Software and hardware supply chain compromise incidents
In early April 2026, Cisco disclosed that attackers leveraged credentials stolen through the March 2026 Trivy supply chain compromise (attributed to TeamPCP / UNC6780) to penetrate Cisco's internal …
On March 31, 2026, Sapphire Sleet (a North Korean state-sponsored threat actor tracked by Microsoft) published two malicious versions of axios (1.14.1 and 0.30.4) to npm. Axios is one of the most …
On March 27, 2026, TeamPCP (a threat group also linked to the European Commission cloud breach) compromised PyPI publishing credentials for LiteLLM, a widely used open-source library for calling …
On March 27, 2026 at 03:51 UTC, TeamPCP published two unauthorized malicious versions of the Telnyx Python SDK (4.87.1 and 4.87.2) to PyPI. Both versions were quarantined by 10:13 UTC the same day — a …
New York City Health + Hospitals — the largest public health system in the US, serving approximately 1.4 million patients annually — notified patients of data exposure from two separate third-party …
On March 21, 2026, as the second step in its cascading supply chain campaign, TeamPCP used PATs stolen during the March 19 Trivy/Aqua Security GitHub Actions compromise to target Checkmarx KICS (Keep …
On March 19, 2026, TeamPCP (tracked by Google GTIG as UNC6780) began the first stage of a cascading multi-tool supply chain campaign by exploiting a misconfigured GitHub Actions workflow in Aqua …
The US Department of Health and Human Services Office for Civil Rights (HHS OCR) issued a $10,000 civil monetary penalty to a dental practice management software vendor responsible for a breach …
Trizetto Provider Solutions (a Cognizant subsidiary providing healthcare billing, revenue cycle management, and claims processing services to hospitals and physician practices) notified 3.4 million …
In March 2026, UNC6426 demonstrated a sophisticated attack chain converting a stolen developer GitHub Personal Access Token (from the 2025 nx npm supply chain compromise) into full AWS administrator …
Since January 31, 2026, researchers identified at least 72 malicious Open VSX extensions linked to the GlassWorm campaign. On January 30, 2026, four established Open VSX extensions published by the …
Electronic health records vendor Veradigm (formerly Allscripts Healthcare Solutions, rebranded 2022) agreed to pay $10.5 million to settle a class-action lawsuit arising from a data breach affecting …
The Minnesota Department of Human Services notified approximately 304,000 people — primarily Medicaid and public benefits recipients — of a data breach involving a third-party vendor. The breach …
In 2025, Customers of 74 banks and credit unions served by Marquis Software Solutions experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was …
In 2025, Freedom Mobile experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Third-party vendor. Source reporting: …
In 2025, PornHub experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Mixpanel. Source reporting: …
In 2025, Shuffles (Pinterest app) experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Mixpanel. Source reporting: …
In 2025, Checkout.com experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Third-party vendor. Source reporting: …
In 2025, Iberia (International Airlines Group) experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Third-party vendor. Source reporting: …
In 2025, Logitech experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Third-party vendor. Source reporting: …
In 2025, OpenAI experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Mixpanel. Source reporting: …
In 2025, Terminalen A/S experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was DocuBizz. Source reporting: …
In 2025, The Washington Post experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Oracle E-Business Suite. Source reporting: …
In late 2025, Mixpanel, a widely-used product analytics SaaS platform, suffered a breach that exposed user behavioral data from dozens of customer companies. Confirmed affected organizations include …
In 2025, Discord experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Third-party vendor. Source reporting: …
In 2025, MANGO experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Third-party vendor. Source reporting: …
On October 1, 2025, the cybercrime group Crimson Collective disclosed a breach of Red Hat's consulting GitLab instance, claiming to have exfiltrated 570 GB of data from over 28,000 repositories. Red …
In 2025, Renault and Dacia UK experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Third-party vendor. Source reporting: …
On September 14, 2025, the first malicious packages of the Shai-Hulud self-replicating worm appeared in the npm ecosystem. By September 16, over 180 packages were confirmed compromised, spreading …
On September 8, 2025, 18 widely used npm packages were compromised via an account takeover of maintainer 'qix'. Affected packages collectively receive 2.6+ billion downloads per week. Malicious …
The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows. On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users …
Page not found – Agility PR Solutions. We use cookies to improve your experience. If that's okay, select "I Agree" to consent to all cookies. You can also customize your preferences or decline. These …
Salesforce / Drift Security Incident | BeyondTrust. BeyondTrustâs Privileged Access Management platform protects your organization from unwanted remote access, stolen credentials, and misused …
Third-party company: Drift (Salesloft).
Update: Bugcrowd Response to Salesloft Drift Third-Party Security Event | @Bugcrowd. We want to share an update to our blog post regarding the recent unauthorized access to Salesloft’s Drift …
In 2025, Cato Networks experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …
In 2025, Chess.com experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Third-party vendor. Source reporting: …
In 2025, Cloudflare experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …
In 2025, ContentSquare experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …
In 2025, CyberArk Software Ltd. experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …
In 2025, Dynatrace LLC. experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …
In 2025, Elasticsearch B.V. experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …
In 2025, Employment and Social Development Canada (ESDC) experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was 2Keys Corporation. Source …
In 2025, Ericom Software experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …
In 2025, Esker experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …
In 2025, Fastly experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …
In 2025, HackerOne experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …
In 2025, Harrods experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Third-party vendor. Source reporting: …
In 2025, LiveRamp experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …
In 2025, London North Eastern Railway (LNER) experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Third-party vendor. Source reporting: …
In 2025, Omada experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …
In 2025, OneSpan experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …
In 2025, Palo Alto Networks experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …
In 2025, Pantheon experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …
In 2025, Proofpoint experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …
In 2025, Qualys, Inc. experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …
In 2025, Sigma Computing experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …
In 2025, Sophos Ltd. experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …
In 2025, Sprout Social, Inc. experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …
In 2025, SpyCloud, Inc. experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …
In 2025, Stellantis experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Salesforce. Source reporting: …
In 2025, SwissBorg experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Kiln. Source reporting: …
In 2025, Tenable, Inc. experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …
In 2025, Wealthsimple experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Third-party vendor. Source reporting: …
In 2025, Workday experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …
In 2025, Workiva experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Drift (Salesloft). Source reporting: …
The Cl0p ransomware group exploited CVE-2025-61882, a critical CVSS 9.8 zero-day unauthenticated remote code execution vulnerability in Oracle E-Business Suite (EBS), beginning as early as August 9, …
Between August 8–18, 2025, threat actors tracked as UNC6395 exploited compromised OAuth tokens from the Salesloft Drift integration to gain unauthorized access to connected customer environments. More …
Criminal background checker APCS faces data breach. Exclusive: The attack first affected an upstream provider of bespoke software. Exclusive A leading UK provider of criminal record checks for …
Air France and KLM disclose data breaches impacting customers. Air France and KLM announced on Wednesday that attackers had breached a customer service platform and stolen the data of an undisclosed …
Fashion giant Chanel hit in wave of Salesforce data theft attacks. French fashion giant Chanel is the latest company to suffer a data breach in an ongoing wave of Salesforce data theft attacks. Chanel …
Cisco discloses data breach impacting Cisco.com user accounts. Cisco has disclosed that cybercriminals stole the basic profile information of users registered on Cisco.com following a voice phishing …
Farmers Insurance data breach impacts 1.1M people after Salesforce attack. U.S. insurance giant Farmers Insurance has disclosed a data breach impacting 1.1 million customers, with BleepingComputer …
JFrog Help Center. JFrog documentation has moved to a new and improved site at docs.jfrog.com. The Help Center will continue to serve as your dedicated hub for Support and FAQ resources. Third-party …
Salesloft Drift application incident response. Read Lucidâs response to a recent security incident that affected the Drift application, which involved CRM data across numerous Salesforce customers. …
Megaport Trust Center | Powered by SafeBase. See how Megaport manages their security program with SafeBase. Welcome to the Megaport Trust Center, where we demonstrate our commitment to security and …
Dermatology Clinics Affected by Practice Management Company Data Breach. Several dermatology practices have recently announced data breaches following an attack on their management company. The number …
Update: Salesloft’s Drift Integration Security Incident Impacting Some PagerDuty Salesforce Data. Per our August 29 post, we were notified in late August that PagerDuty (and our customers) were …
Pandora confirms data breach amid ongoing Salesforce data theft attacks. Danish jewelry giant Pandora has disclosed a data breach after its customer information was stolen in the ongoing Salesforce …
Pi-hole discloses data breach triggered by WordPress plugin flaw. Pi-hole, a popular network-level ad-blocker, has disclosed that donor names and email addresses were exposed through a security …
Salesforce-Connected Third-Party Drift Application Supply Chain Incident Response. We use cookies to improve your experience, analyze traffic, and personalize content. Some are necessary; others help …
Hundreds of Swedish municipalities impacted by suspected ransomware attack on IT supplier. A suspected ransomware attack on a Swedish software provider is believed to have impacted around 200 of the …
Salesloft Drift Data Breach: What We Know and What We're Doing. Hackers breached Salesloft in a major data theft campaign, stealing OAuth and refresh tokens linked to the Drift AI chat agent. The …
TransUnion suffers data breach impacting over 4.4 million people. Consumer credit reporting giant TransUnion warns it suffered a data breach exposing the personal information of over 4.4 million …
Cyber-attack on MoD-linked contractor exposes data of Afghans in resettlement scheme. Breach at Inflite The Jet Centre is latest in series of leaks involving private information of Afghan refugees. A …
Salesloft Drift Supply Chain Incident: Key Details and Zscaler’s. Zscaler swiftly mitigates a security incident impacting Salesloft Drift, and ensuring robust protection against potential …
Massive data breach confirmed by Allianz Life. U.S. life insurance firm Allianz Life had most of its 1.4 million customers' data compromised following a data breach this month, reports …
Louis Vuitton says regional data breaches tied to same cyberattack. Luxury fashion giant Louis Vuitton confirmed that breaches impacting customers in the UK, South Korea, and Turkey stem from the same …
'123456' password exposed chats for 64 million McDonald’s job chatbot applications. Cybersecurity researchers discovered a vulnerability in McHire, McDonald's chatbot job application platform, that …
Qantas confirms data breach impacts 5.7 million customers. Australian airline Qantas has confirmed that 5.7 million people have been impacted by a recent data breach, in which threat actors stole …
Texas Centers for Infectious Disease Associates Announces 19K-Record Data Breach. Data breaches have recently been announced by Texas Centers for Infectious Disease Associates, Shelby County Chris A. …
Kelly Benefits says 2024 data breach impacts 550,000 customers. Kelly & Associates Insurance Group (dba Kelly Benefits) is informing more than half a million people of a data breach that compromised …
Coinbase breach tied to bribed TaskUs support agents in India. A recently disclosed data breach at Coinbase has been linked to India-based customer support representatives from outsourcing firm …
Glasgow City Council impacted by ‘cyber incident’. The Glasgow City Council announced that it was affected by an incident “disrupting a number of online services and which may have involved the theft …
MainStreet Bank reports vendor cyber incident that leaked customer info. In regulatory filings with the Securities and Exchange Commission, MainStreet Bank's holding company said a cyber incident …
More than 5 million affected by data breach at healthcare tech firm Episource. California-based Episource disclosed in filings with the U.S. Department of Health and Human Services that more than 5.4 …
Switzerland says government data stolen in ransomware attack. The government in Switzerland is informing that sensitive information from various federal offices has been impacted by a ransomware …
UK Legal Aid Agency investigates cybersecurity incident. The Legal Aid Agency (LAA), an executive agency of the UK's Ministry of Justice that oversees billions in legal funding, warned law firms of a …
Magento supply chain attack compromises hundreds of e-stores. A supply chain attack involving 21 backdoored Magento extensions has compromised between 500 and 1,000 e-commerce stores, including one …
Adidas warns of data breach after customer service provider hack. German sportswear giant Adidas disclosed a data breach after attackers hacked a customer service provider and stole some customers' …
Breaches at Serviceaide, Nationwide Recovery Services expose medical info of more than 500,000 people. Hospitals tied to the two companies announced breaches over the last week involving Social …
The DragonForce ransomware cartel exploited three vulnerabilities in SimpleHelp RMM software (disclosed January 2025) to breach a managed service provider (MSP) and then pivot to the MSP's downstream …
Marks & Spencer confirms customer data stolen in cyberattack. M&S said that some customer data — but not payment card details or passwords — had been breached in a recent cyberattack. British retailer …
Chinese hackers breach US local governments using Cityworks zero-day. Chinese-speaking hackers have exploited a now-patched Trimble Cityworks zero-day to breach multiple local governing bodies across …
Nationwide Recovery Service Data Breach Victim List Grows: 560,000+ Individuals Affected. The list of victims from the data breach at the debt collection agency Nationwide Recovery Service (NRS) is …
Sharp HealthCare, a major integrated regional health system in San Diego, California, disclosed in June 2025 that a breach at Episource, its third-party healthcare risk adjustment and analytics …
