insurance Portal, as a result insurance claimants could view the identity verification documents of other claimants.
JRD website – (2,700 Records)
Exposed on June 1st, 2020 – Details for roughly 2,700 users registered on the JRD website left exposed on an Amazon Web Services S3 bucket owned by their own company. Data that could have been exposed in the case someone found and downloaded the backup includes details such as: Full name,Business address,Business email address,Business phone number,Company URL,Nature of business,Encrypted password (hashed),IP address,Newsletter subscription preferences.
Haryana Government – (Unknown Records)
Exposed on June 1st, 2020 – Highly confidential and sensitive information of Haryana residents gathered by the state government was compromised in recent data breach by unauthorized access. The compromised data including names, family details, Aadhar number, bank account numbers and phone numbers of lakhs of residents of the state.
8Belts – (100,000 Records)
Exposed on June 2nd, 2020 – 8Belts is a data exposed as it was hosted on misconfigured Amazon Web Services resulted in exposure of identity numbers, full names, email IDs, and contact information and other identity thefts.
ST Engineering – (Unknown)
Exposed on June 2nd, 2020 – Maze ransomware is claiming to steal information from ST Engineering, which is one of the leading engineering groups worldwide, it specializes in the aerospace, electronics, land systems, and marine sectors. Exposed information includes the company’s cyber insurance documents, various contract calculations worksheets, NASA give review rules, and much more.”
Unknown Origin – (Unknown Records)
Exposed on June 3rd, 2020 – More than 1 lakh scanned copies of Indians’ national IDs, including Aadhaar, PAN card and passport, have been put on dark web for sale. Personal information especially financial information over phone, e-mail or SMS has been leaked from this.
The San Francisco Employees’ Retirement System – (74,000 Records)
Exposed on June 3rd, 2020 – The San Francisco Employees’ Retirement System (SFERS) has suffered a data breach after an unauthorized person gained accessed to database containing the information of 74,000 members. The leaked information for all members includes a member’s name, address, date of birth, beneficiary information, IRS Form 1099R information (excluding SSN), the direct deposit bank account routing numbers, login name and security questions and answers.
US Nuclear Missile Sub-Contractor – (Unknown Records)
Exposed on June 3rd, 2020 – US Nuclear Missile Sub-Contractor hit by cyber attack resulting in swiping off confidential information. The file appears to contain sensitive data including company emails, payroll, and personal information.
Chartered Professional Accountants of Canada – (329,000 Records)
Exposed on June 4th, 2020 – Cyber attack against the Chartered Professional Accountants of Canada (CPA) by unauthorized third parties exposed the information of 329,000 members and stakeholders. Exposed information includes names, addresses, email addresses, employer names, passwords and full credit card numbers.
The City of Austin – (Unknown Records)
Exposed on June 4th, 2020 – The City of Austin’s websites was hacked by anonymous hackers in protest against the Austin Police Department making it to go offline.
Nintendo – (160,000 Records)
Exposed on June 6th, 2020 – Nintendo, a Japanese video game company suffered with major data breach of 160,000 accounts. Compromised information includes date of birth, and email addresses.
Enel Group – (Unknown Records)
Exposed on June 7th, 2020 – European energy company giant Enel Group attacked by a ransomware that impacted its internal network. However Company did not find any evidence where personally identifiable information was impacted.
Korean credit card data – (900,000 Records)
Exposed on June 8th, 2020 – Over 900,000 details of credit cards held by South Koreans were leaked and traded on overseas online black markets. The exposed information included the card numbers, expiration dates and validation codes, a three-digit security code on the back of cards. No passwords have been leaked.
Magellan Health Inc – (Unknown Records)
Exposed on June 12th, 2020 – Magellan Health Inc was attacked by a ransomware where it is suspected that the customer information such as physical addresses and health insurance account details may have been leaked.
Claire’s – (Unknown Records)
Exposed on June 15th, 2020 – The Claire’s online store and that of its sister brand Icing have been compromised by Megacart attackers with payment card skimmers.
Foodora – (727,000 Records)
Exposed on June 15th, 2020 – Delivery Hero confirmed data breach of its brand Foodora which is done in 14 countries affecting 727,000 accounts – names, addresses, phone numbers and hashed passwords. It also contains latitude and longitude coordinates to six decimal points, which is accurate to within just a few inches.
Dating Apps – (2,500,000 Records)
Exposed on June 15th, 2020 – Close to 2.5 million records of data from a different specialized dating app, including 3somes, Cougary, Gay Daddy Bear, Xpal, BBW Dating, Casualx, SugarD, Herpes Dating, and GHunt is publicly accessible through Amazon Web Services “buckets.” The exposed data included limited “personally identifying information,” like real names, birthdays, or email addresses, sexually explicit photos and audio recordings.
Italian sales agents – (36,000 Records)
Exposed on June 16th, 2020 – An unsecured Amazon Simple Storage Service (S3) bucket is uncovered that contains more than 36,000 documents, including scans of national IDs, credit cards, and health insurance cards. The database also contains sales representative enrollment contracts that include personally identifiable information such as full names, addresses, tax identification numbers, and signatures of mostly Italian citizens.
Cognizant – (Unknown Records)
Exposed on June 17th, 2020 – IT services Company Cognizant suffered with the ransomware attack by Maze. Stolen information include sensitive personal information such as SSN, Tax IDs, financial information, and driver’s licenses, and passports.
Indonesian COVID-19 patients – (230,000 Records)
Exposed on June 21st, 2020 – The information of more than 230,000+ patients’ is being sold in one of the dark webs. The leaked dump includes name, address, present address, telephone number, citizenship, diagnosis date, result, result date, and many more.
MMO Game – (1,300,000 Records)
Exposed on June 22nd, 2020 – More than 1.3 million records of Popular MMO game have been stolen and being sold on dark web forums. Exposed information is User Name, Passwords, Email Address, Phone numbers and IP Addresses belonging to Stalker Online Player.
Law enforcement agencies and fusion centers – (1,000,000 Records)
Exposed on June 22nd, 2020 – More than 10 years worth of files belonging to over 200 police departments, US law enforcement agencies and fusion centers have been published online. The stolen data contains more than one million files, such as scanned documents, videos, emails, audio files, and more.
