The smart camera provider Wyze suffered two breaches at the end of December when databases were left exposed for over two weeks. So far, it appears that only email addresses were leaked. Smart cameras are starting to become a popular target for hacks.
A nine-month-long breach of its payment card processing systems may have led to the theft of card data from customers who visited any of its 850 locations nationwide.
Security expert Bob Diachenko discovered that a database containing personal information of more than 267 million Facebook users had been left exposed. The exposed data included names, phone numbers, and Facebook IDs. Hackers in Vietnam are believed to be responsible.
In what is believed to be the largest breach in Canadian history, medical testing company LifeLabs suffered a hack in October that left 15 million records of patient data exposed. The breach wasn’t announced until December, and the company is now facing a billion dollar class action lawsuit.
T-Mobile, the multi-national wireless network operator, suffered a major data breach, reportedly affecting over 1 million customers. The exposed data includes phone numbers, billing addresses, T-Mobile account numbers, names, and details about rates and plans.
3 Million customers of the Italian Bank UniCredit have had their sensitive information exposed by a major data breach. The compromised information includes the names, telephone numbers, email addresses and even cities where clients were registered.
198 million protective car buyers had their personal information exposed due to an unsecured database belonging to Dealer Leader, a digital marketing company for car dealerships. Exposed information included full names, email addresses, phone numbers, home addresses, and IP addresses.
419 million records of Facebook users were accessed by hackers due to an unprotected server, exposing Facebook user's unique ID, phone numbers, gender, user names, and location data.
An unauthorized party accessed personal information of 122,000 members such as their names, addresses, email addresses, dates of birth, Social Security numbers, member identification numbers, group numbers, and subscriber numbers.
About 328,000 users of Foxit were encouraged to reset their passwords via an email alert after the PDF Reader software company discovered a hacker that gained acess to names, email addresses, passwords, phone numbers, company names, and IP addresses.
The web hosting company, Hostinger, had sent password reset emails to 14 million clients due to a hacked API server which contained data such as first names, usernames, email addresses, IP addresses, and hashed passwords were exposed in a data breach.
58K MoviePass subscribers had their payment information exposed due to a server unprotected by a password. 161M records were on th open database, allowing anyone access to billing information as well as email addresses and full names of subscribers.
Fingerprint data of 1 million individuals along with the facial recognition information as well as unencrypted usernames and passwords of 27.8 million individuals were exposed in an unsecure database belonging to BioStar 2, a biometric security platform used by organizations worldwide.
A database containing 700,000 guest records of the hotel franchise, Choice Hotels, was found exposed and left with a ransom note. The hackers requested 0.4 Bitcoin, approximately $4,000, to stop further exposure of the stolen information, including names, addresses, and phone numbers.
US banking and insurance giant, State Farm, stated it suffered a credential stuffing attack during which “a bad actor” was able to confirm valid usernames and passwords for State Farm online accounts. The company’s online accounts allow users to manage insurance claims, pay bills, or wire funds, among many other things.
Over 23.2 million accounts were exposed by CafePress, a custom T-shirt and merchandise company, exposing the names, email addresses, physical addresses, phone numbers and hashed passwords of its customers. CafePress has not disclosed the breach leading back to February 2019, but has sent out a passwords reset claiming it has updated its password policy.
Imperial Health in Southwest Louisiana fell victim to a ransomware attack, which potentially breached the data of about 116,262 patients. The affected information varied by patient, but could include names, medical record numbers, Social Security numbers, treatment details, contact information, birth dates, diagnoses, medications, provider names, and related clinical data.
New Mexico-based Presbyterian Healthcare Services is notifying 183,000 patients that their personal and medical information was potentially breached after a month-long phishing attack. Compromised accounts contained patient and health plan member information including names, dates of birth, Social Security numbers, and health plan and or clinical information.
StockX was hacked! 6.8 million records were obtained, containing full names, email addresses, scrambled passwords, and profile details such as shoe size and trading currency.
Poshmark, a clothing marketplace with 50 million users, has been breached exposing information like names, usernames, gender, location, email addresses, and scrambled passwords.
A suspected hacker compromised data of approximately 20,000 LAPD police officers such as the officers' names, dates of birth, parts of their social security numbers, and the email addresses and passwords they set up when applying for the job.
101 million Evite users were exposed when hackers gained unauthorized access to servers, including member's personal data.
Hackers infiltrated Sprint's website, exposing customer data such as account numbers & billing addresses.
AMCA's data breach impacted various blood testing labs, now including 2.2 million CLP patients. Compromised information includes their names, addresses, phone numbers, dates of birth, dates of service, balance information, and treatment provider information.
An unsecured database belonging to Fieldwork Software exposed customer names, credit cards, alarm codes, and other sensitive details.
More than 1,000 patients have been notified by Essentia Health that Nemadji, a former vendor, fell victim to a phishing incident, with possible exposure of personal information.
Nemadji, a contractor for the Los Angeles County Department of Health Services, fell victim to a phishing attack, exposing personal information of 14,600 patients.
Hackers infiltrated Maryland Department of Labor, accessing 78,000 users of the state’s unemployment insurance. Personal information such as social security numbers and record numbers were revealed.
95,000 Delaware residents had their names, addresses, birth dates, Social Security numbers, and banking details exposed.
One of the largest breaches among Canadian financial institutions impacted 2.7 million people & 173,000 businesses, exposing full names, addresses, birth dates, social insurance numbers, email addresses, and information about transaction habits.
Medical details such as full names, insurance policies, & addresses were left on an open database without proper security measures in place.
Hackers obtained administrative credentials that PCM uses to manage client accounts within Office 365, accessing emails and shared files.