Office of the Maine AG: Consumer Protection: Privacy, Identity Theft and Data Security Breaches. Home > Consumer Information > Privacy, Identity Theft and Data Security Breaches > Data Breach …
Ascension discloses new data breach after third-party hacking incident. Ascension, one of the largest private healthcare systems in the United States, is notifying patients that their personal and …
In 2025, âRoyal Mail experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Spectos GmbH. Source reporting: …
In May 2025, Nationwide Recovery Services (NRS), a healthcare billing and accounts receivable management vendor, disclosed a data breach affecting over a dozen healthcare provider clients. Confirmed …
Data breach at Japanese telecom giant NTT hits 18,000 companies. Japanese telecommunication services provider NTT Communications Corporation (NTT) is warning almost 18,000 corporate customers that …
Thousands of public school workers impacted by cyberattack on retirement plan administrator. A December 2024 cyberattack on a prominent administrator for retirement plans has exposed the information …
Oracle Health breach compromises patient data at US hospitals. A breach at Oracle Health impacts multiple US healthcare organizations and hospitals after a threat actor stole patient data from legacy …
StreamElements Confirms Third-Party Data Breach from an Infostealer Infection. Stay informed with the latest insights in our Infostealers weekly report. Explore key findings, trends and data on …
On February 21, 2025, Bybit (Dubai-based cryptocurrency exchange) suffered the largest cryptocurrency theft ever recorded: $1.46 billion in Ethereum stolen from a cold wallet. North Korea's Lazarus …
StreamElements, a platform for live streaming tools and creator merchandise, disclosed in March 2025 that a third-party vendor breach had exposed customer data. The breach originated at Gooten, …
Accendo Insurance Company Affected by Business Associate Data Breach. Data breaches have recently been announced by Accendo Insurance Company, Menorah Life, Humboldt Independent Practice Association, …
Background check and drug testing provider DISA Global Solutions reports data breach. Houston-based employee screening company DISA Global Solutions says a 2024 data breach exposed the information of …
GrubHub data breach impacts customers, drivers, and merchants. Food delivery company GrubHub disclosed a data breach impacting the personal information of an undisclosed number of customers, …
Russian officials warn of potential compromise of major tech services provider. In an unusual public disclosure, the Russian government said that subsidiaries of LANIT, a major tech services provider, …
Over 1 Million Patients Affected by Community Health Center Data Breach. Community Health Center, a nonprofit healthcare provider in Middletown, Connecticut, has notified more than 1 million …
Cyberattack on River Region Cardiology Affects Up to 500,000 Individuals. Cyberattacks have been reported by River Region Cardiology in Alabama and Delta County Memorial Hospital District in Colorado. …
On or after January 22, 2025, a threat actor used stolen credentials to access legacy Cerner electronic health record (EHR) servers belonging to Oracle Health that had not yet been migrated to Oracle …
PowerSchool hack exposes student, teacher data from K-12 districts. Education software giant PowerSchool has confirmed it suffered a cybersecurity incident that allowed a threat actor to steal the …
294,000 Allegheny Health Network Patients Affected by Business Associate Cyberattack. Allegheny Health Network (AHN), a Pittsburgh-based 14-hospital academic medical system, has announced a …
Texas utility firm investigating potential leak of customer data tied to 2023 MOVEit breach. A large Texas energy company confirmed it is investigating reports of stolen customer data that has been …
Billing Support Vendor Notifies 701K Patients About December 2023 Data Breach. Medusind, a Florida-based revenue cycle management vendor and practice management software provider, has recently started …
Russian telecom giant Rostelecom investigates suspected cyberattack on contractor. Russia's Rostelecom said that it was responding to a cyberattack on a contractor that helps to run its corporate …
Frederick Health Recovering from Ransomware Attack. Frederick Health in Maryland is investigating a ransomware attack, Holdrege Memorial Homes in Nebraska has mailed notification letters to …
380,000 Impacted by Data Breach at Cannabis Retailer Stiiizy. This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized …
TalkTalk investigates breach after data for sale on hacking forum. UK telecommunications company TalkTalk is investigating a third-party supplier data breach after a threat actor began selling alleged …
In January 2025, TalkTalk, the UK telecommunications provider, disclosed that a data breach had occurred via CSG Ascendon, its third-party subscriber management and billing platform provider. A threat …
Otelier data breach exposes info, hotel reservations of millions. Hotel management platform Otelier suffered a data breach after threat actors breached its Amazon S3 cloud storage to steal millions of …
In May 2025, security researchers disclosed that three Magento extension vendors — Tigren, Meetanshi, and MGS (Mageplaza) — had their extension distribution servers compromised. Attackers injected …
Beginning in early 2025, threat actors exploited CVE-2025-0994, a critical deserialization vulnerability in Trimble Cityworks, to compromise GIS asset and work-order management systems used by …
Attacker (later identified as Massachusetts college student Matthew D. Lane, 19) used compromised credentials to access PowerSchool's PowerSource support portal on 19 December 2024; detected 28 …
The popular Ultralytics YOLO AI/ML library (60M+ downloads, 30K+ GitHub stars) was backdoored on 4 December 2024. Versions 8.3.41, 8.3.42, 8.3.45, and 8.3.46 deployed XMRig to mine Monero on end-user …
Nebraska AG’s Lawsuit Against Change Healthcare Survives Motion to Dismiss. A lawsuit filed by Nebraska Attorney General Mike Hilgers over the 2024 Change Healthcare data breach has been allowed to …
Gastroenterology, Cardiology, and Nursing Care Providers Suffer Cyberattacks. Cyberattacks have recently been announced by Connecticut GI and Gastroenterology Associates of Fairfield, Cardiology …
Rhode Island confirms data breach after Brain Cipher ransomware attack. Rhode Island is warning that its RIBridges system, managed by Deloitte, suffered a data breach exposing residents' personal …
Colonial Behavioral Health & Veterans Health Administration Patients Affected by Ransomware Attacks. Colonial Behavioral Health and a medical transcription service provider used by the Veterans Health …
Californian Hospitals Continue to be Disrupted by Thanksgiving Ransomware Attacks. Over Thanksgiving weekend, Watsonville Community Hospital and PIH Health in California fell victim to ransomware …
Ascension Health disclosed in April 2025 a second security incident, separate from the May 2024 Black Basta ransomware attack. This breach involved a former business partner that had mistakenly …
Clop ransomware group exploited CVE-2024-50623 in Cleo's MFT products starting November 2024, bypassing the initial patch. Huntress identified active exploitation 3 December 2024 and disclosed …
Data Breaches Reported by Hopscotch; Athenahealth; Central Resources. Hopscotch Health Management has learned that a bad actor accessed the physical records of almost 5,000 patients. Data breaches …
Young people’s data feared stolen in cyberattack on French government contractor. The French government said an incident directly impacted an unnamed service provider used by the network of “Local …
Nokia investigates breach after hacker claims to steal source code. Nokia is investigating whether a third-party vendor was breached after a hacker claimed to be selling the company's stolen source …
Presbyterian Healthcare Services & ORM Fertility Patients Affected by Data Breaches. Oregon Reproductive Medicine, doing business as ORM Fertility, has announced a security breach that impacted …
Ransomware attack on software supplier disrupts operations for Starbucks and other retailers. A ransomware attack that hit a major software provider last week caused disruptions for a handful of …
Schneider Electric confirms dev platform breach after hacker steals data. Schneider Electric has confirmed a developer platform was breached after a threat actor claimed to steal 40GB of data from the …
TriHealth Physician Partners Confirms Patient Data Exposed in Cyberattack. Cyberattacks have recently been announced by TriHealth Physician Partners in Ohio and Harmac Medical Products in New York, …
Datadog Security Labs identified a coordinated supply chain attack campaign (tracked as MUT-8694) active from at least October 10, 2024, targeting both the npm and PyPI package ecosystems — the first …
ADT discloses second breach in 2 months, hacked via stolen credentials. Home and small business security company ADT disclosed it suffered a breach after threat actors gained access to its systems …
More Than 909,000 Individuals Affected by Cyberattack on New York IT Services Provider. ATSG Inc., an IT services company headquartered in New York, has recently reported a September 2024 data breach …
Comcast says customer data stolen in ransomware attack on debt collection agency | TechCrunch. The ransomware attack on a U.S. debt collection agency also affects customers of CF Medical and Truist …
Rackspace monitoring data stolen in ScienceLogic zero-day attack. Cloud hosting provider Rackspace suffered a data breach exposing "limited" customer monitoring data after threat actors exploited a …
38,000 Individuals Affected by Center for Urban Community Services Cyberattack. Security breaches have been reported by the Center for Urban Community Services in New York, Riverview Health in …
CMS Notifies Individuals Potentially Impacted by Data Breach | CMS. The Centers for Medicare & Medicaid Services (CMS) and Wisconsin Physicians Service Insurance Corporation (WPS) are notifying people …
Popular French retailers confirm hackers stole customer data. Targets of the cyberattacks include electronics and home appliances store Boulanger and the retailer Cultura. Several well-known French …
Data on nearly 1 million NHS patients leaked online following ransomware attack on London hospitals. The stolen data, which was published in June by the Qilin ransomware gang, includes requests for …
T-Mobile’s VM logs allegedly leaked in 20 GB Capgemini data breach. The attacker claims to have stolen databases, source code, credentials, private keys, as well as log files generated by virtual …
Hacker wipes 13,000 devices after breaching classroom management platform. A hacker has breached Mobile Guardian, a digital classroom management platform used worldwide, and remotely wiped data from …
Ransomware Hackers Steal Medical Insurance Data of 1M People. Young Consulting, which develops software for the stop-loss insurance market, is notifying 1 million individuals that their personal …
Cyberattack on Help at Home Affects 26,700 Current & Former Patients. Data breaches have been reported by Help at Home, Kinsler Family Dentistry, ParkTree Community Health Center, and Providence …
Ransomware attack on Indian payment system traced back to Jenkins bug. Researchers at Juniper Networks analyzed the recent breach of the National Payments Corporation of India (NPCI). Researchers have …
Six Healthcare Providers Added to Ransomware Data Leak Sites. Recent reports by Rapid7 and Guidepoint Security indicate the number of active ransomware groups has increased in 2024, as has the number …
Toyota confirms third-party data breach impacting customers. Toyota confirmed that customer data was exposed in a third-party data breach after a threat actor leaked an archive of 240GB of stolen data …
Small Indian banks hit by ransomware attack; NPCI suspends payment. Ransomware attack on C-Edge impacts banking services, but no financial loss reported; restoration work underway. The View From India …
Massive AT&T data breach exposes call logs of 109 million customers. AT&T is warning of a massive data breach where threat actors stole the call logs for approximately 109 million customers, or nearly …
Car dealership company AutoNation says CDK ransomware incident cut into quarterly earnings. AutoNation alerted investors that earnings per share would be down about a one-third from projections for …
Affirm says cardholders impacted by Evolve Bank data breach. Buy now, pay later loan company Affirm is warning that holders of its payment cards had their personal information exposed due to a data …
SouthCoast Health; Call 4 Health Notify Patients About Cyberattacks. SouthCoast Health and Privia Medical Group in Georgia have notified patients about a cyberattack and HIPAA compliance data breach …
Crypto exchange Gemini discloses third-party data breach. Cryptocurrency exchange Gemini is warning it suffered a data breach incident caused by a cyberattack at its Automated Clearing House (ACH) …
Protected Health Information Stolen in HealthEquity SharePoint Breach. HealthEquity has confirmed a breach of its SharePoint data, which included protected health information. HIPAA compliance data …
Email Breach Affects 22,000 Ambulatory Surgery Center of Westchester Patients. The Mount Kisco Surgery Center, doing business as the Ambulatory Surgery Center of Westchester in New York, has recently …
Roblox vendor data breach exposes dev conference attendee info. Roblox announced late last week that it suffered a data breach impacting attendees of the 2022, 2023, and 2024 Roblox Developer …
Email Breaches Reported by SkinCure Oncology & the Wisconsin Department of Health Services. SkinCure Oncology has notified 13,434 patients about an email attack that occurred in June 2023, and the …
TriZetto, a healthcare technology subsidiary of Cognizant Technology Solutions, disclosed in late 2024 that a data breach had affected over 3 million individuals. TriZetto provides healthcare benefits …
Otelier, a cloud-based hotel management platform used by major hotel chains worldwide, was breached starting in approximately July 2024. Threat actors obtained employee credentials — believed to have …
In June 2024, security researchers at Sansec discovered that cdn.polyfill.io — a widely used JavaScript polyfill service loaded by approximately 380,000 websites — had been modified to serve malicious …
More Than 70,000 Adventist Health Tulare Patients Affected by Business Associate Breach. A business associate of Adventist Health Tulare has identified unauthorized access to the information of 70,000 …
Almost 20,000 Aptihealth Patients Affected by Business Associate Data Breach. Data breaches have been announced by the behavioral health engagement company Aptihealth and the civil engineering and …
Former IT employee accessed data of over 1 million US patients. Geisinger, a prominent healthcare system in Pennsylvania, has announced a data breach involving a former employee of Nuance, an IT …
Patient Data Exposed in Cyberattacks on PruittHealth & Easterseals Central Illinois. PruittHealth has notified patients about a November 2023 ransomware attack and has confirmed that patient data was …
In 2024, King's College Hospital, Guy's Hospital, St Thomas' Hospital and more⦠experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was …
In 2024, Lithia Motors, Sonic Automotive, Penske Automotive Group, Inc. and more⦠experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was …
Email Breach Affects 10,000 University of Chicago Medical Center Patients. Hackers gained access to the email accounts of University of Chicago Medical Center employees and the data of more than …
T-Mobile denies it was hacked, links leaked data to vendor breach. T-Mobile has denied it was breached or that source code was stolen after a threat actor claimed to be selling stolen data from the …
Cencora & The Lash Group Settle Data Breach Litigation for $40 Million. Cencora, The Lash Group, and their affiliates have agreed to pay $40 million to settle class action data breach litigation over …
What Snowflake isn't saying about its customer data breaches | TechCrunch. As another Snowflake customer confirms a data breach, the cloud data company says its position "remains unchanged.". …
Third-party company: eClinical Solutions LLC.
