2026-03-25
[vendor] Hasbro Inc. corporate IT infrastructure
Vector: Unknown threat actor gained unauthorized access to Hasbro's corporate IT network and exfiltrated data before being detected; Hasbro took systems offline to contain the spread, disrupting some business operations; specific initial access vector was not publicly disclosed at time of reporting
In late March / early April 2026, Hasbro Inc. — the US toy and entertainment conglomerate (maker of Monopoly, Transformers, My Little Pony, Magic: The Gathering, Dungeons & …
2026-03-22
[vendor] USR stablecoin depeg
[loss] $24M
Vector: Smart contract exploit / hack
The Resolv USD stablecoin, also known as USR, lost its intended dollar peg and dropped to around $0.14 after an exploiter was able to mint and sell tens of millions of unbacked …
2026-03-20
Vector: WorldLeaks extortion gang breached a third-party discovery transfer system used by the Los Angeles City Attorney's Office to transfer legal discovery documents; LAPD's own systems and networks were not directly compromised
On March 20, 2026, the WorldLeaks extortion gang breached a third-party digital system used by the Los Angeles City Attorney's Office to transfer legal discovery documents. The LA …
2026-03-19
Vector: AppsFlyer's mobile attribution SDK — embedded in thousands of iOS and Android applications — was compromised; attackers used malicious SDK code to intercept cryptocurrency wallet addresses in apps that used AppsFlyer for mobile marketing attribution
AppsFlyer — one of the world's largest mobile attribution platforms, with its SDK embedded in thousands of iOS
and Android applications including crypto wallets and fintech apps — …
2026-03-19
Vector: Unknown attacker compromised a Washington State-based employee benefits administrator's systems, accessing employer and employee benefits enrollment data
A Washington State-based employee benefits administrator notified approximately 2.7 million individuals of a
data breach. The firm provides employee benefits enrollment, …
2026-03-17
Vector: ShinyHunters used targeted vishing (voice phishing) against a single Aura employee to obtain credentials, gaining approximately one hour of unauthorized access before being detected and removed
On March 17, 2026, identity protection firm Aura disclosed a data breach after ShinyHunters used targeted vishing to compromise a single employee's account. The attacker had access …
2026-03-16
[vendor] CareCloud talkEHR (electronic health record platform)
Vector: Unauthorized actor gained access to one of CareCloud's six electronic health record (EHR) environments; initial access vector not publicly disclosed
On March 16, 2026, CareCloud (a Somerset, NJ-based healthcare IT company) detected unauthorized access to one of its six EHR environments. The threat actor had access for …
2026-03-09
[vendor] Gondi theft
[loss] $230,000
Vector: Smart contract exploit / hack
A thief exploited a smart contract belonging to the Gondi NFT platform to steal 78 NFTs priced at $230,000. Perhaps the most shocking part of the theft is that the attacker managed …
2026-03-03
[vendor] Returned crypto stolen again from Korean authorities
[loss] $5M
Vector: Seed phrase / wallet compromise
After a thief drained a crypto wallet of 4 million PRTG (notionally priced at $4.9 million, but highly illiquid) after blundering Korean tax officials posted the wallet's seed …
2026-03-01
[vendor] California-based implantable orthopedic device manufacturer (specific company name not confirmed at time of reporting)
Vector: Unknown attacker gained unauthorized access to the California-based implantable orthopedic device manufacturer's systems; the company reported the hacking incident to relevant authorities and is among several medical device makers to disclose cybersecurity incidents in early 2026
On approximately 31 March 2026, a California-based maker of implantable orthopedic devices disclosed it had been the victim of a cybersecurity incident. DataBreachToday reported …
2026-03-01
[vendor] Dutch Ministry of Finance / Rijksfinancien IT systems
Vector: Unknown attacker gained unauthorized access to Dutch Ministry of Finance (Rijksfinancien) systems; the specific attack vector — whether phishing, exploitation of an internet-facing vulnerability, or supply chain — was not confirmed at time of initial reporting
In early 2026, the Dutch Ministry of Finance (Ministerie van Financiën, also known as Rijksfinancien) disclosed a cybersecurity breach, details of which were reported in …
2026-03-01
[vendor] Lloyds Banking Group customer data systems
Vector: Customer data belonging to Lloyds Banking Group was exposed or leaked; the specific mechanism — whether a direct breach of Lloyds systems, a third-party vendor incident, or an insider leak — was not confirmed at time of initial reporting; approximately 450,000 customer records were involved
In early April 2026, a data leak affecting approximately 450,000 Lloyds Banking Group customers was reported, with details emerging in DataBreachToday's weekly breach roundup. …
2026-02-26
[vendor] Crypto stolen from Korean authorities after they post wallet seed phrase
Vector: Seed phrase / wallet compromise
When Korean authorities posted a photograph of seized cash and other items from a police raid, they included photos of cards containing crypto wallet seed phrases, which were …
2026-02-25
Vector: Unknown attacker gained unauthorized access to UFP Technologies' systems and exfiltrated data; UFP filed an SEC 8-K cybersecurity incident notification
UFP Technologies — a Massachusetts-based manufacturer of single-use medical device components, specialty
packaging, and protective solutions for healthcare — disclosed a data theft …
2026-02-23
Vector: A coding error in PayPal's application enabled unauthorized data access and facilitated fraud against a subset of PayPal users; the error was in the app's data handling logic rather than a direct attack by external threat actors
PayPal disclosed a data breach and associated fraud incident caused by a coding error in its payment
application. The error allowed unauthorized access to a subset of user account …
2026-02-21
[vendor] YieldBlox theft
[loss] $10M
Vector: Oracle price manipulation
A lending pool operated by YieldBlox on the Stellar blockchain was emptied of around $10.2 million in an oracle manipulation attack on the Reflector oracle supplying prices for the …
2026-02-20
[vendor] Goliath Ventures CEO charged
[loss] $328M
Vector: Ponzi / pyramid scheme
Federal authorities arrested Christopher Alexander Delgado, the CEO of Goliath Ventures (previously Gen-Z Ventures). According to the charging documents, what Delgado presented to …
2026-02-17
Vector: Interlock ransomware group exploited vulnerabilities in Kettering Health's network infrastructure
Kettering Health (an Ohio-based health system operating multiple hospitals and care sites) was notifying
current and former patients of data exposure resulting from an Interlock …
2026-02-07
[vendor] Odido customer contact/CRM system
Vector: ShinyHunters used phishing and social engineering to gain access to Odido's customer contact/CRM system used by customer service representatives
On the weekend of February 7–8, 2026, ShinyHunters breached Odido's (Netherlands' largest mobile network operator) customer contact system and downloaded records for approximately …
2026-02-05
Vector: Former Nuance Communications IT employee retained access to healthcare client systems after termination; used former access credentials to access Geisinger Health patient data
In early 2026, the former Nuance Communications IT worker responsible for the Geisinger Health patient data
breach (documented separately) faced additional federal charges. The …
2026-02-04
Vector: ShinyHunters' vishing (voice phishing) social engineering campaign targeting cloud service providers; victims included service providers holding Harvard and UPenn alumni, donor, or student data
Harvard University and the University of Pennsylvania were named as victims and had data leaked by
ShinyHunters, the prolific hack-and-leak group responsible for numerous …
2026-02-03
Vector: Misconfiguration: Transformco (Sears Home Services parent) left three cloud storage buckets containing AI chatbot logs, audio recordings, and scheduling data publicly accessible without authentication
On February 3, 2026, security researcher Jeremiah Fowler discovered three unsecured publicly exposed databases during routine Shodan scans, containing 4.3 terabytes of data linked …
2026-02-01
Vector: ShinyHunters used social engineering (pretexting/vishing — impersonating employees calling the help desk for password resets) to gain unauthorized access to CarGurus systems
In February 2026, ShinyHunters breached CarGurus (a major US online automotive marketplace) via social engineering. After CarGurus declined to pay ransom, the data was published …
2026-02-01
[vendor] LexisNexis (legal research platform)
Vector: Unknown; hackers claimed access to government and law firm user data
LexisNexis, the major legal research and information services platform used extensively by law firms, government agencies, and courts, confirmed a data breach in early 2026. …
2026-01-29
Vector: Unknown attacker compromised ambulance billing and collections firm systems accessing patient data
An ambulance billing and medical collections firm agreed to pay $515,000 to Massachusetts and Indiana
attorneys general following a hack that compromised patient data. The firm …
2026-01-28
Vector: Unknown attacker compromised a Maryland-based firm providing AI-powered services; the firm stores personal data from healthcare or insurance-related AI processing workflows
In 2025, a Maryland-based firm providing AI-powered services (identity or background verification) was hacked,
with the breach disclosed in early 2026 affecting approximately 3.1 …
2026-01-09
[vendor] Okta SSO
Vector: ShinyHunters used vishing (voice phishing) to impersonate employees calling IT/help desk and obtain Okta SSO credentials, gaining unauthorized access to Crunchbase systems
In January 2026, ShinyHunters breached Crunchbase (a major business intelligence and startup data platform) via vishing — attackers impersonated internal employees to …
2026-01-01
[vendor] Slack; Google Drive; Bumble internal contractor access
Vector: Vishing (voice phishing) attack compromised a contractor's account at Bumble, granting limited access to internal Slack and Google Drive systems; a related attack targeted Match Group
On January 29, 2026, ShinyHunters posted data allegedly stolen from Bumble (dating app) and Match Group (parent of Tinder, Hinge, OkCupid) on a dark web leak site. ShinyHunters …
2026-01-01
Vector: Voice phishing (vishing) social engineering attack tricked an employee into surrendering credentials and MFA codes, allowing unauthorized access to internal systems
Figure Technology Solutions (fintech lending company) disclosed in February 2026 that ShinyHunters conducted a vishing (voice phishing) attack against an employee in January 2026, …
2025-12-30
[vendor] Unleash Protocol
[loss] $4M
Vector: Smart contract exploit / hack
Unleash Protocol, a project promising to allow creators to register their intellectual property on the blockchain, has been exploited for around $3.9 million. An attacker was able …
2025-12-22
[vendor] Navia Benefit Solutions (employee benefits administration platform)
Vector: Broken Object Level Authorization (BOLA) vulnerability in Navia's systems allowed unauthorized access to benefit plan data
Navia Benefit Solutions, an employee benefits administration company, suffered a data breach due to a BOLA (Broken Object Level Authorization) API vulnerability. An unknown threat …
2025-12-20
[vendor] Condé Nast (centralized identity platform)
Vector: Insecure Direct Object Reference (IDOR) vulnerabilities and broken access controls in Condé Nast's centralized identity/account platform allowed unauthenticated enumeration of user profiles by iterating user ID values
On December 20, 2025, a threat actor called 'Lovely' posted a 2.366 million-record database from WIRED.com on the Breach Stars forum, selling access for approximately $2.30. …
2025-12-19
[vendor] 0xcB8078 address poisoning
Vector: Address poisoning attack
A crypto trader lost almost $50 million in the Tether stablecoin after falling victim to an address poisoning attack. Because blockchain wallet addresses are long, random …
2025-12-01
Vector: Unknown; Crimson Collective threat actor claimed access to Brightspeed's systems and exfiltration of over 1 million customer records; Brightspeed confirmed an investigation into a potential cybersecurity event
On January 4, 2026, the Crimson Collective threat group publicly claimed via Telegram to have breached Brightspeed (a major US fiber broadband provider) and stolen records for over …
2025-12-01
[vendor] Global-e (international ecommerce and payments platform)
Vector: Unauthorized access to Global-e's cloud system storing order data for multiple brands including Ledger; initial access vector not publicly disclosed
Ledger (hardware crypto wallet manufacturer) disclosed in January 2026 that an unnamed unauthorized party accessed a Global-e cloud system used to process international orders. …
2025-12-01
[vendor] Cegedim Santé MonLogicielMedical (cloud EHR/practice management platform)
Vector: Unauthorized access via abnormal API/application requests on doctor accounts in Cegedim Santé's MonLogicielMedical (MLM) cloud healthcare platform; initial access vector not publicly disclosed
Cegedim Santé (French healthcare software provider) confirmed on March 3, 2026, that attackers stole 15.8 million administrative patient records from its MonLogicielMedical …
2025-11-12
[vendor] SitusAMC (real estate debt/equity origination, transaction, and management platform)
Vector: Unknown; no encrypting malware was involved; SitusAMC described it as a contained data exfiltration incident
SitusAMC (a financial technology provider serving 1,500+ clients including major US banks, real estate firms, and insurers) became aware of a breach on November 12, 2025, and …
2025-11-08
Vector: Insider threat: a former Coupang employee retained unauthorized access to internal systems and exfiltrated customer data; breach persisted until November 8, 2025, per South Korean government investigation
A former Coupang employee maintained unauthorized access to the company's systems and exfiltrated customer data, with the breach continuing until November 8, 2025. Coupang (South …
2025-11-04
[vendor] Stream Finance loss
[loss] $93M
Vector: Withdrawal halt / insolvency
The Stream Finance defi yield project announced that "an external fund manager overseeing Stream funds disclosed the loss of approximately $93 million in Stream fund assets." …
2025-11-01
Vector: An unnamed third-party vendor used by Freedom Mobile was compromised, exposing customer account data stored in the vendor's systems
Freedom Mobile, one of Canada's largest wireless carriers (owned by Shaw/Rogers), disclosed in December 2025 that a third-party vendor had been compromised, resulting in the …
2025-11-01
[vendor] Marquis Software Solutions (core banking software)
Vector: Marquis Software Solutions, a vendor providing core banking software to community banks and credit unions, was compromised, exposing customer financial data for clients of 74 affected financial institutions
Marquis Software Solutions, a provider of core banking and analytics software to community banks and credit unions across the United States, disclosed in December 2025 that a …
2025-10-25
Vector: Social engineering attack targeting a DoorDash employee; threat actors manipulated the employee to gain access to internal systems
On October 25, 2025, an unauthorized third party gained access to DoorDash's internal systems after successfully social engineering a company employee. The number of affected …
2025-10-15
Vector: A third-party vendor used by Iberia was compromised, exposing customer loyalty programme data
Iberia, the Spanish national airline and subsidiary of IAG (International Airlines Group), disclosed in November 2025 that a third-party vendor breach had exposed loyalty programme …
2025-10-01
Vector: Threat actor compromised an unnamed third-party customer service provider used by Discord, gaining access to customer support data including user account information
In October 2025, Discord disclosed that an unnamed third-party customer service provider had been breached, exposing data for approximately 55 million Discord users. The exposed …
2025-10-01
Vector: Attackers used valid credentials to access and clone third-party partner repositories used in DocketWise's data migration pipeline, which contained unstructured client data belonging to immigration law firms
In October 2025, DocketWise (a cloud-based immigration case management platform for law firms) discovered that credentials to one of its third-party partner repositories had been …
2025-10-01
[vendor] Oracle E-Business Suite (EBS)
[cve] CVE-2025-61882
Vector: Attackers exploited a vulnerability in Oracle E-Business Suite (ERP system) used by The Washington Post for HR and payroll management, exfiltrating employee and contractor personal and financial data
The Washington Post disclosed in November 2025 that a breach of its Oracle E-Business Suite ERP system had exposed sensitive personal and financial data for approximately 10,000 …
2025-09-24
[vendor] SBI Crypto theft
[loss] $21M
Vector: Nation-state attack (Lazarus/DPRK) — private key or social engineering compromise
Crypto sleuth zachxbt observed $21 million in "suspicious outflows" from SBI Crypto, a crypto mining subsidiary of the Japanese SBI Group. The money was quickly laundered through …
2025-09-22
[vendor] UXLINK
[loss] $28M
Vector: Phishing attack
The "AI-powered web3 social platform" UXLINK was exploited by an attacker that gained control of the project's multisignature wallet, then minted billions of the project's UXLINK …
2025-09-15
Vector: MANGO's third-party marketing service provider was compromised, exposing customer contact and demographic data used for marketing campaigns
MANGO, the Spanish global fashion retailer, disclosed in October 2025 that a third-party marketing provider had been compromised, exposing customer data. Exposed information …
2025-09-12
[vendor] Shibarium bridge hit with $2.4 million flash loan attack
[loss] $2M
Vector: Flash loan attack on smart contract
A bridge for Shibarium, the layer-2 network for the Shiba Inu project, was exploited for approximately $2.4 million in funds. The attacker bought 4.6 million BONE tokens (the …
2025-09-09
[vendor] Thorchain founder
[loss] $1M
Vector: Smart contract exploit / hack
John-Paul Thorbjornsen, the founder of Thorchain and Vultisig, suffered a wallet drain, reportedly after experiencing a video meeting scam from an attacker who had exploited the …
2025-09-01
[vendor] Kiln (crypto staking infrastructure)
Vector: Threat actors compromised Kiln, a professional crypto staking infrastructure provider, and used their access to drain Solana (SOL) funds belonging to SwissBorg customers from the Kiln-managed Solana Earn product
In September 2025, SwissBorg, a Swiss crypto asset management platform, lost approximately $41 million worth of Solana (SOL) after threat actors compromised Kiln, the third-party …
2025-09-01
[vendor] Oracle PeopleSoft
Vector: ShinyHunters exploited a vulnerability in Wynn Resorts' Oracle PeopleSoft HR platform to gain unauthorized access and exfiltrate employee data
In September 2025, ShinyHunters exploited a vulnerability in Wynn Resorts' Oracle PeopleSoft platform to access employee records. The breach was discovered in February 2026. …
2025-09-01
Vector: A third-party vendor used by Renault and Dacia UK was compromised, exposing customer personal data including vehicle identification information
Renault and Dacia UK disclosed in October 2025 that a third-party vendor had been compromised, exposing data for UK customers. Exposed information included customer names, gender, …
2025-08-28
[vendor] FEI Systems MnCHOICES (disability waiver case management)
Vector: A user affiliated with a licensed healthcare provider accessed the MnCHOICES disability services system without authorization; unauthorized access occurred through a third-party vendor (FEI Systems) managing the platform
From August 28 to September 21, 2025, an individual affiliated with a licensed healthcare provider accessed the Minnesota Department of Human Services' MnCHOICES disability …
2025-08-15
Vector: An unnamed third-party vendor used by LNER was compromised, exposing customer contact details and journey information stored in the vendor's systems
London North Eastern Railway (LNER), the UK train operator serving the East Coast Main Line between London King's Cross, Edinburgh, and Aberdeen, disclosed in September 2025 that a …
2025-08-15
Vector: A third-party vendor used by Wealthsimple was compromised, exposing sensitive personal and financial identity documents for affected customers
Wealthsimple, a major Canadian online investment and financial services platform, disclosed in September 2025 that a third-party vendor had been compromised, resulting in the …
2025-08-14
[vendor] BtcTurk
[loss] $49M
Vector: Smart contract exploit / hack
The Turkish cryptocurrency exchange BtcTurk has apparently been hacked again, as various blockchain security firms observed suspicious withdrawals estimated at around $49 million. …
2025-08-07
[vendor] MEV bot
[loss] $1M
Vector: MEV / sandwich attack
Scammers using AI-generated YouTube videos to promote supposedly profitable crypto bot software have convinced crypto users to deploy what is, in reality, malicious code that …
2025-08-04
Vector: Cyberattack on Bouygues Telecom systems; specific initial access vector not publicly disclosed
On August 4, 2025, Bouygues Telecom — France's third-largest mobile phone carrier — detected a cyberattack. The company publicly disclosed the breach on August 6-7, 2025. …
2025-08-01
[vendor] Oracle E-Business Suite (EBS)
[cve] CVE-2025-61882
Vector: Attackers exploited CVE-2025-61882, a zero-day vulnerability in Oracle E-Business Suite (EBS), to access the university's network and exfiltrate sensitive data; attack tactics consistent with Clop ransomware gang
Beginning in August 2025, attackers exploited CVE-2025-61882 (a zero-day in Oracle E-Business Suite) to breach the University of Phoenix's network and steal sensitive data. The …
2025-08-01
[vendor] 2Keys Corporation (digital identity/authentication services)
Vector: Threat actors compromised 2Keys Corporation, a third-party digital identity service provider contracted by the Canadian federal government, gaining access to authentication data for government service accounts
In September 2025, the Canadian government disclosed that 2Keys Corporation, a digital identity and authentication service provider contracted by multiple federal agencies, had …
2025-08-01
Vector: Chess.com's unnamed third-party file transfer provider was compromised, resulting in the exfiltration of customer data stored in that system
Chess.com, the world's largest online chess platform with over 100 million registered users, disclosed in September 2025 that a third-party file transfer provider had been …
2025-08-01
Vector: A third-party vendor used by Harrods for customer relationship management was compromised, exposing online customer contact details
In September 2025, Harrods, the iconic London luxury department store, disclosed that a third-party vendor had been compromised, exposing contact details for online customers. …
2025-07-28
[vendor] Salesforce; third-party support application
Vector: Attackers (attributed to ShinyHunters/UNC6395) gained access to a third-party Salesforce-based application used by TransUnion for US consumer support operations, likely via the SalesLoft Drift OAuth token supply chain attack