Employees of the Oregon DHS were targeted in a phishing attack that gave the cybercriminal control over as many as 2 million emails containing personal details such as Social Security numbers, finanical details, and medical information.
A US Customs and Border Protection (CBP) of traveler & license plate images were compromised by a malicious cyber-attack. Privacy implications of this breach could be grave for American citizens & visitors.
8.4 TB of metadata was exposed such as IP addresses, users sending and receiving emails, and other high-level details from Shanghai Jiao Tong University.
Another medical company, Opko Health, is added to the impacted companies by the American Medical Certification Association (AMCA) breach, making it the third healthcare company to be affected by the incident. AMCA informed Opko Health that the compromised data may include credit card and bank account information, email addresses and other data such as address, phone number, and balance information.
Another major blood testing firm, LabCorp, revealed that 7.7 million patients were potential victims of AMCA’s recent data breach, exposing medical and financial information such as clients’ names, dates of birth, addresses, phone numbers, dates of service, healthcare providers and account balance information.
Australian National University was attacked by hackers who stole data of 200,000 students and staff stretching back 19 years. Compromised data includes names, addresses, birth dates, phone numbers, personal email addresses, emergency contact details, tax file numbers, payroll information, bank account details, passport details, and student academic records.
Banking, credit card, and some medical information of 12 million patients were exposed by Quest Diagnostics' payment service, American Medical Certification Association (AMCA), due to a security incident.
Hackers installed malware on Checkers and Rally's Point-of-Sale systems on 102 drive-in restuarants, stealing details via the credit cards’ magnetic stripes and included cardholders’ full name, card number, card verification code, and expiration date - all the data needed to make purchases online
Since 2005 G Suite passwords have been stored incorrectly such that they were encrypted but unhashed, allowing access to Google employees.
Without web authentication, mortgage deals dated back to 2003 were found available online, revealing bank account statements, Social Security numbers, drivers license images, and other personally identifiable information.
Millions of golfer records from the Game Golf app, including GPS details from courses played, usernames and passwords, and even Facebook login data, were all exposed for anyone with an internet browser to see — a veritable hole-in-one for a cyberattacker looking to build profiles for potential victims, to be used in follow-on social-engineering attacks.
Millions of Instagram influencers, celebrities, and brand accounts had their information such as bio, profile picture, follower count, location by city and country, owner’s email address and phone number stored online in an unknown massive database.
Patients impacted by Inmediata Health Group’s web exposure breach are reportedly receiving multiple breach notification letters, some addressed to other patients. Compromised information included patient names, addresses, dates of birth, gender, and medical claims data. For a small group of patients, Social Security numbers were potentially breached.
SMS scammers left an unsecured database containing personal data on over 80 million people, without a password protecting it. The exposed database included people’s names, locations, phone numbers, IP addresses, cell phone numbers, and their carrier network name.
A zero-day vulnerability was discovered allowing hackers remote access to victims' smartphones including private messages, photos, and contacts that affected a "select number" of users.
AMC Networks exposed 1.62 million records including data of subscribers' names, emails, and subscription details on the open internet connected to its Sundance Now and Shudder subscription streaming services.
Americans over the age of 40 years old may have had their information such as their full name, age, address, birthday date, marital status, income bracket, among other details left online on a database without a password securing it.
An unsecure database contained about 4.9 million rows of data was left exposed online allowing anyone access. The researcher estimated about 146,316 unique patients had their information such as medical procedures, dates of service, the amount billed, and the specific facility from which treatment was received.
An unauthorized individual gained to a number of employee email accounts, potentially exposing personal data of patients, employees, and contractors. Information such as their demographic information, some clinical data, Social Security numbers, and driver’s licenses were leaked.
Since May 2016, Facebook “unintentionally” uploaded email contacts from up to 1.5 million new users on its servers, without their consent or knowledge.
"Microsoft has revealed that one of its support agent's credentials were compromised, enabling unauthorized parties to access information from a "limited subset" of users, including e-mail addresses, folder names, subject lines, and the names of recent recipients, between January 1 and March 28 of 2019."
"Hackers infiltrated police and FBI websites, exposing 4,000 records of personal data on the Dark Web, such as member names, personal and government email addresses, job titles, phone numbers and their postal addresses."
"Toyota has suffered yet another cyber-attack, exposing personal information of 3.1 million previous and current car owners, such as their full names, date of birth, and employment information."
"Two sets of Facebook user data was left publicly viewable for months online, indicating how badly Facebook has lost control of your data. The first database, Cultura Colectiva, contained over 540 million Facebook user records, including comments, likes, reactions, account names, Facebook user IDs, and more. The second dataset, At the Pool, contained information about users' friends, likes, groups, and checked-in locations, as well as "names, plaintext passwords, and email addresses for 22,000 people."
"Unauthorized access entered Georgia Tech's database which contained names, addresses, social security numbers, and date of bith of current and former students, faculty and staff, and student applicants."
"Between May 23, 2018 to March 18, 2019, two million credit cards have been compromised after hackers installed malware on point-of-sale systems for Earl Enterprises, a restaurant company that owns national chains like Buca di Beppo, Planet Hollywood, and Earl of Sandwich."
"Nine Oregon Department of Human Services employees fell victim to a targeted phishing attack campaign, which compromised the data of 350,000 patients in about 2 million compromised emails."
"Facebook has been storing its millions of users' passwords in plain text, without any encryption since 2012 for about 200 to 600 million users."
"For MyPillow and Amerisleep, Magecart hackers had been on their websites for several months, though the two companies didn't issue public statements or warnings to their customers that they could have been affected by the hack."