In 2024, BYM Fashion, Lizay Kuyumculuk, Aker Magazacılık and more⦠experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Tekrom …
Continuum Health Alliance Data Breach Affects 377,000 Consensus Medical Group Patients. Marlton, NJ-based Continuum Health Alliance has recently confirmed that it has experienced a security incident …
WebTPA Data Breach Affects 2.4 Million Health Insurance Policyholders. WebTPA, a Texas-based provider of administration services to health insurance and benefit plans has recently started notifying …
Alleged HSBC, Barclays data exposed by IntelBroker. Hackread reports that IntelBroker has exposed sensitive data allegedly stolen from major UK-based international financial services firms Barclays …
MediSecure e-script firm hit by ‘large-scale’ ransomware data breach. Electronic prescription provider MediSecure in Australia has shut down its website and phone lines following a ransomware attack …
Snowflake account hacks linked to Santander, Ticketmaster breaches. A threat actor claiming recent Santander and Ticketmaster breaches says they stole data after hacking into an employee's account at …
In 2024, AMG Healthcare Management Services, Marshall Medical Center, South Coast ER Medical Group and more⦠experienced a data security incident via a third-party vendor relationship. The …
Phishers Gain Access to 23 L.A. County Department of Health Services Email Accounts. Los Angeles County Department of Health Services' employees were targeted in a recent phishing campaign, and almost …
Cisco Duo warns third-party data breach exposed SMS MFA logs. Cisco Duo's security team warns that hackers stole some customers' VoIP and SMS logs for multi-factor authentication (MFA) messages in a …
DC city agency says LockBit claims tied to third-party attack. The Department of Insurance, Securities and Banking (DISB) said the ransomware gang stole data from a contractor, Tyler Technologies. A …
DOJ data on 341,000 people leaked in cyberattack on consulting firm. Medicare and other information belonging to 341,000 people was leaked after a consulting firm working with the Department of …
German database company Genios confirms ransomware attack. The Munich-based company said that as a result of the incident, “unfortunately we have to assume an outage for several days.”. GBI Genios, a …
BianLian Threat Group Claims Responsibility for Cyberattack on Tennessee Eye Clinic Network. Politzer and Durocher, PLC, which does business as Optometric Physicians of Middle Tennessee (OPMT), has …
Medusa Ransomware Group Leaks Data Stolen from American Renal Associates. The Medusa ransomware group has leaked data stolen from American Renal Associates. Moffitt Cancer Center has been affected by …
State Department investigating reports of data theft allegedly involving federal tech consulting firm. The U.S. State Department said it is investigating claims that a hacker stole government data …
UNC5537 compromised approximately 165 Snowflake customer tenants in a mass credential-stuffing campaign from April 2024. Known victims include AT&T (110M records), Ticketmaster (560M), Santander, …
On 4 March 2024, JetBrains and Rapid7 (the discoverer) simultaneously disclosed two authentication bypass vulnerabilities in JetBrains TeamCity — a popular CI/CD build server used by over 30,000 …
American Express credit cards exposed in third-party data breach. American Express is warning customers that credit cards were exposed in a third-party data breach after a merchant processor was …
Grace Lutheran Communities Falls Victim of ALPHV/Blackcat Ransomware Attack. Grace Lutheran Communities in Wisconsin, a provider of rehabilitation services, assisted living, independent living, and …
MFA Bypassed in Cyberattack on L.A. County Department of Mental Health. Cyberattacks and data breaches have been reported by the L.A. County Department of Mental Health, Healthfirst, Wyndemere Senior …
First BofA, Now Fidelity: Same Vendor Behind Third-Party Breaches. The private information of more than 28,000 people may have been accessed by unauthorized actors, thanks to a cyber incident at …
Benefytt, EMSA, Lindsay Municipal Hospital Affected by Cyberattacks. Health Plan Intermediaries Holdings (Benefytt) has been affected by a cyberattack on a vendor, Emergency Medical Services Authority …
Mintlify, an AI-powered code documentation platform used by software developers, suffered a breach on March 1, 2024. A vulnerability in Mintlify's systems allowed unauthorized access to admin tokens, …
Cogdell Memorial Hospital Cyberattack Affects 87,000 Patients. Cyberattacks and data breaches have recently been reported by Cogdell Memorial Hospital, Hospice of Huntington, Santa Clarita Community …
Switzerland: Play ransomware leaked 65,000 government documents. The National Cyber Security Centre (NCSC) of Switzerland has released a report on its analysis of a data breach following a ransomware …
Cyberattack on Vietnam securities broker disrupts stock markets. VNDirect, one of Vietnam's largest brokers, is still responding to an incident that started over the weekend and forced actions by the …
California and North Dakota Hospitals Report Cyberattacks. Cyberattacks have been reported by Pembina County Memorial Hospital, Pomona Valley Hospital Medical Center, and Rancho Family Medical Group. …
235,000 Individuals Affected by Yakima Valley Radiology Data Breach. Yakima Valley Radiology has suffered a data breach that has affected 235,249 individuals. Data breaches have also been reported by …
CVSS 10.0. Suspected nation-state actor 'Jia Tan' (JiaT75) spent 2+ years cultivating trust in xz-utils project before becoming co-maintainer. Injected SSH authentication bypass/RCE backdoor in …
On 19 February 2024, ConnectWise disclosed two critical vulnerabilities in ScreenConnect — an on-premises remote access tool used by managed service providers (MSPs) and IT teams globally. …
Ransomware attack forces 100 Romanian hospitals to go offline. 100 hospitals across Romania have taken their systems offline after a ransomware attack hit their healthcare management system. Update: …
Data breach at French healthcare services firm puts millions at risk. French healthcare services firm Viamedis suffered a cyberattack that exposed the data of policyholders and healthcare …
Des Moines Orthopaedic Surgeons Notifies Patients About February 2023 Data Breach. Des Moines Orthopaedic Surgeons (DMOS) in Iowa has recently notified 307,864 current and former patients that some of …
Egyptian Health Department Cyberattack Affects Up to 100,000 Individuals. Egyptian Health Department (EHD) in Eldorado, IL, has recently announced a data breach affecting up to 100,000 patients. EHD …
462,000 Hawai'i Residents Affected by Data Breach at Navvis & Company. Approximately 462,000 individuals who enrolled in health plans through the Hawaii Medical Service Association (HMSA) have been …
February 14, 2024 Healthcare Data Breach Round-Up. Data breaches have recently been reported by the Hampton-Newport News Community Services Board, Marywood Nursing Care Center, Health Alliance, United …
Keenan & Associates Data Breach Affects More Than 1.5 Million Individuals. The Torrance, CA-based insurance broker Keenan & Associates has recently reported a cybersecurity incident to the Maine …
February 2024 Healthcare Data Breach Report. There has been a fall in the number of reported healthcare data breaches for the second consecutive month, with 59 data breaches of 500 or more records 59 …
R1 RCM Data Breach Impacts 16,000 Patients. Data breaches have recently been reported by R1 RCM, St. Mary's Healthcare System for Children, Philips Respironics, and California Correctional Health A …
Third-party company: CGI Federal.
On January 19-20, 2024, TietoEVRY, a Finnish-Norwegian IT company and one of the largest IT service providers in the Nordics, suffered an Akira ransomware attack against its Sweden-based cloud hosting …
HMG Healthcare Data Breach Affects 80,000 Individuals. HMG Healthcare, LLC, a Texas-based healthcare services provider, has recently confirmed that the protected health information of up to 80,000 …
Singing River Health System Confirms Ransomware Attack Affected 895,000 Patients. Singing River Health System has confirmed that 895,204 individuals were affected by an August 2023 ransomware attack. …
Framework discloses data breach after accountant gets phished. Framework Computer disclosed a data breach exposing the personal information of an undisclosed number of customers after Keating …
Third-party company: Perry Johnson & Associates, Inc., (PJ&A).
Akira ransomware hits cloud service Tietoevry; numerous Swedish customers affected. Finland-based Tietoevry said “one part of one of our Swedish datacenters” was attacked with Akira ransomware. …
Tietoevry ransomware attack causes outages for Swedish firms, cities. Finnish IT services and enterprise cloud hosting provider Tietoevry has suffered an Akira ransomware attack impacting cloud …
Data breach at healthcare tech firm impacts 4.5 million patients. HealthEC LLC, a provider of health management solutions, suffered a data breach that impacts close to 4.5 million individuals who …
Law Firm Orrick Reveals Extensive Data Breach, Over Half a Million Affected. This website stores cookies on your computer. These cookies are used to improve your website experience and provide more …
ConsensioHealth Ransomware Attack Affects 61,000 Patients. The Wisconsin-based medical billing service, ConsensioHealth, has recently notified 60,871 individuals about a July 2023 ransomware attack. …
On 14 December 2023, an attacker compromised the npm account of a former Ledger employee (whose account retained access to the @ledgerhq/connect-kit package despite employment termination) via a …
10,000 people's data stolen in genetic testing company Asper Biogene leak. Personal and health data belonging to approximately 10,000 people has been illegally downloaded from the Tartu-based genetic …
60 credit unions facing outages due to ransomware attack on popular tech provider. The ransomware attack targeted the cloud services provider Ongoing Operations, a company owned by credit union …
Healthcare software provider data breach impacts 2.7 million. ESO Solutions, a provider of software products for healthcare organizations and fire departments, disclosed that data belonging to 2.7 …
Okta breach: 134 customers exposed in October support system hack. Okta says attackers who breached its customer support system last month gained access to files belonging to 134 customers, five of …
Welltok data breach exposes data of 8.5 million US patients. Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a …
Blue Shield of California Confirms MOVEit Data Breach at MESVision Compromised Consumers’ Confidential Information | JD Supra. On November 17, 2023, California Physicians' Service dba Blue Shield of …
NY AG Issues Consumer Alert Regarding PJ&A Healthcare Data Breach | TechTarget. New York's Attorney General issued a consumer alert about the recent PJ&A healthcare data breach. New York …
Dollar Tree hit by third-party data breach impacting 2 million people. Discount store chain Dollar Tree was impacted by a third-party data breach affecting 1,977,486 people after the hack of service …
Console & Associates, P.C.: PJ&A Reports Data Breach Exposing Social Security Numbers and PHI of an Unknown Number of Northwell Health Patients. /PRNewswire/ -- Millions of Northwell Health patients …
New Samsung data breach impacts UK store customers. Samsung Electronics is notifying some of its customers of a data breach that exposed their personal information to an unauthorized individual. The …
Sutter Health Confirms 84K Individuals Affected by Cyberattack on Business Associate. Sutter Health, a healthcare provider serving Northern California, has recently confirmed that patient data was …
EYE NEWSFLASH: Major ‘cybersecurity issue’ preventing transactions progressing - Property Industry Eye. EYE NEWSFLASH: Major ‘cybersecurity issue’ preventing transactions progressing - Breaking news …
Canadian government discloses data breach after contractor hacks. The Canadian government says two of its contractors have been hacked, exposing sensitive information belonging to an undisclosed …
Westat. Notice of data security incident affecting Renown Health patient information. Learn about the MOVEit vulnerability and credit monitoring. Third-party company: Nuance Communications, Inc..
LockBit ransomware group attacked Infosys McCamish Systems (IMS) between 29 October–2 November 2023, claiming to have encrypted 2,000+ corporate systems. IMS is a major BPO provider to US insurance …
RCM Company Reports Data Breach Tied to MOVEit Software, 1.9M Impacted | TechTarget. The revenue cycle management company reported a data breach that impacted more than 1.9 million individuals across …
Cyberattack on health services provider impacts 5 Canadian hospitals. A cyberattack on shared service provider TransForm has impacted operations in five hospitals in Ontario, Canada, impacting patient …
Cook County Health Patients Affected by Cyberattack at Medical Transcription Firm. Cook County Health, which operates John H. Stroger, Jr. Hospital and Provident Hospital in Chicago, IL, has been …
Third Flagstar Bank data breach since 2021 affects 800,000 customers. Flagstar Bank is warning that over 800,000 US customers had their personal information stolen by cybercriminals due to a breach at …
Cyberattacks Reported by Brooklyn Premier Orthopedics & Atlas Healthcare. Brooklyn Premier Orthopedics (BPO) in New York has confirmed the protected health information of 48,459 patients may have been …
NorthStar Anesthesia patients may have been affected by breach - Becker’s ASC. Arietis Health, a medical billing company, recently filed a data breach notice. Medical billing company Arietis Health …
SA patient health info deleted in third-party app breach. [](https://www.linkedin.com/company/itnews "follow us on Linkedin")[](https://twitter.com/itnews_au "follow us on …
Sony confirms data breach impacting thousands in the U.S.. Sony Interactive Entertainment (Sony) has notified current and former employees and their family members about a cybersecurity breach that …
Super SA discloses third-party data breach. [](https://www.linkedin.com/company/itnews "follow us on Linkedin")[](https://twitter.com/itnews_au "follow us on …
Third-party company: Ipswitch, Inc..
September 2023 Healthcare Data Breach Report. September was a much better month for healthcare data privacy, with the lowest number of reported healthcare data breaches since February 2023. In. For …
National Student Clearinghouse data breach impacts 890 schools. U.S. educational nonprofit National Student Clearinghouse has disclosed a data breach affecting 890 schools using its services across …
Airbus investigates data leak allegedly involving thousands of suppliers. The European aerospace giant Airbus said on Tuesday that it is investigating a cybersecurity incident following reports that a …
Amerita Notifies Nearly 220K of PharMerica Data Breach | TechTarget. MedMinder Systems and PurFoods also reported healthcare data breaches recently. Amerita, a specialty infusion services company, …
SickKids impacted by BORN Ontario data breach that hit 3.4 million. The Hospital for Sick Children, more commonly known as SickKids, is among healthcare providers that were impacted by the recent …
Kroll data breach exposes info of FTX, BlockFi, Genesis creditors. Multiple reports on social media warn of a data breach at financial and risk advisory company Kroll that resulted in exposing to an …
Several Colombian government ministries hampered by ransomware attack. A cyberattack on a technology provider caused a range of problems for government agencies in Colombia, including the ministry of …
PHI of Almost 75,000 Individuals Exposed in Email Incident at AmeriBen. IEC Group, Inc., doing business as AmeriBen, a medical benefits administration services provider, has recently reported an …
University of Sydney data breach impacts recent applicants. The University of Sydney (USYD) has announced it has suffered a data breach through a third-party service provider, exposing the personal …
Dollar Tree and its subsidiary Family Dollar disclosed in November 2023 that Zeroed-In Technologies, a third-party HR analytics vendor they used, suffered a data breach between August 7–8, 2023. …
Third-party company: Vodatech IT.
Third-party company: Vodatech IT.
In 2023, BeÅiktaÅ Sportive Products Industry and Trade AS experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was Vodatech IT. Source …
Records of 4 Million Coloradans Compromised in MOVEit Transfer Attack. The Colorado Department of Health Care Policy and Financing (HCPF), which oversees the state’s Medicaid program and the Child …
Third-party company: Vodatech IT.
Third-party company: Vodatech IT.
In 2023, DoÄan Trend Automotive Trade Service and Technology Joint Stock Company experienced a data security incident via a third-party vendor relationship. The compromised third-party vendor was …
Eversource reports data breach as companies across Connecticut struggle with cyber attacks.. Eversource joined M&T Bank and a number of other major U.S. companies to report. An Eversource …
Third-party company: Vodatech IT.
IBM Discloses Data Breach Impacting Janssen Healthcare Platform. This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized …
Nuance Communications Notifies 1.2M Individuals of Data Breach | TechTarget. Another incident stemming from a vulnerability in Progress Software’s MOVEit Transfer software has been reported, this time …
Third-party company: Vodatech IT.
August 2023 Healthcare Data Breach Report. There was a 21.4% month-over-month increase in healthcare data breaches in August. 68 data breaches of 500 or more records were reported to the HHS’ There …
Third-party company: Vodatech IT.
Third-party company: Vodatech IT.
Ransomware Hit Disrupts Real Estate Property Listings in US. Property listings nationwide are being disrupted due to an apparent ransomware attack against California-based Rapattoni, which hosts …
Third-party company: Mivento IT Services.
Third-Party Data Breaches Continue to Dominate Breach Notifications | TechTarget. The MOVEit hack and other third-party data breaches continue to impact healthcare entities across the country, this …
Third-party company: Mivento IT Services.
Third-party company: Mivento IT Services.
Activate Healthcare Reports Security Breach Affecting up to 93,761 Patients. The Illinois-based healthcare provider, Activate Healthcare, LLC, has recently confirmed that it suffered a security breach …
US govt contractor Serco discloses data breach after MoveIT attacks. Serco Inc, the Americas division of multinational outsourcing company Serco Group, has disclosed a data breach after attackers …
Third-party company: Mivento IT Services.
Datenleck bei Postbank und Deutscher Bank / Kriminelle kopieren Bankdaten. Lahr (ots) - Hacker haben Daten von Kunden der Deutschen Bank bei einem Datenleck gestohlen. Auch die Tochtergesellschaft …
Third-party company: Mivento IT Services.
Third-party company: Mivento IT Services.
Third-party company: Mivento IT Services.
Third-party company: Mivento IT Services.