TransUnion disclosed on August 28, 2025, that unauthorized actors accessed a third-party application serving its US consumer support operations between July 28–30, 2025. The attack …
2025-07-24
[vendor] WOO X
[loss] $14M
Vector: Phishing attack
Attackers who compromised devices belonging to a WOO X employee stole $14 million from users of the Taiwanese WOO X cryptocurrency exchange. The phishing attack on the employee …
2025-07-18
[vendor] CoinDCX
[loss] $44M
Vector: Smart contract exploit / hack
The Indian cryptocurrency exchange CoinDCX was hacked, with attackers stealing around $44 million. The company announced the breach the following day, attributing it to a …
2025-07-16
[vendor] BigONE
[loss] $27M
Vector: Smart contract exploit / hack
The BigONE cryptocurrency exchange was hacked for more than $27 million, which the hacker quickly swapped for various other tokens. The attacker compromised one of the exchange's …
2025-07-11
[vendor] MoonPay donation
[loss] $250,000
Vector: Smart contract exploit / hack
In a seizure request filed by the DC Attorney General, the Justice Department outlined how a Nigerian scammer used the classic "lowercase Ls look like uppercase Is" trick to steal …
2025-07-01
Vector: Attackers compromised a partner's system in July 2025 and gained unauthorized access to a third-party API linked to 700Credit's web application, likely via web application vulnerability or misconfiguration
700Credit — the largest provider of credit reporting, identity verification, fraud and compliance services for US automotive dealerships — suffered a data breach between …
2025-07-01
[vendor] Paradox, Inc. AI chatbot / hiring platform
Vector: Third-party AI chatbot provider Paradox, Inc. used by McDonald's for automated job application processing was compromised, exposing applicant data collected through the hiring platform
In July 2025, McDonald's disclosed a breach affecting approximately 64 million job applicants whose data was stored on systems operated by Paradox, Inc., McDonald's third-party …
2025-07-01
[vendor] PayPal Working Capital (PPWC loan application)
Vector: Routine code update to the PayPal Working Capital (PPWC) loan application contained a programming error that left customer PII accessible without authorization for approximately six months
A code update error in PayPal's Working Capital loan application exposed approximately 100 customers' personally identifiable information from July 1 to December 13, 2025 — …
2025-07-01
[vendor] Salesforce
Vector: ShinyHunters compromised Air France-KLM's Salesforce CRM environment through social engineering / vishing of a Salesforce-privileged employee, part of the broader 2025 ShinyHunters Salesforce campaign
Air France-KLM, the Franco-Dutch multinational airline group, disclosed in August 2025 that their Salesforce CRM environment had been compromised as part of the …
2025-07-01
[vendor] Salesforce
Vector: ShinyHunters compromised TransUnion's Salesforce environment through social engineering / vishing of a Salesforce-privileged user, part of the broader 2025 Scattered Spider/ShinyHunters Salesforce campaign targeting major enterprises
In August 2025, TransUnion confirmed it had been affected by the ShinyHunters/Scattered Spider Salesforce social engineering campaign, with limited personal information exposed for …
2025-06-26
[vendor] Resupply
[loss] $10M
Vector: Smart contract exploit / hack
An attacker was able to exploit a vulnerability in a smart contract used by the Resupply stablecoin lender to extract about $9.3 million from the project. After depositing around …
2025-06-23
[vendor] daytwo-thefts
[loss] $4M
Vector: Smart contract exploit / hack
Christian Nieves, a New York man who goes by the handles "daytwo" and "PawsOnHips", has reportedly stolen more than $4 million through a theft ring where he impersonates Coinbase …
2025-06-23
[vendor] Self Chain
[loss] $50M
Vector: Ponzi / pyramid scheme
On June 19, a company called Aza Ventures published allegations on Telegram that they had been scammed by someone promising to facilitate OTC sales of steeply discounted tokens for …
2025-06-21
[vendor] Hacken token crash
[loss] $250,000
Vector: Smart contract exploit / hack
Web3 cybersecurity firm Hacken had a cybersecurity incident of their own when the private key belonging to a wallet with mint access for the project's $HAI token was leaked. …
2025-06-18
[vendor] Nobitex
[loss] $90M
Vector: Smart contract exploit / hack
The Iran-based Nobitex cryptocurrency exchange suffered a $90 million hack, and the attacker has also promised to imminently release data and source code from the platform. The …
2025-06-12
Vector: Social engineering / vishing (voice phishing): attackers impersonated employees to deceive IT help desk into granting account access
On June 12, 2025, Aflac insurance company's US network was compromised via social engineering. The attack is attributed to Scattered Spider, a financially motivated …
2025-06-06
[vendor] ALEX Lab
[loss] $8M
Vector: Smart contract exploit / hack
ALEX Lab lost $8.3 million in various currencies after an attacker exploited a flaw in the project's smart contracts that allowed them to create a malicious token. They drained a …
2025-06-02
[vendor] BitoPro
[loss] $12M
Vector: On-chain theft (attributed by zachxbt)
The Taiwanese cryptocurrency exchange BitoPro disclosed that they had suffered a theft from one of their hot wallets, which they said occurred during a system upgrade in which they …
2025-06-01
Vector: Attackers used compromised credentials (likely a service account or employee login) to access Prosper's internal databases and issue unauthorized queries to extract customer data over approximately 3 months
Between June and August 2025, unauthorized actors accessed Prosper Marketplace's customer databases by exploiting compromised credentials. Prosper (a San Francisco-based …
2025-06-01
[vendor] Salesforce CRM
Vector: Scattered Lapsus$ Hunters (ShinyHunters) breached Vietnam Airlines' Salesforce CRM instance as part of a campaign targeting 39+ companies via malicious OAuth app linked through vishing of employees
In October 2025, Scattered Lapsus$ Hunters published 63.62 GB of data (23+ million records) from Vietnam Airlines' Salesforce CRM system. The initial intrusion occurred around June …
2025-05-12
[vendor] Curve Finance website and Twitter account
Vector: DNS hijacking / domain takeover (front-end compromise)
The website and Twitter accounts belonging to the Curve Finance defi projects were compromised in quick succession. On May 5, an attacker compromised the Twitter account belonging …
2025-04-22
[vendor] Tata Consultancy Services (IT outsourcing vendor)
[malware] DragonForce ransomware
Vector: Scattered Spider (UNC3944) conducted a social engineering / vishing attack targeting Tata Consultancy Services (TCS) employees who had privileged access to M&S systems, gaining access to M&S Active Directory via NTLM hash relay and deploying DragonForce ransomware
Beginning around April 22, 2025, Scattered Spider (also tracked as UNC3944 and Octo Tempest) attacked Marks & Spencer, the UK's largest clothing retailer, by socially engineering …
2025-04-17
[vendor] Unnamed third-party service provider
Vector: Unauthorized access to an unnamed third-party service provider's systems that stored Ericsson employee and customer data
Between April 17–22, 2025, an unknown threat actor accessed files at an unnamed third-party service provider used by Ericsson Inc. (US operations). The investigation concluded in …
2025-04-15
[vendor] CBEX
[loss] $12M
Vector: Ponzi / pyramid scheme
Victims, mostly in Nigeria and Kenya, have lost approximately $12 million to a Ponzi scheme called CBEX, which was named to mimic an association with the China Beijing Equity …
2025-04-01
Vector: An unauthorized actor gained access to an unnamed third-party customer service provider used by Adidas, obtaining customer contact data stored in that system
In May 2025, Adidas disclosed that a data breach had occurred via an unnamed third-party customer service provider. The breach exposed customer contact information including names, …
2025-04-01
Vector: Attackers exploited an unpatched vulnerability in the Legal Aid Agency's online portal to gain unauthorized access to its database
In May 2025, the UK Legal Aid Agency (part of the Ministry of Justice) disclosed a significant data breach affecting information on 2,000 legal service providers and their clients. …
2025-03-29
[vendor] Spectos GmbH (data analytics/service monitoring)
Vector: Threat actor compromised Spectos GmbH, a German data analytics and service monitoring firm used by Royal Mail to track delivery performance metrics, gaining access to Royal Mail customer and operational data stored on Spectos systems
In late March 2025, a threat actor claimed to have stolen approximately 144GB of data from Royal Mail by compromising Spectos GmbH, a data analytics vendor used by Royal Mail for …
2025-03-21
[vendor] Zoth
Vector: Smart contract exploit / hack
RWA restaking platform Zoth suffered a $8.29 million hack after an attacker gained access to admin privileges that allowed them to modify the platform's smart contracts. The hacker …
2025-03-06
[vendor] Zoth
[loss] $285,000
Vector: Smart contract exploit / hack
Zoth, a restaking platform for "real world assets" (or RWAs), was hacked for around $285,000 when an exploiter discovered a bug in the platform's collateral calculations. This …
2025-02-28
[vendor] Wemix Foundation
[loss] $6M
Vector: Smart contract exploit / hack
The Wemix Foundation, which runs the blockchain gaming platform WEMIX, suffered a $6.2 million hack of their blockchain bridge. Although the hack occurred on February 28, the …
2025-02-14
Vector: Unauthorized network access; attackers had persistent access to Anne Arundel Dermatology systems from February 14 to May 13, 2025
Anne Arundel Dermatology (a Maryland-based multi-site dermatology practice) disclosed a data breach affecting approximately 1.9 million individuals. Attackers maintained …
2025-02-12
[vendor] zkLend
[loss] $10M
Vector: Smart contract exploit / hack
The Starknet-based lending platform zkLend was exploited for around $9.5 million. zkLend paused the protocol after the attack was discovered, and began working with various crypto …
2025-02-03
[vendor] Coinbase accused of failing to prevent phishing
[loss] $300M
Vector: On-chain theft (attributed by zachxbt)
Crypto sleuth zachxbt has accused the popular American cryptocurrency exchange Coinbase of "fail[ing] to stop its users losing $300M+ per year to social engineering scams". He …
2025-01-23
[vendor] Phemex
[loss] $70M
Vector: Smart contract exploit / hack
The Singapore-based Phemex cryptocurrency exchange has acknowledged the compromise of some of the exchange's hot wallets, which saw outflows of at least $37 million across multiple …
2025-01-20
Vector: Authorised but controversial access granted to DOGE operatives to federal systems including OPM, Treasury payment systems (handling $6T in payments), USAJOBS, and other agencies
Starting January 20, 2025, operatives associated with the Department of Government Efficiency (DOGE), led by Elon Musk, were granted unprecedented access to sensitive federal …
2025-01-09
[vendor] $2.2 million stolen by fake job
[loss] $2M
Vector: Regulatory / legal action
New York Attorney General Letitia James announced a lawsuit against a group of scammers operating a scheme in which they promised fake job opportunities to victims, convincing them …
2025-01-08
[vendor] Hengelo man arrested in alleged crypto pyramid scheme
[loss] $3M
Vector: Ponzi / pyramid scheme
A self-described crypto banker from Hengelo, Netherlands was arrested in connection to an alleged crypto pyramid scheme he'd been running. He'd originally told police that he was …
2025-01-07
[vendor] Kraken spoofing website
[loss] $100,000
Vector: Phishing attack
A man who received an inheritance in 2021 and decided to put it into crypto lost his entire $100,000 balance when he fell victim to a spoofing site in 2023. When he decided to …
2025-01-01
[vendor] TaskUs (outsourced customer support)
Vector: Threat actors bribed and recruited rogue agents working at TaskUs, Coinbase's outsourced customer support contractor in India, to steal customer data from Coinbase's internal support tools
Starting in approximately early 2025, cybercriminals recruited and bribed several customer support agents employed by TaskUs, Coinbase's outsourced support provider operating from …
2024-12-19
[vendor] PowerSchool Student Information System (SIS)
Vector: CWE-308: Use of Single-factor Authentication (compromised employee password, no MFA on PowerSource portal)
PowerSchool, the dominant K-12 student information system provider serving approximately 16,000 schools and 50 million students in North America, suffered a data breach beginning …
2024-12-11
[vendor] CFTC lawsuit against Francier Obando Pinillo
[loss] $6M
Vector: Ponzi / pyramid scheme
The CFTC has filed suit against Francier Obando Pinillo, an American former pastor who targeted his former congregants and other unsophisticated investors with a crypto pyramid …
2024-12-09
[vendor] Monroe University IT systems
Vector: CWE-284: Improper Access Control
Monroe University, a New York-based for-profit university, suffered a cyberattack between December 9 and December 23, 2024, in which threat actors exfiltrated data on 320,973 …
2024-12-06
[vendor] 85-year-old painter
[loss] $135,000
Vector: Smart contract exploit / hack
An 85-year-old painter from Brooklyn was convinced to send scammers $135,000 after they promised they would sell his artwork as NFTs on OpenSea. After agreeing to have a supposed …
2024-12-01
[vendor] Cleo Harmony; Cleo VLTrader; Cleo LexiCom
[cve] CVE-2024-50623 +1
Vector: Clop ransomware group exploited zero-day vulnerabilities in Cleo Harmony, VLTrader, and LexiCom managed file transfer software (CVE-2024-50623, CVE-2024-55956) to access Hertz's file transfer infrastructure
Hertz Corporation disclosed in April 2025 that customer data had been stolen in attacks exploiting Cleo managed file transfer (MFT) software vulnerabilities in approximately …
2024-11-28
[vendor] XT.com
[loss] $2M
Vector: Smart contract exploit / hack
On November 28, cryptocurrency exchange XT.com abruptly suspended withdrawals, citing a "wallet upgrade and maintenance". However, after a blockchain security firm identified $1.7 …
2024-11-20
Vector: Unauthorized party accessed a single individual employee account and associated computer within Lockton's network, then accessed files containing protected health and personal information
On November 20, 2024, an unauthorized party gained access to a single employee account and computer within the Southeast Series of Lockton Companies' network — one of the largest …
2024-11-16
[vendor] DEXX losses
[loss] $21M
Vector: Smart contract exploit / hack
DEXX, a platform that advertises itself as the "first memecoins trading terminal application", disclosed that it had been hacked when it posted a message on social media addressed …
2024-11-15
[vendor] Thala
[loss] $300,000
Vector: Smart contract exploit / hack
The Thala Labs Aptos-based defi project suffered a $25.5 million theft when an attacker exploited a vulnerability in one of their smart contracts. They paused related smart …
2024-11-09
Vector: Unauthorized network access; specific method not publicly disclosed
Legends International, a major entertainment venue management and premium services company, detected unauthorized activity on November 9, 2024. The company manages venue services …
2024-11-03
[vendor] MetaWin casino
[loss] $4M
Vector: On-chain theft (attributed by zachxbt)
Hot wallets used by the MetaWin crypto casino were drained of around $4 million. According to the company's CEO, the attacker "t[ook] advantage of our frictionless withdrawal …
2024-10-31
[vendor] IBM Aspera (SFTP/managed file transfer)
Vector: Threat actor used compromised credentials to access Finastra's Secure File Transfer Platform (IBM Aspera SFTP); no malware deployed — data-only theft via stolen credentials
Finastra (London-based fintech serving 45 of the world's top 50 banks and 8,100+ financial institutions in 130 countries) had its SFTP platform accessed between 31 October and 8 …
2024-10-01
[vendor] Hot Topic / Box Lunch / Torrid retail brands
[malware] Infostealer malware (targeting Robling, third-party analytics vendor)
Vector: CWE-522: Insufficiently Protected Credentials (infostealer malware infected a third-party retail analytics provider, Robling, leaking credentials used to access Hot Topic's systems)
Threat actor 'Satanic' posted on BreachForums on 21 October 2024 claiming 350 million Hot Topic user records (figure likely inflated); confirmed data set is ~730 GB covering Hot …
2024-10-01
Vector: Threat actors compromised Stiiizy's third-party point-of-sale (POS) system provider, gaining access to customer purchasing records that include highly sensitive government-issued identity documents
Stiiizy, a major California-based cannabis brand and retailer, disclosed in January 2025 that a breach via its unnamed third-party POS system provider in approximately October 2024 …
2024-09-30
[vendor] GitLab
Vector: Attacker exploited an unpatched GitLab vulnerability to gain access to a Byte Federal server hosting customer data
US Bitcoin ATM operator Byte Federal (which operates 1,200+ ATMs nationwide) was breached on 30 September 2024 via a GitLab vulnerability but did not detect the incident until 18 …
2024-09-28
[vendor] Victim
[loss] $32M
Vector: Smart contract exploit / hack
A victim lost 12,083 spWETH tokens (~$32.4 million) after signing a malicious transaction stemming from someone using wallet drainer software. These drainers are …
2024-09-28
Vector: Attackers gained access to Free's network via insufficiently protected VPN authentication, then connected to Free Mobile's subscriber management tool (MOBO) to exfiltrate customer records starting October 6, 2024
Beginning September 28, 2024, an attacker accessed Free's network through VPN credentials using insufficiently robust multi-factor authentication. The attacker connected to MOBO, …
2024-09-28
[vendor] Internet Archive / archive.org
Vector: CWE-312: Cleartext Storage of Sensitive Information (authentication database exfiltrated; separately DDoS and defacement via JavaScript injection)
Threat actor (SN_BlackMeta, linked to pro-Palestinian hacktivist movement) defaced archive.org with a JavaScript alert and simultaneously exfiltrated a 6.4 GB SQL file …
2024-09-26
[vendor] Truflation
[loss] $5M
Vector: Smart contract exploit / hack
The Truflation platform suffered a loss of around $5 million after what they described as "an attack using malware". The company acknowledged the attack and limited some of their …
2024-09-23
[vendor] OpenAI Twitter account
Vector: Smart contract exploit / hack
The Twitter account belonging to OpenAI's news account was compromised and used to "announce" a scam website purporting to announce the $OPENAI token. "All OpenAI users are …
2024-09-20
[vendor] BingX
[loss] $52M
Vector: Smart contract exploit / hack
Singaporean cryptocurrency exchange BingX suffered a $52 million loss across a broad range of cryptocurrencies. The thefts occurred across two attacks that were hours apart. The …
2024-09-20
Vector: Social engineering / vishing targeting MoneyGram's IT helpdesk; attackers impersonated employees to obtain internal system access
MoneyGram, a major international money transfer and payment services company, suffered a data breach September 20–22, 2024 via an IT helpdesk social engineering attack (attributed …
2024-09-20
[vendor] Shezmu
[loss] $980,000
Vector: Smart contract exploit / hack
A crypto yield platform called Shezmu suffered a loss of around $4.9 million in $ShezUSD after an attacker exploited a flaw that allowed anyone to mint collateral, which they could …
2024-09-10
[vendor] Indodax
[loss] $22M
Vector: Smart contract exploit / hack
The Indonesian Indodax cryptocurrency exchange suffered an exploit that allowed attackers to steal tokens from several of its hot wallets. The firm did not directly acknowledge the …
2024-09-09
[vendor] GS Partners settlements
Vector: Ponzi / pyramid scheme
Five states have settled with the European crypto firm GS Partners over several crypto investment pyramid schemes. These included one in which the firm sold crypto "vouchers", each …
2024-09-05
[vendor] Revelo Ventures CEO resigns after robbery
Vector: Smart contract exploit / hack
Nick Drakon, formerly the CEO of the crypto research and venture capital firm Revelo, announced on Twitter that he was resigning from the company. In the post, he claimed that he …
2024-08-26
[vendor] Adam brothers charged by SEC
[loss] $60M
Vector: Ponzi / pyramid scheme
Brothers Jonathan and Tanner Adam were charged with violating the antifraud provisions of the federal securities laws with their GCZ Global and Triten Financial Group entities, …
2024-08-19
[vendor] Shan Hanes
[loss] $47M
Vector: Regulatory / legal action
Shan Hanes, the former CEO of the Kansas Heartland Tri-State Bank, was sentenced to 293 months (24 years, 5 months) imprisonment after pleading guilty to embezzlement by a bank …
2024-08-17
Vector: Attackers created two new fraudulent customer accounts and used them to access other customers' personal information via an internal document management system; no MFA gap on account creation process
Between 17-19 August 2024, unauthorized third parties exploited two newly created Fidelity customer accounts to access personal data of 77,099 customers including Social Security …
2024-08-15
[vendor] Coinbase support
[loss] $100,000
Vector: Phishing attack
After encountering issues trading his cryptocurrency holdings on Coinbase, a man in his 60s decided to contact Coinbase support for help. He Googled "Coinbase" and clicked on a …
2024-08-15
[vendor] Austin "DNP3" Taylor
[loss] $1M
Vector: Smart contract exploit / hack
In January 2023, Twitch streamer DNP3 issued a statement admitting that he had gambled away investor funds while chasing losses. "Eventually I lost everything. In addition to my …
2024-08-07
[vendor] 7ANPW theft
[loss] $1M
Vector: Nation-state attack (Lazarus/DPRK) — private key or social engineering compromise
According to blockchain investigator zachxbt, North Korean developers using fake identities were able to steal $1.3 million from a cryptocurrency project after pushing malicious …
2024-08-01
[vendor] ConvergenceFi
[loss] $210,000
Vector: Smart contract exploit / hack
An attacker took advantage of a flaw in the code for the yield farming project ConvergenceFi, draining it of all the tokens that had been allocated for staking emissions. Because a …
2024-07-24
[vendor] MonoSwap
[loss] $1M
Vector: Smart contract exploit / hack
The MonoSwap DEX announced on July 24 that it had been compromised, and urged its users to withdraw their funds to avoid losses. According to the project team, one of their …
2024-07-23
[vendor] dYdX v3 exchange website compromised
Vector: DNS hijacking / domain takeover (front-end compromise)
Crypto exchange dYdX has announced that the website for their v3 exchange was compromised, and is urging people not to use it. This announcement came almost simultaneously with a …
2024-07-11
[vendor] Squarespace domain hijacking
Vector: DNS hijacking / domain takeover (front-end compromise)
Websites providing the frontends for some popular defi services, including Compound Finance, were compromised and replaced with wallet drainers: websites resembling the usual …
2024-07-09
[vendor] OmegaPro founder arrested
[loss] $103M
Vector: Ponzi / pyramid scheme
Turkish authorities arrested Andreas Szakacs, also known as Emre Avci, for his role in the OmegaPro cryptocurrency Ponzi scheme. Victims were invited to make small investments in …