Indiabulls Group – (19,000 Records)
Exposed on June 22nd, 2020 – The CLOP Ransomware operators claimed recently to have breached Indiabulls. The leaked information include documents like a voucher, a letter, and four spreadsheets related to the Indiabulls Pharmaceuticals and Indiabulls Housing Finance Limited subsidiaries.
Frost & Sullivan – (Unknown Records)
Exposed on June 24th, 2020 – Business consulting firm Frost & Sullivan is breached after data from an unsecured backup folder exposed on the Internet was sold on a hacker forum. The customer database includes information such as the client name, the company contact, email address, whether they are confidential, and other non-sensitive data. On the other hand, the exposed employee database had more sensitive information such as login names, first and last names, email addresses, and hashed passwords.
Cano Health – (Unknown Records)
Exposed on June 24th, 2020 – A Healthcare company found that breach occurred to its employees’ email ids leading in accessing the personal information of the patients. Compromised information includes patient name, date of birth, contact information, healthcare information, insurance information, social security information, government identification number and financial account numbers.
Oneclass – (Unknown Records)
Exposed on June 25th, 2020 – An unsecured database belonging remote learning platform OneClass has exposed information linked with over a million students in North America who use the platform to access study guides and educational assistance. Exposed information included full names, email addresses (some masked), schools and universities attended, phone numbers, school and university course enrollment details and details of OneClass account.
Exposed on June 25th, 2020 – Personal information of more than 100,000 social media influencers and more than 250,000 social media users have been compromised in a breach at social media marketing firm Preen.Me Leaked information include email IDs, names, social media links, phone number and home addresses.
IndiaMART – (40,000 Records)
Exposed on June 25th, 2020 – A breach at IndiaMART has leaked the sensitive data of over 40,000 suppliers added to India Mart marketplace. Each record was said to consist of sensitive information including suppliers’ user IDs, full names, addresses, email addresses, and phone numbers.
Emergency distress messages – (Unknown Records)
Exposed on June 26th, 2020 – The emergency distress messages of thousands of domestic violence victims have been exposed due to misconfiguration of a back-end AWS Bucket by a Developer. The exposed information includes Victim’s Full name, home address, their circumstances, abuser’s full name, and personal details.
Twitter – (Unknown Records)
Exposed on June 29th, 2020 – Twitter suffered a data breach due to a bug in its platform resulting in the possible stealing and gaining access of the User Data. The compromised information may have included email addresses, telephone numbers, and the last four digits of clients’ credit card numbers.
Maine State Police – (Unknown Records)
Exposed on June 29th, 2020 – Maine State Police suffered with Data breach on 20th June 2020 resulting in the leak of database information like crime information and situational awareness bulletins. Expected exposed information is full name and date of birth of people under investigation by other law enforcement agencies.
Limeroad – (1,290, 000 Records)
Exposed on July 1st, 2020 – Indian e-commerce app Limeroad suffered with a breach of 1.29 million shoppers details which are put on sale on dark web. Exposed information includes the full names of users, their phone numbers and email ids.
CNY Works career center – (56,000 Records)
Exposed on July 2nd, 2020 – Personal information of 56,000 clients has been breached at CNY Works career center resulted in expose of personal data for financial gain.
BMW – (384,319 Records)
Exposed on July 2nd, 2020 – UK BMW customer database of 384,319 is sold on dark web. The exposed information included initials and last names, emails, addresses, vehicle numbers, dealer names, among other information.
Bicycle Sharing Company – (Unknown Records)
Exposed on July 6th, 2020 – Bicycle Sharing Company in Texas was hacked, resulting in exposing credit card information, names and addresses.
Online Stores – (Unknown Records)
Exposed on July 7th, 2020 – 184000 cards have been stolen from online e-commerce portals by the Keeper Hackers resulted in leaking of customer’s payment details and their names and other PII information.
MongoDB – (229,000 Records)
Exposed on July 10th, 2020 – NoSQL databases like MongoDB is hacked with notes from approximately 22900 MongoDB databases revealing the Victim’s general data.
Savings Bank Argenta – (Unknown Records)
Exposed on July 13th, 2020 – Two ATMs of Antwerp-based savings bank Argenta have fallen victim to Jackpotting Attacks. This is done by installing a malicious software and/or hardware on an ATM that forces the machine to spew out all of its cash on demand.
Benefit Recovery Specialists Inc. – (275,000 Records)
Exposed on July 13th, 2020 – Houston-based billing and debt collection vendor Benefit Recovery Specialists Inc. is suffered with data breach affecting 275,000 individuals. Information that may have been compromised includes name, date of birth, date of service, provider name, policy identification number, procedure code, and/or diagnosis code, BRSI says. For a small number of individuals, Social Security number may also have been exposed the statement adds.
Wattpad – (270,000,000 Records)
Exposed on July 14th, 2020 – 270 million records have been stolen from Wattpad database. Compromised information includes user names, names, hashed passwords, email addresses, and general geographic location.
Citrix Systems, Inc – (Unknown Records)
Exposed on July 14th, 2020 – Data is hacked from Citrix Systems, Inc. Exposed information shared on Twitter includes Full names, Phone numbers, Email addresses, Company name, Physical address details
Bhinneka– (1,262,300 Records)
Exposed on July 15th, 2020 – Data for 1,262,300 accounts have been breached from an Indonesian store Bhinneka’s database. Exposed information includes Unique IDs,Full names,Email addresses, Gender,Contact numbers,Passwords,Address details,Date of Births(DOBs),Social media IDs,Log details such as the last login information,Classification of whether the user is an admin or a staff member which also hints that the database may include employee details.
Hong Kong Catholic Church – (Unknown Records)
Exposed on July 15th, 2020 – Hong Kong Catholic Church is hacked by China government’s hackers. So far hacked information is not shared.
MyCastingFile.com – (260,000 Records)
Exposed on July 16th, 2020 – Private data for more than 260,000 individuals from New Orleans-based MyCastingFile.com is exposed due to unsecured database on Google Cloud. Compromised Personally identifiable information (PII) made publicly available via the leak included names, physical addresses, email addresses, phone numbers, work histories, dates of birth, height and weight, ethnicity, and physical features of interest to potential employers — such as hair color and length.