Australian Government Says Its Data Was Stolen in Law Firm Ransomware Attack. This website stores cookies on your computer. These cookies are used to improve your website experience and provide more …
Genworth Financial Confirms 2.5 Million Customers Affected by MOVEit Data Breach | JD Supra. On June 22, 2023, Genworth Financial, Inc. filed documents with the Securities and Exchange Commission …
UPMC contractor detects patient data breach. A contractor for UPMC said it discovered a data breach that could have impacted customer and patient information. Tennessee-based Intellihartx LLC said it …
Extreme Networks emerges as victim of Clop MOVEit attack | Computer Weekly. Network equipment and services supplier Extreme Networks has revealed its instance of Progress Software’s MOVEit tool was …
Dublin Airport staff pay data hit by criminals. Attackers accessed it via third-party services provider, says management group. It's an awkward Monday for Dublin Airport after pay and benefits details …
Capital One becomes latest bank affected by cyberattack on debt-buying giant. The initial response to the incident focused on former customers of Bank of America, but Capital One has confirmed that …
MOVEit attack on Aon exposed data of the staff at the Dublin Airport. [](https://www.facebook.com/sec.affairs/)[](https://twitter.com/securityaffairs). UAT-10362 linked to LucidRook attacks targeting …
Millions of Oregon, Louisiana state IDs stolen in MOVEit breach. Louisiana and Oregon warn that millions of driver's licenses were exposed in a data breach after a ransomware gang hacked their MOVEit …
MOVEIt breach impacts Genworth, CalPERS as data for 3.2 million exposed. PBI Research Services (PBI) has suffered a data breach with three clients disclosing that the data for 4.75 million people was …
American Airlines, Southwest Airlines disclose data breaches affecting pilots. American Airlines and Southwest Airlines, two of the largest airlines in the world, disclosed data breaches on Friday …
Hackers steal data of 45,000 New York City students in MOVEit breach. The New York City Department of Education (NYC DOE) says hackers stole documents containing the sensitive personal information of …
media-center press-releases 2023 07 14 hillsborough-notifies-residents-vendors-of-global-data-breach. Skip to main content Enable accessibility for low vision Open the accessibility menu. …
Missouri warns that health info was stolen in IBM MOVEit data breach. Missouri's Department of Social Services warns that protected Medicaid healthcare information was exposed in a data breach after …
CL0P ransomware gang exploited a zero-day SQL injection in Progress Software's MOVEit Transfer MFT product starting May 27 2023. Installed LEMURLOOT web shell to steal data. Over 2,700 organizations …
Welltok, Inc. — a healthcare SaaS company providing patient health engagement and communication services to major US health plans — was among the largest individual victims of the Cl0p MOVEit Transfer …
Maximus Inc. (US government contractor managing Medicare, Medicaid, student loan programs) was the largest single victim of Cl0p's MOVEit campaign. SEC 8-K filed July 26 2023 disclosing 8-11M …
Coles confirms its customers impacted by Latitude Financial data breach. Supermarket giant Coles has confirmed it has been impacted by the Latitude Financial data breach, saying personal information …
Cornerstone Home Lending Files Notice of Data Breach After Cybersecurity Incident at Third-Party Vendor | JD Supra. On April 3, 2023, Cornerstone Home Lending (“Cornerstone”), a division of …
Discord Informs Users of Data Breach Involving Customer Support Provider. This website stores cookies on your computer. These cookies are used to improve your website experience and provide more …
Thousands impacted by Fermanagh and Omagh District Council programme data breach. OVER 2,000 people have been affected by a data-breach because of their participation in a scheme run by Fermanagh and …
Intel investigating leak of Intel Boot Guard private keys after MSI breach. Intel is investigating the leak of alleged private keys used by the Intel BootGuard security feature, potentially impacting …
ILS Data Breach Affects Almost 21K Iowan Medicaid Recipients. The Iowa Department of Health and Human Services (DHHS) has confirmed a HIPAA compliance breach where the personal information of 20,815 …
Kibble Equipment Data Breach Investigation – Turke & Strauss LLP. Turke & Strauss LLP, a leading data breach law firm, is investigating Kibble Equipment, LLC and its vendors, Razor Consulting …
Mailing Error at CMS Vendor Affects 10,000 Medicare Beneficiaries. The Centers for Medicare & Medicaid Services (CMS) has started notifying certain Medicaid beneficiaries about an impermissible …
IL, KY, and TN Healthcare Orgs Recovering from Recent Cyberattacks. Morris Hospital & Healthcare Centers Investigating Royal Ransomware Attack Morris Hospital & Healthcare Centers in Illinois has …
PNI Atlantic News. Oh no! Mr Beaver lost this page when he went scavenging (or you need to check your spelling). Try searching below or check out our other top stories!. 1. ### Appeal court rebukes …
Third-party company: Community Health Systems.
Third-party company: Brightline Health.
Debt Collection Agency Data Breach Affects 345,523 Individuals. R&B Corporation of Virginia, doing business as Credit Control Corporation (CCC), has recently reported a data breach to the HHS' Office …
Webster Bank Reports Third-Party Data Breach at Guardian Analytics, Inc. | JD Supra. On April 10, 2023, Webster Bank filed a notice of data breach with the Maine Attorney General after learning of a …
Brightline: At Least 964,300 Individuals Affected by Fortra GoAnywhere Hack. Brightline, a provider of virtual behavioral and mental services to families, has confirmed it was affected by the …
April 2023 Healthcare Data Breach Report. There was a 17.5% month-over-month fall in the number of reported healthcare data HIPAA compliance breaches with 52 breaches of 500 or more records There was …
Lazarus Group (North Korea, subunit Labyrinth Chollima) trojanized 3CX DesktopApp versions 18.12.407 and 18.12.416 for Windows and Mac. Delivered SUDDENICON downloader which fetched encrypted C2 from …
AT&T alerts 9 million customers of data breach after vendor hack. AT&T is notifying roughly 9 million customers that some of their information has been exposed after one of its marketing vendors was …
Students' bank accounts hacked because of ticketing software breach - The Ithacan. After attending a concert at Cornell University featuring Beach Bunny on Jan. 28, several Ithaca College students’ …
NBA notifies fans of data breach at third-party newsletter provider - SiliconANGLE. …
Datalek Nederlandse bedrijven steeds groter: zeker 2 miljoen klanten getroffen. De oorzaak is een datalek bij een softwareleverancier van marktonderzoekers. Zij hebben grote Nederlandse bedrijven, …
Third-party company: Maximum Industries.
Uber suffers another data breach after law firm’s servers attacked. This is the third time in six months that Uber has been the victim of a data breach. Uber has found itself in the middle of yet …
Rise Interactive Media & Analytics, LLC Reports Third-Party Data Breach Affecting Edgepark Medical Supplies Patients | JD Supra. On February 3, 2023, Rise Interactive Media & Analytics, LLC filed …
Atlassian data leak caused by stolen employee credentials. Atlassian has confirmed that a breach at a third-party vendor caused a recent leak of company data and that their network and customer …
The Week in Ransomware - March 3rd 2023 - Wide impact attacks. This week was highlighted by a massive BlackBasta ransomware attack targeting DISH Network and taking down numerous subsidiaries, …
Nearly 63K Impacted by Healthcare Data Breach from Exploited Web Server | TechTarget. Sharp HealthCare in San Diego suffered a healthcare data breach after an unauthorized third-party gained access to …
Dish confirms ransomware attack allowed hackers to steal personal data | TechCrunch. Dish said a ransomware attack is to blame for an ongoing, multiday outage and warned that hackers exfiltrated data …
Hatch Bank, a fintech-focused bank-as-a-service provider headquartered in San Francisco, was an early confirmed victim of the Cl0p ransomware group's mass exploitation of CVE-2023-0669 in Fortra's …
Community Health Systems (CHS), one of the largest for-profit hospital operators in the United States, was among the earliest publicly disclosed victims of Cl0p's mass-exploitation campaign targeting …
Cl0p exploited zero-day RCE in Fortra GoAnywhere MFT admin portal. ~130 organizations breached over 10 days in January 2023. Cl0p named 100+ victims on leak site through March 2023. Major victims: …
Beginning 18 January 2023, Cl0p exploited a zero-day (CVE-2023-0669) in Fortra's GoAnywhere MFT, claiming to have breached approximately 130 organizations over 10 days before Fortra issued an …
Beginning 18 January 2023, Cl0p exploited a zero-day (CVE-2023-0669) in Fortra's GoAnywhere MFT, claiming to have breached approximately 130 organizations over 10 days before Fortra issued an …
Beginning 18 January 2023, Cl0p exploited a zero-day (CVE-2023-0669) in Fortra's GoAnywhere MFT, claiming to have breached approximately 130 organizations over 10 days before Fortra issued an …
Beginning 18 January 2023, Cl0p exploited a zero-day (CVE-2023-0669) in Fortra's GoAnywhere MFT, claiming to have breached approximately 130 organizations over 10 days before Fortra issued an …
Beginning 18 January 2023, Cl0p exploited a zero-day (CVE-2023-0669) in Fortra's GoAnywhere MFT, claiming to have breached approximately 130 organizations over 10 days before Fortra issued an …
In January 2023, Datadog disclosed that its RPM (Red Hat Package Manager) signing key used to sign Datadog age nt packages had been exposed in the CircleCI breach. CircleCI's January 2023 breach …
In April 2022, Mailchimp discovered that a malicious actor had conducted a social engineering attack on Mailchimp employees and contractors, gaining access to Mailchimp's internal admin tool. The …
Air France and KLM notify customers of account hacks. Air France and KLM have informed Flying Blue customers that some of their personal information was exposed after their accounts were breached. …
Nissan North America data breach caused by vendor-exposed database. Nissan North America has begun sending data breach notifications informing customers of a breach at a third-party service provider …
In April 2022, Mailchimp discovered that a malicious actor had conducted a social engineering attack on Mailchimp employees and contractors, gaining access to Mailchimp's internal admin tool. The …
University of Colorado Hospital Authority Announces Third-Party Data Breach Following Incident at Diligent Corporation | JD Supra. On January 17, 2023, the University of Colorado Hospital Authority …
On 25 December 2022, an attacker uploaded a malicious package named 'torchtriton' to the public PyPI index. PyTorch nightly builds depended on a package with the same name ('torchtriton') from …
Inside the turmoil at Sobeys-owned stores after ransomware attack | CBC News. Employees of Empire Co., the parent company of Sobeys, have begun to speak out about the turmoil unfolding inside the …
Third-party breach impacts St. Luke's Health. HealthITSecurity reports that Texas-based St. Luke's Health has disclosed experiencing a third-party data breach involving consulting services vendor …
Advocate Aurora Health — an integrated health system with 26 hospitals across Wisconsin and Illinois — disclosed in October 2022 that it had notified approximately 3 million patients that their …
Beginning in October 2022, UNC4841 — a China-nexus espionage group — exploited CVE-2023-2868 in Barracuda's Email Security Gateway hardware appliances to compromise government agencies and …
Somnia Pain Management of Kentucky Announces Data Breach Stemming from Incident at Unnamed Management Services Organization | JD Supra. On October 24, 2022, Somnia Pain Management of Kentucky reported …
Anthem MaineHealth Reports Third Party Data Breach Related to Incident at Choice Health | JD Supra. On September 30, 2022, Anthem MaineHealth (“AMH Health”) filed an official notice of a data breach …
Humana Announces Reports Third-Party Data Breach Involving Data Security Incident at Choice Health | JD Supra. On September 21, 2022, Humana confirmed that the company experienced a data breach after …
Hackers breach software vendor for Magento supply-chain attacks. Hackers have injected malware in multiple extensions from FishPig, a vendor of Magento-WordPress integrations that count over 200,000 …
On August 4, 2022, Twilio — a cloud communications platform used by thousands of businesses — confirmed that attackers had breached its internal systems by sending SMS phishing messages to Twilio …
Page Not Found | JD Supra. Opens in a new window Opens an external website Opens an external website in a new window. This website utilizes technologies such as cookies to enable essential site …
In April 2022, Mailchimp discovered that a malicious actor had conducted a social engineering attack on Mailchimp employees and contractors, gaining access to Mailchimp's internal admin tool. The …
Kiplepay informs users on potential indirect data breach through third-party payment gateway provider. KUALA LUMPUR: E-wallet service provider Kiplepay Sdn Bhd had informed its Kiple Visa Prepaid Card …
Lee County Emergency Medical Services notifies past customers of third-party security breach. Lee County Emergency Medical Services reports that on Aug. 4 staff received notification of a customer …
Human Verification. Before proceeding to your request, you need to solve a puzzle, and the puzzle requires Google Translate to be disabled. Please disable Google Translate and retry. Complete the …
NHS IT supplier held to ransom by hackers. Its IT provider says it may take three or four weeks to fully recover from the cyber-attack. A cyber-attack on a major IT provider of the NHS has been …
Page Not Found | JD Supra. Opens in a new window Opens an external website Opens an external website in a new window. This website utilizes technologies such as cookies to enable essential site …
Twilio hack exposed Signal phone numbers of 1,900 users. Phone numbers of close to 1,900 Signal users were exposed in the data breach Twilio cloud communications company suffered at the beginning of …
Page Not Found | JD Supra. Opens in a new window Opens an external website Opens an external website in a new window. This website utilizes technologies such as cookies to enable essential site …
Practice Resources, LLC Announces Data Breach Impacting the Information of 924,138 Patients | JD Supra. On August 4, 2022, Practice Resources, LLC confirmed that the company experienced a data breach …
Ransomware attack one of year's biggest health data breaches. A cyberattack on a little-known debt collection firm affects over 650 healthcare facilities across the U.S. A ransomware attack on a …
First Choice Community Healthcare Data Breach Affects 101,000 Patients. First Choice Community Healthcare in Albuquerque, NM, has started notifying certain patients that an unauthorized individual …
Boeing Employees’ Credit Union Announces Third-Party Data Breach Following Incident at Printing Vendor | JD Supra. On July 25, 2022, Boeing Employees’ Credit Union (“BECU”) filed an official notice of …
Blockworks. $72.1K $72,120.00 $2.2K $2,214.14 $602.5 $602.46 $84 $83.95 $41.4 $41.37. 24hr Spot DEX Volume $6.03B -0.75%24hr App Revenue $11.81M -0.01%24hr Blockchain REV $229.96M +12.99%. 7d DAT …
Student Loan Breach Exposes 2.5M Records. 2.5 million people were affected, in a breach that could spell more trouble down the line. EdFinancial and the Oklahoma Student Loan Authority (OSLA) are …
Anesthesia, Eye Care, and Telehealth Providers Announce Third-Party Data Breaches. Several more providers of anesthesia services have confirmed they have been affected by a data breach at their …
Page Not Found | JD Supra. Opens in a new window Opens an external website Opens an external website in a new window. This website utilizes technologies such as cookies to enable essential site …
Page not found - Toronto Symphony Orchestra. It looks like you may be using a web browser version that we don't support. Make sure you're using the most recent version of your browser, or try using of …
Not Found. Best in Class Identity Protection Services | ID Theft Protection | IDX. Best identity protection services to keep you safe from cyber crime with credit and identity monitoring, id theft …
BCBS of Massachusetts Reports Third-Party Vendor Data Breach | TechTarget. BCBS of Massachusetts reported a third-party vendor data breach involving its pension plan payment vendor. Blue Cross and …
Texas Tech University Health Science Center Reports Third-Party Data Breach Affecting 1.3 Million Patients | JD Supra. Recently, Texas Tech University Health Science Center (“TTUHSC”) confirmed a data …
Colorado Springs Utilities experiences data breach, customer data compromised. COLORADO SPRINGS, Colo. (KRDO) -- Colorado Springs Utilities is warning customers about a data breach that happened in …
OpenSea users' email addresses leaked in data breach. If you’ve shared your email address with the NFT marketplace, you should assume to be impacted. The company is working with Customer.io to …
120K Priority Health Members Impacted By Third-Party Data Breach | TechTarget. Michigan-based health plan Priority Health notified 120,000 individuals of a third-party data breach that originated at …
Illinois Gastroenterology Group Data Breach Impacts 228K | TechTarget. Optima Dermatology, EvergreenHealth, and SAC Health also faced healthcare data breaches recently. Illinois Gastroenterology Group …
Local Class Action Lawsuit Targets Partnership HealthPlan Over 'Massive Data Breach' of Personal Info. « While Conducting Aforementioned Drug Bust in Rio Dell, Drug Task Force Agents Spot Hoopa Man …
Illuminate Education Mega-Breach Affects K-12 Students. New York state officials are investigating a data breach at Illuminate Education, maker of a widely used software platform for K-12 schools. …
Mangatoon data breach exposes data from 23 million accounts. Manga comic reading app Mangatoon has suffered a data breach that exposed the account information of 23 million users after a hacker stole …
St. Luke's says customers hit with data breach that may have exposed personal, financial, medical information. St. Luke’s Health System issued a news release Wednesday saying an unknown number of …
In April 2022, GitHub detected that an attacker had used stolen OAuth user tokens issued to third-party integrations — specifically Heroku Dashboard (OAuth app ID 145909) and Travis CI (OAuth app IDs …
Local Marketing Automation & Brand Harmony | OneTouchPoint. Empower local teams with OneTouchPoint. Our OTP One platform ensures brand compliance while accelerating speed-to-market for multi-location …
Dis-Chem says it won't share more info on data breach that hit 3.6m clients | News24. In April an “unauthorised person” accessed 3.6 million customers’ first names, surnames, email addresses and …
Cyber-Attackers Hit Sunwing Airlines. Thousands of passengers of Canadian low-cost airline face delays after third-party system was hacked. Thousands of passengers of Canadian low-cost airline, …
In March 2022, MCG Health — a Hearst Health subsidiary providing evidence-based patient care guidelines and clinical decision support software to health plans and hospitals — suffered a data breach …
Web Application Security, Testing, & Scanning - PortSwigger. PortSwigger offers tools for web application security, testing, & scanning. Choose from a range of security tools, & identify the very …
Data breach at health care organization may affect 2 million people, including in Maine. Massachusetts-based Shields Health Care Group Inc. provides imaging and ambulatory surgical services at dozens …
Data Breach Alert: DataHEALTH, Inc. | JD Supra. Recently, DataHEALTH, Inc. confirmed that certain consumer data was compromised as a result of the company being the target of a ransomware attack. If …
Highmark issues statement on ‘data security incident’ with vendor. [](https://circulation.timesleader.com/product/times-leader-e-edition/). Times Leader Wilkes-Barre, PA News, Obituaries, classifieds, …
Report shows pandemic increased risk to Telco employee data. Third-party breach exposes data of Oklahoma's Department of Human Services clients. Third-party company: Liberty of Oklahoma.