2024-07-02
[vendor] Bittensor wallet drain
[loss] $8M
Vector: AI-assisted attack or AI-generated exploit
Some users of the Bittensor wallet software suffered wallet drains as thieves emptied their cryptocurrency wallets of the project’s TAO token. Around 32,000 TAO, notionally worth …
2024-06-22
[vendor] BtcTurk
[loss] $85M
Vector: Smart contract exploit / hack
The Turkish cryptocurrency exchange BtcTurk has acknowledged that they suffered a hack that impacted ten hot wallets containing multiple cryptocurrencies. The exchange halted …
2024-06-22
[vendor] CoinStats wallet compromises
[loss] $2M
Vector: Smart contract exploit / hack
CoinStats, an application promising to help people track their cryptocurrency holdings, has suffered a breach impacting more than 1,500 user wallets.The application asks its users …
2024-06-13
Vector: Unauthorized access to databases maintained by a small number of independent insurance agency owners affiliated with Globe Life
Globe Life Inc. (insurance holding company, parent of American Income Life Insurance) detected suspicious activity on June 13, 2024. A threat actor obtained customer PII and …
2024-06-12
[vendor] Andreessen Horowitz phishing
[loss] $245,000
Vector: On-chain theft (attributed by zachxbt)
Attentive phishers noticed when Andreessen Horowitz partner Peter Lauten changed his Twitter username from @peter_lauten to @lauten, and snapped up the previous username. They then …
2024-06-06
[vendor] NovaTech and AWS Mining crypto pyramid schemes
[loss] $1.0B
Vector: Ponzi / pyramid scheme
The New York Attorney General’s office has sued Cynthia and Eddy Petion over two allegedly fraudulent cryptocurrency pyramid schemes called AWS Mining and NovaTech. They …
2024-06-04
[vendor] Lykke
[loss] $2M
Vector: Smart contract exploit / hack
The UK-based Lykke crypto exchange suffered an exploit that saw more than $23.6 million stolen from the platform. The platform shut down trading two days later, and some customers …
2024-06-03
[vendor] Bill Guan indictment
Vector: Regulatory / legal action
Widong "Bill" Guan, Chief Financial Officer of the far-right Epoch Times media company, has been indicted on money laundering conspiracy and bank fraud charges for his alleged …
2024-06-02
Vector: Unauthorized party exploited a vulnerability in a CBIZ web page to access and exfiltrate data from certain databases between June 2-21, 2024
CBIZ Benefits & Insurance Services (subsidiary of business services giant CBIZ Inc.) disclosed a breach affecting 35,953 individuals who had retiree health information on file. …
2024-06-01
[vendor] Tile customer support platform
Vector: Threat actor used stolen credentials of a former Tile/Life360 employee to access the customer support platform; inactive credentials not revoked after employee departure
An attacker gained access to Tile's customer support system using credentials belonging to a former employee, then scraped millions of customer records and attempted to extort …
2024-04-28
[vendor] Dell partner portal API
Vector: CWE-284: Improper Access Control (unauthenticated/weakly authenticated partner portal API allowing automated enumeration of service tags)
Threat actor 'Menelik' registered as a Dell partner using fake company information (access granted within 24–48 hours), then used automated tooling to enumerate 49 million customer …
2024-04-24
[vendor] Jay Mazini
[loss] $8M
Vector: Ponzi / pyramid scheme
Jay Mazini, an influencer who often boasted of his wealth on Instagram by doing cash giveaways to random strangers, has been sentenced to seven years in prison after running …
2024-04-01
[vendor] National Public Data / Jerico Pictures
Vector: CWE-312: Cleartext Storage of Sensitive Information (plaintext admin credentials in publicly accessible Members.zip on sister site RecordsCheck.net)
Background check company National Public Data (Jerico Pictures) breached via plaintext admin credentials found in Members.zip archive on sister site RecordsCheck.net. 2.9 billion …
2024-03-20
[vendor] AirDAO
[loss] $551,540
Vector: Social engineering attack
An attacker used social engineering techniques to gain access to the AirDAO project's liquidity pool. They then were able to drain 126.5 ETH (~$551,540) and 41.6 million AMB …
2024-03-14
[vendor] MOBOX
[loss] $750,000
Vector: Smart contract exploit / hack
The decentralized lending protocol, MOBOX, was exploited on March 14, 2024 after an attacker was able to take advantage of a bug in its referral program and borrowing …
2024-03-13
[vendor] Massachusetts crypto romance
[loss] $2M
Vector: Smart contract exploit / hack
The U.S. Attorney's Office in the District of Massachusetts announced that they had filed a civil forfeiture action to seize cryptocurrency priced at around $2.3 million from two …
2024-03-10
[vendor] February 2024 Twitter phishing
[loss] $42M
Vector: Phishing attack
Scam Sniffer's February 2024 report describes 57,000 victims who collectively lost almost $47 million thanks to various phishing schemes on the Twitter platform. Many of the losses …
2024-03-09
[vendor] HealthEquity HSA/benefits platform (SharePoint storage via vendor)
Vector: CWE-522: Insufficiently Protected Credentials (compromised third-party vendor user accounts)
HealthEquity, a Utah-based administrator of health savings accounts (HSAs), health reimbursement arrangements (HRAs), and COBRA benefits serving millions of Americans, disclosed a …
2024-03-07
[vendor] Tekton CI/CD; GitHub
Vector: Threat actor IntelBroker exploited a vulnerability in Acuity's Tekton CI/CD server to steal GitHub credentials, then accessed government-related repositories
IntelBroker breached federal IT contractor Acuity Inc. on 7 March 2024 and claimed to have stolen data from US State Department, DoD, NSA, ICE, USCIS, and other agencies. The …
2024-02-28
[vendor] Shido contract
[loss] $3M
Vector: Smart contract exploit / hack
The Shido blockchain suffered an exploit of their staking smart contract, in which an attacker was able to transfer ownership of the contract to another address and then upgrade …
2024-02-27
Vector: Unauthorized party gained access to VeriSource Services systems on approximately 27 February 2024 and exfiltrated employee benefits data; initial vector not publicly disclosed
VeriSource Services (Texas-based employee benefits and HR administration provider) discovered unusual activity on 28 February 2024. The final breach count was approximately 4 …
2024-02-25
[vendor] Tornado Cash
Vector: Malicious code injection / supply chain
A community member of the Tornado Cash cryptocurrency tumbler project has reported that malicious code was added to the Tornado Cash project on January 1, which has put at risk …
2024-02-22
[vendor] DeezNutz_404
[loss] $170,000
Vector: Smart contract exploit / hack
I might otherwise skip over news of a $170,000 hack, given how commonly thefts of that scale happen in the crypto world, but with a name like this... come on.One thing that keeps …
2024-02-21
[vendor] Cencora (formerly AmerisourceBergen) patient support platform
Vector: unknown
Cencora detected a cyberattack on 21 February 2024. Attackers exfiltrated patient data from its patient support program platform used by major pharmaceutical clients including …
2024-02-16
[vendor] kirilm.eth phishing
[loss] $4M
Vector: Phishing attack
A trader known as kirilm.eth fell victim to a phishing attack, losing over 180 million BEAM tokens to a scammer. BEAM is a token belonging to the Beam blockchain gaming network, …
2024-02-14
[vendor] Financial Business and Consumer Solutions (FBCS) debt collection platform
Vector: CWE-284: Improper Access Control
Financial Business and Consumer Solutions (FBCS), a Pennsylvania-based debt collection agency, suffered a ransomware attack between February 14-26, 2024. The breach ultimately …
2024-02-14
Vector: Third-party vendor breach: Financial Business and Consumer Solutions (FBCS), a debt collection agency handling Comcast customer accounts, was compromised in a ransomware attack February 14–26, 2024
Financial Business and Consumer Solutions (FBCS), a third-party debt collection agency used by Comcast, was hit by ransomware in February 2024. As a result, data on approximately …
2024-02-09
Vector: Unauthorized third party gained access to DISA Global Solutions systems between 9 February and 22 April 2024; initial access vector not publicly disclosed
DISA Global Solutions (background check, drug testing, and employment screening provider to 55,000+ companies including 135 Fortune 500 firms) was breached for 100+ days before …
2024-02-04
[vendor] Prudential Financial
[malware] ALPHV/BlackCat ransomware
Vector: unknown
ALPHV/BlackCat claimed responsibility for the breach, detected 5 February 2024 (breach date 4 February). Initial SEC disclosure in February cited ~36,000 potential victims; updated …
2024-02-01
Vector: Attackers gained unauthorized access to NTT Communications' order information system (Order Information Change System) through an undisclosed vulnerability, enabling data exfiltration of corporate customer contract records
NTT Communications Corporation, the international subsidiary of Japan's NTT Group, disclosed in March 2025 that a breach had exposed data for 17,891 corporate customers. The …
2024-01-31
[vendor] January 2024 Twitter phishing
[loss] $58M
Vector: Phishing attack
Scam Sniffer's January 2024 report describes more than 40,000 victims who collectively lost more than $58 million thanks to various phishing schemes on the Twitter platform.The top …
2024-01-29
[vendor] Sam Lee
Vector: Regulatory / legal action
US Attorneys in Maryland and the US Securities and Exchange Commission filed criminal and civil lawsuits, respectively, against Sam Lee, the co-founder of the HyperVerse …
2024-01-27
[vendor] Somesing
[loss] $12M
Vector: Smart contract exploit / hack
Have you ever gone out to karaoke and thought "man, the only thing missing from this perfect night is a blockchain"? No? Weird.Anyway, the South Korean Somesing platform — which is …
2024-01-23
[vendor] MailerLite
[loss] $700,000
Vector: Phishing attack
After hackers gained access to various accounts on the MailerLite email marketing software via a social engineering attack on an employee, they were able to send malicious phishing …
2024-01-20
[vendor] AnyDesk production systems / code signing infrastructure
Vector: Undisclosed sophisticated attack on AnyDesk's production systems; AnyDesk described it as a cyberattack on their production systems that resulted in compromise of their private code signing keys and source code; no ransomware was deployed
In January 2024, AnyDesk — the widely-used remote desktop software with over 170,000 customers including major enterprises and government agencies — discovered a breach of its …
2024-01-19
[vendor] Debiex CFTC complaint
[loss] $2M
Vector: Regulatory / legal action
The CFTC has filed a complaint against Debiex, a shadowy cryptocurrency platform whose precise location and executives are unknown. The company's employees primarily targeted …
2024-01-18
[vendor] INDXcoin
[loss] $1M
Vector: Smart contract exploit / hack
A Colorado-based pastor for an online ministry sold INDXcoin to his followers and others in the Christian faith. However, there was no way for buyers to cash out the tokens. …
2024-01-16
[vendor] Socket
[loss] $3M
Vector: Smart contract exploit / hack
The Socket cross-chain infrastructure protocol was hacked for around $3.3 million in an attack that exploited its Bungee bridge. The thieves were able to exploit a bug that allowed …
2024-01-16
[vendor] Trello (Atlassian)
Vector: CWE-359: Exposure of Private Personal Information to an Unauthorized Actor (unauthenticated REST API endpoint allowed email-to-profile lookups)
Threat actor 'emo' fed 500 million email addresses from prior breach corpora into Trello's publicly accessible REST API which returned public user profile data for each match, …
2024-01-07
[vendor] Narwhal exit
[loss] $2M
Vector: Exit scam / rug pull
A cryptocurrency project called Narwhal appears to have rug-pulled, claiming that they were hacked. In a post on their Twitter account, they claimed that a "hacker attack" caused …
2024-01-06
[vendor] CoinsPaid
[loss] $8M
Vector: Smart contract exploit / hack
The crypto payments platform CoinsPaid was hacked for the second time in six months. This time, around $7.5 million in various tokens was stolen.In July 2023, an attacker stole …
2024-01-05
[vendor] CertiK Twitter
Vector: On-chain theft (attributed by zachxbt)
The Twitter account of the blockchain security company CertiK was hacked, then used to post tweets ostensibly warning of a massive crypto vulnerability and urging users to click a …
2024-01-01
[vendor] Kaiser Permanente member portal and apps
Vector: CWE-359: Exposure of Private Personal Information to an Unauthorized Actor (third-party analytics/advertising tracking pixels embedded in patient-facing portal shared PHI with Google, Microsoft Bing, and X/Twitter)
Kaiser Permanente disclosed that tracking technologies (pixels) embedded in its website and mobile apps transmitted member health information to third-party tech companies …
2024-01-01
Vector: Insider threat: former developers based in the Philippines claimed to have exfiltrated data in response to unpaid wages (18 months of non-payment)
Outabox, an Australian hospitality IT provider offering facial recognition sign-in services for clubs, suffered a data breach exposing biometric and personal data of approximately …
2023-12-28
[vendor] Wallet gets phished for $4.4 million
[loss] $4M
Vector: Phishing attack
Someone had a not so fun end to the year when they fell victim to a phishing attack and had around 275,700 LINK drained from their crypto wallet. Those tokens are priced at around …
2023-12-21
[vendor] Catalyx trading freeze
Vector: Withdrawal halt / insolvency
The Canadian Catalyx cryptocurrency exchange has frozen trading and halted withdrawals after an emergency order by the Alberta Securities Commission on December 21. Catalyx …
2023-12-21
[vendor] MS drainer
[loss] $59M
Vector: Smart contract exploit / hack
A new wallet drainer tool has stolen $58.98 million in cryptocurrency assets from more than 63,000 victims in the past nine months. People using the drainer software have pulled in …
2023-12-19
[vendor] St Vincent's Health Australia IT systems
Vector: Unknown cyber criminal group accessed St Vincent's Health Australia's network by exploiting vulnerabilities in their systems; specific attack vector not publicly disclosed; attacker was able to exfiltrate data before detection
On 19 December 2023, St Vincent's Health Australia — the country's largest non-government healthcare and aged care provider, operating hospitals and aged care facilities across New …
2023-12-13
[vendor] $80 million romance
[loss] $80M
Vector: Regulatory / legal action
Four individuals who helped launder money through shell companies and various bank accounts have been charged in connection to an $80 million "pig butchering" cryptocurrency scam. …
2023-12-13
[vendor] HyperVerse
[loss] $1.3B
Vector: Ponzi / pyramid scheme
Many investors have reported losses thanks to a cryptocurrency investment scheme called HyperVerse, which operated in Australia from around 2018 to mid-2023. Several financial …
2023-12-12
[vendor] OKX DEX
[loss] $3M
Vector: Smart contract exploit / hack
OKX DEX is a service by OKX that aggregates decentralized exchanges (or DEXes) to help users access features and prices across multiple projects. On December 12, an attacker …
2023-12-04
[vendor] Rob Robb
[loss] $1M
Vector: On-chain theft (attributed by zachxbt)
If you're named Rob Robb, do you have any choice but go into a life of thievery?Robb, also known as "pokerbrat2019", convinced at least 11 people to give him a total of $1.2 …
2023-12-03
[vendor] Safe Wallet thefts
[loss] $5M
Vector: Address poisoning attack
Users of the (not so) Safe Wallet have lost $2.05 million altogether in the past week as they've been targeted by an attacker using an address poisoning attack. The same attacker …
2023-11-27
[vendor] Nuance Communications (Microsoft subsidiary)
Vector: Insider threat: a former Nuance Communications IT employee (Andre J. Burk / 'Max Vance') accessed Geisinger patient records two days after being terminated from Nuance, using credentials that had not yet been deprovisioned
Geisinger Health (major Pennsylvania health system) discovered on 29 November 2023 that former Nuance employee Andre Burk (age 46, California) had accessed patient records from 27 …
2023-11-27
[vendor] Hounax
[loss] $19M
Vector: Smart contract exploit / hack
A scam Hong Kong cryptocurrency platform called Hounax swindled its customers out of HK$148 million (US$19 million). The group drew in customers by offering financial expertise on …
2023-11-18
[vendor] Kronos
[loss] $26M
Vector: On-chain theft (attributed by zachxbt)
The cryptocurrency trading firm Kronos Research announced on Twitter that they had stopped trading while they investigated "unauthorized access of some of our API keys". They …
2023-11-14
[vendor] Twitter security account impersonator
[loss] $300,000
Vector: On-chain theft (attributed by zachxbt)
On the evening of November 14 I logged on to Twitter to notice that #OpenSeaHackAlert and related hashtags were trending. But they were trending not because OpenSea had truly been …
2023-11-12
[vendor] Binance-linked wallet
[loss] $27M
Vector: On-chain theft (attributed by zachxbt)
An attacker apparently stole $27 million in the Tether stablecoin from a wallet that had just withdrawn the funds from their Binance account. The hacker quickly converted the funds …
2023-11-06
[vendor] Himachal Pradesh
[loss] $300M
Vector: Smart contract exploit / hack
Indian police have arrested around eighteen people, including four police officers, in connection with a $300 million cryptocurrency scam that affected around 100,000 people in …
2023-10-27
Vector: Unauthorized access to Truist Bank systems in October 2023; initial access vector not publicly confirmed; breach was 'immediately contained' per Truist
Truist Bank (6th-largest US bank) confirmed an October 2023 breach after threat actor 'Sp1d3r' listed the stolen data for sale on a dark web forum on 12 June 2024 for $1 million. …
2023-10-19
Vector: Unauthorized access to Marina Bay Sands' Sands LifeStyle loyalty programme customer database; attacker obtained credentials to access the loyalty programme's backend systems
On October 19-20, 2023, unauthorized actors accessed the Sands LifeStyle loyalty programme database of Marina Bay Sands, Singapore's iconic integrated resort and casino. The breach …
2023-10-17
[vendor] Everscale
Vector: Smart contract exploit / hack
The team behind the Everscale blockchain project disclosed that a "large number" of tokens had been stolen. In an attempt to thwart the attacker from cashing out, they announced …
2023-10-16
[vendor] Citrix NetScaler ADC/Gateway
[cve] CVE-2023-4966
Vector: Exploitation of Citrix Bleed (CVE-2023-4966) — a critical vulnerability in Citrix NetScaler ADC/Gateway enabling session token hijacking without authentication; Citrix released a patch on October 10, 2023, but attackers breached Xfinity's systems October 16–19 before the patch was applied
Between October 16–19, 2023, attackers exploited the Citrix Bleed vulnerability (CVE-2023-4966) to gain unauthorized access to Comcast's Xfinity systems. Citrix had issued a patch …
2023-10-10
[vendor] 3Commas
Vector: Phishing attack
3Commas, a crypto trading bot provider, suffered another security breach in which some customer wallets were used to make unauthorized trades. They haven't disclosed how much in …
2023-10-10
[vendor] FinSoul exit
[loss] $2M
Vector: Exit scam / rug pull
A metaverse gaming project called FinSoul promised users “sandbox worlds, multiplayer sports, leisure experiences, player socializing, MMORPG,” and other features. However, on …
2023-10-01
Vector: Unknown intrusion in October 2023; data later posted for sale on dark web forums in June 2024
Truist Bank, a major US financial institution formed by the merger of SunTrust Banks and BB&T, confirmed in June 2024 that its systems had been breached in October 2023. The breach …
2023-09-25
[vendor] JPEX
[loss] $191M
Vector: Smart contract exploit / hack
After the Hong Kong-based JPEX exchange limited withdrawals amidst what appeared to be an impending collapse of the platform, things are now looking a lot more like fraud.Police …
2023-09-24
[vendor] Upbit Aptos transaction spoofing
Vector: Smart contract exploit / hack
Upbit, a major South Korean cryptocurrency exchange, suddenly suspended deposits and withdrawals of the Aptos $APT token after some users were able to deposit and withdraw fake …
2023-09-23
[vendor] Mixin Network
[loss] $200M
Vector: Smart contract exploit / hack
The operators of the Mixin Network disclosed that hackers had stolen around $200 million in funds in the largest known hack of the year (to date). Mixin Network is a cross-chain …
2023-09-20
[vendor] 0x5e422 phishing attack
[loss] $4M
Vector: Phishing attack
Someone lost over $4.4 million of the Tether stablecoin after falling victim to a phishing scam that promised them fake mining rewards. A phisher lured in the victim, likely …
2023-09-15
[vendor] Mark Cuban
[loss] $870,000
Vector: Smart contract exploit / hack
Billionaire crypto evangelist Mark Cuban apparently fell victim to a hack when an attacker was able to siphon around $870,000 in multiple cryptocurrencies from a wallet belonging …
2023-09-12
[vendor] CoinEx
[loss] $70M
Vector: Nation-state attack (Lazarus/DPRK) — private key or social engineering compromise
Various blockchain watchers noticed suspicious transfers from a hot wallet known to belong to the CoinEx cryptocurrency exchange. CoinEx later confirmed a "security incident" …
2023-09-11
[vendor] Fortress Trust
[loss] $15M
Vector: Social engineering attack
Fortress Trust is a crypto custody and blockchain infrastructure company, founded by Scott Purcell. Purcell is also known for founding Prime Trust, which later lost over $75 …
2023-09-05
[vendor] MetaMask phishing
Vector: Phishing attack
Phishing scammers hoping to lure victims into visiting fake websites resembling that of the popular MetaMask crypto wallet have adopted a new approach: compromising government …
2023-08-23
[vendor] Blazar token SEC lawsuit
[loss] $623,888
Vector: Regulatory / legal action
John DeSalvo, a former New Jersey corrections officer, was charged by the SEC over a pump-and-dump scheme associated with his "Blazar" token, a project he targeted at fellow law …
2023-08-19
[vendor] Harbor Protocol
Vector: Smart contract exploit / hack
The "interchain stablecoin protocol" Harbor announced on August 19 that they had experienced an exploit that drained some of the funds in the project pools. They wrote on Twitter …
2023-08-17
[vendor] Slim CD (payment gateway)
Vector: Unauthorized access to payment gateway systems; attackers maintained persistent access from August 2023 through June 2024 before exfiltrating credit card data in a final two-day window
Payment gateway provider Slim CD disclosed that attackers had access to its systems from 17 August 2023, with credit card data specifically accessed 14-15 June 2024 before …
2023-08-16
[vendor] Bart Stephens SIM swap
[loss] $6M
Vector: Smart contract exploit / hack
Blockchain Capital co-founder Bart Stephens has filed a lawsuit against as-yet-unknown individuals who he says stole $6.3 million in cryptocurrency from him. The attackers used a …
2023-08-09
[vendor] Libbitcoin vulnerability
[loss] $900,000
Vector: Software bug / unintentional loss
A team of researchers led by the Distrust security research firm have disclosed a vulnerability they've called "Milksad". The popular Libbitcoin project was used by multiple …
2023-07-28
[vendor] Pond0x bug
[loss] $2M