"During a recent Zoll Medical server migration, 277,319 patient data was leaked such as email communications, patient names, addresses, dates of birth, and limited medical information."
"A ransomware attack resulted in a breach, affecting 600,000 Michigan reidents, exposing names, addresses, phone numbers, dates of birth, Social Security numbers, insurance contract information, and medical information."
"Verifications IO stored 2,069,145,043 records online without any protection or security measures, exposing birth dates, gender, email addresses, and phone numbers. The database was open without encryption or a password to prevent access."
"At Rush, an employee improperly disclosed a file to an unauthorized party. Exposed information may include names, addresses, birthdays, Social Security numbers and health insurance information of 45,000 patients."
"A database contained 2,418,862 records containing government officials, politicians and people of political influence in every country of the world was open to the public. PEPs, their connections, companies they are linked to, both national & government sanction lists, and individuals either connected to or convicted of crimes were on the list."
"University of Connecticut Health said “an unauthorized third party illegally accessed a limited number of employee email accounts,” which contained the Social Security numbers of about 1,500 people and other personal information of the remaining 324,500 potentially impacted people."
"Patient data such as full name, medical record numbers, the party who received the data, and a description and purpose of the information was left exposed on the internet for three weeks due to a misconfigured server."
"170,000 hours of 2.7 million medical calls including conversations about diseases, symptoms, medications, medical questions, and previous treatment sensitive calls going back as far back as 2013 were left open to the public to be listened to or downloaded by anyone, without password protection preventing access."
"This second data breach may be involved in a credential stuffing scheme, where third parties had unauthorized access to about 1,200 username and password combinations along with DD Perk card numbers."
"Home improvement site, Houzz, urged its 40 million users to change their passwords after an unauthorized third party compromised customer data such as usernames, user IDs, location information from their IP addresses, and encrypted passwords."
"Employee personal information was compromised by unauthorized access. Airbus has been discrete about the nature of the hack and details of the breach as investigations continue."
"An unprecedented collection of 2.2 billion unique usernames and their associated passwords are being passed around by hackers in hopes that people reused their old passwords on multiple accounts."
"Medical records and contact information belonging to 14,200 HIV-positive patients in Singapore have been illegally accessed and the database containing HIV-positive individuals and is used to monitor the country’s HIV infection status, facilitate contact tracing, and assess disease prevention measures were also compromised and leaked."
"Leaked documents dated as far back as 2008, if not longer, included loan and mortgage records from the major banking institutions such as CitiFinancial (lending finance of Citigroup), HSBC Life Insurance, Wells Fargo, CapitalOne, and U.S. federal agencies including the Department of Housing and Urban Development."
"Without a username or password to protect this information, millions of files on many sensitive FBI investigations were exposed such as spreadsheets with agent-filled timelines of interviews related to investigations, emails from parties involved in myriad cases and bank transaction histories."
"Troy Hunt discovered a large file of 12,000 separate files deemed as Collection #1, containing 773 million emails along with 22 million passwords in plaintext."
"Town of Salem, an online role-playing game, was hacked exposing 7.6 million user data such as email addresses, usernames, hashed passwords, IP addresses, game and forum activity, full names, billing addresses, and amount paid."
"Two separate data breaches involving Indiana Medicaid programs such as Managed health Services exposed protected health information of 31,300 plan members such as full name, addresses, date of birth, dates of service, insurance identification numbers, and descriptions of medical conditions. The second incident involved sending a notification letter about an upcoming pharmacy change to 576 wrong recipients, exposing plan members' names, insurance identification numbers, and medication information."
"Due to a stolen employee's laptop, 15,000 Medicare Advantage members had personal information such as full name, address, date of birth, medication, diagnosis, provider information, and enrollee identification numbers compromised. "
"6,000 residents of Saint John, Canada endured a data breach on their website through Click2Gov where people paid for parking tickets. Exposed information consisted of names, addresses, and credit card information."
"BevMo's website was hacked, compromising payment data of 14,579 customers along with their full name, expiration date, security code, address, and phone number."
"Customers visiting the restaurant between August 28, 2018 to December 3, 2018 may have their data compromised such as name, credit card number, expiration date, and card security code due to unauthorized access to the point-of-sales system."
"More than a half million students and staff had their personal identifiable information such as social security numbers, date of birth, home addresses, full names, phone number and paycheck information."
"Hackers injected a card skimmer code on DiscountMugs.com that went unnoticed in a four month period. They compromised credit card numbers, security codes, expiration dates, full names, addresses, phone numbers, email addresses, and ZIP codes -- everything needed to create fraudulent payments. Although it wasn't disclosed how many customers were impacted, DiscountMugs.com ranked in the top 10,000 sites of the U.S., bringing in thousands of customers every day."
"NASA underwent a security breach that exposed personal information of current and former employees due to the agency's server hack. The hackers managed to gain access to a server that stored personally identifiable information (PII), such as social security numbers."
"A bug exposed Twitter users' country codes of their personal phone numbers as well as whether their accounts had been locked by Twitter in the past. No full numbers were visible and after a day of discovering the bug in the chat support form, the issue was resolved. "
"The latest Facebook exposure was due to a programming bug on their website which allowed 1,500 third-party apps access to unposted Facebook photos of 6.8 million users."
"A bug was developed on accident during a software patch allowed third-party developers to access users' profile information. As this is Google+'s second data breach, Google plans on retiring the social network in April instead of August. No financial data, passwords, or other sensitive information was impacted, but it was more access than originally agreed to share."
"About half of Quora's users had their personal information stolen by hackers including full names, email addresses, encrypted passwords, and messages sent and received on the site."