Third-party company: Sykes Enterprises.
Page Not Found | JD Supra. Opens in a new window Opens an external website Opens an external website in a new window. This website utilizes technologies such as cookies to enable essential site …
Samsung data breach: Hackers steal data from microchip giant Nvidia. Samsung has confirmed that a hacking group which stole data from microchip giant Nvidia last week has also infiltrated its systems. …
MCG Health Data Breach Impacts 8 Organizations, 793K Individuals | TechTarget. About 793,283 individuals and at least 8 organizations were impacted by a third-party data breach stemming from MCG …
[](http://www.business-standard.com/article/international/hackers-hit-fortune-500-service-provider-data-of-over-500k-people-leaked-122020600340_1.html#). Home / World News / Hackers hit Fortune 500 …
Recently, the Internet Society, a non-profit organization dedicated to keeping the internet open and secure, experienced an extensive third party The post 80,000+ ISOC Members Affected in Third Party …
Information for over 6,000 Memorial Hermann patients accessed in security breach. A contracted vendor with Memorial Hermann is looking into the security breach. Hackers could access social security …
2 Vendor Hacking Incidents Affect Over 600,000 Individuals. Two recent hacking breaches affecting hundreds of thousands of individuals - one reported by a firm that provides services to health plans …
OKC Police rape kit info exposed in data breach of DNA contractor. The DNA and personal information of past sexual assault victims were a part of a data breach by a contractor of the Okla City Police …
In January-February 2022, Avamere Health Services — a Wilsonville, Oregon-based managed services provider for senior living, skilled nursing, and rehabilitation facilities — experienced a …
In January 2022, Ciox Health — a major provider of health information management (HIM) services including medi cal record retrieval, release-of-information (ROI), and coding services for hospitals …
Family Medicine Practice Notifies Patients of Data Breach 1 Year Later | TechTarget. Netgain discovered the data breach in late 2020, but a Minnesota family medicine practice notified its patients in …
Page not found - Infinity Rehab. [](https://www.facebook.com/InfinityRehabCommunity "Facebook")[](https://twitter.com/infinityrehab "X")[](https://www.instagram.com/infinityrehab/ …
South Australian gov issues breach notice to hacked payroll provider. [](https://www.linkedin.com/company/itnews "follow us on Linkedin")[](https://twitter.com/itnews_au "follow us on …
On 19 January 2022, the International Committee of the Red Cross (ICRC) disclosed a sophisticated cyberattack that compromised personal data on more than 515,000 highly vulnerable individuals whose …
320K Impacted in EHR Vendor Breach, Ransomware Hits Health Systems | TechTarget. Unauthorized email access and ransomware disrupted the operations of other health systems, while nn EHR vendor breach …
In early 2022, Uber disclosed that data for approximately 820,000 Uber Eats delivery driver accounts had been exposed through a third-party vendor that provided marketing services for Uber Eats. The …
On 22 October 2021, the npm account of Faisal Salman, maintainer of the popular ua-parser-js package, was compromised. The attacker published malicious versions 0.7.29, 0.8.0, and 1.0.0 containing …
Third-Party Vendor Ransomware Attack Impacts Humana, Anthem Members | TechTarget. PracticeMax, a billing and IT solutions provider, experienced a ransomware attack that impacted some Humana and Anthem …
Hackers leak police takedown video, medical records in Durham Region breach: CTV News Toronto investigation. A CTV News Toronto investigation has discovered that a data breach at the Durham Regional …
Third-party data breach in Singapore hits healthcare provider. Fullerton Health says its third-party vendor, which platform facilitates appointment booking, had suffered a security breach first …
Microsoft Data Breach Exposes 38M Records Containing PII | TechTarget. A Microsoft Power Apps data breach exposed 38M records containing PII and impacted 47 organizations, including some governmental …
Catholic Health Impacted by CaptureRx Data Breach, Patients’ PHI Exposed | TechTarget. The CaptureRx data breach is impacting 17K Catholic Health patients in New York. Catholic Health announced that …
First Horizon Bank Customers Have Account Funds Drained. Attackers stole under $1 million after breaching internal security. A leading US bank has revealed a data breach in which over 100 online …
REvil ransomware gang exploited zero-day SQL injection and auth bypass (CVE-2021-30116) in Kaseya VSA endpoint management software on July 4th weekend 2021. Delivered malicious auto-updates to MSPs …
ClearBalance Data Incident Impacts Over 200,000 US Patients' PII | TechTarget. A new cyberattack is impacting over 200,000 patients across the country. ClearBalance, a California-based company, …
Supply Chain Ransomware Breach Affects 1.2 Million. A supply chain ransomware attack affecting more than 1.2 million individuals is among the largest health data breaches reported to federal …
Third-party company: Elekta.
Third-party company: Guidehouse.
See comprehensive record: data/supply-chain/2021-01_accellion-fta-clop.yaml. The Accellion FTA breach affected 100+ organizations worldwide including Reserve Bank of New Zealand, Australian National …
See comprehensive record: data/supply-chain/2021-07_kaseya-vsa-revil.yaml. Kaseya VSA is used by MSPs (Managed Service Providers) to remotely manage client endpoints — a single Kaseya VSA server …
DarkSide behind Guess breach. Print-on-demand vendor data compromises. Patient data phished from lender. Gambling venue operator breached.. Experts guess DarkSide behind Guess cyberattack. Spreadshop …
Largest US propane distributor discloses '8-second' data breach. America's largest propane provider, AmeriGas, has disclosed a data breach that lasted ephemerally but impacted 123 employees. AmeriGas …
Third-party company: Logicgate.
Third-party company: Elekta.
CVS Health Faces Data Breach,1B Search Records Exposed | TechTarget. A CVS Health data breach led to over 1 billion search records being accidentally posted online, as reported by an independent …
Data breach with Harbor Regional Health vendor; potentially affected patients contacted. [](http://www.kxro.com/#facebook)[](http://www.kxro.com/#twitter)Share. Harbor Regional Health has announced …
Ohio Medicaid Providers’ Personal Information Exposed by Vendor | JD Supra. Maximus, a contractor of the State of Ohio’s Medicaid program reported this week that it experienced a data breach that …
New Ransomware Targets US Congress Members: Did It Complete Breach iConstituent?. New ransomware targeted the vendor iConstituent. Security experts confirmed 60 U.S. Congress members were also …
In July 2021, a threat actor using the name "ZeroX" began advertising 1 terabyte of data stolen from Saudi Arabian Oil Company (Saudi Aramco) on a darknet forum, demanding $50 million in Monero …
Ransomware Hits Scripps Health, Disrupting Critical Care, Online Portal | TechTarget. This week's breach roundup is led by a ransomware attack on Scripps Health. The cyberattack over the weekend …
Web Application Security, Testing, & Scanning - PortSwigger. PortSwigger offers tools for web application security, testing, & scanning. Choose from a range of security tools, & identify the very …
Canada Post hit by data breach after supplier ransomware attack. Canada Post has informed 44 of its large commercial customers that a ransomware attack on a third-party service provider exposed …
A UK recruitment firm exposed sensitive applicants data for months. FastTrack Reflex Recruitment firm recently joined the ranks of other companies that have been affected by data leaks due to …
Reported ransomware attack leads to weeks of Aprima EHR outages. Some customers describe being unable to access their clinic schedules, chart notes, refill requests or incoming test results, among …
In May 2021, multiple Japanese government agencies disclosed that sensitive data had been exfiltrated via Fujitsu's ProjectWEB platform, an enterprise project information-sharing and collaboration …
US Physics Laboratory Exposed Documents, Credentials. The Fermilab physics laboratory in the U.S. has tidied up its systems after security researchers found weaknesses exposing documents, proprietary …
US defense contractor BlueForce apparently hit by ransomware | TechTarget. A Virginia-based U.S. defense contractor has apparently been hit by ransomware, according to a ransomware negotiation chat …
Herff Jones data breach leaves students' bank information compromised - The Cougar. A data breach at UH graduation cap and gown vendor, Herff Jones, has students' bank information compromised. Herff …
Click Studios, the Australian developer of the enterprise password manager Passwordstate, suffered a supply chain compromise between April 20–22, 2021 (a 28-hour window). Attackers breached Click …
Digital supply chain giant Bizongo suffers massive data breach, sensitive customer info exposed: Report - The Tech Portal. Digital supply-chain platform Bizongo reportedly became the victim of a …
Third-party company: Quanta.
MN: Apple Valley Clinic notifies 157,939 patients about Netgain Technology breach - DataBreaches.Net. In November, 2020, cloud IT services provider Netgain Technology LLC experienced a ransomware …
US investigators probing breach at code testing vendor. [](https://www.linkedin.com/company/itnews "follow us on Linkedin")[](https://twitter.com/itnews_au "follow us on …
BlackKite timeline indicates a third-party/vendor-related breach; detailed reporting was not accessible automatically.
US Telemarketing Biz Exposes 114,000 in Cloud Config Error. Call recordings of clients and customers on unsecured bucket. A US telemarketing company has leaked the personal details of potentially tens …
Celsius Suffers Third-Party Data Breach, Customers Report Phishing Texts, Emails. The crypto lender's data leak comes almost a year to the date after a similar data leak hit BlockFi. Crypto lending …
See comprehensive record: data/supply-chain/2021-01_accellion-fta-clop.yaml. The Accellion FTA breach affected 100+ organizations worldwide including Reserve Bank of New Zealand, Australian National …
Patient Data from Multiple Providers Leaked in Third-Party GitHub Incident | TechTarget. Data breach notifications and a report reveal a former MedData employee uploaded troves of patient data from …
Third-party company: Medifie.
Third-party security breach compromises data of Singapore job-matching service. Job-matching institute e2i says the personal details of 30,000 individuals may have been illegally accessed due to a …
Hacking campaign targets FileZen file-sharing network appliances. Threat actors are using two vulnerabilities in a popular file-sharing server to breach corporate and government systems and steal …
ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users. Someone is selling account information for 21 million customers of ParkMobile, a mobile parking app that's popular in North …
Malware attack on Radixx Res disrupts 20 airlines' ticket reservation systems - DataBreaches.Net. Radixx , a subsidiary of Sabre Corporation, provides an air passenger ticket reservation system for …
See comprehensive record: data/supply-chain/2021-01_accellion-fta-clop.yaml. The Accellion FTA breach affected 100+ organizations worldwide including Reserve Bank of New Zealand, Australian National …
Third-party company: Personal Touch Holding Corp..
Data Leak: Route Mobile investigating claims; data of Tata Communications, Bharti Airtel and DBS Bank allegedly leaked. Hackers have allegedly compromised servers of enterprise communications firm …
Upstox alerts its users of data breach; funds, securities safe. On receipt of e-mails claiming unauthorized access into Upstox database, the company has appointed a cyber-security firm to investigate …
Wieden+Kennedy Employees Exposed to a Data Breach. This is a preview. This ad will run at the top of the page as expected when running (or previewing) on your website. …
Secure Administrative Solutions LLC (SAS), a third-party vendor providing benefits administration services to Renaissance Life & Health Insurance Company of America and other insurance clients, …
Third-party risks hit universities, associations. Financial services data breaches. State employee successfully phished.. US Geospatial Intelligence Foundation and AFCEA are affected by a third-party …
Austin ISD warns of possible data breach. Those who have been affected are being offered free identity monitoring. AUSTIN, Texas — Austin ISD notified parents last week after it was made aware of a …
Local health plan manager announces data breach. [](http://thebusinessjournal.com/local-health-plan-manager-announces-data-breach/#menu-location-primary). …
European Banking Authority hit by Microsoft Exchange hack. The EU body is one of the first major organisations to admit falling victim to the global email hack. The European Banking Authority's email …
See comprehensive record: data/supply-chain/2021-01_accellion-fta-clop.yaml. The Accellion FTA breach affected 100+ organizations worldwide including Reserve Bank of New Zealand, Australian National …
Personal details of all Israeli voters again leaked online, day before election. Anonymous hackers publish databases with 6.5 million names and ID numbers, including where people are set to vote, in …
Third-party company: Netgain.