Vector: Exit scam / rug pull
Traders hoping to get in on the next big memecoin eagerly snapped up a token called Pond0x, a Pepe the Frog-branded memecoin launched by Pauly0x. Pauly0x is Jeremy Cahen, a crypto …
2023-07-21
[vendor] Conic Finance
[loss] $933,961
Vector: Smart contract exploit / hack
Hours after suffering a $3.2 million exploit on their ETH pools, Conic Finance was hacked for a second time. Although Conic had assured the public that the incident was limited to …
2023-07-17
[vendor] Feds seize tens of millions from Deltec Bank in connection to fake crypto investment schemes
Vector: Smart contract exploit / hack
Documents unsealed on July 17 reveal that the U.S. Secret Service performed multiple asset seizures on U.S. bank accounts controlled by Deltec Bank, a Bahamian bank with close ties …
2023-07-17
[vendor] Scammer "Soup" makes more than $1 million through Discord
[loss] $1M
Vector: On-chain theft (attributed by zachxbt)
A Canadian named Dan, who goes by "Soup" online, made more than $1 million through various phishing scams targeting Discord projects including those belonging to the Pika Protocol …
2023-07-10
[vendor] Arkham Intelligence intelligence exchange
Vector: Smart contract exploit / hack
Arkham Intelligence, a blockchain intelligence company with the tagline "deanonymizing the blockchain", announced the launch of its "on-chain intelligence exchange", inviting …
2023-07-10
[vendor] Multichain theft #3
[loss] $107M
Vector: Smart contract exploit / hack
Only five days after $130 million was emptied from the Multichain blockchain bridge, another $107 million in a wide range of assets has been taken. After the first theft, …
2023-07-06
[vendor] Multichain suspected
[loss] $130M
Vector: Smart contract exploit / hack
Blockchain watchers observed $130 million in various assets flowing out of the Multichain blockchain bridge, questioning whether there had been an exploit. Multichain tweeted, "The …
2023-07-05
[vendor] HCA Healthcare external patient email automation storage system
Vector: Data was stolen from an external storage location used by HCA Healthcare for email formatting — a tool used to format automated emails to patients; the external storage location was accessed without authorization
On 5 July 2023, a threat actor posted for sale on an online forum a database purporting to contain approximately 27.7 million records from HCA Healthcare — the largest US …
2023-07-02
[vendor] Poly Network
[loss] $10M
Vector: Smart contract exploit / hack
The name Poly Network may ring a bell, because in August 2021 they were exploited for an (at the time) record-setting $611 million.Now, it's happened again, and some reports are …
2023-07-01
[vendor] Dymocks Booksellers customer database
Vector: Unknown attacker exfiltrated a database containing customer records from Dymocks Booksellers; Troy Hunt of Have I Been Pwned was alerted to the breach by a third party who shared the data with him before Dymocks was aware
In September 2023, Dymocks Booksellers — Australia's largest book retailer operating approximately 65 stores — disclosed a data breach affecting approximately 836,000 customers. …
2023-06-25
[vendor] SpireBit crypto
[loss] $340,000
Vector: Smart contract exploit / hack
According to a report from NPR, a crypto investment scam called SpireBit drained the life savings of a 74-year-old man in California. The scheme followed a familiar pattern: an …
2023-06-22
[vendor] Dog noseprint Ponzi scheme
[loss] $127M
Vector: Ponzi / pyramid scheme
A company that promised an app that could identify dogs by their nose-prints — built on the blockchain, of course — has been alleged by South Korean police to be "a typical Ponzi …
2023-06-15
[vendor] FPG
[loss] $15M
Vector: Withdrawal halt / insolvency
The institutional cryptocurrency broker Floating Point Group (FPG) announced to customers on June 14 that they would be suspending all activity on their platform following a "cyber …
2023-06-03
[vendor] Atomic Wallet
[loss] $100M
Vector: Nation-state attack (Lazarus/DPRK) — private key or social engineering compromise
Multiple users of the Atomic Wallet software suffered wallet compromises totaling more than $100 million in a spate of hacks suggesting an issue with the wallet itself. Atomic …
2023-05-27
[vendor] Patricia Technologies theft
[loss] $5M
Vector: Withdrawal halt / insolvency
Patricia, a retail cryptocurrency trading app in Nigeria, froze withdrawals after revealing that they had suffered a ₦2 billion hack. According to the outlet TechCabal, despite …
2023-05-23
[vendor] Morgan DF Fintoch exit
[loss] $32M
Vector: On-chain theft (attributed by zachxbt)
A Ponzi scheme called Morgan DF Fintoch lured consumers by claiming to be owned by the American banking giant Morgan Stanley. Morgan Stanley themselves warned of the scheme, …
2023-05-12
[malware] Akira
Vector: CWE-506: Embedded Malicious Code (Akira ransomware targeting Stanford's Department of Public Safety network)
Akira ransomware group breached Stanford University's Department of Public Safety (SUDPS) network between May 12 and September 27 2023. Stanford disclosed the incident on October …
2023-05-06
Deus Finance suffered yet another hack as around $7 million was taken from the protocol. This was not the first time the platform had been targeted, suffering a $3 million exploit …
2023-04-29
Vector: Credential stuffing using username/password pairs stolen from prior unrelated breaches
Beginning April 29, 2023, a threat actor using the alias 'Golem' conducted credential stuffing against 23andMe's login portal over five months, gaining access to ~18,000 customer …
2023-04-26
TechCrunch reported that attackers were able to gain access to AT&T email accounts which they then used to gain access to customers' cryptocurrency accounts. Various customers …
2023-04-26
[vendor] AT&T customer wallet compromises
[loss] $15M
Vector: Smart contract exploit / hack
TechCrunch reported that attackers were able to gain access to AT&T email accounts which they then used to gain access to customers' cryptocurrency accounts. Various customers …
2023-04-18
[vendor] Wallet draining operation
[loss] $10M
Vector: Smart contract exploit / hack
Crypto researcher Tayvano posted a Twitter thread about a massive, mysterious wallet draining operation that has siphoned more than 5,000 ETH (~$9.88 million at today's prices) as …
2023-04-18
Vector: Unknown network intrusion; suspicious activity identified April 23, 2023; investigators confirmed unauthorized access April 18–23, 2023
WebTPA, a Texas-based third-party health insurance plan administrator, suffered a data breach discovered in April 2023 but not publicly disclosed until May 2024 — a 13-month delay. …
2023-04-13
[vendor] Yearn Finance
[loss] $12M
Vector: Smart contract exploit / hack
A bug in a token issued by the Yearn Finance defi protocol resulted in a loss that has been estimated at around $11.6 million. An attacker was able to use a 10,000 USDT deposit to …
2023-04-10
[vendor] GDAC
[loss] $13M
Vector: Smart contract exploit / hack
Hackers made off with 61 BTC, 350.5 ETH, 10 million WEMIX, and 220,000 USDT from a hot wallet belonging to the South Korean cryptocurrency exchange GDAC. Altogether, the assets are …
2023-04-04
Vector: Unknown network intrusion at NCB Management Services, a debt buyer and collection agency
NCB Management Services, a debt purchasing and collections company that works with major banks, suffered a data breach on April 4, 2023. The breach exposed data of approximately …
2023-04-01
[vendor] HWL Ebsworth (Australian law firm, one of the largest in Australia)
[malware] ALPHV/BlackCat ransomware
Vector: ALPHV/BlackCat ransomware group gained access to HWL Ebsworth's network; the group subsequently published 1.1 terabytes of stolen data on its dark web leak site after HWL Ebsworth refused to pay a ransom; the initial access vector was not publicly disclosed
HWL Ebsworth, one of Australia's largest law firms with over 2,500 staff and a significant federal and state government client base, was attacked by the ALPHV/BlackCat ransomware …
2023-03-27
[vendor] Perry Johnson & Associates (PJ&A) medical transcription platform
Vector: CWE-284: Improper Access Control
Perry Johnson & Associates (PJ&A), a Nevada-based medical transcription services company, was breached between March 27 and May 2, 2023. The breach went undetected for over a …
2023-03-17
[vendor] iEarn Bot
[loss] $1M
Vector: AI-assisted attack or AI-generated exploit
According to a report by the BBC, a scam called iEarn Bot has impacted thousands of victims across multiple countries. In the scam, victims are convinced to sign up for an "AI …
2023-03-16
[vendor] Latitude Financial Services / DXC Technology (service provider)
Vector: CWE-522: Insufficiently Protected Credentials (stolen employee login credentials used to access third-party service providers)
Attacker stole employee credentials and used them to access Latitude Financial's data held by two service providers including DXC Technology. 14 million records affected across …
2023-03-14
[vendor] Phishers take advantage of fears surrounding the USDC de-peg
[loss] $130,500
Vector: Smart contract exploit / hack
When USDC deviated from its dollar peg on March 10, phishers were quick to devise a scheme to take advantage of holders' fears. A group launched a website appearing to be the blog …
2023-03-09
[vendor] Hedera
Vector: Smart contract vulnerability exploit
The Hedera network turned off access to the Hedera mainnet on March 9 after observing "smart contract irregularities". They subsequently confirmed that the Hedera smart contract …
2023-03-08
[vendor] DC Health Benefit Exchange Authority enrollment system
Vector: Ransomware group (IntelBroker, via BreachForums) exploited a vulnerability in the DC Health Benefit Exchange Authority's (DC HBX) health insurance enrollment system to access and exfiltrate personal data for approximately 56,000 individuals including US lawmakers, their families, and congressional staff
In March 2023, data for approximately 56,415 individuals enrolled in DC Health Link — the health insurance marketplace for Washington D.C. residents including US House of …
2023-03-01
[vendor] BitBNS
[loss] $8M
Vector: On-chain theft (attributed by zachxbt)
An investigation by crypto sleuth zachxbt uncovered that the Indian crypto exchange BitBNS had been hacked on February 1, 2022, but hid it from users. After experiencing a $7.5 …
2023-03-01
[vendor] Ferrari N.V. customer data systems
Vector: Unknown ransomware/extortion group gained access to Ferrari's IT systems and exfiltrated customer data; Ferrari stated it received a ransom demand from the attackers but chose not to pay; Ferrari did not disclose the specific technical attack vector
In March 2023, Ferrari N.V. disclosed that it had received a ransom demand from a threat actor following unauthorized access to some of its IT systems. Ferrari detected the breach …
2023-02-28
[vendor] Orrick, Herrington & Sutcliffe file share
[malware] SilentRansom/Luna Moth
Vector: CWE-284: Improper Access Control
San Francisco-based law firm Orrick, Herrington & Sutcliffe LLP — which ironically specializes in advising companies on cybersecurity incidents and data breaches — suffered a …
2023-02-27
[vendor] Algorand wallet drains
[loss] $3M
Vector: Smart contract exploit / hack
Over a period of several days, around 25 accounts on the Algorand blockchain have been drained of funds. The attack appears to be targeted at high-value accounts, and over 13 …
2023-02-14
Vector: Insider data exfiltration — a Consumer Financial Protection Bureau (CFPB) employee used their authorized access to CFPB systems to send 14 emails containing sensitive consumer data to their personal email account without authorization
The U.S. Consumer Financial Protection Bureau (CFPB) disclosed in March 2023 that a former CFPB employee had sent 14 emails containing sensitive personal and financial information …
2023-02-05
[vendor] Reddit internal systems
Vector: CWE-1021: Improper Restriction of Rendered UI (targeted spear-phishing with real-time TOTP relay against single employee)
Attacker sent convincing phishing email mimicking Reddit IT, tricked employee into entering credentials and TOTP codes in real time on fake login page. Accessed internal documents, …
2023-01-17
[vendor] Western Sydney University Microsoft 365 / SharePoint
Vector: Attacker gained unauthorized access to Western Sydney University's Microsoft 365 email environment and SharePoint files via compromised credentials; maintained persistent access over several months exfiltrating data; a separate subsequent breach in 2024 affected the Student Management System
Western Sydney University (WSU) disclosed a data breach in May 2023 involving unauthorized access to its Microsoft 365 email environment and SharePoint files from approximately …
2023-01-12
[vendor] LendHub
[loss] $6M
Vector: Smart contract exploit / hack
In a Twitter thread, LendHub published a message stating that "hackers stole about 6 million US dollars of assets from Lendhub". They wrote that they had "locked the hacker's …
2023-01-05
[vendor] Forever 21 HR and payroll systems
Vector: CWE-284: Improper Access Control
Fast fashion retailer Forever 21 suffered a data breach where hackers had access to its systems from January 5 to March 21, 2023. The breach affected 539,207 current and former …
2023-01-03
[vendor] NFT marketplaces display porn
Vector: Smart contract exploit / hack
Users of NFT marketplaces and explorer applications including Magic Eden, NFT Explorer, and Rand Gallery were briefly shown pornographic images and still frames from the Big Bang …
2022-12-28
[vendor] 3Commas API key leak
[loss] $15M
Vector: On-chain theft (attributed by zachxbt)
In October, several people reported losing more than a million dollars each from accounts that were connected to the 3Commas trading platform. 3Commas vociferously denied that …
2022-12-25
[vendor] Rubic
[loss] $1M
Vector: Smart contract exploit / hack
The Rubic cross-chain exchange suffered an exploit in which attackers were able to siphon a total of around $1.4 million in user funds from their wallets. The exploit was enabled …
2022-12-25
The Rubic cross-chain exchange suffered an exploit in which attackers were able to siphon a total of around $1.4 million in user funds from their wallets. The exploit was enabled …
2022-12-25
Vector: Unauthorized access to a third-party contractor's environment; 240 GB of Toyota internal data surfaced on a hacking forum in August 2024, believed stolen as far back as December 2022
Toyota confirmed a data breach in August 2024 after threat actor ZeroSevenGroup posted 240 GB of data on a hacking forum. Data included employee and customer PII, contracts, …
2022-12-10
[vendor] Lodestar Finance attack
[loss] $7M
Vector: Smart contract exploit / hack
The Arbitrum-based crypto lending platform Lodestar Finance was attacked by an exploiter who was able to manipulate the price of the plvGLP token, allowing them to "borrow" the …
2022-12-04
Vector: Attacker sent an SMS phishing (smishing) message to an Activision HR employee impersonating the company's IT department; the employee provided their MFA code, giving the attacker access to Activision's internal HR and communications systems
On December 4, 2022, an attacker used SMS phishing (smishing) to social-engineer an Activision HR employee into providing their MFA authentication code. With access to Activision's …
2022-11-25
[vendor] T-Mobile US customer portal / API
Vector: CWE-306: Missing Authentication for Critical Function (unauthenticated API endpoint exposing customer data)
Attackers exploited an unprotected API endpoint starting Nov 25 2022, exfiltrating data over weeks undetected. 37 million customer records exposed including names, phone numbers, …
2022-11-11
[vendor] FTX
[loss] $477M
Vector: Smart contract exploit / hack
Over $477 million was mysteriously withdrawn from FTX and FTX US late on November 11, despite the company freezing withdrawals.An FTX account administrator wrote on the FTX support …
2022-11-10
[vendor] Bo Shen wallet compromise
[loss] $42M
Vector: Seed phrase / wallet compromise
Bo Shen, a general partner at Fenbushi Capital and an early adopter of cryptocurrencies, tweeted on November 22 that two weeks prior, someone had stolen $42 million in …
2022-11-06
[vendor] Pando
[loss] $20M
Vector: Oracle price manipulation
The defi protocol Pando suffered a $20 million loss when it was exploited with an oracle manipulation attack. The protocol suspended several of its projects in response to the …
2022-11-02
An attacker was able to compromise the private key of an admin wallet for the Rubic crypto exchange, transferring around 34 million Rubic tokens. The attacker then sold the tokens …
2022-11-02
[vendor] Skyward Finance
[loss] $3M
Vector: Smart contract vulnerability exploit
Skyward Finance is a project based on the NEAR blockchain, aiming to help users with initial token distribution. The project's treasury was drained of 1.1 million NEAR (~$3.2 …
2022-11-01
[vendor] Deribit
[loss] $28M
Vector: Smart contract exploit / hack
Major crypto exchange Deribit suffered a hot wallet compromise that resulted in a $28 million theft. The exchange halted withdrawals to perform security checks, but urged that …
2022-11-01
[vendor] Microsoft Exchange (hosted)
Vector: CWE-307: Improper Restriction of Excessive Authentication Attempts (credential-based unauthorised access to a hosted Microsoft Exchange service)
TPG Telecom, Australia's second-largest telco (which acquired iiNet in 2015), disclosed on December 14 2022 that an unauthorised party had accessed its Hosted Exchange email …
2022-10-27
[vendor] Team Finance
[loss] $1M
Vector: Software bug / unintentional loss
Team Finance is a project that helps projects lock their tokens to be released after a certain period or on a schedule. A hacker exploited a vulnerability in a smart contract that …
2022-10-11
On September 15, a blockchain security firm disclosed a vulnerability affecting Profanity, a tool that allowed people to generate "vanity" crypto wallet addresses: addresses …
2022-10-01
[vendor] Transit Swap
[loss] $6M
Vector: MEV / sandwich attack
Transit Swap is a multi-chain decentralized exchange aggregator. Users of the project were collectively exploited for approximately $21 million when an attacker took advantage of a …
2022-09-22
[vendor] Bitex founder charged
Vector: Smart contract exploit / hack
The U.S. Attorney's Office for the District of Utah announced seven felony charges against a man who is accused of several crypto-related scams.In one, he conned two victims for …
2022-09-19
[vendor] Optus telecommunications customer portal
Vector: CWE-306: Missing Authentication for Critical Function (internet-exposed API with no authentication due to 2018 coding error not remediated on sub-domain)
Australian telco Optus exposed an unauthenticated internet-facing API due to coding error from 2018 not fully remediated. Attacker used simple trial-and-error over 3 days in Sept …
2022-09-17
[vendor] Rockstar Games internal Slack / Confluence / development systems
Vector: Scattered Spider attacker (same individual as the 2022 Uber breach) gained access to Rockstar Games' Slack workspace using compromised employee credentials; from Slack, the attacker accessed Confluence wikis and was able to download internal development materials and GTA 6 footage
On 17-18 September 2022 — just two days after the Uber breach — the same 18-year-old Scattered Spider attacker (Arion Kurtaj) breached Rockstar Games' internal systems and leaked …
2022-08-24
[vendor] Cameron Redman accused of crypto Twitter
Vector: On-chain theft (attributed by zachxbt)
In 2020, a Canadian teenager used SIM swapping to steal US$37 million in Bitcoin and Bitcoin Cash from a single person. Canadian police announced his arrest in November 2021 after …
2022-08-23
[vendor] Plex Media Server user database
Vector: Unauthorized access to a Plex database; attacker used unknown means to access the Plex database containing user account information; the breach was disclosed the day after discovery
On 23 August 2022, Plex — a media management and streaming platform with approximately 30 million registered users — discovered that an attacker had accessed a subset of their …
2022-08-18
[vendor] Trader signs malicious message
[loss] $469,146
Vector: Smart contract exploit / hack
An experienced crypto trader lost $470,000 to a hack when they signed a malicious message that permitted an attacker to drain all of their USDC stablecoins from their crypto hot …
2022-08-17
[vendor] Celer Network bridge
[loss] $240,000
Vector: DNS hijacking / domain takeover (front-end compromise)
The Celer Network's cBridge project was targeted with a BGP hijacking attack. Users who tried to access the bridge's frontend were instead shown a site that prompted them to …
2022-08-14
[vendor] Acala
[loss] $2M
Vector: Software bug / unintentional loss
A misconfiguration in a newly-deployed liquidity pool allowed an attacker to mint 1.2 billion aUSD, a stablecoin built on the Polkadot network. The exploit caused aUSD to lose its …
2022-08-14
[vendor] BlueBenx
[loss] $32M
Vector: Withdrawal halt / insolvency
The Brazilian crypto lending platform BlueBenx suddenly shut its doors after announcing they had suffered an "extremely aggressive" hack of 160 million BRL (US$32 million). …
2022-08-08
[vendor] Discord compromises
Vector: Smart contract exploit / hack
I've largely stopped covering crypto Discord compromises because they occur so frequently it would drown out everything else. OKHotshot has been keeping count, though, and …
2022-08-03
[vendor] ZB exchange
[loss] $4M
Vector: Smart contract exploit / hack
The self-described "world's most secure digital asset exchange", ZB, suffered an exploit in which attackers stole a large number of different cryptocurrencies, estimated by various …
2022-08-01
[vendor] Nomad bridge
[loss] $153M
Vector: Smart contract exploit / hack
After an attacker began exploiting a vulnerability in the Nomad bridge, many people rushed to replicate the attack and steal some of the roughly $190 million of various …
2022-07-18
[vendor] FBI warns of malicious crypto apps
[loss] $43M
Vector: Smart contract exploit / hack
The FBI's Cyber Division issued a notification about fraudulent cryptocurrency investment apps that are successfully being used to defraud American investors. The scammers …
2022-06-26
[vendor] XCarnival
[loss] $2M
Vector: Smart contract exploit / hack
XCarnival is a project describing itself as a "metaverse asset bank". The project drew in users by promising high rewards, with one marketing campaign promising 41% APY.A hacker …
2022-06-20
[vendor] QAnon influencer
[loss] $2M
Vector: Smart contract exploit / hack
Research firm Logically published an investigation into two QAnon influencers who successfully convinced their follower to put more than $2 million into crypto scams. Telling their …
2022-06-16
A hacker was able to perform an oracle manipulation attack enabled by flash loans to siphon crypto worth around $1.26 million from Inverse Finance. The loss to the protocol was …
2022-06-14
[vendor] Known Origin Discord compromise
Vector: Smart contract exploit / hack
The Discord server for Known Origin, a fairly major NFT platform, was compromised. The scammer used their access to advertise a fake free NFT mint, which actually would steal NFTs …
2022-06-12
[vendor] SeaFlower
Vector: Seed phrase / wallet compromise
The Confiant security research group has discovered a group that is backdooring and distributing versions of legitimate crypto wallets including Coinbase Wallet, MetaMask, …
2022-06-09
Scammers successfully compromised the Twitter account for El Universal, a Venezuelan newspaper. The account is verified, and has five million followers. The scammers used the …
2022-06-05