"Dunkin' Donuts reward program, DD Perks, may have been accessed by a third pary in a credential stuffing scheme, by using the username and password on various online accounts. Reward members were urged to immediately change their passwords."
"Marriott guests that stayed at the Starwood Properties may have fell victim to this data beach which exposed personal information such as name, mailing address, phone number, email, passport number, Starwood Guest account information, birth date, gender, reservation information and communication preferences"
"Due to AccuDoc Solutions, who handle Atrium Health's billing, had their servers compromised in a hacking incident exposing names, hoime addresses, dates of birth, insurance policy information, service dates, social security numbers, medical record numbers, and account balances."
"Amazon customers had their full names along with email address exposed due to a technical internal issue. Impacted users received an email from Amazon, but it was so vague that many dismissed it as a phish email scam."
"By using Informed Delivery on the USPS website, users had the ability to view other user's email, username, user ID, account number, street address, phone number, and mailing campaigns due to an API flaw."
"The small number of impacted clients have been notified that LPL's third party vendor, Capital Forensics, Inc., was attacked by a cyber threat that was contained within six hours of beginning."
"Instagram resolved a vulnerability which revealed passwords of user accounts in plaintext, without any encryption or hash, by using a feature called Download Your Data."
"Nordstrom refused to disclose exactly how many employees' data was impacted out of 76,000 on payroll. Victims received a email notification that their full names, social security numbers, birth dates, bank account numbers, and salaries were exposed due to improper data handling by a contract worker (whose access is now revoked)."
"566,000 Bankers Life & Medicare supplemental insurance policyholders may have had their personal information exposed such as names, addresses, birth dates, and insurance information."
"Less than 1 percent , but they manage 1.4 million aaccounts therefore 14,000 costumers had their names, addresses, phone number, email address, date of birth, account details, statement history, and payee account information. "
"A small percentage of Radisson Reward members' data was exposed such as their name, address, email address, company name, phone number, member number, and frequent flyer numbers."
"The leaked data contained 994 CSV files, with files of customers' information collected between December 31, 2017 to March 16, 2018. Within these files disclosed about 54,011 unique names, 41, 304 unique device fingerprint, 65,412 unique emails, and 570, 210 unique card transactions; 437, 457 of those were made using Mastercard and 97, 713 using Visa."
"Hackers compromised passenger data of up to 9.4 million people, such as passenger names, nationality, date of birth, phone numbers, email addresses, passport numbers, identity card numbers, frequent flyer membership numbers, customer service remarks, and historical travel information."
"Sensitive data of 75,000 people were compromised including Social Security numbers, income, citizenship, or legal immigration status. The vulnerability was found through the insurance and broker agent portal."
"The U.S. Department of Defense has warned that 30,000 military and civilian personnel, personal information and payment card data has been compromised at The Pentagon."
"Under the attack of notorious hacking gang, Magecart, Shopper Approved fell victim to their digital skimmer scheme which intercepted payment details from customers using this third party site."
"496,951 users were impacted by a security vulnerability in one of Google+'s People APIs, which allowed third-party developers access to user data. User information such as usernames, email addresses, occupation, date of birth, profile photos, places lived, and relationship status was exposed."
"Facebook faced a zero-day vulnerability attack, allowing hackers to steal access tokens from 50 million accounts. Although Facebook reset 90 million accounts as a precaution, these access tokens would allow entry to third party apps."
"This company used by thousands of U.S. state and local governments to accept online payments from traffic citations to bail payments, Government Payment Service Inc., has compromised 14 million customer records dating back six years ago. GovPayNet.com compromise included names, addresses, phone numbers, and the last four digits of the payer’s credit card number."
"FreshMenu suffered a data breach and hid it from their 110,000 users. Exposed information included names, email addresses, phone numbers, home addresses, and order histories."
"British Airways has confirmed a data breach, compromised personal information and credit-card numbers of up to 380,000 customers."
"The app that allows users to spay on the mobile devices of their kids and partners have leaked milllions of sesnitve records online, including passwords, call logs, text messages, contacts, notes, and location data."
"20,000 accounts may have been exposed such as users' passport details, name, birthdate, and country resided in. Air Canada forced reset all users' passwords."
"Pacific Gas and Electric Company agreed to a $2.7 million settlement after leaving 30,000 records exposed online for 70 days, which consisted of usernames and hashed passwords."
"Personal data was temporarily disclosed including phone numbers, addresses, transaction details, account holder contacts, partial numbers of credit cards, and encrypted account passwords."
"Personal and financial data of bank clients were exposed for this major provider of technology solutions to financial institutions such as banks, credit unions, and insurance companies."
"Leaked information included customers' name, billing zip code, phone number, email address, account number, and account type for up to 2 million T-Mobile customers."
"Texas voter records have been exposed, including name, address, enthnicity, phone number, gender, race, and several years of voting history."
"A phishing attack resulted in the exposure of medical and personal information of 417,000 individuals such as names, addresses, dates of birth, medical records, treatment information, diagnoses, lab results, medications, dates of service, and insurance information."
"Credit card applicants between March 2017 and July 2018 may have their names, addresses, dates of birth as well as Social Security numbers exposed due to a website misconfiguration, leaving thousands of people at risk."
“A hacker gained access to several employee accounts, accessing credentials, email addresses, and all content such as private messages.”
“A phish email tricked some of UnityPoint employees into providing their confidential sign-in information which allowed attackers access to data such as addresses, birth dates, medical records, medications, etc. affecting 1.4 million patients.”
“The largest ever reported breach by a pediatric care provider or children’s hospital affected 105,309 individuals, employees and patients, stole personal information such as names, birth dates, social security numbers, medical records, among other data.”