Orange Company – (Unknown Records)
Exposed on July 16th, 2020 – Orange suffered a ransomware attack exposing the data of twenty of their enterprise customers.
Dreamfii HK Limited – (20,000,000 Records)
Exposed on July 16th, 2020 – Hong Kong based VPN Company is suffered with the data breach with more than 20 million users logs. Compromised information includes plain text passwords, IP addresses, timestamps of user connections, session tokens, information of the device, and OS being used along with geographical information in the form of tags.
E-learning Platform – (1,000,000 Records)
Exposed on July 16th, 2020 – H
Dreamfii HK Limited – (20,000,000 Records)
Exposed on July 20th, 2020 – Approximately one million records containing the personal information of online students have been leaked after cloud misconfiguration by five e-learning platforms. The exposed information included full names, home and email addresses, ID numbers, phone numbers, dates of birth and course/school information.
Lorien Health Services – (Unknown Records)
Exposed on July 20th, 2020 –Lorien Health Services in Maryland announced a ransomware incident. Exposed information included residents’ names, Social Security numbers, dates of birth, addresses, and health diagnosis and treatment information.
Genealogy Software Maker – (Unknown Records)
Exposed on July 21st, 2020 – Tens of thousands of its users’ personal information is leaked online via a misconfigured cloud server, according to researchers. Among the details leaked to the public-facing internet were email addresses, geolocation data, IP addresses, system user IDs, support messages and technical details.
University of York – (Unknown Records)
Exposed on July 22nd, 2020 – The University of York launched an investigation after it had personal details of staff and students stolen by hackers. The university uses the Blackbaud system to record engagement with members of the university community, including alumni, staff and students and extended networks and supporters, it outlined. In terms of the data stolen, the University of York stated this may have included information such as date of birth, name and student number along with address, email address, phone number and professional details.
Instacart – (Unknown Records)
Exposed on July 23rd, 2020 – The personal information of Instacart customers is being sold on the dark web. The exposed information include names, the last four digits of credit card numbers, and order histories, and appears to have affected customers who used the grocery delivery service as recently as yesterday.
Railway Management Body – (Unknown Records)
Exposed on July 23rd, 2020 – Spain’s State-Owned Railway Management Body hit by REvil ransomware. Exposed data includes high-speed hiring committee contracts, property records, field work reports, project action plans, documents about customers, contact information, correspondence records, and more.
Dave.com – (7,516,625 Records)
Exposed on July 26th, 2020 – Security breach occurred to Tech unicorn Dave affecting 7.5 milion users. Exposed information includes a wealth of information, such as real names, phone numbers, emails, birth dates, and home addresses
OnePlus – (Unknown Records)
Exposed on July 27th, 2020 – Chinese smartphone maker OnePlus has recently exposed hundreds of customer email addresses while sending out a mass mailer for a research study to a select number of users.
Promo.com – (2,600,000 Records)
Exposed on July 27th, 2020 –Promo.com has suffered a database containing 22 million user records was leaked for free on a hacker forum. This data contains users names, email addresses, genders, geographic location, and for 2.6 million of the users, their hashed passwords.
The Idaho State Parks and Recreation, STEM Action Center and personal protective equipment – (Unknown Records)
Exposed on July 27th, 2020 –The Idaho State Parks and Recreation, STEM Action Center and personal protective equipment supply site were hacked. No sensitive data was compromised in either incident.
Walgreens – (70,000 Records)
Exposed on July 27th, 2020 – Prescription information and other data of 70,000 customers have been stolen from Walgreens stores during a breach occurred on 27th July.
M.J. Brunner Inc. – (Unknown Records)
Exposed on July 27th, 2020 – M.J. Brunner Inc. suffered with May Ransomware attack resulting in exposure of user names, emails and some physical addresses and phone numbers were nicked from the provider.
National Cardiovascular Partners – (Unknown Records)
Exposed on July 27th, 2020 – A ransomware attack to National Cardiovascular Partners occurred by gaining email access to one of its employees. Compromised information include patient information, including names, contact information, and a host of other sensitive data that varied by patient.
Dunzo – (Unknown Records)
Exposed on July 30th, 2020 – Hyperlocal delivery application Dunzo suffered with data breach. This unauthorized access and breach of the company’s database, included information like phone numbers, email addresses, the users’ last known location, phone type, and last login dates.
Gujarat Technological University – (24,000 Records)
Exposed on July 31st, 2020 – Personal data of 24,000 students who took the pre-test for an online exam at Gujarat Technical University was allegedly leaked or stolen and put up on the varsity’s website.
Athens ISD – (Unknown Records)
Exposed on July 31st, 2020 – A ransomware attack to Athens Independent School District occurred resulting in blocking the complete access to data including teacher communications, student schedules, grades, and assignments. There is no information stolen as such. Athens ISD Board of Trustees paid $50 k in order to release the access.
Havenly – (1,300,000 Records)
Exposed on August 1st, 2020 – Online interior design and home decoration site, Havenly suffered with data breach, where hacked data is published on a hacker forum for free. Compromised information includes user’s login name, full name, MD5 hashed password, email address, phone number, zip, and various other data related to the usage of the site.
Regis – (Unknown Records)
Exposed on August 3rd, 2020 – The ransomware attack against ASX-listed aged care operator Regis has led to the release of sensitive personal data. The exposed information is believed to include personal information relating to a small number of residents at Regis facilities as well as a staff member.
Zello– (Unknown Records)
Exposed on August 3rd, 2020 – Zello, push-to-talk app, has disclosed a data breach revealing user’s email addresses and hashed passwords after discovering unauthorized activity on their systems.
Kentucky’s unemployment system – (Unknown Records)
Exposed on August 3rd, 2020 – Kentucky’s unemployment system suffered with data breach, resulting exposure of information of other claimant’s former employer and health.