[vendor] Maiar exchange
[loss] $113M
Vector: Smart contract exploit / hack
Hackers were able to discover and exploit a bug in the decentralized exchange Maiar, stealing assets notionally worth $113 million. Maiar developers took the exchange offline soon …
2022-05-18
[vendor] QAN bridge
[loss] $707,000
Vector: Smart contract exploit / hack
The $QANX token for the QAN project suddenly plummeted in value as an attacker stole more than 4 million QANX from the project. The attacker subsequently swapped the tokens for …
2022-05-18
The $QANX token for the QAN project suddenly plummeted in value as an attacker stole more than 4 million QANX from the project. The attacker subsequently swapped the tokens for …
2022-05-17
[vendor] Multiple Discords compromised
Vector: Smart contract exploit / hack
Members of several large NFT Discord servers began seeing suspicious-looking messages announcing supposed NFT mints that turned out to be fakes. Affected communities appeared to …
2022-05-13
[vendor] Phishing attack via Etherscan and CoinGecko
Vector: Smart contract exploit / hack
Popular cryptocurrency websites including Etherscan, CoinGecko, and DeFi Pulse were showing users a pop-up prompting them to connect their MetaMask wallets. CoinGecko founder Bobby …
2022-04-28
The defi project Deus Finance was hit with a flash loan attack that netted the hacker $13.4 million. The loss to the protocol was likely larger than what the hacker was able to …
2022-04-19
[vendor] $CHEDDA
[loss] $1M
Vector: Smart contract exploit / hack
The price of the $CHEDDA token suddenly plummeted 50% when a developer removed $1.17 million from the project. The withdrawal was accomplished with a function only available to …
2022-04-13
[vendor] RCMP report more than $2 million in crypto
[loss] $2M
Vector: Smart contract exploit / hack
The police in Richmond, British Columbia say they've received 22 reports of crypto fraud, which have included fake investment schemes, romance scams, or scammers impersonating …
2022-04-02
An attacker targeting the defi project Inverse Finance was able to manipulate the price oracle of INV/ETH, artificially inflating the apparent price of INV and allowing the …
2022-03-30
[vendor] Ola Finance
[loss] $4M
Vector: Smart contract exploit / hack
Ola Finance is a lending protocol that allows others to create their own lending networks. It promises to allow users to create their own loan platforms where "assets can be listed …
2022-03-22
[vendor] VeVe
Vector: Smart contract exploit / hack
The VeVe marketplace has developed a bit of a reputation as the partner of choice for some big names who have dipped their toes into "licensed digital collectible" NFTs, including …
2022-03-21
[vendor] OneRing
[loss] $1M
Vector: Flash loan attack on smart contract
A hacker was able to use a flash loan attack to exploit an issue with OneRing Finance. By manipulating the price of tokens in the project's liquidity pool, the hacker was able to …
2022-03-19
[vendor] Nikki Freid Twitter account
Vector: Smart contract exploit / hack
The Twitter account belonging to Nikki Fried, the current Florida Agriculture Commissioner and a Democratic candidate for the 2022 Florida gubernatorial race, was compromised and …
2022-03-18
[vendor] Australian Facebook crypto
[loss] $650,000
Vector: Smart contract exploit / hack
The Australian Competition & Consumer Commission (ACCC) announced that they had begun federal court proceedings against Facebook, alleging that the company "engaged in false, …
2022-03-15
Hackers were able to use a flash loan attack to manipulate a price oracle, pulling 200,000 DAI and 1101.8 ETH (totaling almost $3.1 million) out of the Deus Finance defi platform. …
2022-03-15
[vendor] Hundred Finance and Agave Finance
[loss] $12M
Vector: Flash loan attack on smart contract
An attacker using a flash loan attack targeted two projects on the Gnosis blockchain: Hundred Finance and Agave Finance. Each project paused their smart contracts, but not before …
2022-03-10
[vendor] Jeff Passan Twitter account
Vector: Smart contract exploit / hack
ESPN MLB reporter Jeff Passan was having a great day, as he had been the one to break the news of an agreement between the MLB and the MLB Players Association, who had been …
2022-03-04
[vendor] Samsung Electronics
Vector: CWE-522: Insufficiently Protected Credentials (exact vector not disclosed; Lapsus$ used credential theft and social engineering techniques)
Lapsus$ hacking group leaked 190GB of alleged Samsung source code and proprietary data in March 2022. Stolen data included: TrustZone trusted applet source code, biometric unlock …
2022-02-26
[vendor] Doodles phishing attack
Vector: Smart contract exploit / hack
The enormously popular "Doodles" NFT project announced on February 26 that their Discord server had been "penetrated by a hacked bot", and that all messages should be ignored. They …
2022-02-23
[vendor] Nvidia GPU utility malware
Vector: Smart contract exploit / hack
The popular Tom's Hardware and PC Gamer websites both ran articles about a utility called "Nvidia RTX LHR v2 Unlocker", which claimed to increase the artificially-limited …
2022-02-23
[vendor] Nvidia internal developer network
Vector: Lapsus$ gained initial access through a VPN session hijack using credentials stolen via an infostealer (reportedly from an Nvidia employee's personal device); the group gained access to Nvidia's internal development environment and exfiltrated approximately 1 terabyte of data
On approximately 23 February 2022, the Lapsus$ extortion group compromised Nvidia's internal network and exfiltrated approximately 1 terabyte of data, including proprietary GPU …
2022-02-18
[vendor] Generación Zoe raided
Vector: Smart contract exploit / hack
Authorities performed nine separate raids targeting Generación Zoe, a holding company raising money from thousands of Argentines. The company promised 7.5% monthly returns at the …
2022-02-05
[vendor] Meter Passport bridge
[loss] $4M
Vector: Smart contract exploit / hack
A bug in the Meter Passport smart contract allowed an attacker to pull 1400 ETH (~$4.2 million) and 2 wrapped Bitcoin (~$83,000) from the Meter Passport blockchain bridge. This was …
2022-02-03
[vendor] KLAYswap
[loss] $2M
Vector: Smart contract exploit / hack
Some sophisticated hackers managed a BGP hijack on the servers powering KakaoTalk, a marketing and customer service application used by the South Korean KLAYswap cryptocurrency …
2022-02-01
Vector: Ransomware attackers compromised Medlab Pathology (subsidiary of Australian Clinical Labs) via an unpatched internet-facing system, exfiltrating patient pathology records before deploying ransomware
In approximately February 2022, Australian Clinical Labs' Medlab Pathology subsidiary suffered a ransomware attack that exfiltrated approximately 223,000 patients' sensitive …
2022-01-19
[vendor] Multichain
[loss] $3M
Vector: Smart contract exploit / hack
Multichain publicly announced a vulnerability that was affecting their tokens, without first notifying users to ask them to remove vulnerable funds. Several hackers quickly …
2022-01-18
[vendor] International Committee of the Red Cross (ICRC) / Zoho ManageEngine ADSelfService Plus
[malware] BEACON, GLASSTOKEN (custom malware)
[cve] CVE-2021-40539
Vector: Sophisticated nation-state-level attacker (ICRC later assessed the attack as deliberate, targeted, and state-sponsored) exploited an unpatched critical authentication bypass vulnerability (CVE-2021-40539) in Zoho ManageEngine ADSelfService Plus deployed by a third-party contractor; attacker deployed webshells and custom malware BEACON and GLASSTOKEN
On 18 January 2022, the International Committee of the Red Cross (ICRC) discovered a cyberattack on servers hosted by a contractor in Switzerland that stored data for its Restoring …
2022-01-17
[vendor] Crypto.com
[loss] $34M
Vector: Smart contract exploit / hack
Popular cryptocurrency wallet provider and trading platform Crypto.com briefly suspended trading after acknowledging there had been "unauthorized activity" in user accounts. The …
2022-01-14
[vendor] Chinese
[loss] $8M
Vector: Exit scam / rug pull
Eight people were arrested in China after being connected to a rug pull. One investor lost ¥590,000 ($90,000) he had poured into the token in June, when project owners took the …
2022-01-14
[vendor] Float Protocol
[loss] $850,000
Vector: Oracle price manipulation
Lack of liquidity in the Uniswap V3 FLOAT/USDC oracle allowed an attacker to manipulate the prices within the pool, then deposit it at a much higher rate. The hacker pulled about …
2022-01-01
[vendor] Tinyman
[loss] $3M
Vector: Software bug / unintentional loss
Tinyman, a defi platform that bills itself as "decentralized, secure trading", had all liquidity drained from its goBTC and goETH pools after an attacker found a bug in their smart …
2022-01-01
[vendor] Twitter API
Vector: Unauthenticated API endpoint introduced in a June 2021 code change allowed any caller to submit phone numbers or email addresses and receive the associated Twitter account ID — enabling mass enumeration of accounts linked to private contact information
A vulnerability in Twitter's account authentication system, introduced in a June 2021 code change, allowed any caller of Twitter's `id.twitter.com` API to submit a phone number or …
2022-01-01
[vendor] WhatsApp
Vector: Automated enumeration and scraping of WhatsApp's user phone number registration/lookup mechanism to compile a database of active WhatsApp user phone numbers across 84 countries
In November 2022, a threat actor using the alias 'Ryushi' posted a dataset of 487 million WhatsApp user phone numbers for sale on the Breached hacking forum, claiming it was …
2021-12-20
[vendor] Bent Finance
[loss] $2M
Vector: Exit scam / rug pull
Bent Finance informed its users of a "possible exploit", but soon after issued a statement that the exploit had originated from the Bent Finance project's own deployer. Because of …
2021-12-13
[vendor] Vulcan Forged
[loss] $135M
Vector: Smart contract exploit / hack
Stolen private keys from the blockchain gaming platform Vulcan Forged enabled attackers to siphon funds out of just shy of 100 user wallets. Rather than users managing their own …
2021-12-11
[vendor] Ascendex
[loss] $77M
Vector: Smart contract exploit / hack
Ascendex lost $77 million in a hack targeting hot wallets. The platform said it would reimburse customers for all of their lost funds.
Total loss estimated at $77,000,000.
2021-12-10
[vendor] Cash App Investing (Block, Inc.) internal reporting system
Vector: A former Cash App employee who retained access to internal reports after leaving the company downloaded customer brokerage account data without authorization; the employee downloaded reports after their employment terminated
In December 2021, a former employee of Cash App Investing — a subsidiary of Block, Inc. (formerly Square) — downloaded CSV reports containing brokerage account data for 8.2 million …
2021-12-06
[vendor] 8ight Finance
[loss] $2M
Vector: Smart contract exploit / hack
A compromised private key allowed an attacker to remove all funds from 8ight Finance's treasury, amounting to about $1.75 million. The team admitted to sending the key through …
2021-12-04
[vendor] BitMart
[loss] $200M
Vector: Smart contract exploit / hack
BitMart, "the most trusted cryptocurrency trading platform", experienced a major breach in which attackers stole approximately $200 million of various cryptocurrencies. The CEO …
2021-12-01
[vendor] BadgerDAO
[loss] $120M
Vector: Malicious code injection / supply chain
A hacker was able to use a compromised Cloudflare API key to inject malicious code into the BadgerDAO platform via Cloudflare Workers. They then siphoned currency of various kinds, …
2021-12-01
[vendor] Twitter API (phone/email lookup endpoint)
Vector: A vulnerability in Twitter's API allowed anyone with a phone number or email address to query and retrieve the associated Twitter account, effectively enabling the enumeration of Twitter accounts and the collection of public profile data linked to private contact information; the vulnerability was reported via HackerOne bug bounty in January 2022
In December 2021, a threat actor exploited a Twitter API vulnerability that allowed them to query any phone number or email address and receive the corresponding Twitter account …
2021-11-05
[vendor] bZx
[loss] $55M
Vector: Smart contract exploit / hack
An attacker fooled a developer of the bZx decentralized finance platform into opening a Word document with a malicious macro, which ran a script that gave the attackers access to …
2021-11-02
[vendor] Vesper Finance
[loss] $3M
Vector: Oracle price manipulation
By manipulating the price of a low-liquidity, beta-stage stablecoin, an attacker was able to borrow all tokens in a Rari Fuse pool using the initial token as (inflated) collateral. …
2021-11-01
[vendor] BXH exchange
[loss] $139M
Vector: Smart contract exploit / hack
The decentralized exchange BXH was exploited for $139 million. BXH CEO Neo Wang attributed the exploit to a compromised administrator key, which he said suggested either a staff …
2021-10-27
[vendor] C.R.E.A.M.
[loss] $130M
Vector: Flash loan attack on smart contract
Crypto lending service C.R.E.A.M. Finance lost $130 million in a flash loan attack. It was the third hack of the platform this year, following a $37.5 million hack in February and …
2021-10-27
Crypto lending service C.R.E.A.M. Finance lost $130 million in a flash loan attack. It was the third hack of the platform this year, following a $37.5 million hack in February and …
2021-10-11
Vector: Social engineering — an attacker impersonated a Cox Communications support representative to gain access to internal Cox systems and then accessed customer account information
On October 11, 2021, Cox Communications discovered that a hacker had impersonated a Cox support agent to gain access to internal systems, then accessed a small number of customer …
2021-09-07
[vendor] Ambulance Victoria website file storage
Vector: A file containing Ambulance Victoria staff personal data was inadvertently uploaded to a publicly accessible part of Ambulance Victoria's website, where it was accessible without authentication
In September 2021, Ambulance Victoria — the state ambulance service providing emergency medical services across Victoria, Australia — inadvertently uploaded a file containing staff …
2021-09-06
[vendor] GoDaddy Managed WordPress hosting infrastructure
Vector: An unauthorized third party used a compromised password to gain access to GoDaddy's Managed WordPress hosting environment's provisioning system in their legacy codebase
On 6 September 2021, an unauthorized actor used a compromised password to access GoDaddy's Managed WordPress hosting provisioning system. GoDaddy is the world's largest domain …
2021-08-30
[vendor] C.R.E.A.M.
[loss] $29M
Vector: Software bug / unintentional loss
A vulnerability in C.R.E.A.M. Finance allowed a re-entrancy attack to steal somewhere between $25 and $30 million from C.R.E.A.M. finance in its second multimillion dollar hack of …
2021-08-30
A vulnerability in C.R.E.A.M. Finance allowed a re-entrancy attack to steal somewhere between $25 and $30 million from C.R.E.A.M. finance in its second multimillion dollar hack of …
2021-08-29
[vendor] xToken
[loss] $4M
Vector: Flash loan attack on smart contract
A vulnerability in xToken's xSNX product allowed hackers to use flash loans to empty $4.5 million from xToken. This hack followed an even larger hack in May, where the platform was …
2021-08-29
A vulnerability in xToken's xSNX product allowed hackers to use flash loans to empty $4.5 million from xToken. This hack followed an even larger hack in May, where the platform was …
2021-08-25
The day after Nicholas lost almost $500,000 to NFT scammers, another collector was targeted for an even larger sum. "I've never felt more dumb, helpless, embarrassed or just plain …
2021-08-24
[vendor] Sohrob Farudi NFT theft
[loss] $800,000
Vector: Smart contract exploit / hack
After asking for help in the OpenSea Discord channel, Nicholas was successfully scammed by individuals posing as customer support. After convincing the investor to share his …
2021-08-22
[vendor] Apria Healthcare employee email systems
Vector: Phishing emails compromised employee email accounts at Apria Healthcare; the company experienced two separate unauthorized access periods (May-August 2019 and August-October 2021); the 2019 intrusion was discovered during investigation of the 2021 compromise
Apria Healthcare, a major US home healthcare equipment provider (durable medical equipment, infusion therapy, oxygen therapy), disclosed in May 2022 that it had experienced two …
2021-08-19
[vendor] Liquid Global
[loss] $90M
Vector: Smart contract exploit / hack
Japanese cryptocurrency exchange Liquid Global suffered a hack that saw $90 million in various assets stolen. The exchange stated that the attack had targeted the company's MPC …
2021-08-03
[vendor] Popsicle Finance
[loss] $25M
Vector: Flash loan attack on smart contract
Popsicle Finance, a DeFi platform, lost $25 million to a bug exploited with flash loans. The organization later reimbursed users who lost money to the exploit.
Total loss …
2021-08-01
Vector: Attacker John Binns (21-year-old US-born, living in Turkey) brute-forced his way through T-Mobile's unprotected GPRS tunneling protocol (GTP) routers exposed on the internet, gained access to a testing environment, then used that foothold to reach and download T-Mobile's IMSI database and customer data
In August 2021, John Binns — a 21-year-old US citizen living in Turkey — exploited an improperly secured T-Mobile testing environment that had been exposed to the internet, gaining …
2021-08-01
[vendor] T-Mobile US customer systems
Vector: CWE-284: Improper Access Control
T-Mobile agreed to pay a $31.5 million FCC settlement in September 2024 covering four separate data breaches between 2021 and 2023. The 2021 breach (discovered August 2021) …
2021-06-06
[vendor] EA Games internal development network / Slack
Vector: Attackers purchased stolen Slack authentication cookies from an underground criminal marketplace for $10 and used them to impersonate an EA employee in Slack; used Slack access to social engineer EA's IT support into issuing a multi-factor authentication token, granting VPN and corporate network access
In early June 2021, a group (later attributed to early Lapsus$ affiliates) breached Electronic Arts' internal network using purchased Slack cookies worth approximately $10 …
2021-06-01
[vendor] Latitude Financial Services customer data systems
Vector: A vulnerability in Latitude Financial's data systems allowed unauthorized access to a subset of customer personal information; this earlier incident preceded the much larger March 2023 breach in which 14 million customer records were stolen via a compromised managed service provider credential
In mid-2021, Latitude Financial Services suffered an earlier, smaller data security incident — separate from the major March 2023 breach (which affected 14 million customers via a …
2021-06-01
[vendor] Twitter / X
Vector: CWE-284: Improper Access Control (unauthenticated API endpoint allowed email-to-account enumeration)
Twitter API change in June 2021 introduced vulnerability allowing anyone to look up Twitter accounts via email/phone. Threat actors scraped at scale before patch in Jan 2022. …
2021-05-12
[vendor] xToken
[loss] $24M
Vector: Flash loan attack on smart contract
A flash loan attack allowed hackers to exploit two vulnerabilities in the xToken DeFi platform and steal $24.5 million. This was the first of two large-scale hacks of the platform …
2021-05-12
A flash loan attack allowed hackers to exploit two vulnerabilities in the xToken DeFi platform and steal $24.5 million. This was the first of two large-scale hacks of the platform …
2021-05-07
After a $10 million hack just two days prior, Value DeFi had another $11 million stolen after attackers found and exploited a different bug in their smart contract.
Total loss …
2021-05-07
After a $10 million hack just two days prior, Value DeFi had another $11 million stolen after attackers found and exploited a different bug in their smart contract.
Total loss …
2021-05-05
[vendor] Value DeFi
[loss] $11M
Vector: Software bug / unintentional loss
Attackers exploited a bug in Value DeFi's smart contract to drain $10 million out of the platform, in a second attack in six months. In November 2020, the platform had lost $7 …
2021-05-05
Attackers exploited a bug in Value DeFi's smart contract to drain $10 million out of the platform, in a second attack in six months. In November 2020, the platform had lost $7 …
2021-05-01
[vendor] LinkedIn (public profile API)
Vector: Systematic API scraping and data aggregation from LinkedIn's public profile data and APIs; attacker 'GOD User TomLiner' combined LinkedIn API data with other publicly available sources
In June 2021, data for approximately 700 million LinkedIn users — representing 93% of LinkedIn's total user base at the time — was posted for sale on RaidForums by a user calling …
2021-04-19
[vendor] EasyFi
[loss] $80M
Vector: Smart contract exploit / hack
Hackers compromised a computer belonging to EasyFi founder Ankitt Gaur, accessing his private keys which allowed them to transfer $6 million in stablecoins and $120 million worth …
2021-04-01
[vendor] FTX MobileCoin
[loss] $800M
Vector: Smart contract exploit / hack
At some point in April 2021, a trader on the FTX cryptocurrency exchange successfully exploited the firm for around $800 million. They were able to take positions in relatively …
2021-04-01
Vector: Misconfigured internal mapping website — IDHS planning maps intended for internal use were inadvertently made accessible via the public internet; no malicious actor involved
The Illinois Department of Human Services (IDHS) exposed sensitive personal data of more than 700,000 state residents for approximately four years, from April 2021 to September …
2021-04-01
[vendor] Google Analytics; Google Ads
Vector: Misconfigured Google Analytics integration on Blue Shield member websites inadvertently shared protected health information with Google Ads for advertising targeting purposes
Blue Shield of California disclosed on April 9, 2025, that a misconfigured Google Analytics integration had been sharing member protected health information (PHI) with Google Ads …
2021-03-16
[vendor] Luxottica partner appointment scheduling application
Vector: Unknown attacker gained unauthorized access to a Luxottica partner application used for managing eye care appointments; the application stored scheduling and patient data for EyeMed Vision Care and Lenscrafters patients
In March 2021, an unauthorized actor gained access to a Luxottica partner appointment scheduling application that contained patient data for customers of Luxottica's vision care …
2021-03-09
[vendor] DODO
[loss] $2M
Vector: Software bug / unintentional loss
DeFi project DODO was relieved of $3.8 million after hackers exploited a bug in their v2 Crowdpools smart contracts. The exchange later recovered $1.89 million of these funds. …
2021-02-13
[vendor] C.R.E.A.M.
[loss] $38M
Vector: Smart contract exploit / hack
A hacker was able to code a smart contract that tricked C.R.E.A.M. into believing it was from a trusted source. They were then able to make off with $37.5 million worth of Ethereum …
2021-02-13
A hacker was able to code a smart contract that tricked C.R.E.A.M. into believing it was from a trusted source. They were then able to make off with $37.5 million worth of Ethereum …
2021-02-04
[vendor] Yearn Finance
[loss] $11M
Vector: Software bug / unintentional loss
An exploit in Yearn Finance's yDAI vault resulted in an $11 million loss to the platform, though "only" $2.8 million of this went to the hacker.