"Cloud-based HR and tax service company, ComplyRight, was impacted by a security breach that jeopardized sensitive consumer information such as names, addresses, phone numbers, email addresses and Social Security numbers."
"About 40,000 UK customers were directly involved in the massive credit card skimming operation from e-commerce sites said to be affected by third-party companies and later altered by hackers."
"Unknown attackers managed to break into Timehop's Cloud Computing Environment and access the data of entire 21 million users -- including their names, email addresses, and phone numbers attached to accounts."
"The company learned about the breach on June 4, 2018, after an unnamed security researcher discovered a database file named "myheritage" on a private server located outside of the company, and shared it with MyHeritage team. After analyzing the file, the company found that the database, which included the email addresses and hashed passwords of nearly 92.3 million users, are of those customers who signed up for the MyHeritage website before October 27, 2017."
"The San Francisco firm's parent company, Eventbrite, said Sunday that the stolen information included customers' names, addresses, emails and phone numbers. It hasn't disclosed other details, but a website that tracks data breaches says the hack affected more than 26 million user accounts."
"Twitter urged all its users to immediately change their passwords after a bug exposed them in plain text. There was no evidence that any breach or misuse occurred."
"On Sunday, May 27, fraudsters contacted BMO claiming that they were in possession of certain personal and financial information for a limited number of customers. We believe they originated the attack from outside the country. We took steps immediately when the incident occurred and we are confident that exposures identified related to customer data have been closed off. We have notified and are working with relevant authorities as we continue to assess the situation."
"A well-known ring of cybercriminals has obtained more than five million credit and debit card numbers from customers of Saks Fifth Avenue and Lord & Taylor, according to a cybersecurity research firm that specializes in tracking stolen financial data. The data, the firm said, appears to have been stolen using software that was implanted into the cash register systems at the stores and that siphoned card numbers until last month."
"US sportswear brand Under Armour said user names, email addresses and scrambled passwords were among the stolen data. However, payment card data was not affected. It urged customers to change their passwords immediately."
"According to Expedia, information that was likely accessed could include the customer's full name, payment card information, date of birth, phone number, email address, physical and/or billing address and gender."
"The hacker used the compromised credentials to impersonate the senior moderator to retrieve user profile data which comprised name, email address and user ID, and possible optional data fields," said SPH Magazines. "
"According to a person familiar with the matter, the attack relied on a link sent to users through a compromised account that, when clicked, opened a website designed to mimic the Snapchat login screen."
"The personal information of more than a billion Indians stored in the world's largest biometric database can be bought online for less than £6, according to an investigation by Indian Chandigarh-based Tribune newspaper. The reported breach is the latest in a series of alleged leaks from the Aadhaar database, which has been collecting the photographs, thumbprints, retina scans and other identifying details of every Indian citizen."
"A data breach at the US Navy has exposed the social security numbers and names of more than 130,000 current and former sailors."
"The illegally accessed information contains approximately 1.9 million active email addresses and approximately 1,700 names and active phone numbers."
"Details of 77 million students, teachers and parents are thought to be up for sale on the web."
"Food and restaurant search engine Zomato's database has suffered a security breach, with the user records of up to 17 million people having been stolen."
"U.S. discount brokerage firm Scottrade has confirmed that a third-party data breach inadvertently exposed 20,000 of its customers' non-public information."
"Payday loans company Wonga has suffered a data breach that could affect up to 270,000 customers."
"Nearly 100,000 taxpayers may have had their personal information compromised by a security breach of an Internal Revenue Service tool that makes it easier to fill out the Free Application for Federal Student Aid, the Fafsa."
"Emory Healthcare: Nearly 80,000 patients were potentially impacted by a recent data breach at Georgia-based Emory Clinic."
"A malicious hacker breached the site, and the breach could impact as many as 4.8 million accounts across the ten states."
"A Dun & Bradstreet 52GB database containing about 33.6 million records with very specific details about each of the people involved from job title to email address has been exposed."
"The company became aware of the data swipe on March 14. The info may contain more than 2 million email addresses, among other things."
"Hackers gained credit card information for as many as 355,000 customers through POS malware. Arby's says customers should check their accounts for any unauthorized purchases and report to their bank any such instances."
"An unidentified hacker calling himself Berkut is selling more than 950,000 user accounts for the Coachella music festival, including email addresses, user names and hashed passwords."
"More than 1.5m users of e-sports network ESEA have been affected by a major leak after owners refused to pay a $50,000 ransom demand."
"Protected health information of roughly 34,000 people who use Quest Diagnostics' online patient portal is now compromised."
"The company will contact 130,000 customers to advise them to reset their modems, and have said that at least 2,000 devices were breached. "
"Over 85 million Dailymotion users' email addresses, usernames and passwords have reportedly been hacked by an unknown hacker. Dailymotion is like France's YouTube."
"Anyone who purchased food, drink, or other merchandise at the company's properties between Nov. 9, 2015 and Oct. 24, 2016 may have had their payment card information filched."
"Michigan State University has experienced a data breach, which it said took place on November 13th. Their database includes 400,000 people's information."
"Two separate data incidents, one of which exposed the personal information of more than 425,000 public housing residents."
"1.3 million Red Cross blood donors were leaked online in the form of a single database file. 550,000 of the donors were identified as unique."
"Web hosting service Weebly has confirmed a major data breach from February 2016 that affected 43.4 million users."
"Allegedly, a hacker scanning for unsecured databases was able to compromise at least 58.8 million records, possibly as many as 258 million."
"More than 2.2 Million people have already had their personal and sensitive data posted to PasteBin. The hackers who dumped the data has put another 4.4 Million accounts up for sale."
"Credit and debit cards used at 350+ North American stores during the first six months of 2016 may have been compromised."