Beaumont Health – (6,000 Records)
Exposed on August 4th, 2020 – Email accounts of Michigan’s largest healthcare provider have been compromised in a cyber attack . Emails within the compromised accounts contained PHI that included names, dates of birth, diagnoses, diagnosis codes, procedure and treatment information, type of treatment provided, prescription information, patient account numbers, and medical record numbers.
Financial Technology Company – (21,000 Records)
Exposed on August 10th, 2020 – Sensitive data of more than 21000 students of an Indian Financial Technical Company is stolen and is on sale on dark web. Some of the information including their Aadhar cards, university IDs, photo and full signature, Name, phone, email, Aadhar Number, Date of Birth, Gender, Full Address, College, Course, Graduation Date, Friend’s name, Friends’ number,”.
Michigan State University – (2,600 Records)
Exposed on August 10th, 2020 – An unauthorized access to Michigan State University’s online store stole the credit card and other PII information. Exposed information during the incident is Customer names, addresses and credit card numbers of about 2,600 customers.
Beaumont Health – (6,000 Records)
Exposed on August 4th, 2020 – Freeport-based healthcare provider suffered with the data theft by an Unauthorized person leading to the sensitive information compromise. Information exposed in the data breach included some patients’ names, dates of birth, medical record or patient account numbers, health insurance information, and limited treatment and/or clinical information, such as provider names, diagnoses, and medication information. In some cases, patients’ health insurance information and/or Social Security numbers were also identified in the compromised email accounts.
Sans Institute – (28,000 Records)
Exposed on August 12th, 2020 – PII of 28,000 records of Sans Institute is compromised. Exposed information included files that contained some subset of email, first name, last name, work title, company name, industry, address, and country of residence.
Israeli Defense Industry – (Unknown Records)
Exposed on August 12th, 2020 – Israel suffered with cyber security attack resulted in stealing of classified data. Hacking group was linked to North Korea.
Canon – (Unknown Records)
Exposed on August 14th, 2020 – Canon suffered a cyber attack by an Unauthorized ransomware. Compromised information include videos. As such no financial information is leaked during this breach.
AI Company – (2,500,000 Records)
Exposed on August 17th, 2020 – Sensitive medical data and PII are exposed by an Artificial Intelligence company due to an unsecured server. The records included names, insurance records, medical diagnosis notes, and much more.
Ponca City Schools – (Unknown Records)
Exposed on August 18th, 2020 – Ponca City Public Schools hit with Ransomware attack resulting in the damage to external server.
Experian South Africa – (24,000,000 Records)
Exposed on August 19th, 2020 – The South African branch of consumer credit reporting agency Experian suffered with a data breach. Compromised information include only personal information but no financial information was leaked.
Freepik – (8,300,000 Records)
Exposed on August 21st, 2020 – Freepik company suffered with data breach. Exposed information included users’ email id and password.
RailYatri – (37,000,000 Records)
Exposed on August 24th, 2020 – Customer and corporate data of a corporate travel company is compromised by meow ransomware. Exposed information in the misconfiguration were users’ full names, age, gender, physical and email addresses, mobile phone numbers, booking details, GPS location and names/first and last four digits of payment cards.
Brookfield Residential – (Unknown Records)
Exposed on August 25th, 2020 – Darkside ransomware stole data from Brookfield Asset Management (brookfield.com). Compromised information include from corporate HR, Finance, Payroll, Administration, Business Plan, Commercial and many more departments
Sumitomo Forestry Co., Hitachi Chemical Co – (Unknown Records)
Exposed on August 26th, 2020 – Authentication data for Sumitomo Forestry Co., Hitachi Chemical Co. and 36 other Japanese companies is stolen and leaked by hackers.
Sendgrid – (Unknown Records)
Exposed on August 28th, 2020 – Email marketing company Sendgrid is hacked resulting in leak of large number of customer accounts passwords.
Utah Pathology Services – (112,000 Records)
Exposed on August 31st, 2020 – Utah Pathology Services suffered with an Unauthorized access resulting in exposure of patient information. Exposed information include Date of birth , Gender, Phone number, Mailing address, Email address, Insurance information including ID and group numbers and clinical and diagnostic information related to pathology services And, for a smaller percentage of patients, Social Security number.
NSW Government – (54,000 Records)
Exposed on August 31st, 2020 – Scan of 54,000 Australian Drivers’ license in an open amazon S3 bucket is exposed due to configuration.
The Norwegian parliament – (Unknown Records)
Exposed on Sep 2nd, 2020 – Parliament suffered a cyber attack resulting in hacking of e-mail accounts of several elected members and employees.
The Australian Computer Emergency Response Team (AusCERT) – (1,000,000 Records)
Exposed on Sep 2nd, 2020 – Hackers breached the Department of Education, Skills, and Employment (DoE), and stole the personal details of more than one million students, teachers, and staff.
The Jewish Federation – (Unknown Records)
Exposed on Sep 3rd, 2020 – The Jewish Federation of Greater Washington hacked and drained $7.5 million from its endowment fund and funneled the money into international accounts.
Roper St. Francis Hospital – (6,000 Records)
Exposed on Sep 5th, 2020 – Hospital affected by a data breach that allowed attackers to steal the data of 6,000 patients that was medical records and other personal information stolen by an unknown attacker.
The Jewish Federation of Greater Washington – (6,000 Records)
Exposed on Sep 5th, 2020 – Hacker stole $7.5 million from the endowment funds of The Jewish Federation of Greater Washington, a non-profit from Maryland in the US.
Service NSW – (186,000 Records)
Exposed on Sep 7th, 2020 – Personal information of 186,000 customers is stolen because of a cyber attack at Service NSW. 3.8 million documents were stolen from the email accounts.
K-Electric – (Unknown Records)
Exposed on Sep 9th, 2020 – K-Electric, the sole electricity provider has suffered a Netwalker ransomware attack that led to the disruption of billing and online services.
The Slovakian crypto exchange – (Unknown Records)
Exposed on Sep 9th, 2020 – Slovakia based cryptocurrency exchange suffered with a targeted hacking attack. Assets cryptocurrencies worth approximately $ 5.4 million were stolen.
Thai hospitals and companies – (Unknown Records)
Exposed on Sep 10th, 2020 – Hospitals and companies were hit by hackers who held their computer systems and data ransom, demanding payment to restore information.