Total loss estimated at …
2021-01-09
Vector: API scraping via enumerable insecure direct object references (IDOR) — Parler's API endpoints used sequential integer IDs with no authentication required; after Amazon Web Services announced it would terminate Parler's hosting (in response to its role in organizing the January 6 Capitol attack), researchers and archivists systematically scraped the entire public-facing API before the site went offline
On January 8, 2021, Amazon Web Services notified Parler — a social media platform popular with right-wing users — that it would terminate Parler's hosting services on January 10 …
2021-01-01
[vendor] Neopets user database and game systems
Vector: Unknown attacker gained persistent access to Neopets' databases; the attacker allegedly had access for approximately 18 months before the breach was publicly discovered; the attacker offered both the stolen data and continued live read/write access to Neopets' databases for sale
On 20 July 2022, a threat actor posted on BreachForums offering to sell 69 million Neopets user records and — uniquely — live access to Neopets' database (with read and write …
2021-01-01
[vendor] Peloton API
Vector: Broken object-level authorization (BOLA/IDOR) — Peloton's API allowed unauthenticated access to any user's profile data by supplying a target user ID; private accounts that users had specifically set to 'private' in the app returned full profile data to unauthenticated API requests
Security researcher Jan Masters (working with Pen Test Partners) discovered in January 2021 that Peloton's API endpoints did not enforce authentication or authorization checks, …
2020-10-21
[vendor] Nitro PDF cloud database and document storage
Vector: Unknown attacker gained unauthorized access to Nitro PDF's user database and document storage; Nitro PDF is a document productivity service used by major enterprises for PDF editing and e-signatures
In October 2020, Nitro Software — the company behind Nitro PDF, a widely used PDF productivity and e-signature service — suffered a data breach that exposed data for approximately …
2020-10-03
[vendor] Gravatar (Globally Recognized Avatar service, operated by Automattic)
Vector: Systematic API/web scraping of Gravatar's public-facing user profile API endpoint; Gravatar's service is designed to return publicly accessible profile information (username, display name, avatar, location, biographical info) for any user by querying their MD5-hashed email address — attackers enumerated MD5 hashes of email addresses to harvest profiles at scale, then cracked the weak MD5 email hashes to obtain the original email addresses
In October 2020, security researcher Carlo di Dato published details of a dataset containing 167 million Gravatar user records obtained by systematically scraping Gravatar's public …
2020-07-01
[vendor] Freepik / Flaticon website database
Vector: An attacker used an SQL injection vulnerability in Freepik's website to access the Freepik and Flaticon user databases; the SQL injection gave the attacker access to the database tables containing user credentials and personal information
In August 2020, Freepik — one of the world's largest stock photography and design resources websites (along with its vector icon subsidiary Flaticon) — disclosed a data breach …
2020-06-01
[vendor] Wattpad user database
Vector: Database breach via unknown vulnerability in Wattpad's backend infrastructure; approximately 268 million records were obtained from the platform's user database and subsequently offered for sale on hacker forums
In June 2020, Wattpad — the online creative writing platform with over 90 million users — suffered a data breach exposing approximately 268 million user records. The data was …
2020-05-01
Vector: A fraudster posing as a legitimate client of Experian South Africa used social engineering to convince Experian to provide a dataset containing personal information; the attacker presented fraudulent credentials and business information to obtain the data transfer
In August 2020, Experian South Africa disclosed that a suspected fraudster had obtained personal data of approximately 24 million South African individuals and 793,749 businesses …
2020-03-01
Vector: Phishing — employees of Norwegian Cruise Line Holdings were targeted with phishing emails that resulted in unauthorized access to employee email accounts; attackers then accessed personal data of employees, travel agents, and some customers stored in those accounts
Norwegian Cruise Line Holdings (NCLH), parent company of Norwegian Cruise Line, Regent Seven Seas Cruises, and Oceania Cruises, disclosed in July 2020 that it had suffered a data …
2020-02-01
[vendor] Clearview AI client database and search history systems
Vector: Unknown attacker gained unauthorised access to Clearview AI's systems and exfiltrated the company's entire client list — including law enforcement agencies, government clients, and private entities — along with their search histories (faces searched)
In February 2020, Clearview AI — a controversial facial recognition company that scraped billions of photos from social media to build its facial recognition database, primarily …
2020-01-01
[vendor] EasyJet customer booking systems
Vector: Sophisticated cyber attack; specific technical vector not publicly disclosed; EasyJet stated it was a highly sophisticated attacker; email addresses and travel details were the primary target alongside payment card data for a subset of customers
EasyJet disclosed on 19 May 2020 that it had suffered a cyberattack that exposed the personal data of approximately 9 million customers. The attack was first detected in late …
2020-01-01
Vector: Sophisticated cyberattack against easyJet's systems; the specific technical attack vector was not publicly disclosed by the airline, but the UK's National Cyber Security Centre (NCSC) and ICO investigated
In May 2020, easyJet (the UK-based low-cost airline) disclosed that it had suffered a cyberattack in which approximately 9 million customers had their email addresses and travel …
2020-01-01
Vector: Application vulnerability in online quoting websites that displayed full driver's licence numbers in plain text with minimal user input; scraped by automated attackers
National General (later acquired by Allstate) suffered two sequential data breaches via its online auto insurance quoting portals. First breach (2020): exposed driver's licence …
2019-11-22
[vendor] T-Mobile prepaid account management systems
Vector: Unknown attacker gained unauthorized access to T-Mobile's prepaid account information through a misconfigured API or application server; T-Mobile stated it was a criminal attack that gained access to prepaid account subscriber information
On 22 November 2019, T-Mobile detected and stopped a cyberattack that gained access to information for approximately 1 million T-Mobile prepaid customers. T-Mobile disclosed the …
2019-10-12
[vendor] Meta Pixel; Google advertising SDK; TikTok Pixel
Vector: Intentional data sharing via third-party advertising tracking pixels — Cerebral embedded Meta Pixel, Google analytics/advertising, TikTok Pixel, and other trackers on its website and apps that transmitted sensitive mental health patient data to advertising platforms without patients' knowledge or valid HIPAA authorization
Cerebral, a US telehealth startup specializing in mental health treatment (therapy, psychiatry, and medication management), disclosed in March 2023 that it had transmitted …
2019-10-01
Vector: Third-party tracking pixels — Cerebral used Meta Pixel, Google Analytics, TikTok Pixel, and other advertising trackers on its website and app; these trackers automatically captured and transmitted sensitive mental health information, medication details, and personal identifiers to advertising platforms
Cerebral, a telehealth company specializing in mental health services (particularly ADHD and anxiety/depression treatment), disclosed in March 2023 that it had shared sensitive …
2019-07-02
[vendor] MongoDB (third-party vendor deployment)
Vector: Third-party vendor misconfigured an unauthenticated MongoDB database, publicly exposing 5.6 million guest records copied from Choice Hotels' systems for use in testing a security product — without authorization; automated scripts also left a ransom note demanding 0.4 BTC
On approximately July 2, 2019, security researcher Bob Diachenko (working with Comparitech) discovered a publicly accessible, unauthenticated MongoDB database containing …
2019-07-01
[vendor] 7pay mobile app (Seven & i Holdings)
Vector: Application vulnerability — the 7pay app (7-Eleven Japan's new mobile payment application) had a flawed password reset mechanism that allowed attackers to reset any account's password by supplying only the account holder's email address, date of birth, and phone number; a design flaw also allowed password reset links to be sent to a third-party email address
On July 1, 2019, the day the 7pay mobile payment app launched in Japan, criminals immediately began exploiting a critical vulnerability in the app's password reset mechanism. The …
2019-06-01
[vendor] Bulgarian National Revenue Agency (NAP) web application / taxpayer database
Vector: A hacker (later identified as a 20-year-old Bulgarian cybersecurity specialist) exploited a SQL injection vulnerability in the Bulgarian National Revenue Agency (NRA) web application to extract taxpayer data from the agency's database
In July 2019, the Bulgarian National Revenue Agency (Национална агенция за приходите, NAP) suffered the largest data breach in Bulgarian history. A hacker sent a link to the stolen …
2019-06-01
[vendor] Samsung 'Add a Line' retail portal for Sprint
Vector: Third-party website vulnerability — hackers exploited a security flaw in Samsung's 'Add a Line' webpage (a retail portal used to add new Sprint lines), which allowed unauthorized access to Sprint customer account data
In June/July 2019, Sprint discovered that hackers had exploited a vulnerability on Samsung's 'Add a Line' promotional webpage — a co-branded retail portal used to add new Sprint …
2019-05-24
[vendor] Canva user database / Google Cloud Storage
Vector: The hacker GnosticiPlayers (responsible for multiple high-profile breaches in 2019) accessed Canva's user database via an unknown vulnerability; the attacker was able to view file names of private design files stored in Google Cloud Storage but could not access their contents
On 24 May 2019, the graphic design platform Canva was breached by the GnosticiPlayers hacker collective. Approximately 137 million user records were stolen, containing usernames, …
2019-05-01
[vendor] StockX sneaker resale marketplace user database
Vector: An unknown hacker gained unauthorized access to StockX's systems and obtained a copy of the user database; the attacker reached out to Vice/Motherboard journalist Lorenzo Franceschi-Bicchierai offering to sell the stolen data, which prompted investigation and disclosure
In May 2019, an attacker obtained user data from StockX — the Detroit-based sneaker and streetwear authentication and resale marketplace valued at over $1 billion. The breach went …
2019-01-01
[vendor] Tim Hortons mobile loyalty app (Restaurant Brands International)
Vector: The Tim Hortons mobile app collected continuous location data from users even when the app was not in use — far exceeding what was necessary for the app's stated functionality; the covert tracking persisted between app sessions without adequate consent disclosure
In June 2022, Canada's Office of the Privacy Commissioner (OPC), together with privacy commissioners from Alberta, British Columbia, and Quebec, published findings of a joint …
2019-01-01
[vendor] Facebook (contact import API)
Vector: Attackers exploited Facebook's 'Add friend by phone number' contact import feature, which allowed mass enumeration of user accounts by phone number without rate limiting; scraped in 2019, patched by Facebook in August 2019
In early 2019, attackers exploited a feature in Facebook's contact import tool that allowed them to upload large lists of phone numbers and identify which were linked to Facebook …
2019-01-01
[vendor] AT&T customer account database
Vector: CWE-284: Improper Access Control
In March 2024, AT&T confirmed that a dataset containing personal information on approximately 73 million people (7.6 million current and 65.4 million former AT&T customers) had …
2018-12-14
Vector: CWE-89: SQL Injection (unauthorised access to a central data warehouse via a web application vulnerability)
Georgia Institute of Technology disclosed on April 2 2019 that an unknown external actor had exploited a vulnerability in a web application to access a central data warehouse …
2018-12-03
[vendor] Quora user database and content systems
Vector: An unauthorized third party gained access to Quora's systems via unknown means; Quora stated it discovered the breach on Friday 30 November 2018 and immediately began investigation
On 3 December 2018, Quora — the popular question-and-answer platform with approximately 300 million monthly unique visitors — disclosed that an unknown attacker had accessed data …
2018-08-21
[vendor] British Airways website / mobile app (Modernizr library)
[malware] Magecart skimmer
Vector: Magecart Group 6 injected a 22-line JavaScript skimmer into British Airways' website and mobile app via a compromised third-party Modernizr JavaScript library; skimmer exfiltrated payment card data to attacker-controlled domain baways.com
Between 21 August and 5 September 2018, a Magecart Group 6 skimmer silently exfiltrated payment card details from approximately 500,000 British Airways customers who purchased …
2018-08-20
[vendor] T-Mobile customer API
Vector: An international hacker (later identified as a 21-year-old in the Netherlands) exploited an API vulnerability in T-Mobile's system to access and extract customer data; the vulnerability allowed access to customer account data without proper authentication
On 20 August 2018, T-Mobile detected and shut down an attack that exploited a vulnerability in T-Mobile's API, exposing account data for approximately 2 million customers. T-Mobile …
2018-08-01
[vendor] AMCA (American Medical Collection Agency) billing portal
Vector: Web payment portal of American Medical Collection Agency (AMCA), a third-party billing collections vendor, was compromised — attackers skimmed payment card data and personal information from AMCA's web payment system for approximately 8 months
Between August 1, 2018 and March 30, 2019, the web payment portal of American Medical Collection Agency (AMCA) — a third-party medical debt collections company — was compromised by …
2018-06-27
[vendor] SingHealth Sunrise Clinical Manager (SCM) patient database
[malware] Custom RAT (remote access trojan)
Vector: Advanced persistent threat group (assessed as state-sponsored, linked to Chinese APT10/APT41) used phishing email to compromise a SingHealth front-end workstation, moved laterally to the SCM database via multiple infected machines, and used a custom remote access tool to extract data over approximately three weeks
Between 27 June and 4 July 2018, attackers exfiltrated personal data of 1.495 million patients from SingHealth's Sunrise Clinical Manager outpatient database — approximately 25% of …
2018-06-02
[vendor] Flipboard social news aggregator user database
Vector: Unauthorized access to Flipboard's databases; the attacker accessed and potentially exfiltrated user data on two separate occasions — once between 2 June 2018 and 22 March 2019, and again between 21-22 April 2019; Flipboard detected the second intrusion through monitoring of its systems
Flipboard — the popular social news aggregation app — disclosed on 28 May 2019 that it had suffered two separate periods of unauthorized access to its databases. The first period …
2018-03-14
[vendor] UnityPoint Health (Iowa-based integrated health system)
Vector: Business email compromise (BEC) phishing attack targeting UnityPoint Health employees; attackers sent emails impersonating a trusted executive, convincing employees to provide their email credentials; the compromised employee email accounts were then accessed by attackers who could view and exfiltrate protected health information from email contents
UnityPoint Health, a major Iowa-based health system operating 32 hospitals and 280+ clinics across Iowa, Illinois, and Wisconsin, suffered two phishing-related breaches in 2018. …
2018-03-01
[vendor] Cathay Pacific Airways passenger data systems
Vector: An attacker gained access to Cathay Pacific's IT systems containing passenger data; Cathay discovered suspicious activity on its network in March 2018 but did not identify the breach until May 2018; the attack vector was not publicly disclosed in detail
In March 2018, an attacker accessed Cathay Pacific's IT systems and obtained data for approximately 9.4 million passengers — one of the largest aviation data breaches ever. Cathay …
2018-02-01
[vendor] MyFitnessPal (Under Armour) user database
Vector: Unauthorized party acquired data associated with MyFitnessPal user accounts; specific technical attack vector was not disclosed by Under Armour; data was obtained from the MyFitnessPal app and website user database
In February 2018, an unauthorized party obtained data from approximately 150 million MyFitnessPal user accounts. Under Armour, which had acquired MyFitnessPal in 2015 for $475 …
2018-01-01
[vendor] HealthEngine patient appointment booking platform (Australia)
Vector: HealthEngine shared patient appointment and health data with Slater & Gordon law firm and health insurance funds without adequate patient consent, using fine print in terms of service that patients were unlikely to read; separately, HealthEngine edited negative reviews posted on its platform before publication
HealthEngine, Australia's largest health appointment booking platform with over 17 million users across approximately 60,000 healthcare practices, was found by Australian …
2017-08-01
[vendor] Panera Bread website / customer API
Vector: An unauthenticated API endpoint on Panera Bread's website exposed customer records in plaintext — accessible to anyone with a web browser; the vulnerability was reported to Panera by security researcher Dylan Houlihan in August 2017 but Panera took 8 months to fix it
In August 2017, security researcher Dylan Houlihan discovered that Panera Bread's website had an unauthenticated API endpoint at panerabread.com that returned customer records in …
2017-07-31
[vendor] HBO internal content management and production systems
Vector: A hacker group (later identified as Behzad Mesri, an Iranian national) gained access to HBO's internal network via unknown means and exfiltrated approximately 1.5 terabytes of data including scripts, episodes, and internal company documents; the attacker demanded $6 million in Bitcoin ransom
In late July/early August 2017, a hacker exfiltrated approximately 1.5 terabytes of data from HBO's internal systems including unreleased episodes of Game of Thrones (the most …
2017-07-28
Vector: Vendor mailing error — a third-party mailing vendor used envelopes with an oversized clear window cutout that allowed the letter body text (which referenced HIV medications by name) to be visible through the envelope without opening it, disclosing members' HIV status to anyone who handled the mailing
In late July 2017, Aetna mailed letters to approximately 11,887 members nationwide regarding a court-ordered change to HIV prescription coverage policy (members were being notified …
2017-05-17
[vendor] Zomato user database
Vector: An unknown attacker (who later reached out to Zomato directly) gained access to Zomato's database and exfiltrated user records; Zomato's engineering team determined that an internal vulnerability allowed the attacker access; the attacker offered to sell the data and then agreed to delete it after Zomato engaged with them
On 17-18 May 2017, Zomato — India's largest food delivery and restaurant discovery platform, operating in 24 countries with approximately 120 million monthly visitors — disclosed …
2017-05-01
Vector: CWE-284: Improper Access Control (unauthorised access to Bell systems by an unnamed hacker who threatened to release data unless Bell lobbied against Canadian internet regulation)
An unnamed hacker breached Bell Canada in May 2017 and exfiltrated data on approximately 1.9 million active and former customer accounts, including names, email addresses, phone …
2017-05-01
[vendor] Saks Fifth Avenue / Lord & Taylor POS systems (Hudson's Bay Company)
[malware] Carbanak POS RAM-scraping malware
Vector: FIN7 cybercriminal group (JokerStash/Carbanak) installed POS RAM-scraping malware on point-of-sale systems across Saks Fifth Avenue and Lord & Taylor stores nationwide; the malware captured payment card track data from device memory during transactions for approximately 10 months
Between May 2017 and March 2018, the FIN7 cybercriminal group (operating the JokerStash carding shop) compromised point-of-sale systems at all Saks Fifth Avenue and Lord & Taylor …
2017-04-01
[vendor] Wonga Finance UK customer database
Vector: Unknown attacker gained unauthorized access to Wonga's systems and customer data; Wonga identified the breach through internal monitoring and immediately launched an investigation; the specific attack vector was not disclosed publicly
In April 2017, Wonga Finance — the UK's largest payday loan company at its peak, with approximately 1 million UK customers — suffered a data breach affecting approximately 270,000 …
2017-03-24
[vendor] Chipotle point-of-sale systems
[malware] POS RAM scraping malware
Vector: Attackers installed point-of-sale (POS) malware on payment systems at the majority of Chipotle restaurant locations; the malware read payment card data from the magnetic stripe track data in RAM (RAM scraping) during the transaction window
Between 24 March and 18 April 2017, attackers installed malware on point-of-sale systems at most Chipotle Mexican Grill restaurant locations in the United States. The malware …
2017-03-10
[vendor] Equifax online dispute portal
[cve] CVE-2017-5638
Vector: CWE-20: Improper Input Validation / Apache Struts OGNL injection
Apache disclosed CVE-2017-5638 March 7 2017 and patched same day. Equifax security scans failed to identify the vulnerable system. Attackers exploited Apache Struts flaw in …
2017-03-01
[vendor] First American EaglePro web application
Vector: Insecure Direct Object Reference (IDOR) in First American's EaglePro web application — any authenticated user with a valid document link could increment a sequential numeric document ID in the URL to access any other document without authorization; vulnerability exploitable by any logged-in user without special privileges
First American Financial Corporation, one of the largest title insurance and real estate settlement services providers in the United States, had an IDOR (Insecure Direct Object …
2017-01-01
[vendor] Aadhaar (UIDAI — Unique Identification Authority of India) national biometric identity system
Vector: Multiple vulnerabilities and unauthorized access points were identified in the Aadhaar ecosystem: anonymous database access was sold via WhatsApp groups for ₹500; state government portals and websites operated by utility companies exposed Aadhaar numbers; the Aadhaar eKYC API lacked proper rate limiting and access controls
India's Aadhaar national biometric identity system — which stores fingerprint and iris scan data for approximately 1.2 billion Indian citizens and links to bank accounts, mobile …
2017-01-01
[vendor] Desjardins Group internal member database
Vector: Malicious insider — a Desjardins employee who had legitimate access to member data as part of their role — exfiltrated member personal data over approximately 26 months and shared the data with third parties outside the organization
A Desjardins Group employee with legitimate access to member data exfiltrated personal information of members over approximately 26 months (from early 2017 to March 2019) and …
2017-01-01
Vector: A malicious insider (a Desjardins employee) collected and exfiltrated personal data of members over a period of approximately 26 months, sharing the data with unauthorized third parties outside the organization
Desjardins Group, Canada's largest federation of credit unions with over 7 million members, disclosed in June 2019 that a malicious insider (a now-former employee) had been …
2017-01-01
[vendor] GoodRx health savings platform; Meta Pixel; Google advertising SDK
Vector: Intentional data sharing — GoodRx embedded third-party tracking pixels (from Meta/Facebook, Google, Criteo, Branch.io, and Twilio) on its website and apps that transmitted users' sensitive health and prescription information to advertising platforms for targeting and retargeting purposes
GoodRx, the US prescription drug discount platform with approximately 55 million users, disclosed its use of third-party advertising trackers in 2023 when the FTC took enforcement …
2017-01-01
Vector: Third-party tracking pixels and SDKs — GoodRx embedded Meta Pixel, Google Analytics, and other advertising trackers on its website and app that automatically transmitted users' health and prescription information to advertising platforms for targeted advertising purposes
GoodRx, a health technology company offering prescription drug discount coupons and telehealth services, shared sensitive user health data with Facebook/Meta, Google, Criteo, …
2016-11-01
[vendor] Three Mobile UK customer upgrade database
Vector: Fraudsters used a legitimate employee login credential (obtained via an insider or social engineering) to access Three Mobile's customer upgrade database; they then used customer data to intercept handset upgrades — diverting new handsets to fraudsters rather than legitimate customers
In November 2016, Three Mobile UK — one of the UK's major mobile network operators — disclosed a breach of its customer upgrade system. Fraudsters used compromised employee login …