Data breach reported at Piedmont Health Services. We have used your information to see if you have a subscription with us, but did not find one. Please use the button below to verify an existing …
Data breach involving former Polk County Schools vendor could impact thousands. This issue involves a company hired by Polk Schools to collect information about students using the school’s free and …
See comprehensive record: data/supply-chain/2021-01_accellion-fta-clop.yaml. The Accellion FTA breach affected 100+ organizations worldwide including Reserve Bank of New Zealand, Australian National …
See comprehensive record: data/supply-chain/2021-01_accellion-fta-clop.yaml. The Accellion FTA breach affected 100+ organizations worldwide including Reserve Bank of New Zealand, Australian National …
Third-party company: Verkada.
See comprehensive record: data/supply-chain/2021-01_accellion-fta-clop.yaml. The Accellion FTA breach affected 100+ organizations worldwide including Reserve Bank of New Zealand, Australian National …
See comprehensive record: data/supply-chain/2021-01_accellion-fta-clop.yaml. The Accellion FTA breach affected 100+ organizations worldwide including Reserve Bank of New Zealand, Australian National …
Third-party company: Healthgrades.
On 26 February 2021, SITA — the world's leading IT provider to the air transport industry, serving approximately 90% of international airlines — disclosed that its Passenger Service System (PSS) had …
Singapore Airlines disclosed on 5 March 2021 that its KrisFlyer frequent flyer programme member data had been compromised through the SITA Passenger Service System breach disclosed on 4 March 2021. …
On February 24, 2021, SITA — one of the world's largest aviation IT companies, serving approximately 90% of global airlines through its Passenger Service System (PSS) — detected and contained a …
NEC Networks LLC, doing business as CaptureRx, a San Antonio, Texas-based provider of 340B drug pricing program administrative services to healthcare organizations, suffered a ransomware attack on …
Hackers Exploit IT Monitoring Tool Centreon to Target Several French Entities. Russia-linked state-sponsored hackers Sandworm targeted IT monitoring software company Centreon in a three-year-long …
Actor Exploits Beaumont Health’s COVID-19 Vaccine Scheduling Tool | TechTarget. This week's breach roundup is led by a Beaumont Health security incident. An actor exploited a flaw in Epic's …
US cities disclose data breaches after vendor's ransomware attack. A ransomware attack against the widely used payment processor ATFS has sparked data breach notifications from numerous cities and …
City of Monroe’s utility billing vendor hit with data breach - HeraldNet.com. A third of the city’s residential and commercial customers might have had have banking information exposed. MONROE — The …
Wind River Systems Investigating Possible Data Breach. Embedded software vendor Wind River Systems is investigating a security incident within its internal network, according to a notification filed …
Ransomware hits largest US fertility network, patient data stolen. US Fertility, the largest network of fertility centers in the U.S., says that some of its systems were encrypted in a ransomware …
Government Contractor Stormshield Suffers Double Breach. French security company warns of customer data and source code theft. A French cybersecurity company with government clients revealed this week …
See comprehensive record: data/supply-chain/2021-01_accellion-fta-clop.yaml. The Accellion FTA breach affected 100+ organizations worldwide including Reserve Bank of New Zealand, Australian National …
Jamaica's immigration website exposed thousands of travelers' data | TechCrunch. Exclusive: Months of immigration documents and COVID-19 lab results were left on an unprotected server. A security …
Mimecast Certificate Hacked in Microsoft Email Supply-Chain Attack. A sophisticated threat actor has hijacked email security connections to spy on targets. A Mimecast-issued certificate used to …
Netgain ransomware incident impacts local governments. The ransomware incident that Netgain, a provider of managed IT services, had late last year rippled onto its customers. Now, Ramsey County, …
Hacker leaks data of millions of Teespring users. A hacker has leaked the details of millions of users registered on Teespring, a web portal that lets users create and sell custom-printed apparel. The …
Ubiquiti discloses a data breach ................................. American technology company Ubiquiti Networks is disclosed a data breach and is notifying its customers via email. UAT-10362 linked …
See comprehensive record: data/supply-chain/2021-01_accellion-fta-clop.yaml. The Accellion FTA breach affected 100+ organizations worldwide including Reserve Bank of New Zealand, Australian National …
Between 31 January and 1 April 2021, attackers modified Codecov's popular bash uploader script — used by thousands of CI/CD pipelines to upload code coverage reports — to exfiltrate environment …
Between 31 January and 1 April 2021, attackers silently modified Codecov's popular bash uploader script, which thousands of CI/CD pipelines used to upload code coverage reports. Every CI/CD pipeline …
Codecov, a widely used code coverage reporting service, suffered a sophisticated supply chain compromise that began January 31, 2021, and was not discovered until April 1, 2021 — giving attackers more …
In late January 2021, SonicWall disclosed that its own internal systems and Secure Mobile Access (SMA) 100 series VPN appliances were targeted by sophisticated threat actors exploiting probable …
Nevada Restaurant Services (NRS), the parent company of slot machine parlor chain Dotty's, disclosed a data breach in September 2021 after identifying the presence of malware on certain computer …
In January 2021, the Australian Securities and Investments Commission (ASIC) — Australia's corporate, markets, and financial services regulator — disclosed that its Accellion File Transfer Appliance …
Data breach at Bonobos hits up to 7 million: What to do [updated]. When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Here at Tom’s Guide our expert …
Defence tech service provider firm's data hacked, company claims Rs 50-cr loss. The executive claimed that majority of the hacked emails were of "extremely sensitive" nature and "of substantial …
Chinese start-up leaked 400GB of scraped data exposing 200+ million Facebook, Instagram and LinkedIn users. High-flying and rapidly growing Chinese social media management company Socialarks has …
North Korean software supply chain attack targets stock investors. North Korean hacking group Thallium has been targeting a private stock investment messenger service in a supply chain attack, as …
Ransomware Attack Hits Short Line Rail Operator OmniTRAX. Colorado-based short line rail operator and logistics provider OmniTRAX was hit by a recent ransomware attack and data theft that targeted its …
Saskatchewan privacy commissioner investigates potential breach of hunting licensing system | Globalnews.ca. Saskatchewan's privacy commissioner is currently investigating a possible security breach …
After refusing to pay ransom, US-based auto parts distributor has sensitive data leaked by cybercriminals. NameSouth is the latest victim of NetWalker, a ransomware gang that appeared on the …
Truckers' Medical Records Leaked. Ransomware attack on Virginia healthcare provider may have exposed medical records of transport workers. Medical records belonging to truck drivers and rail workers …
FIN11 / UNC2546 (linked to Cl0p/TA505) exploited four zero-days in legacy 20-year-old Accellion FTA product starting Dec 25 2020. Used DEWMODE webshell to exfiltrate data. ~100 of 300 FTA customers …
The Accellion FTA (File Transfer Appliance) breach was one of the most consequential supply-chain attacks of early 2021, affecting dozens of major organisations worldwide through a legacy secure …
See comprehensive record: data/supply-chain/2020-12_solarwinds-sunburst.yaml. The SolarWinds Orion supply chain attack is the defining supply chain cyber incident of the decade — Russia's SVR …
When a top cybersecurity firm gets hacked, what is the takeaway for the average netizen?. Cybersecurity firm FireEye said this week it had been breached by hackers for a foreign government. If so, …
Russian hackers compromised Microsoft cloud customers through third party, putting emails and other data at risk. Outside Microsoft’s French headquarters in Issy-Les-Moulineaux, near Paris. The tech …
Chinese APT suspected of supply chain attack on Mongolian government agencies. Chinese hackers have compromised the update mechanism of a chat app used by hundreds of Mongolian government agencies. A …
Data breach hits 30,000 signed up to workplace pensions provider. Fraud worries as UK company Now:Pensions says ‘third-party contractor’ posted personal details of clients to online public forum. …
Operation SignSight: Supply-chain attack against a certification authority in Southeast Asia. ESET researchers have uncovered a supply-chain attack on the website of a government in Southeast Asia. …
Belden Inc., a U.S.-based global manufacturer of network connectivity and industrial networking equipment (including routers, firewalls, switches, cabling, and connectors), disclosed a data breach on …
American Bank Systems hit by ransomware attack, full 53 GB data dump leaked - Security Report. American Bank Systems (ABS), a service provider to US banks and financial institutions has suffered a …
Great Hearts Academies students and parents were victims of data breach. An unknown number of students at Great Hearts Academies and their parents had their names and contact information stolen by a …
Third-party company: Vertafore.
Animal Jam Hacked, 46M Records Roam the Dark Web. Animal Jam, just the latest in a string of attacks on gaming apps, has adopted a transparent communications strategy after stolen data turned up on a …
Lazada, the Alibaba-owned Southeast Asian e-commerce platform, disclosed a data breach affecting approximately 1.1 million customers of its Singapore-based grocery delivery service RedMart. Lazada's …
Nitro PDF Suffered A Data Breach Impacting Google, Apple, Amazon, And More. Popular PDF service provider Nitro PDF has recently suffered a massive data breach. While, they apparently strive to …
Third-party company: Click2Gov.
Isentia Reeling After Suspected Ransomware Attack. Media monitoring giant Isentia has revealed that it is currently dealing with a major security incident disrupting some online services. Third-party …
Precious Metal Trader JM Bullion Acknowledges Breach. In a notification letter filed to the Montana Department of Justice, precious metal trader JM Bullion has revealed that an unknown amount of …
Shopify Data Breach - Arnold Law Firm. The Shopify data breach has affected thousands of merchants. Our lawyers can help you understand your legal rights and options for compensation. On September 22, …
1M Inova Health Individuals Added to Blackbaud Breach Victim Tally | TechTarget. This week's breach roundup is led by the Blackbuad ransomware attack, which added more than 2 million affected …
FireEye (now Mandiant) was one of the first and most notable victims of the SUNBURST supply chain attack via SolarWinds Orion. Unlike most SUNBURST victims, FireEye was specifically targeted for …
Broadvoice, a VoIP (Voice over IP) service provider serving small and medium-sized businesses across the United States, inadvertently exposed a massive Elasticsearch cluster containing over 350 …
Fragomen, Del Rey, Bernsen & Loewy LLP — one of the largest immigration law firms in the United States, with over 582 attorneys across 47 global offices — disclosed a data breach affecting current and …
Dental Care Alliance (DCA), a Florida-based dental support organization (DSO) providing administrative and operational support to more than 320 affiliated dental practices across 20 U.S. states, …
Page Not Found. For optimal browsing, we recommend Chrome, Firefox or Safari browsers. By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, …
Payment Card Skimming Hits 2,000 E-Commerce Sites. From Friday through Monday, malicious JavaScript skimming code was injected into nearly 2,000 e-commerce sites that were running an older version of …
Some Pell City utility customers may have suffered data breach (free content). City Manager Brian Muenger said the municipality has been informed by Valley Bank that some of the city’s customers may …
Phipps Conservancy says members safe despite data breach that disclosed some info. Phipps Conservatory and Botanical Gardens in Pittsburgh’s Oakland section contacted its members this week to …
Online marketing company exposes 38+ million US citizen records. The user record files contained full names, addresses, zip codes, emails, and phone numbers of people based in the US. The CyberNews …
Luxottica, the Italian eyewear conglomerate and parent company of EyeMed Vision Care, LensCrafters, Target Optical, and Pearle Vision, suffered two separate but related security incidents in mid-2020. …
Subscriber Access To OODA Content. When you join with subscriber level to OODA Loop, you’re not just reading intelligence, you are adding fuel to your OODA Loop. Subscriber Access vs. Full. Joining …
Jack Daniel’s-Maker Suffers REvil Ransomware Breach. Attackers claim to have 1TB of stolen data in their possession. US wine and spirits giant Brown-Forman has become the latest big-name brand to …
Data Breach May Have Affected Some Rochester YMCA Accounts. Donors of the Rochester YMCA have been notified of a data breach that may have affected their personal information. Rochester, MN (KROC AM …
Third-party company: M.J. Brunner.
Citrix data exposed in third-party breach | TechTarget. Citrix Tuesday published a blog confirming that a third-party organization is investigating a possible data breach after a threat actor claimed …
Web Application Security, Testing, & Scanning - PortSwigger. PortSwigger offers tools for web application security, testing, & scanning. Choose from a range of security tools, & identify the very …
In July 2020, the personal data of approximately 7.5 million users of Dave — a US-based neobank and personal finance app — was compromised and subsequently leaked on a public hacking forum. The breach …
Joomla team discloses data breach. Joomla says a team member left an unencrypted backup of the JRD portal on a private AWS S3 bucket. The team behind the Joomla open source content management system …
Keepnet Labs confirms contractor exposed 'data breach database' of 5 billion records. Keepnet Labs has confirmed that a contractor temporarily exposed a database containing five billion records …
MU Health reports data breach. University of Missouri Health Care said Thursday that it has notified patients affected by a September data breach. The organization said in a news release that it …
‘BlueLeaks’ Exposes Files from Hundreds of Police Departments. Hundreds of thousands of potentially sensitive files from police departments across the United States were leaked online last week. The …
San Francisco benefits program breach exposes PII on 74,000. A breach of the San Francisco Employees’ Retirement System (SFERS) may have exposed the information of 74,000 members, including names, …
Bank of America Responds to Breach. Bank of America blames a suspected breach of credit card data on an unidentified third party. What happened, and what can other institutions do to better protect. …
Data breach exposes Social Security info of some Floridians seeking unemployment benefits. The Florida Department of Economic Opportunity said they had to deal with a data security incident. …
Management and Network Services Notifies 30,132 Patients About PHI Breach. Management and Network Services has discovered multiple email accounts have been compromised. The PHI of 30,132 patients has …
TrueCaller Data of 4.75 Cr Indians for Sale On Dark Web: Report. Online intelligence firm Cyble flagged that a cybercriminal was selling Truecaller records of 4.75 crore Indians on the dark web for …
IT services giant Cognizant suffers Maze Ransomware cyber attack. Information technologies services giant Cognizant suffered a cyber attack Friday night allegedly by the operators of the Maze …
BlackKite timeline indicates a third-party/vendor-related breach; detailed reporting was not accessible automatically.