US School System – (Unknown Records)
Exposed on Sep 10th, 2020 – Ransomware attack by cyber-criminal gang has successfully targeted Fairfax County Public Schools in Virginia and uploaded a zip file of data they claim was ex filtrated from the school system.
SoftServ – (Unknown Records)
Exposed on Sep 11th, 2020 – Software developer and IT services provider suffered a ransomware attack that may have led to the theft of customers’ source code.
Staples – (Unknown Records)
Exposed on Sep 14th, 2020 – Retail company Staples suffered with data breach, they informed to some of their customers that their data related to their orders has been accessed without authorization.
Department of Veteran Affairs – (46,000 Records)
Exposed on Sep 14th, 2020 – Data Breach at US Department of Veteran Affairs Affected 46,000 Veterans by “unauthorized users” and took Veteran’s personal information.
US healthcare organizations – (190,000 Records)
Exposed on Sep 16th, 2020 – Two US healthcare organizations suffered with data breach impacting 190,000 patients. Exposed Patient details including names, ages, addresses, medical records, dates of treatments, and medical insurance information.
German Shopping Site – (500,000 Records)
Exposed on Sep 16th, 2020 – In Germany popular shopping site has exposed personal data of more than half a million people online due to misconfiguration .
University Hospital New Jersey – (48,000 Records)
Exposed on Sep 16th, 2020 – University Hospital New Jersey has suffered with data breach that leaked patient information including authorization forms, copies of driving licenses, Social Security Numbers (SSNs), date of birth (DOB), and records about the Board of Directors.
National Informatics Centre – (Unknown Records)
Exposed on Sep 18th, 2020 – Cyber attack on NIC computers in India, which contain crucial information and data on India’s security, citizens and important government functionaries, including the prime minister, National Security Advisor, the home minister , among others.
The College of the Nurses of Ontario – (Unknown Records)
Exposed on Sep 18th, 2020 – Netwalker ransomware attack on the College of the Nurses of Ontario have ex-filtered College nurses data. Exposed content includes the personal information of the nurses.
Belarus police officers – (1,003 Records)
Exposed on Sep 20th, 2020 – Hackers leaked Belarus high ranking police officers information. Information such as lieutenants, majors, and captains names, date of birth, and the officers departments and job titles was leaked.
Ontario’s Nurses College – (190,000 Records)
Exposed on Sep 21st, 2020 – Ontario’s Nurses College suffered with cyberattack that may have Compromised the Personal Information of Nearly 190,000 Individuals.
Arbiter Sports – (540,000 Records)
Exposed on Sep 21st, 2020 – ArbiterSports, the official software provider for the NCAA (National Collegiate Athletic Association) and many other leagues suffer with a ransomware attack in which after blocking the attempt to encrypt its local data, the hackers reached out and demanded payment in exchange for deleting the files that they obtained.
US People – (3,000,000 Records)
Exposed on Sep 21st, 2020 – Over 3 million people in the United States have been impacted by the attack on Blackbaud, which has also impacted a number of universities, charities, and organizations in the United Kingdom.
Luxottica – (3,000,000 Records)
Exposed on Sep 22nd, 2020 – Luxottica suffered with a cyberattack that has led to the shutdown of operations in Italy and China.
Long Island Hospital – (Unknown Records)
Exposed on Sep 23rd, 2020 – Long Island Hospital suffered with data breach. Exposed information includes the name, date of birth, address, contact information, attending doctor, insurance provider, and medical service department.
Shopify Inc – (200 Records)
Exposed on Sep 23rd, 2020 – Shopify Inc. said that data of customers who shopped at fewer than 200 merchants listed on the company’s e-commerce platform was likely exposed after two employees tried to steal transaction records. Exposed information may include email, name, and address, as well as order details, but does not involve complete payment card numbers or financial information.
Midwest Property Management – (1,200,000 Records)
Exposed on Sep 23rd, 2020 – Property Management Company publicly exposed 1.2 million records of Client / Tenant and Visitors names, emails, addresses, phone numbers.
Federal agency – (1,200,000 Records)
Exposed on Sep 25th, 2020 – The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert that a federal agency suffered with Cyberattack and the threat actor logged into a user’s O365 account from Internet Protocol (IP) address 91.219.236[.]166 and then browsed pages on a SharePoint site and downloaded a file.
KuCoin cryptocurrency exchange – (1,500,000 Records)
Exposed on Sep 26th, 2020 – KuCoin cryptocurrency exchange confirmed that a threat actor breached its systems and stole Bitcoin assets, ERC-20-based tokens, along with other types of tokens. The loss is estimated at a minimal $150 million, based on an Etherium address where users tracked some of the stolen funds.
European Fashion Retailer – (6,700,000 Records)
Exposed on Sep 28th, 2020 – Personal data of an European fashion retailer is exposed by misconfiguring a cloud database. Exposed information includes PII , Full names, Email, Home Address, Dates of birth, Phone numbers and payment records ( although not card details).
The Clark County School – (Unknown Records)
Exposed on Sep 28th, 2020 – A hacker published documents containing Social Security numbers, student grades and other private information stolen from a large public-school district in Las Vegas after officials refused a ransom demanded in return for unlocking district Computer servers.
Azeri Navy – (18,872 Records)
Exposed on Sep 30th, 2020 – Azeri Navy data included 18,872 entries and there were almost 10,000 unique citizens in the database. The data of navy sailors’ full names, dates of birth, passport numbers and expiry dates leaked on Russian forums.
Kylie Jenner’s Makeup company – (200 Records)
Exposed on Sep 30th, 2020 – Kylie Jenner’s makeup company has warned their customers about their compromise
in a recently detected security incident at a Canadian e-commerce merchant. Information impacted by the
security incident included basic contact details such as email, name, and address and order details like products and services purchased.
Social News Platform – (80,000 Records)
Exposed on Oct 1st, 2020 – Australian social news platform leaks 80,000 user records due to misconfigured data bucket. Compromised information include usernames, full names, email addresses, and profile pictures.