2016-10-26
Vector: A web developer working for the Red Cross Blood Service's website contractor accidentally uploaded a production database backup file (.sql dump) to a publicly accessible directory on the redcrossblood.org.au website; discovered by an independent security researcher who responsibly disclosed it
In October 2016, a contractor responsible for building Australian Red Cross Blood Service's donor portal accidentally included a 1.74 GB SQL database backup file in a publicly …
2016-10-25
[vendor] Australian Red Cross Blood Service / Precedent Communications web hosting
Vector: A web development contractor (Precedent Communications, later identified) inadvertently uploaded a backup file of donor registration data to a publicly accessible directory on the Australian Red Cross Blood Service website; the file was discovered by a security researcher and reported responsibly
On 25 October 2016, a file named 'donorquestionnaire.bak' containing registration data for 550,000 blood donors was inadvertently left in a publicly accessible directory on the …
2016-10-20
[vendor] Dailymotion (French video-sharing platform, owned by Vivendi)
Vector: Database compromise of Dailymotion's user account database; the specific initial access vector was not publicly disclosed
On December 6, 2016, data breach tracking service LeakedSource reported that a dataset containing 85.2 million Dailymotion user records had been offered for sale and contained data …
2016-10-01
Vector: Local File Inclusion (LFI) vulnerability on FriendFinder Network servers allowed attackers to read arbitrary files, including the password database; passwords stored in plaintext or reversible SHA-1 hashes
FriendFinder Networks, the operator of adult dating websites, suffered a breach that exposed approximately 412 million accounts across six properties including …
2016-10-01
[vendor] Deloitte Microsoft Azure email / Active Directory
Vector: Attacker compromised an administrator account on Deloitte's Microsoft Azure-hosted email platform that had no multi-factor authentication enabled; this granted unrestricted access to the Azure Active Directory storing email for all partners and staff
An attacker compromised a single Deloitte administrator account that lacked multi-factor authentication, granting access to Deloitte's global email server hosted on Microsoft …
2016-09-27
[vendor] LifeBridge Health (Baltimore, Maryland integrated health system)
Vector: Malware installed on LifeBridge Health's server supporting its registration and billing systems and electronic medical records; the malware gained unauthorized access to a server connected to systems containing patient data — the precise initial intrusion vector was not disclosed; the breach was discovered more than a year after it began
LifeBridge Health, a Maryland-based health system operating Sinai Hospital, Northwest Hospital, Levindale Hebrew Geriatric Center, and other facilities, disclosed in May 2018 that …
2016-07-01
[vendor] Multiple healthcare providers (clinics, therapy centres, oncology practices)
Vector: The Dark Overlord gained access to multiple healthcare clinics and providers by exploiting Remote Desktop Protocol (RDP) vulnerabilities — specifically brute-forcing RDP credentials or exploiting unpatched RDP vulnerabilities on internet-facing systems; stolen data was then used for extortion of both the healthcare providers and directly of patients
Beginning in mid-2016, a cybercriminal group calling themselves 'The Dark Overlord' (TDO) conducted a sustained campaign of healthcare data theft and extortion against multiple US …
2016-06-17
[vendor] Banner Health patient records / payment card systems
[malware] POS RAM-scraping malware
Vector: Attackers first compromised Banner Health's food and beverage payment card systems (targeting point-of-sale systems at Banner's healthcare facility cafeterias and restaurants) and used that initial foothold to pivot into Banner's main healthcare network, accessing patient data systems
Between 23 June and 7 July 2016, attackers first compromised Banner Health's point-of-sale (POS) systems at food and beverage outlets within Banner Health facilities, using …
2016-06-17
[malware] POS malware
Vector: Attackers first compromised Banner Health's food and beverage payment processing systems (POS attack at hospital dining locations) on June 17, 2016, then used that foothold to pivot laterally into Banner's healthcare IT network to access patient, member, and provider databases
Banner Health, a Phoenix, Arizona-based nonprofit hospital system operating 28 hospitals and numerous clinics across seven western states, disclosed on August 3, 2016 that it had …
2016-05-21
[vendor] Newkirk Products health plan ID card printing system
Vector: Unauthorized access to a production server at Newkirk Products containing health plan member data; attacker gained access to the server hosting membership data; the server was shut down upon discovery on July 6, 2016
Newkirk Products, Inc., a New York-based company that printed and mailed health plan identification cards on behalf of multiple Blue Cross Blue Shield (BCBS) plans, disclosed a …
2016-03-27
[vendor] Philippine Commission on Elections (COMELEC) voter database
Vector: Hacktivist group 'LulzSec Pilipinas' defaced the Commission on Elections (COMELEC) website and dumped the entire voter database; a second group called 'Anonymous Philippines' also separately published the database; the initial defacement was carried out by exploiting a vulnerability in the COMELEC website
On 27 March 2016, hacktivist group LulzSec Pilipinas defaced and dumped the Philippines Commission on Elections (COMELEC) entire voter database — weeks before the 9 May 2016 …
2016-02-01
[vendor] Weebly website builder user database
Vector: Unknown attacker gained unauthorized access to Weebly's user database and exfiltrated account credentials and associated data for approximately 43 million users; the breach data was acquired by data breach researcher Troy Hunt and added to Have I Been Pwned
In February 2016, Weebly — a popular drag-and-drop website builder platform serving approximately 40 million users and 625,000 paying customers — suffered a data breach. The breach …
2016-01-07
Vector: Physical loss — six unencrypted hard drives containing health plan member data were misplaced and could not be located during an IT data project; the drives were being used to store laboratory test result data for a health outcomes improvement initiative
On January 7, 2016, Centene Corporation — one of the largest Medicaid-focused managed care organizations in the United States, operating health plans in over 25 states — discovered …
2016-01-01
[vendor] Lifeboat Minecraft network user database
Vector: Unknown attacker gained access to the Lifeboat Minecraft server network database; Lifeboat is a popular Minecraft Pocket Edition server network with millions of registered child and teen players; the attacker accessed email addresses and weakly hashed (MD5) passwords
In early 2016, Lifeboat — one of the most popular Minecraft Pocket Edition server networks with over 3 million registered accounts — was breached. The breach affected approximately …
2016-01-01
[vendor] Verizon Enterprise Solutions customer management portal
Vector: Unknown attackers exploited a vulnerability in a Verizon Enterprise Solutions web portal and exfiltrated customer business data; the data was subsequently offered for sale in a Russian cybercriminal forum for $100,000 or $10,000 per portion
In early 2016, Verizon Enterprise Solutions — the business division of Verizon that provides managed network services to Fortune 500 companies and government agencies — suffered a …
2015-11-14
[vendor] VTech Learning Lodge app store / Kid Connect
Vector: A hacker accessed VTech's Learning Lodge app store (used by parents to download apps for VTech children's devices) and the Kid Connect messaging app database via SQL injection vulnerability in the website; attacker extracted customer and children's databases
On 14 November 2015, a hacker breached VTech's Learning Lodge — the app store and content platform for the company's range of children's electronic learning tablets and toys. VTech …
2015-10-21
[vendor] TalkTalk website / legacy Metapack database component
Vector: Three teenagers exploited a SQL injection vulnerability in a legacy web component of TalkTalk's website (an outdated Metapack database acquired in 2009 that was inadequately secured); the attackers scraped customer data from the vulnerable endpoint
On 21 October 2015, TalkTalk — one of the UK's largest broadband and telecoms providers serving approximately 4 million customers — was attacked by a group of teenagers who …
2015-10-03
[vendor] 21st Century Oncology patient database
Vector: FBI notified 21st Century Oncology that its systems had been compromised by an unknown attacker who gained access to its patient database; specific technical attack vector was not disclosed; the FBI discovered the breach during an unrelated investigation and tipped off the cancer treatment provider
In October 2015, an unknown attacker compromised the patient database of 21st Century Oncology Holdings — the largest radiation oncology treatment chain in the United States, …
2015-10-03
Vector: External attacker gained unauthorized access to 21st Century Oncology's patient database; on November 13, 2015 the FBI notified the company that a hacker had illegally obtained data from their systems; exact initial access vector not publicly disclosed
21st Century Oncology, the largest integrated cancer care provider in the United States at the time (operating 180+ locations in 17 states plus international), suffered a database …
2015-07-12
Vector: Impact Team claimed to have insider access to Avid Life Media's (ALM) systems; exfiltrated user account database, company email, source code, and payment records; threatened to publish unless the site was shut down
On July 12, 2015, a hacking group calling themselves 'Impact Team' notified Ashley Madison (a dating website for married people seeking affairs, operated by Avid Life Media) that …
2015-07-05
[vendor] Hacking Team (HT S.r.l.) internal systems and source code
Vector: An unknown attacker (later claimed to be Phineas Fisher, a hacktivist) penetrated Hacking Team's internal network by first attacking an embedded system (a router), pivoting to internal systems, and ultimately obtaining access to Hacking Team's source code repositories, email archives, and internal documents; tools and zero-day exploits were also stolen
On 5 July 2015, Hacking Team — an Italian cybersecurity company that sold offensive surveillance software (Remote Control System, branded 'Galileo') to governments and law …
2015-03-01
[malware] POS RAM-scraping malware
Vector: POS malware — attackers installed RAM-scraping malware on Sally Beauty point-of-sale systems to capture payment card track data at checkout; similar attack methodology to the retailer's first breach in 2014
In May 2015, Sally Beauty Holdings disclosed its second payment card breach in approximately one year. The beauty supply retailer discovered unauthorized access to payment card …
2015-01-01
Vector: Attackers used stolen personally identifiable information (SSNs, dates of birth, tax filing status, and street addresses — likely from prior third-party breaches) to pass the IRS 'Get Transcript' online application's knowledge-based authentication questions and access prior-year tax transcripts
Between January and May 2015, sophisticated cybercriminals exploited the IRS 'Get Transcript' web application to access prior-year tax return transcripts for over 100,000 …
2014-12-10
Vector: China-linked threat actor (Indrik Spider / Deep Panda) used a spear-phishing email targeting an Anthem subsidiary to establish initial access, then moved laterally to Anthem's enterprise data warehouse containing unencrypted member records
Anthem (now Elevance Health), the second-largest US health insurer, disclosed in February 2015 that attackers had gained access to its enterprise data warehouse and exfiltrated …
2014-12-01
Vector: Insider threat — a Morgan Stanley financial advisor (Galen Marsh) with authorized access to client data used his legitimate credentials to download and exfiltrate approximately 350,000 client records from internal systems over the course of several months
In late 2014, Morgan Stanley financial advisor Galen Marsh used his authorized access to the firm's internal systems to download account information for approximately 350,000 …
2014-10-01
Vector: Russian state-sponsored hackers (attributed to APT29 / Cozy Bear) gained access to the U.S. State Department's unclassified email network; initial access likely via spear-phishing followed by lateral movement and persistent backdoor implants
In late 2014, Russian state-sponsored hackers breached the U.S. State Department's unclassified email system (SBU — Sensitive But Unclassified network), gaining persistent access …
2014-09-01
[vendor] UCLA Health System patient network
Vector: A sophisticated cyberattacker (assessed as China-linked APT, consistent with the wave of health insurer breaches in 2014-2015) gained access to UCLA Health's network and accessed parts of the network containing personal and medical information for approximately 4.5 million individuals
In September 2014, a sophisticated cyberattacker accessed portions of the UCLA Health network containing protected health information. UCLA Health — one of California's largest …
2014-09-01
Vector: Nation-state attackers (believed to be Chinese APT) gained access to UCLA Health's network and moved laterally to unencrypted parts of the network containing patient data; initial vector not publicly confirmed
UCLA Health, one of the leading academic medical centers in the United States, disclosed in July 2015 that attackers had accessed parts of its network containing personal and …
2014-08-01
Vector: CWE-89: SQL Injection (hacker group NullCrew exploited SQL injection in Bell's systems)
Hacker collective NullCrew claimed responsibility for a breach of Bell Canada, Canada's largest telecom, disclosed August 28 2014. Approximately 1.9 million email addresses and …
2014-07-01
[vendor] K Box Entertainment Group membership database
Vector: Unknown attacker gained unauthorized access to K Box's membership database through a vulnerability in their website; the database was not adequately protected and allowed access to member personal information
K Box Entertainment Group — a Singapore-based karaoke chain with approximately 25 outlets — suffered a breach of its customer membership database in 2014, exposing data for …
2014-07-01
Vector: APT10 (Chinese state-sponsored) used stolen credentials from a KeyPoint Government Solutions contractor to access OPM's network, then pivoted to the SF-86 security clearance database via a legacy Oracle database with no multi-factor authentication
The 2015 OPM breach is widely regarded as the most damaging government data breach in U.S. history. Chinese state-sponsored hackers (APT10/Deep Panda) used credentials stolen from …
2014-06-13
[vendor] Domino's Pizza (European operations, Belgium and France)
Vector: SQL injection or web application attack against Domino's Pizza's online ordering system in Belgium and France; hacker group Rex Mundi claimed responsibility and threatened to publish the data unless a ransom of €30,000 was paid
In June 2014, hacker group Rex Mundi announced they had stolen approximately 592,000 customer records from Domino's Pizza's online ordering systems in Belgium and France. Rex Mundi …
2014-06-01
[vendor] CareFirst BlueCross BlueShield member database
Vector: China-linked nation-state APT (same group attributed to Anthem and Premera breaches) gained access to CareFirst's network approximately eleven months before detection; initial access vector was consistent with spear-phishing used in contemporaneous health insurer breaches
In June 2014, a sophisticated cyberattacker — assessed by Mandiant as the same China-linked group responsible for the Anthem (February 2015) and Premera Blue Cross (March 2015) …
2014-06-01
[vendor] Domino's Pizza France and Belgium online ordering database
Vector: A group called Rex Mundi gained access to Domino's Pizza France and Belgium's online ordering systems and databases through a vulnerability in the web application; the group claimed to have exploited SQL injection or similar techniques to access customer order databases
In June 2014, Rex Mundi — a cybercriminal extortion group known for targeting European companies — compromised Domino's Pizza France and Belgium's online ordering systems and …
2014-06-01
[vendor] JPMorgan Chase internal network / customer data systems
Vector: Russian criminal group (linked to Bitcoin exchange operators) exploited an unpatched vulnerability on a JPMorgan Chase server — specifically a zero-day in the bank's website that was not updated to use two-factor authentication; attackers gained root privileges on more than 90 servers
Between June and August 2014, a sophisticated attack attributed to a Russian cybercriminal group compromised JPMorgan Chase's internal network, gaining access to data for 76 …
2014-06-01
Vector: Attackers exploited a missed security upgrade on a single JPMorgan server — a bank employee had forgotten to enable two-factor authentication on one web application server — allowing the attackers to obtain a root-level list of applications and servers, then pivot to over 90 bank servers
In June 2014, a sophisticated hacking group breached JPMorgan Chase's network and maintained access until it was discovered approximately in August 2014. The attackers accessed …
2014-06-01
Vector: Chinese APT intrusion (same infrastructure as Anthem and Premera breaches); attackers first compromised CareFirst's network in April 2014, but that incursion was identified and contained; attackers re-entered via backdoors in June 2014 and maintained access until April 2015 when Mandiant detected the intrusion
CareFirst BlueCross BlueShield, the dominant health insurer for the Washington D.C./Maryland/Virginia region, disclosed on May 20, 2015 that approximately 1.1 million members had …
2014-05-05
[vendor] Premera Blue Cross member database
Vector: Nation-state APT group (assessed as Winnti/APT41, China-linked) gained initial access via a spear-phishing email; maintained persistent access for approximately 9 months while conducting lateral movement and data exfiltration from Premera's member database
On 5 May 2014, attackers believed to be a Chinese APT group (assessed as Winnti/APT41) gained access to Premera Blue Cross's network via a spear-phishing attack. The attackers …
2014-05-05
Vector: Nation-state attackers (believed to be Chinese APT, same campaign as Anthem breach) gained initial access via spear-phishing email with malicious attachment; established persistent access to Premera's IT environment for approximately 9 months before detection
Premera Blue Cross, one of the largest health insurance carriers in the Pacific Northwest, disclosed in March 2015 that attackers had gained access to its IT systems beginning May …
2014-04-01
[vendor] Community Health Systems patient database (206 hospitals in 29 states)
[malware] Custom Mimikatz variant
Vector: Advanced persistent threat group (Mandiant/FireEye attributed to China, assessed as APT18/Wekby) used spear-phishing to gain initial access and deployed a customized version of the Mimikatz credential-harvesting tool; attacker moved laterally across CHS's 200+ hospital network
Between April and June 2014, a China-linked APT group (assessed as APT18/Wekby by Mandiant, who CHS hired to investigate) compromised Community Health Systems (CHS) — at the time …
2014-04-01
[vendor] Staples office supply stores POS systems
[malware] POS RAM-scraping malware
Vector: Cybercriminals installed POS RAM-scraping malware on point-of-sale systems at Staples office supply stores; the malware captured payment card track data from device memory during transaction processing
Between April and September 2014, POS malware infected point-of-sale systems at 115 Staples store locations across the United States. The breach resulted in approximately 1.16 …
2014-04-01
[vendor] Juniper VPN (Heartbleed)
[cve] CVE-2014-0160
Vector: APT18 (Dynamite Panda), a Chinese state-linked threat actor, exploited the Heartbleed vulnerability (CVE-2014-0160) against Community Health Systems' Juniper VPN appliance to extract VPN credentials from memory; used stolen credentials to authenticate as a legitimate user and access the network
Between approximately April and June 2014, APT18 (also known as Dynamite Panda, Threat Group-0416, or Wekby), a Chinese state-linked advanced persistent threat group attributed by …
2014-04-01
[malware] BlackPOS (Kaptoxa) RAM-scraper
Vector: Attackers used stolen vendor credentials (from a third-party vendor) to access Home Depot's network, then exploited an unpatched Windows vulnerability to move laterally and deploy a custom variant of BlackPOS RAM-scraping malware on self-checkout POS systems
Between April and September 2014, attackers used stolen credentials belonging to a third-party Home Depot vendor to gain initial access to the retailer's network. They exploited an …
2014-04-01
[malware] POS RAM-scraping malware
Vector: POS malware — attackers installed RAM-scraping malware on point-of-sale systems at Staples retail stores, capturing payment card track data at the time of purchase
Between approximately April and September 2014, attackers deployed POS malware at Staples retail stores across the eastern United States. Staples first acknowledged an …
2014-03-01
[malware] PlugX RAT
Vector: Chinese state-sponsored attackers (APT3/Gothic Panda, potentially distinct from the APT10 intrusion responsible for the SF-86 clearance breach) gained access to OPM's personnel records system; the initial vector involved stolen credentials, with attackers using the PlugX RAT for persistence
The OPM breach disclosed in June 2015 actually comprised two distinct intrusions. This earlier intrusion — dating to approximately March 2014 or possibly as early as late 2013 — …
2014-02-18
Vector: Attackers gained unauthorized access to a University of Maryland database server containing records for all faculty, staff, and students who had been issued a university ID; the specific technical attack vector was not fully disclosed but involved unauthorized access to a records database
On February 18, 2014, the University of Maryland suffered a data breach in which attackers accessed a database containing records for 309,079 faculty, staff, and students who had …
2014-02-12
[vendor] Kickstarter (crowdfunding platform)
Vector: SQL injection attack against Kickstarter's database; law enforcement notified Kickstarter of the unauthorized access on February 12, 2014
On February 12, 2014, Kickstarter was notified by law enforcement that its database had been accessed by unauthorized attackers via a SQL injection vulnerability. Kickstarter …
2014-02-01
Vector: Unauthorized access to an FAA internal computer system containing employee records; the agency reported the system was accessed without authorization, though the specific technical vector was not fully disclosed publicly
In early 2014, the Federal Aviation Administration (FAA) suffered an unauthorized intrusion into an agency computer system that contained personally identifiable information for …
2014-02-01
Vector: Attackers compromised the login credentials of a small number of eBay employees with database access, then used those credentials to access eBay's corporate network and exfiltrate the customer database
In approximately February-March 2014, attackers compromised the credentials of a small number of eBay corporate employees and used those credentials to access the company's …
2014-01-01
[vendor] Morrisons supermarket internal payroll / employee HR database
Vector: A disgruntled Morrisons senior internal IT auditor (Andrew Skelton) with legitimate access to payroll data deliberately copied and leaked the personal and financial data of 99,998 Morrisons employees to newspaper outlets and multiple file sharing websites, motivated by a personal grievance over a disciplinary matter
In early 2014, Andrew Skelton — a senior IT auditor at Morrisons, one of the UK's largest supermarket chains — deliberately leaked the personal data of 99,998 Morrisons employees …
2014-01-01
Vector: Data exposure — files containing student and former student personally identifiable information including Social Security numbers were left accessible on a publicly reachable server without proper access controls; discovered during a routine security audit
Indiana University discovered in May 2014 that files containing Social Security numbers and other personal data for approximately 146,000 current and former students had been …
2014-01-01
Vector: Chinese state-sponsored hackers gained persistent access to USPS corporate networks; the exact initial vector was not fully disclosed publicly but likely involved spear-phishing or exploitation of an internet-facing system followed by lateral movement
In November 2014, the U.S. Postal Service disclosed that Chinese government hackers had breached its corporate networks and accessed personnel data for approximately 800,000 …
2014-01-01
[vendor] Starwood Hotels guest reservation system
[malware] Remote Access Trojan (name undisclosed)
Vector: CWE-506: Embedded Malicious Code / Remote Access Trojan deployed in Starwood network prior to Marriott acquisition
Chinese state-sponsored hackers (linked to PLA) compromised Starwood Hotels reservation system as early as 2014, 2 years before Marriott acquired Starwood (2016). Breach persisted …
2013-12-23
[vendor] Excellus BlueCross BlueShield member database
Vector: Nation-state APT group (assessed as same Chinese threat actor responsible for Anthem and Premera breaches) gained initial access in December 2013 via unknown means and maintained persistent access for approximately 20 months before being discovered during a forensic investigation