MSU says data breach of third party vendor impacts hundreds. Michigan State University said it has been informed by E-commerce vendor Volusion, which provides online payment processing to thousands …
Largest And Global Sovereign Wealth Fund Institute | SWFI. SWFI is an investor research platform offering family offices, private equity firms, banks, and institutional investors actionable news, …
Two Usenet providers blame data breaches on partner company. Editor's note: This article was updated on July 8, 2025, to reflect new information discovered by an external investigation in May 2020. …
8 million UK shopping records exposed on the web, customers' personal info leaked - Comparitech. A 3rd-party app used by EU merchants on Amazon, Ebay, and other marketplaces exposed 8 million sales …
Cyber insurer Chubb had data stolen in Maze ransomware attack. Chubb, a major cybersecurity insurance provider for businesses hit by data breaches, has itself become a target of a data breach. The …
Third-party data breach exposes GE employees' personal information. Past and present employees of GE are learning that their sensitive information has been exposed by a data breach at a third-party …
Radio.com users affected in data breach. Entercom, the second-largest radio company in the United States, has announced that it suffered a cybersecurity incident that affected Radio.com users. …
A parts manufacturer for SpaceX and Tesla says it was hacked. Exclusive: The ransomware group have published some of the files stolen in the breach. A precision parts maker for space and defense …
T-Mobile warns customers about a recent data breach. T-Mobile this week notified customers about a data breach. According to the alert, a malicious third-party gained access to T-Mobile employee …
Blackbaud, the world's largest provider of cloud software for nonprofits, universities, healthcare organizations, and foundations, disclosed in July 2020 that it had suffered a ransomware attack …
In May 2020, Blackbaud — one of the world's largest providers of cloud-based CRM and fundraising software for universities, hospitals, and nonprofits — suffered a ransomware attack on its self-hosted …
Data breach potentially impacts hundreds of Brunswick County Schools employees - WWAYTV3. The company that administers the Flexible Spending Account plans for Brunswick County Schools had a data …
Hackers compromise financial information for Carson City residents who pay water bill online - Carson Now. According to a letter sent out to a group of residents who pay their water bill online in …
Accounting Firm Ransomware Hack Affects Community Care Patient Data | TechTarget. This week's breach roundup is led by a ransomware attack on the accounting firm BST, which potentially …
idahostatejournal.com | empowering the community. This website uses certain cookies, pixels and similar tracking technologies in order enhance site navigation, analyze site usage, and assist in our …
Nedbank says 1.7 million customers impacted by breach at third-party provider. Hacker(s) believed to have exploited a vulnerability to breach Nedbank's marketing contractor. Nedbank, one of the …
Rutters store chain reveals malware attacked its POS system. Convenience store company warns that malware collected payment card details as they were being processed. Convenience store chain Rutters …
SURGA88 - Definisi Baru Gaming Premium Dengan Berbagai Kemudahan Untuk Semua Kalangan. SURGA88 : Tinggalkan pengalaman lama dan beralihlah ke standar baru dalam bermain game online. Dengan antarmuka …
In January 2020, Amazon discovered that one or more employees had shared customer email addresses and phone numbers with an unauthorized third party in violation of company policy. Amazon began …
Third-party company: Social Captain.
Third-party company: THSuite.
Leaky Server Exposes 12 Million Healthcare Records to Meow Attacker. Extortion and fraud risks persist for tens of thousands of patients. A healthcare technology company leaked 12 million records on …
WeWork rival Regus in massive employee data breach. This feature is available for registered users. Please register or log in to continue. …
Data Leak Exposes 750K Birth Certificate Applications. AWS misconfiguration leaves storage bucket wide open. Over 750,000 applications for US birth certificates have been found exposed online thanks …
Aussie P&N bank suffers data breach. The Australian P&N Bank reported a data breach that exposed detailed and sensitive financial information on an unspecified number of customers. Access was …
Marietta utility customer data found on dark web after third-party security breach. MARIETTA — About 8,800 Marietta utility customers may have had their credit card information compromised after a …
Data security breach impacts City of Sioux City customers. SIOUX CITY -- A data security breach has potentially impacted more than 3,500 City of Sioux City customer utility and parking accounts. SIOUX …
NYPD Fingerprint Database Infected With Ransomware by Third Party Contractor - CPO Magazine. Attempted ransomware attack on NYPD fingerprint database was the result of a “bumbling” third-party …
2 vendors for Mindef, SAF hit by malware; personal data of 2,400 staff could have been leaked. The data included the full names and NRIC numbers, and a combination of contact numbers, e-mail addresses …
IoT vendor Wyze confirms server leak. Details for 2.4 million users were exposed online for 22 days. Wyze, a company that sells smart devices like security cameras, smart plugs, smart lightbulbs, and …
GE, Dunkin', Forever 21 Caught Up in Broad Internal Document Leak. A PR and marketing provider exposed sensitive data for a raft of big-name companies. A marketing firm exposed hashed passwords and …
San Angelo explains what it's doing to prevent 3rd hack of payment system. Water customers in San Angelo are hacked off after the city's online payment system was hacked for the second time in a year. …
Facebook & Twitter suffer data breach via third-party developers. On Monday, both Facebook and Twitter announced that the data of hundreds of users had been compromised due to a software development …
Data breach put thousands of Florida Blue members' personal information at risk. A data breach at Magellan Health Inc. has put the personal information of Florida Blue members at risk, the company …
Macy’s suffers online Magecart card-skimming attack, data breach. The department store detected malicious code in its online payment portal. Macy's has announced a data breach caused by Magecart …
Third-Party Vendor Exposes Data of Palo Alto Employees. Cybersecurity firm’s employees affected by third-party data breach. American cybersecurity firm Palo Alto Networks has suffered a data breach …
Water Bill Payment Breach Reported In Pompano Beach. A security alert for people in Pompano Beach. The city says a third-party software vendor used for online water bill payments has been compromised. …
Third-party company: Magellan Health System.
Potential data breach found on Charlottesville tax collections. Charlottesville is investigating the possibility of a data breach related to its tax collections. CHARLOTTESVILLE, V.A. (WVIR) - The …
In November 2019, a laptop computer was stolen in a burglary at the offices of GridWorks IC, a medical transportation coordination vendor contracted by Health Share of Oregon — the state's largest …
CenturyLink customers may have had data exposed in 'security incident'. The company says the incident involving a third party vendor may have exposed contact information. GOLDEN VALLEY, Minn. — Some …
Third-party company: Magellan National Imaging Associates.
Officials admit to Chegg data breach affecting thousands of GW users’ account passwords. Officials notified students last week of a data leak revealing about 5,000 GW community members' usernames and …
CCSD says students, staff affected by third party data breach. The Clark County School District says a vendor it uses has experienced a data security incident. The school district, in a press release, …
Our pick of the top fintech news stories this week includes Revolut, Coinbase, Bolt, FundApps, and more. Copyright © 2026 Informa PLC. Informa PLC is registered in England and Wales with company …
Between October 1 and November 13, 2019, unknown attackers gained unauthorized access to Blue Bear, Active Network's web-based school accounting and online store management platform used by K-12 …
Russian SVR (APT29/Cozy Bear) compromised SolarWinds build environment and injected SUNBURST backdoor into Orion software updates distributed March-June 2020. ~18,000 customers received poisoned …
Home - Business Record. [](https://www.businessrecord.com/survey-on-gender-equity-in-iowa-caregiving-workplace-bias-and-financial-resources-identified-as-top-issues/). Casey’s General Stores Inc., …
Possible data breach of City of Broken Arrow online payment system. The City of Broken Arrow released a statement Thursday after the city's online payment system became unavailable. The city says the …
BlackKite timeline indicates a third-party/vendor-related breach; detailed reporting was not accessible automatically.
SC Media UK. An error occurred trying to play the stream. Please reload the page and try again. Registering with SC Media is 100% free. Join tens of thousands of cybersecurity leaders today and gain …
Malinda Air locks down publicly exposed servers. Indonesian budget airline Malindo Air reported on September 19 it had locked down the formerly publicly exposed servers that had compromised passenger …
Cosmetics Giant Yves Rocher Caught in Data Leak Impacting Millions of Customers. International cosmetics brand Yves Rocher found itself caught in a third-party data exposure incident that leaked the …
On August 19, 2019, data belonging to approximately 90,000 members of Mastercard's Priceless Specials loyalty program was posted publicly on the internet, triggering Mastercard to notify both the …
Between August 14 and October 16, 2019, RCM Enterprise Services — a revenue cycle management (billing) vendor for Mercy Health Lorain Hospital in Ohio — inadvertently included patient Social Security …
Daily Chronicle. News • Sports • eNewspaper • Obituaries • Election • The Scene • 175 Years. …
Third-party company: Pearson Clinical Assessment (AIMSweb).
Volkswagen Group of America and Audi of America disclosed in June 2021 that approximately 3.3 million customers and prospective buyers had their personal data exposed due to an unsecured dataset left …
Dickey's Barbecue Pit, a Dallas-based smoked-meat restaurant chain with approximately 469 locations across the United States, suffered a prolonged point-of-sale (POS) malware compromise that resulted …
On June 28, 2019, threat actors — widely attributed to the Chinese state-sponsored APT group known as Tick (also tracked as Bronze Butler and associated with APT40) — breached Mitsubishi Electric's …
Latest Blockchain News, BSV Insights, and AI Web3 Trends from CoinGeek. A serious vulnerability has been discovered in a cryptocurrency wallet app, putting millions of dollars’ worth of user …
In May 2019, security researcher Anurag Sen discovered a large, unsecured database containing scraped Instagram profile data for approximately 49 million users, which he traced to Chtrbox — a Mumbai, …
Hackers are collecting payment details, user passwords from thousands of sites. Servers of at least seven companies compromised to deliver malicious code to thousands of sites. Hackers have breached …
Credit card holder? Beware, your personal data might be at risk. The revelation was made after STF Noida busted a gang of credit card scam artists and arrested four fraudsters from Ghaziabad.
Forbes Becomes Latest Victim of Magecart Payment Card Skimmer. The web skimming script was recently found stealing payment data on the websites of Forbes Magazine as well as seven others. The payment …
Truecaller Users’ Phone Numbers & Email IDs For Sale on Dark Web. Truecaller Number Search App: The caller ID company with more than millions of users in India caters to mobile payment and messaging …
In May–June 2019, U.S. Customs and Border Protection (CBP) experienced a major privacy and cybersecurity incident involving the unauthorized exposure of traveler facial recognition images and license …
Cyber-attack affects over 460,000 online store accounts. The compromised information included, customer name, address, phone number, email address, gender, date of birth, purchase history, clothing …
German IT Firm CITYCOMP Data Breach Directly Affected Major Companies. Threat actors disclosed lots of financial data belonging to big firms online. The hacker gathered this data from German IT …
ASUS WebStorage abused to spy on users at the router level. Vulnerable software is potentially facilitating surveillance and data theft. The ASUS WebStorage system is being actively abused to perform …
In May 2019, Cable ONE (now Sparklight), a US cable television and internet provider headquartered in Phoenix, Arizona, discovered that an unauthorized individual had gained access to approximately 14 …
PrismRBS is a subsidiary of Nebraska Book Company that operates PrismWeb, a white-label e-commerce platform specifically designed for college and university campus bookstores. In April 2019, the …
In June 2019, Westpac Bank disclosed that attackers had exploited its PayID lookup service to harvest the names and phone numbers of approximately 98,000 Australian banking customers. The attack was a …
In April–May 2019, security researchers Noam Rotem and Ran Locar discovered an unsecured Elasticsearch database belonging to Apptium Technologies, a third-party vendor that managed customer support …
Rush data breach exposes 45,000 patients. Patient names, addresses, Social Security numbers, birth dates and health insurance information were compromised, the health system says. The 28-acre parcel, …
Error: 404. …
Hacking, gone off the rails: Holiday travelers react to data breach · TechNode. We went to Beijing’s busiest train stations to ask travelers about the recent ticket-platform hacking incident. Train …
In early 2019, Medibank Private experienced an earlier, smaller breach via a third-party vendor that accessed customer data without authorisation. This breach predated the much larger 2022 ransomware …
In late May 2020, researchers at vpnMentor discovered that CSC e-Governance Services Ltd — the government-mandated third party operating the merchant onboarding portal for India's Bharat Interface for …
In January 2019, security researcher Noam Rotem discovered a critical vulnerability in the Amadeus Global Distribution System (GDS) that exposed passenger reservation data for customers of at least …
Millions of bank loan and mortgage documents have leaked online | TechCrunch. A trove of more than 24 million financial and banking documents, representing tens of thousands of loans and mortgages …
Third-party company: Click2Gov.
Magecart Delivered Via Advertising Supply Chain. We detected a significant increase in activity from one of the web skimmer groups we’ve been tracking.We found their malicious skimming code loaded on …
Custom404 • Hanover County, VA • CivicEngage. This website is AudioEye enabled and is being optimized for accessibility. To open the AudioEye Toolbar, press "shift + =". Some assistive technologies …
Humana has notified customers of a third-party security incident that might have exposed some of their personal information. According to a breach notification letter obtained by DataBreaches.net, the …
LocalBitcoins blames security breach on forum 'third-party software'. Hackers appears to have stolen $28,200 from users' accounts after phishing login credentials and 2FA one-time codes. LocalBitcoins …
Between June 2018 and November 2018 (disclosed March 2019), attackers compromised ASUS's software build and signing infrastructure to inject a backdoor into the ASUS Live Update Utility — a tool …
In January 2019, the PHP PEAR (PHP Extension and Application Repository) team announced that the official pear.php.net web server had been compromised by an unknown attacker who replaced the …
Page not found - Baylor Scott & White Medical Center – Frisco. Baylor Scott & White Medical Center – Frisco is a hospital in which physicians have an ownership or investment interest. The list of …
As many as 6,000 people may be affected by data breach in Saint John parking ticket system. The third-party software product Click2Gov, run by CentralSquare Technologies, was hacked. As many as 6,000 …
Microsoft Word - Redwood-AG Notification - California 4848-2006-9506 v.1. > ARIZONA •CALIFORNIA •COLORADO •CONNECTICUT •FLORIDA •GEORGIA •ILLINOIS •INDIANA •KANSAS •KENTUCKY •LOUISIANA •MARYLAND •. > …
In late November and early December 2018, a sophisticated supply chain attack targeting Chinese internet users emerged, exploiting Easy Programming Language (EPL, also known as EasyLanguage or Yi Yu …
On November 3, 2018, attackers compromised the StatCounter web analytics platform — used by hundreds of thousands of websites worldwide — and modified the StatCounter JavaScript tracking script …
Sophos News - The Sophos Blog. .svg?width=185&quality=80&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000). Sophos Insights LLM AI Exploit vulnerability Active Adversary Pacific …
City of Bakersfield announces data breach from hacked Click2Gov system. The city of Bakersfield has reported that a “cyber-security incident” may have compromised the personal and financial …
Listen on DAB+ radio, smart speaker, app and the YorkMix website - news, things to do and music worth sharing across York & North Yorkshire. York man jailed for attempted murder after ‘horrific’ …
ECRMC warns job applicants of data breach. **Get unlimited access with our Fair Special - Digital Access Subscription.** Read our E-Edition, the digital replica of the print newspaper online, access …
Bitdefender Cybersecurity Blogs: News, Views and Insights. [](http://hotforsecurity.bitdefender.com/ "Bitdefender")For HomeFor BusinessFor Partners. Third-party company: Jobscience, Inc..