"For each user, the data included a username, a hashed password, the registration and last login dates, and a user ID. For the vast majority of users, but not for all, there was also an email address associated with their account."
"Personal information of patients was left exposed on the internet for four days."
"The company said it detected and then quickly blocked an attack last week, but some data, including some sync users' passwords and account information, such as login names, may have been compromised."
"Confirmed that a hacker had gained access to our electronic medical records system earlier in the month, using the log-in credentials of a third-party vendor."
"A known vulnerability found in older vBulletin discussion board software program, which powers the site's community, allowed the hacker to gain access to the databases."
"The breach was a result of known SQL injection vulnerability in the Forumrunner add-on on the forum, which Canonical had neglected to patch."
"2012 Data breach finally comes to public light 4 years after the fact."
"Warframe is available on PC, Playstation 4 and Xbox One, and is consistently in thetop 20 played games on Steam. Company confirmed that a list of 775,749 email addresses was acquired through a Drupal SQL exploit."
"User accounts for dating site Badoo are being traded in the digital underground, including email address, cracked passwords, names, and dates of birth."
"Although the company is no longer around, the data dump included 51 million username/password combos, reconfirming the need for unique and strong passwords."
"Stolen database contains close to 45 million records from 1,100 websites and forums."
"More than 36 million accounts/records of internal data from several vulnerable networks."
"Tens of millions of user accounts from virtual pets community Neopets have allegedly been hacked and traded on the criminal underground."
"The breach lasted from mid-May through July. The hackers accessed people's names, Social Security numbers, birth dates, addresses and, in some instances, driver's license numbers, and passports. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too."
"A hacker is trying to sell the account information, including emails and passwords, of 117 million LinkedIn users. The hacker, who goes by the name "Peace," told Motherboard that the data was stolen during the LinkedIn breach of 2012."
"Myspace may no longer be "hip," but this hacker thinks your stolen account data is still worth something online. A hacker known as Peace is trying to sell the passwords and emails of 360 million Myspace users for six bitcoin."
"Up to 320,000 Time Warner Cable customers may have had their email passwords stolen resulting from a variety of hacking methods, company officials confirmed."
"Hyatt said that it recently discovered malware on its payment-processing systems for Hyatt-managed locations. The company has since hired cybersecurity officials and strengthened the security of its system."
"The database houses 3.3 million accounts and has ties to a number of other Hello Kitty portals. The records exposed include first and last names, birthday, gender, country of origin, email addresses, unsalted SHA-1 password hashes, password hint questions, their corresponding answers, and other data points that appear to be website related."
"The makers of MacKeeper have acknowledged a breach that exposed the usernames, passwords and other information on more than 13 million customers and users. It's database had been inadvertently exposed as a result of a server misconfiguration."
"The Elephant Bar restaurants warned customers who used credit cards at the 29-unit chain between August and December that their data may have been breached.Based upon an extensive forensic investigation, it appears that unauthorized individuals installed malicious software on POS systems."
"Personal information of about 6.4 million children was exposed in a recent data breach. That is in addition to records for 4.9 million adult customers VTech had previously said were affected by the breach."
"Hilton Worldwide recently announced that it had discovered and removed malware designed to steal payment card information from restaurants, gift shops and other point-of-sale systems at some of its hotels. Hilton says it determined that the malware specifically targeted cardholder names, payment card numbers, security codes and expiration dates."
"Georgia Secretary of State Brian Kemp acknowledged Wednesday that his office last month illegally disclosed the Social Security numbers and other private information of more than 6 million registered voters. Kemp said the data went to 12 organizations who regularly subscribe to “voter lists” maintained by the state."
"VBulletin Solutions has reset the passwords for over 300,000 accounts on its website following a security breach, and also released emergency security patches. The company's Internet forum software is used on tens of thousands of websites."
"Talk Talk said the total number of customers affected by the attack in late October was 156,959, including 15,656 whose bank account numbers and sort codes were hacked.The company said 28,000 credit and debit card numbers, with some digits obscured, stolen by the hackers cannot be used for payment and customers cannot be identified from the data."
" The company announced on its website that hackers managed to access one of its servers in late 2013 and early 2014, stealing names and street addresses for 4.6 million of their clients. Other sensitive information, including email addresses and Social Security numbers, were also stored in the compromised system, but the company believes that this information has not been compromised."
"In T-Mobile's case, its credit application processor Experian was hacked, potentially exposing highly sensitive details of 15 Million people who applied for its service in the past two years. The stolen data includes home addresses, birth dates, driver's license number, passport number, military I.D. numbers and – most unfortunately – the Social Security numbers, among other information."
"In a post published late Wednesday, Patreon CEO Jack Conte confirmed that the crowdfunding firm had been hacked and that the personal data of its users had been accessed.According to the company, no credit card or debit card numbers were stolen in the data breach, and also the already accessed, "all passwords, social security numbers, and tax form information" were properly encrypted. "
"The attackers gained access to the details of members, patients and other individuals Excellus does business with. According to the organization, the breach also impacts members of other Blue Cross Blue Shield plans who sought treatment in the 31 county upstate New York service area of Excellus BCBS. It is estimated that roughly 10..5 million individuals are affected."
"Domain registrar and web hosting firm Web.com said on Tuesday that hackers made away with credit card and personal information of roughly 93,000 of its customers after breaching a server operated by the company. Web.com said that it discovered the breach of one of its computer systems on August 13, 2015 through its ongoing security monitoring."
Background check provider, SterlingBackcheck, recently began notifying 100,000 people that their names, birthdates and Social Security numbers may have been exposed when an unencrypted laptop was stolen from an employee's car on May 29, 2015, CBS46 News reports.