Gulf Coast State College – (Unknown Records)
Exposed on Oct 3rd, 2020 – In Panama City, Gulf Coast State College students and employees suffered with data breach. They received a letter from school officials about a data breach. The letter said officials learned a hacker accessed several employees’ email accounts.
University of Basel – (Unknown Records)
Exposed on Oct 5th, 2020 – Hackers stole a six-figure amount from Swiss universities and immediately moved the funds abroad.
Insurance Company Ardonagh Group – (Unknown Records)
Exposed on Oct 6th, 2020 – Jersey-headquartered insurance company Ardonagh Group has suffered a potential ransomware infection. The insurance firm had been forced to suspend 200 internal accounts with admin privileges as the “cyber incident” progressed through its IT estate.
Chowbus – (800,000 Records)
Exposed on Oct 6th, 2020 – Breach at food delivery service Chowbus reportedly affects hundreds of thousands of customers containing customer data, including names, phone numbers and mailing and email addresses. The file is said to contain more than 800,000 rows.
Marketing Firm – (2,700,000 Records)
Exposed on Oct 9th, 2020 – A US digital marketing provider has exposed almost three million records containing personally identifiable information including full names, phone numbers and email addresses, alongside 16 OAuth tokens stored in plaintext.
Software AG – (Unknown Records)
Exposed on Oct 9th, 2020 – German tech giant Software AG has suffered a ransomware attack. A ransomware gang going by the name of “Clop” has breached the company’s internal network, encrypted files, and asked for more than $20 million to provide the decryption key.
Carnival Corporation – (Unknown Records)
Exposed on Oct 11th, 2020 – Carnival Corporation & plc confirms data breach where the personal data of customers and employees were stolen. During the attack, a portion of one brand’s information technology systems was encrypted, and the unauthorised access also comprised the download of certain data files.
Cyble – (Unknown Records)
Exposed on Oct 11th, 2020 – Researchers from the US-based firm Cyble confirms an unknown threat actor that goes online with the moniker Spectre123, where he has allegedly leaked the sensitive documents of NATO and Havelsan (Turkish Military/defense manufacturer).
Department of Human Services – (Unknown Records)
Exposed on Oct 12th, 2020 – Georgia Department of Human Services (DHS) suffered with data breach in this the personal and health data of children and adults involved in Child Protective Services cases was exposed.
Fairfax County Public Schools – (Unknown Records)
Exposed on Oct 12th, 2020 – Virginia public school suffered with ransomware attack. Hackers use ransomware software to steal data and threaten to publish or block access to it unless a target pays a ransom.
Intcomex – (Unknown Records)
Exposed on Oct 13th, 2020 – Miami-based company Intcomex has suffered a major data breach, with nearly 1 TB of its users’ data leaked. The leaked data includes credit cards, passport and license scans, personal data, payroll, financial documents, customer databases, employee information and more.
Panion – (172,000 Records)
Exposed on Oct 15th, 2020 – Swedish social media app exposes data of 172,000 users including full names, email addresses, genders, interests, location coordinates and last login dates, as well as selfies and document photos.
Bharatmatrimony.com– (Unknown Records)
Exposed on Oct 16th, 2020 – Online matchmaking website Bharatmatrimony.com suffered a data breach and the data leaked includes sensitive personal information like names, phone numbers, user IDs and date and time of account creation.
Haldiram’s Snacks private limited – (Unknown Records)
Exposed on Oct 16th, 2020 – Noida based Haldiram’s Snacks private limited suffered with ransomware attack, stealing sensitive data and demanding a ransom of Rs 7.5 lakh to release the information by Unidentified hackers.
Albion Online game – (Unknown Records)
Exposed on Oct 19th, 2020 – Albion Online game maker discloses data breach. A hacker has breached the forum of Albion Online, a popular free medieval fantasy MMORPG, and stole usernames and password hashes. The attacker also harvested encrypted passwords.
Kleenheat Company – (Unknown Records)
Exposed on Oct 19th, 2020 – Australian gas producer Kleenheat suffered with data breach. Kleenheat has warned a number of its customers about a data breach that may have resulted in information such as name and address being exposed.
Florida voters – (15,000,000 Records)
Exposed on Oct 19th, 2020 – A popular Russian hacking forum has leaked the data of roughly 15 million Florida voters. The data leaked on the Russian hacking forum includes Florida voters’ names, voter IDs, phone numbers, addresses, dates of birth, gender, race, party affiliation and more.
Toledo Public Schools – (Unknown Records)
Exposed on Oct 21st, 2020 – US, Ohio school district suffered with data breach. Information leaked by attackers includes names, addresses, dates of birth, phone numbers, and Social Security numbers.
US retailer – (Unknown Records)
Exposed on Oct 21st, 2020 – US retailer Made in Oregon suffered with website data breach. Information including names, billing addresses, email addresses, and credit card details entered through the site was potentially accessed.
Scalable Capital – (20,000 Records)
Exposed on Oct 21st, 2020 – Germany-headquartered online advisory firm Scalable Capital has fallen victim to a data leak. The firm said that contact information, securities accounts, tax identification numbers, accounts with other banks and ID details were all accessed during the breach.
US Voters – (186,000,000 Records)
Exposed on Oct 22nd, 2020 – The cybersecurity company Trustwave said the hacker was offering 186 million U.S. voter records and 245 million records of other personal data.
Hall County – (Unknown Records)
Exposed on Oct 24th, 2020 – Georgia election data hit in ransomware attack. The county’s database of voter signatures was impacted in the attack along with other government systems.
Nando’s – (Unknown Records)
Exposed on Oct 26th, 2020 – In UK popular high street eatery Nando’s Customers Hit by Credential Stuffing Attacks. Multiple customers of the peri-peri chicken chain have had their accounts compromised.
Nitro Software, Inc. – (70,000,000 Records)
Exposed on Oct 26th, 2020 – Nitro PDF suffered a massive data breach that impacts many major organizations, including Apple, Chase, Citibank, Google, and Microsoft. The database contains a table named ‘user_credential’ that contains 70 million user records, including email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related data.
Fragomen – (Unknown Records)
Exposed on Oct 27th, 2020 – The New York-based Immigration law firm Fragomen has confirmed a data breach involving the personal information of current and former Google employees.