Shortly after the Ontario Cannabis Store (OCS) launched online sales following the legalization of recreational cannabis in Canada on October 17, 2018, a data breach was disclosed affecting …
Australia's Defence department was badly exposed to China's hackers. The hackers are understood to have used procurement interfaces and email contact between contractors and department officials as a …
Image-I-Nation Technologies, Inc. is a technology and hosting company that provides background screening software and data services to consumer reporting agencies (CRAs). In late 2018, the company …
In October 2018, Nordstrom discovered that a contract worker had improperly handled employee personal data, resulting in the potential exposure of sensitive HR and payroll information for an …
Microsoft Defender Threat Intelligence | Microsoft Security. Protect your organization today from modern cyberthreats and exposure with Microsoft Defender Threat Intelligence, a dynamic threat …
The Software Side of China’s Supply Chain Attack. Bloomberg the Company & Its Products The Company & its ProductsBloomberg Terminal Demo RequestBloomberg Anywhere Remote Login Bloomberg Anywhere …
Another Click2Gov data breach hits Indio, California | StateScoop. The online bill payment software used by hundreds of local governments continues to be a frequent source of cybersecurity incidents. …
Vesta control panel servers infected with DDoS malware after supply chain attack. An open-source hosting panel software provider, Vesta Control Panel (VestaCP), has admitted that the company became a …
On September 30, 2018, during the UK Conservative Party's annual conference in Birmingham, a serious security vulnerability in the official conference mobile application was publicly exposed. The app …
On the afternoon of September 25, 2018, Facebook's engineering team discovered an active attack exploiting a critical vulnerability in the platform's "View As" feature — a privacy tool that lets users …
Atrium Health, a major Charlotte, North Carolina hospital network, suffered a significant data breach affecting 2,650,000 patients through its billing services vendor AccuDoc Solutions Inc. The breach …
In September 2018, an unknown attacker using the account 'right9ctrl' approached the original maintainer of the popular Node.js npm package 'event-stream' (dominictarr) and requested to take over …
BlackKite timeline indicates a third-party/vendor-related breach; detailed reporting was not accessible automatically.
Feedify cloud service architecture compromised by MageCart crime gang. MageCart cyber gang compromised the cloud service firm Feedify and stole payment card data from customers of hundreds of …
Foosackly's reports payment-card data breach. Mobile-based chicken-finger chain Foosackly's is warning customers of a data breach in its payment system. According to information released by Three …
In September 2018, The Perth Mint — the government-owned precious metals enterprise operated by the Government of Western Australia — disclosed a data breach affecting customers of its Depository …
WCSD addresses concerns over data breach. The Washoe County School District Board of Trustees has a message for parents: personal student information has not been compromised. During public comment at …
Third-party company: Health Fitness Corp.
Third-party company: Invermar.
Wolverine Solutions Group (WSG) is a Detroit, Michigan-based company that provides mailing, printing, and administrative services to hospitals and healthcare organisations — including processing and …
On August 24, 2018, cybersecurity researchers at UpGuard discovered a publicly accessible, misconfigured Amazon Web Services S3 storage bucket belonging to MedCall Healthcare Advisors, a North …
Between August 22 and 24, 2018, Air Canada detected unusual login behaviour on its smartphone mobile application and moved quickly to lock all 1.7 million app user accounts as a precautionary measure. …
The British Airways Magecart breach of 2018 is one of the most technically documented payment card skimming attacks on record and led to a landmark GDPR enforcement action. The active skimming window …
BevMo, a California-based alcohol retail chain, disclosed in late 2018 that its e-commerce website had been compromised by a payment card skimming attack affecting 14,579 customers. The breach window …
Telemedicine vendor breaches the data of 2.4 million patients in Mexico. A configuration error left a database filled with healthcare data exposed on the internet, and the data could be accessed and …
In August 2018, KrebsOnSecurity reported a significant security flaw in Fiserv's web banking platform that exposed personal and financial details of customers at hundreds of community banks and credit …
Media monitoring app Mention suffers third-party data breach. Web and social media monitoring app Mention has revealed that a third-party provider has been hit by a data breach. Champs-Élysées, Paris. …
Operation Red Signature Targets South Korean Companies. We uncovered Operation Red Signature, an information theft-driven supply chain attack targeting organizations in South Korea. We discovered the …
American Medical Collection Agency (AMCA), a major third-party billing and collections vendor for US healthcare laboratories, suffered a long-running breach of its web payment portal between August …
OPKO Health's clinical laboratory subsidiary BioReference Laboratories was among the first wave of healthcare companies to disclose patient data exposure resulting from the American Medical Collection …
The American Medical Collection Agency (AMCA) breach is the largest healthcare data breach reported in the United States in 2019, ultimately exposing the personal, financial, and medical information …
As the American Medical Collection Agency (AMCA) breach continued to unfold through July 2019, a second wave of laboratory companies came forward to disclose patient data exposure. This record covers …
Clinical Pathology Laboratories (CPL), an Austin, Texas-based clinical testing company, disclosed on July 17, 2019 that approximately 2.2 million of its patients had personal and financial information …
Managed Health Services of Indiana (MHS), which administers Indiana's Hoosier Healthwise and Hoosier Care Connect Medicaid managed care programs, disclosed in December 2018 that 31,876 plan members …
On October 12, 2018, the US Department of Defense disclosed that a data breach at an unnamed commercial contractor had exposed travel records — including personal information and payment card data — …
On June 28, 2018, the Central Bank of the Bahamas was made aware of unauthorized access to its external-facing public website. The bank's investigation confirmed that the breach originated with a …
On June 19, 2018, researchers from UpGuard's Cyber Risk Team discovered a publicly accessible Amazon S3 bucket named "abbottgodaddy" that contained sensitive configuration and pricing data belonging …
Between June 14 and June 18, 2018, an attacker compromised several Reddit employee accounts at the company's cloud hosting and source code hosting providers by intercepting SMS-based two-factor …
On August 1, 2018, Reddit disclosed a security incident in which an attacker compromised several Reddit employee accounts at the company's cloud and source code hosting providers between June 14 and …
BenefitMall (operating as Centerstone Insurance and Financial Services) is a national provider of payroll, employee benefits administration, and HR services whose clients include major health …
On May 30, 2018, security researcher Bob Diachenko of Kromtech Security Center discovered an Apache Airflow server belonging to Agilisium, a cloud data contractor for Universal Music Group (UMG), that …
In May 2018, PageUp People — a Melbourne-based HR and recruitment software company with clients across Australia, UK, US, Canada, and other countries — discovered unusual activity in its IT systems …
In June 2018, Whitbread plc -- the parent company of Costa Coffee, Premier Inn, Brewers Fayre, Beefeater, and other UK hospitality chains -- disclosed that personal data of job applicants and …
Houzz is a leading home design and renovation platform with tens of millions of registered users worldwide. In early 2019, the company disclosed that it had suffered a significant data breach that …
Corporation Service Company (CSC), a major provider of domain registration, corporate compliance, and agent-for-service-of-process services to Fortune 500 companies and other businesses, disclosed …
Brinker International, the parent company operating over 1,600 Chili's Grill and Bar restaurants worldwide, disclosed a payment card data breach on May 12, 2018, one day after discovering the security …
In October 2019, NordVPN disclosed that one of its rented servers at a datacenter in Finland had been accessed without authorization. The actual breach occurred in March 2018 — more than 18 months …
From approximately February to June 2018, Magecart Group 5 skimmed payment card data from Ticketmaster UK customers by compromising Inbenta Technologies — a third-party customer support chatbot vendor …
Western Union disclosed in early 2018 that customer information had been accessed without authorization through a computer intrusion targeting an external vendor system formerly used by Western Union …
Klook, a Hong Kong-based travel activities and services booking platform, disclosed on June 29, 2018 that it had suffered a data breach through a compromised third-party web analytics tool provided by …
Orlando Orthopaedic Center reported a breach of 19,101 patient records caused by an error made by its third-party transcription service provider during a software upgrade in December 2017. The vendor …
RMH Franchise Holdings, one of the largest Applebee's franchise operators in the United States, discovered malware on point-of-sale systems at its restaurants on February 13, 2018, and publicly …
On June 28, 2018, UC San Diego Health disclosed that 619 of its patients were affected by a data breach at Nuance Communications, a third-party medical transcription service provider. The breach …
In October 2017, Domino's Australia customers began receiving targeted spam and phishing emails that addressed them by first name and referenced their local suburb, suggesting the attackers possessed …
Between late 2017 and late 2018, at least 46 US cities were compromised through vulnerabilities in Click2Gov, a self-service bill payment portal used by municipalities for utility payments, parking …
Between September 27 and October 12, 2017, an unauthorized third party gained access to [24]7.ai's online customer service chat platform and injected malicious code designed to capture payment card …
Between mid-August and 12 September 2017, Piriform (a subsidiary of Avast Security) distributed a backdoored version of CCleaner 5.33 — a widely used Windows PC cleaning utility — to approximately …
In June 2018, Ticketmaster disclosed that malicious code had been found within a customer support chatbot function on its websites, hosted by third-party AI company Inbenta Technologies. The Magecart …
Huddle House is a family-style restaurant chain headquartered in Atlanta, Georgia, with approximately 400 corporate and franchisee locations primarily across the southeastern United States. In early …
In July 2017, Kaspersky Lab researchers discovered that NetSarang Computer's server management software suite — used by hundreds of large enterprises globally for SSH, telnet, and file transfer …
On June 27, 2017, the NotPetya cyberattack struck, becoming one of the most destructive and costly cyberattacks in history with estimated global damages exceeding $10 billion. The attack was …
On June 27, 2017, Russian military intelligence (GRU Unit 74455 / Sandworm) deployed NotPetya — a destructive wiper disguised as ransomware — by trojanizing the automatic update mechanism of M.E.Doc, …
On June 8, 2017, UpGuard cyber risk analyst Chris Vickery discovered a publicly accessible Amazon S3 storage bucket owned and operated by NICE Systems, an Israeli telephonic software and data …
On June 12, 2017, UpGuard cyber risk analyst Chris Vickery discovered a publicly accessible Amazon S3 cloud storage bucket containing approximately 1.1 terabytes of data on 198 million American …
In July 2017, UpGuard security researchers discovered that NICE Systems — an enterprise software company contracted by Verizon to manage call center quality assurance — had left an Amazon S3 bucket …
Between May 13 and July 30, 2017, attackers exploited a critical remote code execution vulnerability in Apache Struts (CVE-2017-5638) to breach Equifax, one of the three major US consumer credit …
Between 2-6 May 2017, attackers compromised one of HandBrake's macOS download mirror servers and replaced the legitimate HandBrake installer with a trojanized version containing the Proton RAT — a …
Between April 3 and November 18, 2017, point-of-sale malware infected payment systems at an undisclosed number of Forever 21 retail stores across the United States. The breach lasted approximately …
Between March 18 and July 2, 2017, point-of-sale malware infected front desk payment systems at 41 Hyatt Hotels properties across 11 countries. The malware was capable of capturing payment card data …
On December 22, 2016, an unauthorized individual gained access to electronic files stored on computer systems maintained by a third-party vendor that provided patient management software applications …
In October 2019, Zendesk — a major customer service software platform used by over 145,000 organizations — disclosed a security breach that affected customer accounts created before November 2016. The …
In October 2016, two hackers used credential stuffing to access Uber engineers' private GitHub repositories, leveraging passwords exposed in previous data breaches. Uber did not require multi-factor …
Between August 28, 2016, and January 14, 2017, the Diamond Institute for Infertility and Menopause, a fertility clinic based in Millburn, New Jersey, suffered repeated unauthorized access to its …
Between 10 August 2016 and 9 March 2017, an unauthorized actor gained access to Sabre Corporation's SynXis Central Reservations (CR) hospitality technology system — a hotel reservation platform used …
Between August 10, 2016, and March 9, 2017, an unauthorized party gained access to Sabre Corporation's SynXis central-reservations system, a widely used platform that processes bookings for …
In mid-2016, the Carbanak/Anunak cybercriminal gang — responsible for stealing over $1 billion from banks globally through sophisticated malware campaigns — breached Oracle's MICROS point-of-sale …
On 11 May 2016, an unauthorized party gained access to a server maintained by Newkirk Products, Inc. — a company that prints and mails health insurance identification cards for numerous US health …
Between October 2015 and mid-2016, a sophisticated POS malware attack — attributed to the Carbanak/Anunak criminal group — affected point-of-sale systems at 1,025 Wendy's franchise restaurant …
In September 2015, Experian — a major US credit bureau — suffered a breach of a server it operated on behalf of T-Mobile for processing mobile phone service credit applications. The attack exposed …
On October 1, 2015, Experian disclosed that hackers had gained unauthorized access to a server containing personal information of approximately 15 million people who had applied for T-Mobile service …
In June and July 2015, attackers compromised servers operated by PNI Digital Media, a Canadian company (subsidiary of Staples) that provided online photo printing and processing services to major …
Between 7 and 26 May 2015, an attacker accessed Medical Informatics Engineering's (MIE) WebChart EHR cloud server using compromised credentials. MIE is a health information technology company …
The Marriott/Starwood breach is one of the largest data breaches in history and a landmark case study in the risks of inheriting a compromised IT environment through corporate acquisition. Attackers …
In a letter to both current and former employees, Lowe’s says that personal information might have been compromised after a third-party vendor exposed it to the public. In a letter to both current and …
In June 2014, attackers compromised a JPMorgan Chase employee's personal computer and obtained login credentials, which they used to gain initial access to the bank's corporate network. The attackers …
Boston Medical Center said it has fired a transcription service after a health care provider reported that the medical records of about 15,000 patients at the hospital were posted without password …
On May 3, 2017, security researcher Bob Diachenko of the Kromtech Security Research Center discovered a massive trove of patient records from Bronx-Lebanon Hospital Center in New York City exposed on …
Mercedes-Benz USA (MBUSA) disclosed on June 11, 2021, that a vendor had inadvertently left sensitive customer and prospective buyer data accessible on a cloud storage platform. The data was collected …
Last week, Target told reporters at The Wall Street Journal and Reuters that the initial intrusion into its systems was traced back to network credentials that were stolen from a third party vendor. …
Florida Healthy Kids Corporation (FHKC) administers the Florida KidCare health insurance program, providing subsidized health and dental coverage to children across Florida. FHKC contracted Jelly Bean …
On July 22, 2013, R.T. Jones Capital Equities Management, a St. Louis-based registered investment adviser, discovered that its third-party-hosted web server had been compromised by attackers traced to …
Beginning in February 2013, a third-party point-of-sale service provider to Goodwill Industries — C&K Systems, a payment processing vendor — had its systems compromised with malware that was able to …
Prestige Software, a Spain-based hotel channel management platform used by major online travel agencies including Hotels.com, Booking.com, and Expedia, left a misconfigured Amazon Web Services S3 …