"The Internal Revenue Service (IRS) disclosed today that identity thieves abused a feature on the agency’s Web site to pull sensitive data on more than 330,000 potential victims as part of a scheme to file fraudulent tax refund requests. The new figure is far larger than the number of Americans the IRS said were potentially impacted when it first acknowledged the vulnerability in May 2015."
"Up to 2.4m Carphone Warehouse customers may have had their personal information and bank details compromised, after the mobile phone retailer said its systems had been breached by a sophisticated cyber attack. The attack hit the division of Carphone Warehouse that operates the websites OneStopPhoneShop.com, e2save.com and Mobiles.co.uk, and provides services to TalkTalk Mobile among others. As many as 90,000 customers may also have had their encrypted credit card details accessed by the hackers."
Large caches of data stolen from online cheating site AshleyMadison.com have been posted online by an individual or group that claims to have completely compromised the company’s user databases, financial records and other proprietary information.
"Customer credit card information collected by the independent vendor who manages and hosts CVSPhoto.com may have been compromised,” CVS said in a statement that replaced the photo website’s normal homepage content. “As a precaution, as our investigation is underway we are temporarily shutting down access to online and related mobile photo services." *Same message appears on Costco & Rite Aid's websites.
The information compromised included names, dates of birth, Social Security numbers, Medicare and health plan identification numbers, patient diagnosis and procedures. It has been reported that UCLA did not take basic steps to encrypt the patient data.
A massive cyber breach at the Office of Personnel Management may have exposed the personal and financial information of 21.5 million employees (or more), putting their credit and finances at risk.
While there’s no concrete evidence that the payments information attached to the accounts were compromised, the online dating site Adult FriendFinder admitted that its database was breached — impacting an estimated 4 million members, according to multiple media reports. However, the scope of the breach hasn’t been fully discovered.
Attackers gained access to names, birth dates, email addresses and insurance identification numbers. The company said the database did not include Social Security or credit card numbers, passwords or medical information. Nevertheless, CareFirst is offering credit monitoring and identity theft protection for two years.
“This criminal attack was limited to credit or debit card transactions between September 3rd, 2014 and April 2nd, 2015 at restaurant, bar and retail locations at the Hard Rock Hotel Las Vegas property, including the Culinary Dropout Restaurant. The attack did not affect transactions at the hotel, casino, Nobu, Affliction, John Varvatos, Rocks, Hart & Huntington Tattoo or Reliquary Spa & Salon.”
Criminals are using Starbucks accounts to access consumers’ linked credit cards. Taking advantage of the Starbucks auto-reload function, they can steal hundreds of dollars in a matter of minutes. Because the crime is so simple, it can escalate quickly, and the consumer protections controlling the transaction are unclear. Starbucks denied the unauthorized activity was the result of a hack or intrusion into its servers or mobile applications.
Criminals used malware that is believed to have been effectively deployed on some of its point-of-sale systems at varying times between March 6th and April 17th, 2015. Accordingly, the payment card information of customers that used cards at affected U.S. Sally Beauty stores during this time may have been put at risk.
Premera Blue Cross said it was hacked and now the private medical and financial data of up to 11 million customers may be exposed. The hackers were actually able to break into customers’ claims and view banking account numbers, Social Security numbers and birth dates, as well as sensitive clinical information.
One of the third-party vendors Sacred Heart Health System uses for its billing operations was recently hacked, compromising the health information of about 14,000 patients. Hackers used a phishing attack to gain access to the email account of an employee of the billing vendor. They were able to access patients’ names, dates of service, dates of birth, diagnoses and procedures, total charges, and physicians’ names. About 40 of the patients also had their Social Security numbers compromised.
Indiana-based SRI Incorporated – which conducts tax sales, deed sales and foreclosure sales relating to the recoupment of delinquent tax for local governments – is notifying roughly 9,000 individuals that their personal information may be at risk.
The HMSA website says users who received services from Anthem over the last 10 years could have had their information accessed. The information that may have been compromised includes names, dates of birth, cities of residence, and part of the membership number.
Anthem has updated the total, with non-customers included, and the amount of those affected could reach as high as 98.6 million. Uncertainty in the total is because 14 million of the records are incomplete, making it difficult for Anthem to link all of its members to the correct plans.
Financial services firm Morgan Stanley publicly admitted on Jan. 5 2015 that it was the victim of an insider data breach.
The USPS is victim of a cyber attack with Chinese hackers being suspected. Currently the FBI is investigating the breach and it appears that information obtained included names, dates of birth, Social Security numbers, addresses, and dates of employment. According to officials, all postal service employees were affected and they are not yet clear why their information was of interest to these hackers. They are not seeing any evidence of customer information being compromised.
Global threads bazaar AliExpress, an offshoot of global bazaar AliBaba, has patched a URL flaw that allowed attackers to harvest users’ personal details including names, shipping addresses and phone numbers. The insecure direct object reference vulnerability, reported by an unnamed researcher, affected 7.7 million logged-in users for AliExpress, the online retail wing of AliBaba that’s the most visited e-commerce site in Russia.
The Federal Communications Commission (FCC) recently announced that AT&T has agreed to pay a $25 million fine for privacy violations related to a 2014 data breach that exposed almost 280,000 customers' names, full or partial Social Security numbers, and account-related data, including customer proprietary network information (CPNI).
Around 48 million Xbox subscribers were interrupted from their gaming. The motive of this hack is unclear.
Five Sony films, an early version of a script for the next James Bond movie, Spectre, Brad Pitt's Fury, and a whole host of Sony's private company information has apparently been exposed to the public, including bosses' salaries and employees' social security information.