U.S. patients– (3,500,000 Records)
Exposed on Oct 28th, 2020 – Medical Records of 3.5 Million U.S. Patients Exposed Online via Thousands of Servers. The metadata includes the name, data of birth, date and reason for the medical examination, and more.
True’ social networking app– (Unknown Records)
Exposed on Oct 29th, 2020 – True the social networking app, one of its servers exposed user’s registered email address or phone number, the contents of private posts and messages between users, and the user’s last known geolocation, which could identify where a user was or had been.
Gunnebo AB – (Unknown Records)
Exposed on Oct 29th, 2020 – Sweden’s leading security firm Gunnebo AB suffered a ransomware attack, and the hackers have posted the stolen data on the dark web. The data includes information about ATMs security functions, drawings of bank vaults, and alarm and monitoring equipment.
Wisconsin Republican Party– ( Unknown Records)
Exposed on Oct 29th, 2020 – The Republican Party of Wisconsin says that hackers stole $2.3 million from the Wisconsin Republican Party’s account.
Lazada Group– (1,100,000 Records)
Exposed on Oct 30th, 2020 – Singapore e-commerce firm Lazada suffers data hack of 1.1 million accounts including names, phone numbers, email and mailing addresses, encrypted passwords and partial credit card numbers.
Eatigo International Company – (2,800,000 Records)
Exposed on Oct 31st, 2020 – Singapore, Eatigo suffered with data breach that affects 2.8 million eatigo accounts. Personal data included customer names, email addresses and phone numbers from customer accounts listed for sale online.
Mashable.com – (1,000,000 Records)
Exposed on Nov 3rd, 2020 – Sweden’s, Folksam Insurance company leaked private data of its customers. The data included social security numbers, widely used in Sweden for everyday activities including banking, and information on who had bought pregnancy insurance.
GEO Group – (Unknown Records)
Exposed on Nov 5th, 2020 – The GEO Group, a company known for running private prisons and illegal immigration detention centers in the US and other countries, it suffered a ransomware attack. Personal data and health information for some inmates and residents was exposed during the incident.
Booking.com, Expedia, Agoda, Amadeus, Hotels.com, Hotelbeds, Omnibees, Sabre– (Unknown Records)
Exposed on Nov 6th, 2020 – Hotel reservation platform leaked user data from top online booking sites. Customers from Booking.com, Expedia, Agoda, Amadeus, Hotels.com, Hotelbeds, Omnibees, Sabre, and several others are among the unsuspected victims of the data breach.
Luxottica Group S.p.A. – (Unknown Records)
Exposed on Nov 8th, 2020 – Luxottica was hit by a ransomware attack and exposes the personal and health information of patients of LensCrafters, Target Optical, and EyeMed.
BigBasket Company– (20,000,000 Records)
Exposed on Nov 9th, 2020 – BigBasket is India’s largest online food and grocery store became victim to a data breach. The database consists of names, email IDs, password hashes, contact numbers, addresses, date of birth, location, and IP addresses of login among many others.
RedDoorz – (5,800,000 Records)
Exposed on Nov 10th, 2020 – RedDoorz, Singapore-based hotel management & booking platform suffering with data breach. The database containing 5.8 million user records that were stolen.
Animal Jam Online Game – (46,000,000 Records)
Exposed on Nov 11th, 2020 – The immensely popular children’s online playground Animal Jam has suffered a data breach impacting 46 million accounts.
Timberline Billing Service LLC – (116,131 Records)
Exposed on Nov 12th, 2020 – U.S based Timberline Billing Service LLC suffered with ransomware attack. An unknown threat actor hit Timberline and after gaining access to the company’s network, the attacker encrypted files and removed information.
Stock photo site 123RF – (8,300,000 Records)
Exposed on Nov 12th, 2020 – Stock photo site 123RF has suffered a data breach after a hacker began selling a database containing 8.3 million user records on a hacker forum.
Pluto TV – (3,200,000 Records)
Exposed on Nov 14th, 2020 – Pluto TV has suffered a security breach, with millions of account details from 2018 now available online, the records contain display names, email addresses, hashed passwords, birthdays, device platforms, and IP addresses.
American Bank Systems Inc. – (Unknown Records)
Exposed on Nov 14th, 2020 – American Bank Systems suffered with ransomware attack and the leaked data in the dump includes files such as loan documents, business contracts, private emails, invoices, credentials for network shares, and other confidential information.
US-based Electronic Retailer – (2,600,000 Records)
Exposed on Nov 17th, 2020 – US-based used electronics retailer has exposed over 2.6 million files, including ID cards and biometric images, after a misconfigured AWS S3 bucket was discovered.
Mercy Iowa City – (Unknown Records)
Exposed on Nov 18th, 2020 – Mercy Iowa City suffered with data breach. Names, Social Security numbers, driver’s license numbers, dates of birth, medical treatment information, and health insurance information could have been revealed in the incident.
Louisiana Hospitals – (Unknown Records)
Exposed on Nov 23rd, 2020 – Louisiana Hospitals suffered with data breach and the data have included patient’s names, medical record numbers, account numbers, date of birth, Social Security numbers, dates of service, types of services received, phone numbers and/or addresses, and insurance identification numbers.
Peatix App – (4,200,000 Records)
Exposed on Nov 24th, 2020 – A hacker has leaked the data of more than 4.2 million users registered on Peatix, the leaked information included full names, usernames, emails, and salted and hashed passwords.
Banijay Group Production Company – (Unknown Records)
Exposed on Nov 24th, 2020 – France Banijay Group suffered by ransomware attack, Hackers accessed and stole sensitive details of employee, including bank details and home addresses.
Healthcare Companies – (Unknown Records)
Exposed on Nov 25th, 2020 – Three healthcare providers in Florida, Georgia, and New York are notifying patients that their protected health information may have been exposed in recent cyber-attacks involving ransoms. Information exposed in the incident included names, dates of birth, health insurance information, medical treatment information, medical diagnostic information, lab results, medical record numbers, Medicare or Medicaid beneficiary numbers, medical billing information, bank account information, credit or debit card information, CHAMPUS ID numbers, Military and/or Veterans Administration numbers, driver’s license numbers, signatures, and Social Security numbers.