In December 2013, a sophisticated cyberattack — widely attributed to a China-linked nation-state APT group believed to be the same threat actor responsible for the Anthem and …
2013-12-01
Vector: Sophisticated APT intrusion (consistent with Chinese state-linked APT campaign that also targeted Anthem, Premera Blue Cross, and CareFirst BCBS in the same period); attackers maintained undetected access for approximately 20 months; Excellus engaged Mandiant after sister organizations were breached, which revealed the compromise
Excellus BlueCross BlueShield, a Rochester, New York-based health insurer covering approximately 3.5 million members in upstate New York, disclosed on September 10, 2015 that …
2013-11-01
[vendor] Cupid Media / CupidPlc dating site databases
Vector: An attacker gained access to Cupid Media's database — an Australian company operating approximately 35 niche online dating websites; the stolen database surfaced in a cache of databases found on a server used by cybercriminals that had been seized by investigators
In November 2013, Cupid Media — an Australian company operating approximately 35 niche online dating websites including ChristianCafe, CatholicMingle, MilfDate, AsianDating, and …
2013-11-01
Vector: Insider threat — employees at AT&T's outsourced call centers in Colombia, Mexico, and the Philippines improperly accessed and sold customer data (names and partial/full Social Security numbers) to unauthorized third parties to facilitate unauthorized phone unlocking for profit
Between approximately November 2013 and April 2014, employees at AT&T's outsourced call centers in Colombia, Mexico, and the Philippines improperly accessed records of …
2013-10-01
Vector: Sophisticated targeted attack — attackers breached Scottrade's network via methods consistent with the same criminal group responsible for the JPMorgan Chase 2014 breach; the investigation found unauthorized access to a database containing customer contact information
In October 2015, Scottrade announced that it had been notified by federal law enforcement that its systems had been breached between approximately late 2013 and early 2014. The …
2013-08-01
Vector: Attackers gained access to Adobe's network and exfiltrated source code for Acrobat, ColdFusion, and Reader; also accessed the customer database containing passwords encrypted with 3DES using the same key for all accounts
In October 2013, Adobe disclosed two simultaneous major security incidents: (1) Source code theft: attackers exfiltrated source code for Adobe Acrobat, Adobe Reader, Adobe …
2013-07-16
[malware] POS RAM-scraping malware
Vector: POS malware — attackers installed malware on Neiman Marcus point-of-sale terminals that scraped payment card track data (including magnetic stripe data) from memory as cards were swiped at checkout
Between approximately July 16, 2013 and October 30, 2013, attackers installed RAM-scraping malware on Neiman Marcus point-of-sale (POS) systems at the luxury retailer's stores. The …
2013-07-15
Vector: Physical theft of four unencrypted desktop computers from Advocate Medical Group's administrative offices in Park Ridge, Illinois; two subsequent smaller incidents involved theft of an unencrypted laptop from an employee's car and a business associate (Blackhawk Consulting Group) compromise
On July 15, 2013, four unencrypted desktop computers were stolen from Advocate Medical Group's administrative offices in Park Ridge, Illinois. The computers contained personal and …
2013-07-15
[vendor] Advocate Medical Group unencrypted laptops
Vector: Four unencrypted laptops were stolen from an Advocate Medical Group administrative office in Park Ridge, Illinois; the laptops contained patient data for approximately 4 million patients and were not encrypted despite Advocate's data security policies
On 15 July 2013, four unencrypted laptops were stolen from an administrative office of Advocate Medical Group — the largest physician practice group in Illinois, associated with …
2013-07-01
Vector: Two separate breaches: (1) 2013 — attackers forged authentication cookies using stolen Yahoo proprietary cookie-minting code, bypassing password requirements entirely; (2) 2014 — Russian state-sponsored actors (FSB/Karim Baratov/Alexsey Belan) used spear-phishing to steal Yahoo admin credentials and copied the User Account Database backup
Yahoo suffered two separate mega-breaches that collectively represent the largest credential theft in internet history. (1) August 2013 breach (disclosed December 2016, revised to …
2013-06-01
[vendor] Facebook Open Graph API
Vector: Aleksandr Kogan's app 'This Is Your Digital Life' exploited Facebook's Open Graph API permission model, which allowed apps to harvest not only the personal data of users who installed the app but also all of their friends' data — without those friends' consent or knowledge
Between 2013-2015, Aleksandr Kogan (Cambridge University researcher) built a personality quiz app ('This Is Your Digital Life') and used Facebook's Open Graph API to harvest …
2013-05-08
[vendor] Michaels Stores / Aaron Brothers point-of-sale systems
[malware] POS RAM-scraping malware
Vector: Sophisticated POS RAM-scraping malware was installed on point-of-sale terminals at Michaels arts-and-crafts retail stores and its subsidiary Aaron Brothers; the malware was specifically engineered to evade Michaels' security tools and captured payment card track data from memory during transactions
Between 8 May 2013 and 27 January 2014, POS malware infected approximately 7.2% of Michaels stores' point-of-sale terminals nationwide, capturing payment card data for …
2013-05-01
[vendor] Tumblr (microblogging and social media platform, owned by Yahoo at time of disclosure)
Vector: Database compromise; the breach occurred in early 2013 but was not disclosed until the dataset appeared for sale on dark web markets in May 2016 — Tumblr was notified by threat intelligence company Mapbox subsidiary Haveibeenpwned/Troy Hunt; the original attack vector was not publicly identified due to the three-year delay
In May 2016, a dataset containing 65.5 million Tumblr user email addresses and hashed passwords appeared for sale on dark web markets, offered by the same seller ('peace_of_mind') …
2013-04-26
[vendor] LivingSocial customer database (Amazon subsidiary)
Vector: Unknown attacker gained unauthorized access to LivingSocial's customer database; specific technical attack vector was not disclosed; attacker accessed and exfiltrated up to 50 million customer records
On 26 April 2013, LivingSocial — a daily deals website owned by Amazon — disclosed that attackers had accessed its database containing up to 50 million customer records. Exposed …
2013-04-01
Vector: Unauthorized access to LivingSocial's database systems; the specific technical vector was not disclosed publicly, but the attacker gained read access to a customer database
In late April 2013, LivingSocial (an online deals and local offers marketplace, then majority-owned by Amazon) suffered a cyberattack in which hackers accessed a database …
2013-02-28
[vendor] Evernote user database
Vector: Unknown attacker gained access to Evernote's user database; Evernote described the attack as targeting their network infrastructure; attacker accessed usernames, email addresses, and encrypted passwords
In late February 2013, Evernote — the popular note-taking application with approximately 50 million registered users — detected and blocked suspicious activity on its network. The …
2013-01-01
[vendor] Imgur (image hosting platform)
Vector: Database compromise of Imgur's user account database; the breach occurred in 2013 but was not discovered until security researcher Troy Hunt shared a file containing Imgur credentials with the company in November 2017; the precise initial attack vector was not identified due to the years-long delay
In November 2017, security researcher Troy Hunt (operator of Have I Been Pwned) notified Imgur that a dataset containing 1.7 million Imgur user email addresses and passwords had …
2012-11-01
Vector: Physical theft — an unencrypted laptop computer containing patient data was stolen from Howard University Hospital
Howard University Hospital in Washington, D.C. disclosed in January 2013 that an unencrypted laptop containing information on approximately 34,503 patients had been stolen. The …
2012-09-01
Vector: Two separate nation-state APT intrusions: one attributed to China-based actors (active from approximately September 2012) and one from an unattributed threat actor; the attackers used sophisticated malware to gain persistent access to Penn State's College of Engineering network
In May 2015, Pennsylvania State University disclosed that its College of Engineering computer network had been compromised by two separate sophisticated cyberattacks. One was …
2012-08-27
Vector: CWE-78: Improper Neutralisation of Special Elements (spear-phishing email delivered malware, leading to credential theft and access to tax database)
A foreign hacker (attributed to Eastern Europe, never charged) penetrated the South Carolina Department of Revenue via a spear-phishing email that compromised an employee's …
2012-08-04
[vendor] Blizzard Entertainment Battle.net user database
Vector: An unauthorized party illegally accessed Battle.net's internal network and obtained information from Blizzard's user database; the specific intrusion vector was not disclosed; the attacker gained access to database servers in the Americas region
On 4 August 2012, Blizzard Entertainment — maker of World of Warcraft, Diablo, and StarCraft — discovered that an unauthorized party had illegally accessed their internal network …
2012-07-01
[vendor] Disqus commenting platform user database
Vector: Unknown attacker gained access to a snapshot of Disqus's user database dating from July 2012; the specific intrusion mechanism was not disclosed; the breach data sat dormant for over five years before being shared with security researcher Troy Hunt who alerted Disqus
Disqus — the widely-used blog comment hosting service embedded across millions of websites — disclosed in October 2017 that a database snapshot from July 2012 containing data for …
2012-07-01
[vendor] Disqus (comment hosting and management service)
Vector: Database compromise; the breach occurred in July 2012 but was not discovered until security researcher Troy Hunt provided Disqus with a copy of the dataset in October 2017 — five years after the breach
On October 5, 2017, Disqus disclosed that it had been notified by security researcher Troy Hunt that a dataset containing user data from a 2012 breach had been provided to him by …
2012-06-14
Vector: Insider threat — a former employee of South Carolina's Department of Health and Human Services (DHHS) accessed the Medicaid eligibility database and transferred files containing beneficiary data to an unauthorized location; the employee later posted the data online
In August 2012, the South Carolina Department of Health and Human Services disclosed that a former agency employee, Christopher Lykes Jr., had accessed the state's Medicaid …
2012-05-01
Vector: SQL injection or server compromise allowed attackers to exfiltrate LinkedIn's password database containing unsalted SHA-1 password hashes; in 2016, the full scope (117M records) was revealed when the data appeared for sale
In June 2012, LinkedIn disclosed that a subset of member passwords had been compromised after approximately 6.5 million unsalted SHA-1 password hashes appeared on a Russian …
2012-01-15
Vector: Attackers breached a Zappos database server located in Kentucky; the specific initial attack vector was not fully disclosed by the company, but the attacker accessed the internal network and the customer database
On approximately January 15-16, 2012, Zappos (the online shoe and clothing retailer owned by Amazon) suffered a breach in which attackers accessed a customer database server. …
2012-01-01
[vendor] Facebook internal authentication logging systems
Vector: Internal system design failure: Facebook's password logging infrastructure incorrectly logged user passwords in plaintext to internal log files; these log files were stored in searchable plaintext accessible by thousands of Facebook engineers; this was a systemic implementation error rather than an external attack
In March 2019, security journalist Brian Krebs reported that Facebook had been storing hundreds of millions of user passwords in plaintext in internal log files since as early as …
2012-01-01
Vector: Attackers used an undisclosed method to breach Global Payments' systems and exfiltrate track 1 and track 2 magnetic stripe card data (full card data for card cloning) for approximately 1.5 million card accounts
Global Payments, a major Atlanta-based credit card processing company, disclosed in March 2012 that it had suffered a data breach affecting approximately 1.5 million credit and …
2011-10-15
Vector: Physical theft — an unencrypted desktop computer was stolen from a Sutter Medical Foundation administrative office in Sacramento, California; the computer contained a Microsoft Access database with patient information
On October 15, 2011, an unencrypted desktop computer was stolen from a Sutter Medical Foundation administrative office in Sacramento, California. The computer contained an …
2011-10-14
Vector: Physical theft — an unencrypted desktop computer was stolen from a Sutter Physicians Services administrative office in Sacramento, California; the computer contained an unencrypted database file with patient information
On October 14, 2011, a desktop computer was stolen from a Sutter Physicians Services administrative office in Sacramento, California. The computer contained an unencrypted …
2011-09-14
Vector: Physical theft — backup tapes containing TRICARE beneficiary data were stolen from an employee's car in San Antonio, Texas; the tapes were being transported between SAIC facilities by a contractor employee
On September 14, 2011, backup tapes containing personal and protected health information for approximately 4.9 million TRICARE (US military healthcare) beneficiaries were stolen …
2011-09-14
Vector: Physical theft — backup tapes were stolen from a Science Applications International Corporation (SAIC) employee's vehicle in San Antonio, Texas while the employee was transporting them; the tapes were unencrypted
On September 14, 2011, backup tapes containing TRICARE (the U.S. military health insurance program) data were stolen from a car belonging to an employee of Science Applications …
2011-04-17
[vendor] Apache HTTP Server
Vector: Attackers exploited a known vulnerability in Apache HTTP Server running on Sony's PlayStation Network infrastructure, gaining access to the PSN and Sony Online Entertainment (SOE) databases
Between April 17-19, 2011, attackers exploited a known Apache vulnerability to breach Sony's PlayStation Network (PSN) and Sony Online Entertainment (SOE) — the online gaming and …
2011-04-01
Vector: Direct web application attack — hackers exploited an insecure direct object reference (IDOR) vulnerability in Citi's online banking portal by manipulating account numbers embedded in the site URL, allowing them to access other customers' account pages without authorization
In May 2011 (discovered internally, disclosed June 2011), hackers breached Citigroup's online banking portal by exploiting a straightforward insecure direct object reference (IDOR) …
2011-03-01
[vendor] Epsilon email marketing platform
Vector: Spear-phishing attack against Epsilon employees by Vietnamese cybercriminals; targeted phishing campaigns installed malware enabling access to Epsilon's customer email databases; attackers were part of a broader operation targeting multiple email marketing firms
In late March 2011, Epsilon Data Management — the world's largest permission-based email marketing company at the time (subsidiary of Alliance Data Systems) — suffered a data …
2010-09-01
Vector: Network misconfiguration — a physician employed by Columbia University attempted to deactivate a personal computer server on the shared network; instead the misconfiguration exposed an application database, making patient records accessible on the internet
In September 2010, NewYork-Presbyterian Hospital (NYP) and Columbia University Medical Center (CUMC) disclosed that approximately 6,800 patient records had been exposed on the …
2010-09-01
Vector: A Columbia University physician decommissioned a personal server that was connected to the shared Columbia/NYP network without following proper procedures; the server lacked server-level firewall protections, resulting in approximately 6,800 patient records becoming accessible on the internet
New York-Presbyterian Hospital (NYP) and Columbia University Medical Center (CU) operated a shared data network that included electronic health records. In September 2010, a …
2009-11-01
Vector: SQL injection exploit against RockYou's web application allowed attacker to dump the entire user database, which stored 32 million passwords in plaintext with no hashing
RockYou was a social media widget company (popular Facebook/MySpace apps) that stored all 32 million user passwords in plaintext — with no hashing whatsoever. A SQL injection …
2009-10-01
[vendor] RBS WorldPay (payment processor)
Vector: Network intrusion targeting RBS WorldPay's payment processing platform; attackers gained access to the card processing environment and stole encrypted payment card data along with the encryption keys, enabling them to decode and clone magnetic stripe data for prepaid payroll cards
In late 2008 through early 2009 (with disclosure occurring in late 2009 and broader reporting in 2010), RBS WorldPay (a payment processing subsidiary of the Royal Bank of Scotland …
2008-04-01
Vector: Three separate network intrusions exploiting Wyndham's systemic security failures: unencrypted storage of payment card data, easily guessable passwords, failure to patch known vulnerabilities, failure to use firewalls, and failure to restrict third-party vendor access to the corporate network — attackers exfiltrated data to a domain registered in Russia
Between April 2008 and late 2010, Wyndham Hotel & Resorts suffered three separate network intrusions that collectively compromised approximately 619,000 consumer payment card …
2008-01-01
Vector: Unknown server compromise; passwords stored as unsalted SHA-1 hashes of only the first 10 lowercase characters of each password — trivially crackable with rainbow tables
MySpace, once the world's largest social network, suffered a breach (believed to have occurred around 2008) that was not publicly revealed until May 2016 when approximately 360 …
2007-12-01
Vector: Attackers installed malware on Hannaford's point-of-sale servers that intercepted and transmitted unencrypted card data in real time as transactions were authorized, despite Hannaford being fully PCI-DSS compliant at the time
Hannaford Brothers, a supermarket chain operating in the northeastern United States, disclosed in March 2008 that its point-of-sale systems had been compromised by malware that …
2007-12-01
Vector: Albert Gonzalez (TJX hacker) and accomplices used SQL injection to gain access to Heartland's payment processing network, planted a network packet sniffer in the internal payment processing system to capture card data in transit
Heartland Payment Systems, one of the largest payment processors in the United States, disclosed in January 2009 that it had been breached by Albert Gonzalez and two Russian …
2006-08-04
Vector: AOL's Research department intentionally released 20 million anonymized search queries from 650,000 users to the public for academic research; the 'anonymization' was trivially reversible — reporters and researchers re-identified named individuals from their search patterns within days
On August 4, 2006, AOL's research team released a dataset of approximately 20 million search queries from 657,000 users to a public research website for academic purposes. Users …
2006-05-03
Vector: A VA data analyst took home a VA-issued laptop and external hard drive containing 26.5 million veterans' PII without authorization; the equipment was stolen from his home in a burglary
On May 3, 2006, a laptop computer and external hard drive belonging to a U.S. Department of Veterans Affairs (VA) data analyst were stolen from his home in Aspen Hill, Maryland in …
2005-07-01
Vector: Albert Gonzalez and ShadowCrew crew 'wardrived' TJX store parking lots with laptop antennas, cracking WEP-encrypted Wi-Fi to access in-store networks, then moved laterally to TJX's central transaction database in Framingham, MA
The TJX breach was the largest retail breach in history at the time of disclosure. Beginning around July 2005, Albert Gonzalez's crew drove through TJX store parking lots with …
2005-02-19
[vendor] T-Mobile Sidekick (Danger Hiptop) cloud service
Vector: Account compromise via knowledge-based authentication bypass — attacker used Paris Hilton's publicly known personal details (dog's name 'Tinkerbell') to correctly answer the T-Mobile Sidekick password reset security question, gaining access to her cloud-synced account data
In February 2005, the contents of Paris Hilton's T-Mobile Sidekick device were stolen and posted on the internet — including her celebrity contact list, personal photos, and SMS …
2005-01-01
Vector: Attackers gained unauthorized access to DSW's store networks through connections with other DSW stores; exploited lack of network segmentation and inadequate access controls to access point-of-sale transaction data stored in network files
DSW (Designer Shoe Warehouse) Inc. disclosed in March 2005 that a data breach had compromised payment card information from 108 of its 175 retail stores across the United States. …
2005-01-01
Vector: Network intrusion — attackers breached DSW's in-store networks and accessed point-of-sale systems; DSW stored unencrypted payment card data including full magnetic stripe track data in transaction files on store systems, which were accessible via the corporate network
DSW Inc. (Designer Shoe Warehouse), operating approximately 175 shoe retail stores across the United States, disclosed in March 2005 that attackers had accessed its computer …
2004-01-01
Vector: Fraudsters posed as legitimate small businesses and used stolen identities to create approximately 50 fake business accounts with ChoicePoint's data brokerage portal; then used those authorized accounts to legally purchase 163,000 consumer credit and identity records
ChoicePoint, one of the largest US data brokers, disclosed in February 2005 that fraudsters had created approximately 50 fake business subscriber accounts using stolen identities …
2004-01-01
Vector: SQL injection vulnerability in CardSystems' web application allowed attackers to access the payment processing database; CardSystems violated card network rules by retaining full magnetic stripe track data after transaction authorization
CardSystems Solutions, a payment card processor based in Tucson, Arizona, was breached via SQL injection between approximately January 2004 and May 2005. The attackers accessed …
2003-01-01
Vector: POS system compromise — attackers gained unauthorized access to BJ's wireless network and then to in-store point-of-sale systems; BJ's had stored full magnetic stripe track data and CVV2 codes indefinitely on its systems in violation of card network rules, enabling large-scale card counterfeiting
BJ's Wholesale Club, a membership warehouse retailer operating in the eastern United States, suffered a payment card breach that was publicly disclosed in March 2004. Attackers …
2003-01-01
Vector: Attackers gained access to BJ's wireless network and exploited security weaknesses to intercept payment card data; BJ's stored full magnetic stripe data and CVV codes in violation of card network rules, and failed to use encryption on its wireless network
BJ's Wholesale Club, a members-only retail warehouse chain on the US East Coast, suffered payment card data breaches beginning as early as 2003 due to systemic security failures, …
2001-03-01
[vendor] Microsoft Windows (default blank admin passwords)
Vector: Scanned US military and NASA .mil/.gov domains for Windows machines with blank administrator passwords using a perl script and the RemotelyAnywhere admin tool; exploited default credentials to install backdoors and packet sniffers
Between March 2001 and March 2002, Gary McKinnon — a 36-year-old IT administrator from London, UK, operating under the alias 'Solo' — conducted what the US government called 'the …
1999-08-01
Vector: Installed backdoor and network sniffer on a DTRA (Defense Threat Reduction Agency) server; intercepted usernames and passwords of DoD employees; also exploited vulnerabilities to access NASA's Marshall Space Flight Center network
Between August and October 1999, Jonathan James — a 15-year-old from Pinecrest, Florida using the handle 'c0mrade' — conducted a series of intrusions against US government systems …
1998-02-01
[vendor] Sun Solaris
Vector: Probe-then-exploit methodology: attackers scanned DoD systems for a known Solaris OS vulnerability, installed sniffers to harvest usernames/passwords, then returned to exfiltrate data — conducted through Israeli academic network as proxy
In February 1998, during the height of the Iraq crisis (US was preparing military action against Iraq over UN weapons inspections), unknown actors began systematically attacking US …
1996-10-01
Vector: Russian state-sponsored actors (later linked to Turla APT) compromised US university and research institution computers as proxies, then used them to conduct systematic intrusions against DoD, NASA, DoE, and contractor networks — discovered when an administrator noticed late-night connections from a Cyrillic-keyboard system
Moonlight Maze is one of the first documented nation-state cyber espionage campaigns against the United States. Beginning as early as October 1996 and continuing through at least …