The Texas Health and Human Services department discovered a data breach, it appears by "chance", after terminating their relationship with Xerox Corporation. The information includes "Medicaid clients' names, birthdates, Medicaid numbers, and medical and billing records related to care provided through Medicaid, such as reports, diagnosis codes and photographs."
Credit card details from almost half of all South Koreans have been stolen and sold to marketing firms. The data was stolen by a computer contractor working for a company called the Korea Credit Bureau that produces credit scores. Approximately 104 million credit card accounts were compromised following breaches at three credit card firms in South Korea. Originally, the BBC reported the breaches had affected 20 million cards.
"Staples that the investigation revealed that the hackers used malware that provided access to information for transactions at 115 of its stores. The hackers stole cardholder names, payment card numbers, expiration dates and card verification codes. The company is offering free identity theft protection services."
According to documents posted by financial news service Credit.com, the company has notified its customers that a pair of CDs containing the names, addresses, social security numbers and account numbers for users had gone missing.
After reviewing 1.9 million records for people who have registered with the WorkSource Oregon Management Information System(WOMIS), state officials say they've identified 851,322 people whose information may have been compromised.
One financial institution that received an alert about a breach, said the bank had nearly 9,000 customer cards listed in that alert, and that the only common point-of-purchase were Chick-fil-A locations.
A 31yo was recently booked by the police for infiltrating the accounts of 25 million people on Naver, S. Korea's largest Web portal. According to the National Police Agency, the suspect, surnamed Seo, purchased the private information of 25 million people. Seo then used the data, which included the names, residential numbers, Internet IDs and passwords, to hack into Naver accounts. He sent spam messages and other illicit emails to the Naver account holders to rake in illegal profit of some 160 million won ($148,000).
Some reports suggests that credit and debit card information was not involved, that the hackers instead stole personal data such as addresses and phone numbers.
The New York Times reported that and 7 million small businesses were involved.
The company explained the incident this way: “An intruder stole log-in credentials from Jimmy John’s point-of-sale vendor and used these stolen credentials to remotely access the point-of-sale systems at some corporate and franchised locations.
The national, charitable resale organization announced in early September that card information at approximately 330 stores had been compromised.
About 56 million card records were hacked in this attack that is said to revolve around malware that was installed on cash register systems.
The origin of the breach comes from hackers compromising a small number of employee login credentials, which gave access to eBay’s corporate network.
In March, the Texas-based beauty chain said it had been hacked by the same gang that hacked Target.
Education services provider Benesse Corp. said personal data on 22.6 million customers were stored on a smartphone owned by the Tokyo systems engineer under arrest on suspicion of theft and illegal copying of customer data. While announcing the figure Monday, Benesse, a subsidiary of Benesse Holdings Inc., said the stolen information — the worst data leak in Japan’s history — also included customer data on its group firms’ online-shopping website Benesse Life Smile Shop & message board website Benesse Women’s Park.
Hundreds of passwords to Dropbox accounts have been leaked in the latest security breach, with hackers threatening to release millions more account details in exchange for Bitcoin.
The ice cream chain said the breach affected 395 of its over 4,500 locations in the United States. The hacked information contained the names and credit card information of past customers.
According to a CHS SEC filing describing the breach, the hack likely originated from China and focused on valuable non-clinical, non-medical data, such as “patient names, addresses, birthdates, telephone numbers and Social Security numbers."
The company, in a statement, said, “We do know, and our forensic reports have confirmed, that malicious software (malware) was clandestinely installed on our system and that it attempted to collect or ‘scrape’ payment card data from July 16, 2013 to Oct. 30, 2013.”
Information was accessed through a single server by hackers from China and other locations. The server contained employee and patient data for St. Joseph Regional Health Center in Bryan, Burleson St. Joseph Center, Madison St. Joseph Health Center, Grimes St. Joseph Health Center and St. Joseph Rehabilitation Center. The breach supposedly occurred between December 16 through the 18th, 2013. The data included patient names, birth dates, Social Security numbers, and possibly addresses. Medical information for patients was accessible, as well as bank information for current and former employees. Both adult and minor information may have been compromised.
German authorities recently confirmed that they're investigating the theft of around 18 million e-mail account passwords, affecting all major German Internet service providers
Business social network LinkedIn and online dating service eHarmony said Wednesday that some of their users' passwords were stolen and millions appear to have been leaked onto the Internet.
Around 70 million holiday shoppers had their card data compromised late last year in the breach at Target, the incident that kicked off the current wave of big breaches.
Sometime between November 1 and 3, two unencrypted laptops were stolen from employee workstations. The laptops were password-protected and cable-locked to the workstations. Names, Social Security numbers, addresses, dates of birth, Horizon Blue Cross Blue Shield New Jersey identification numbers, and demographic information may have been exposed.
An unspecified data breach may have exposed the information of current and former students, employees, and vendors. Names, Social Security numbers, bank account information, and dates of birth may have been viewed by unauthorized parties.
Hackers stole and stored information online related to customers who used limousine and other ground transportation. The online information included plain text archives of credit card numbers, expiration dates, names, and addresses. Many of the customers were wealthy and used credit cards that would be attractive to identity thieves.
According to the company, only card numbers and expiration dates appear to have been exposed, not the cardholder's name, address or identifying information.
Adobe said hackers had stolen encrypted customer credit card records, as well as login data for an undetermined number of Adobe user accounts.
Hackers were able to access Zappos customer's names, e-mail addresses, addresses, phone numbers, the last four digits of credit card numbers and cryptically scrambled passwords.
Online gaming platform experienced a massive data breach that exposed the names, addresses and other personal information of 77 million users.