Sophos – (Unknown Records)
Exposed on Nov 26th, 2020 – UK-based cyber-security vendor Sophos is currently notifying customers via email about a security breach. Exposed information included details such as customer first and last names, email addresses, and phone numbers (if provided).
Canon Inc. – (Unknown Records)
Exposed on Nov 27th, 2020 – Canon confirmed that it has suffered a ransomware attack, the stolen data included employees’ names, Social Security number, date of birth, the number for the driver’s license number or government-issued ID, the bank account number for direct deposits from Canon, and their electronic signature.
E-SUS-VE and Sivep-Gripe – (16,000,000 Records)
Exposed on Nov 26th, 2020 – Personal data of 16 million Brazilian COVID-19 patients including patient names, addresses, ID information, healthcare records such as medical history and medication regimes have been exposed online after a hospital employee uploaded a spreadsheet with usernames, passwords, and access keys to sensitive government systems accidently.
Aspenpointe, Inc. – (295,000 Records)
Exposed on Nov 30th, 2020 – U.S. healthcare provider AspenPointe patients suffered with data breach that enabled attackers to steal protected health information (PHI) and personally identifiable information (PII).
Apodis Pharma – (Unknown Records)
Exposed on Nov 30th, 2020 – Apodis Pharma, a software company based in France suffered with data breach containing confidential business-related data, like pharmaceutical sales data, full names of Apodis Pharma partners and employees, client warehouse stock statistics, pharmaceutical shipment locations and addresses, and more.
Shirbit insurance company – (Unknown Records)
Exposed on Dec 1st, 2020 – Israel based Shirbit insurance company suffered with cyberattack resulting in leaking of personal information including ID numbers, drivers’ licenses and registration forms.
Verizon – (Unknown Records)
Exposed on Dec 4th, 2020 – The American telco Verizon has been found leaking customers information addresses, phone numbers, account numbers, and other personal information through a chat window on its website that erroneously displayed conversations between the firm’s employees and customers.
Embraer – (Unknown Records)
Exposed on Dec 7th, 2020 – Hackers leaked data from Embraer, world’s third-largest airplane maker to dark web. Compromised information includes samples of employee details, business contracts, photos of flight simulations, and source code, among others.
Indian card Holder Data – (Unknown Records)
Exposed on Dec 9th, 2020 – The Data of 70 lakh Indian cardholders leaked on dark web including phone numbers and email addresses of 70 lakh Indian debit and credit card holders.
Tech unicorn UiPath – (Unknown Records)
Exposed on Dec 10th, 2020 – Tech unicorn UiPath suffered with data breach. The data included details such as real names, email addresses, usernames, company name, country locations, and UiPath certification details for users who signed up for the company’s online learning platform.
Dental Care Alliance – (Unknown Records)
Exposed on Dec 10th, 2020 – Dental Care Alliance in US suffered with data breach and patient data that have been accessed in the security incident included names, addresses, dental diagnosis and treatment information, patient account numbers, billing information, bank account numbers, the name of the patient’s dentist, and health insurance information.
Spotify Company – (Unknown Records)
Exposed on Dec 14th, 2020 – Spotify suffered with data breach and the exposed data may have included email addresses, display names, passwords, gender, and date of birth.
Chinese Communist Party – (1,900,000 Records)
Exposed on Dec 14th, 2020 – Details for 1.9M members of Chinese Communist Party Members leaked on a hacking forum. The exposed records included name, sex, ethnicity, organization, hometown, ID, Address, Mobile Number, Phone Number, Education.
Sonoma Valley Hospital – (67,000 Records)
Exposed on Dec 15th, 2020 – Sonoma Valley Hospital in California suffered with data breach and notified that 67,000 patients that their personal data may have been exposed in a cyber-attack.
People’s Energy Company – (270,000 Records)
Exposed on Dec 17th, 2020 – 270000 customers data is breached in The company People’s Energy in UK. Stolen information included names, addresses, dates of birth, phone numbers, tariff and energy meter IDs.
Telangana Government Website – (130,000 Records)
Exposed on Dec 18th, 2020 – In India, Telangana state government Site Flaw Exposed Sensitive Data of All Its Employees, Pensioners. Those files included thousands of government employee pay slips, income tax details, and pension documents that had information including full names, addresses, bank account numbers along with IFSC codes, phone numbers, and salaries drawn, among other data.
Huntsville City Schools – (Unknown Records)
Exposed on Dec 21st, 2020 – In US, Alabama Huntsville City Schools warned parents about personal information being compromised in the school system’s ransomware attack. Compromised information includes email addresses, Student Identification numbers.
NOW Pensions – (Unknown Records)
Exposed on Dec 22nd, 2020 – UK firm NOW tells some customers about data leakage and these records include biographical data (names, email addresses, and dates of birth) as well as National Insurance numbers for them.
Innovative Solution for Healthcare – (12,000,000 Records)
Exposed on Dec 23rd, 2020 – UK based healthcare technology company leaked 12 million records on patients including highly sensitive diagnoses. The data containing full names and dates of birth, postal and email addresses, phone numbers, passport details, credit card numbers, medical records and recent test results and diagnoses is exposed.
Sangoma Technologies Corporation – (Unknown Records)
Exposed on Dec 24th, 2020 – UK based Sangoma Technologies Corporation suffered with ransomware attack and this leaked data includes files related to the company’s accounting, financials, acquisitions, employee benefits and salary, and legal documents.
Koei Tecmo – (65,000 Records)
Exposed on Dec 28th, 2020 – Koei Tecmo suffered with a data hacking and the stolen data was posted to a hackers forum site. Exposed information include forum members, email addresses, IP addresses, hashed passwords and salts, usernames, date of births and countries.
Bill & Melinda Gates Foundation – (930,000 Records)
Exposed on Dec 31st, 2020 – In US, Bill & Melinda Gates Foundation’s Charity suffered with data breach. The breached information contains extensive personal details of children, teenagers and young adults including: full addresses, schools, full student PII including student phone numbers and emails, graduation details, ages, genders and more.