2021 was a difficult year many of us, and with the hope that COVID-19 will dissipate in the spring, this is a new year more than any other where we want to look forwards, not backwards.
But before we turn our attention to 2022, we must first round out 2021 with our final monthly review of data breaches and cyber attacks. December saw 74 publicly disclosed security incidents, which accounted for 219,310,808 breached records.
You can find the full list of incidents below, with those affecting UK-based organisations listed in bold.
Additionally, we’ll also soon be publishing our latest quarterly review of security incidents, in which you can discover the latest trends and take a look back at the year as a whole.
Keep an eye on our blog for that, or subscribe to our Weekly Round-up to get our latest posts sent straight to your inbox.
Contents
Cyber attacks
- Suspected Chinese hackers breach four US defense and tech firms (unknown)
- Criminal hacker targets local Italian government (unknown)
- Crypto firm Bitmart loses estimated $200M in cyber attack (unknown)
- US State Department employees hacked by Israeli spyware (9)
- Cyber attack freezes Maryland health department (unknown)
- Fake birth certificates generated in Hisar after health department hacked (unknown)
- Cyber attack disables access to online servers for Oahu Transi (unknown)
- Brazilian Ministry of Health suffers cyber attack and COVID-19 vaccination data vanishes (212 million)
- Simon Eye Management reports security incident (unknown)
- BioPlus Specialty Pharmacy Service notifies those affected by cyber attack (unknown)
- Long Island Jewish school’s website hacked with Nazi images, slurs (unknown)
- Threat actors pose as pharmacists, get business associates to send them patient records (unknown)
- US federal agency compromised in suspected APT attack (unknown)
- Hackers attack Israeli hiking websites, leak personal information (3 million)
- California man charged with hacking student accounts (unknown)
- Belgian defence ministry admits attackers accessed its computer network by exploiting Log4j vulnerability (unknown)
- Australian man charged over Victoria Police security breach (unknown)
- Massive data breach exposes wage and personal info of more than Albanian residents (637,000)
- Monterey Peninsula Unified School District notifying current and former employees of data security incident (unknown)
- Another T-Mobile cyber attack reportedly exposed customer info and SIMs (unknown)
- Cyber attack on one of Norway’s largest media companies shuts down presses (unknown)
- Saskatchewan Liquor and Gaming Authority investigating Christmas Day cyber security incident (unknown)
- Crawford County Assessor’s Office is the latest public entity to be hit by a cyber attack (unknown)
- New Jersey’s Office of Information Technology suffers cyber attack (unknown)
- Hackers steal, put up for sale Khyber Pakhtunkhwa police data (1,400)

If you find yourself facing a cyber security disaster, IT Governance is here to help. Our Cyber Incident Response service provides the help you need to deal with the threat, as our experts guide you through the recovery process.
They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.
Ransomware
- Quest’s ReproSource faces patient lawsuit over data breach (350,000)
- Planned Parenthood’s Los Angeles clinics hit by ransomware (400,000)
- Cyber attack on Kisters AG by orchestrated ransomware attack (unknown)
- Riverhead schools hit by ransomware attack, shutting down computer and tech infrastructure (unknown)
- Delta-Montrose Electric Association loses billing capability and two decades of records after cyber attack (unknown)
- Lewis & Clark Community College to resume classes Tuesday amid ransomware attack (unknown)
- Ransomware attack hits Canadian school board, employee and student data stolen (unknown)
- Pellissippi State Community College impacted by ransomware attack (unknown)
- North American food importer Atalanta confirms ransomware attack (unknown)
- Hellmann Worldwide Logistics in Germany was hit by ransomware (unknown)
- Eldon School District in Missouri was closed closed Tuesday due to a ransomware attack (unknown)
- Polish municipality of Świętokrzyskie hit by ransomware (unknown)
- Oregon anaesthesiology group notifies those affected by ransomware incident (750,522)
- Virginia’s Division of Legislative Automated Systems hit by ransomware (unknown)
- Ransomware attacks Shelley School District computers (unknown)
- HR management platform Kronos hit with a ransomware attack (unknown)
- Coombe Hospital has been the subject of a ransomware cyber attack (unknown)
- Ransomware attacks Shelley School District computers (unknown)
- McMenamins hit by ransomware attack; chain says employee info at risk (unknown)
- Coles, Westpac, AMP and Department of Defence caught up in ‘significant’ data breach of Finite Recruitment (unknown)
- Ransomware attacks on CompuGroup Medical SE & Co. KGaA (unknown)
- Health Ministry of Brazil hit by two Ransomware attacks in a week (unknown)
- The Medical Review Institute of America notifies patients of ransomware incident (unknown)
- Shutterfly services disrupted by Conti ransomware attack (unknown)
- Duneland School Corporation notifying employees and dependents of data breach (unknown)
- Fintech firm ONUS hit by log4j hack refuses to pay ransom (2 million)
Data breaches
- Gumtree classifieds site leaked personal info via the F12 key (unknown)
- Sangamon County Animal Control posts driver’s license numbers instead of animal photos (unknown)
- Northeastern University cancels vaccination clinics after third-party data leak (unknown)
- Missing document investigation solved after HHSC files found to be in staff’s possession (unknown)
- Sensitive information stolen from nuclear power installation in Tarragona (unknown)
- NJ volunteer EMS agency says patient data was breached (unknown)
Financial information
- LINE Pay leaks data from users to GitHub (133,000)
- Frontier Software leaks payroll data of Australian government employees (38,000)
- Canada-based Big White issues security incident alert (unknown)
- Monongalia Health System notifies patients and employees of data breach (unknown)
- Luxemburg-Casco School District notifies employees of data breach (1,399)
Malicious insiders and miscellaneous incidents
- Private medical files dumped in cabinet outside GP surgery (unknown)
- Woman finds medical records stacked next to recycling bin (unknown)
- Computer containing vaccine data stolen in Brussels (unknown)
- Privacy breach at Hutt Hospital as NZ clinician leaves patient info on street (unknown)
Thanks, Luke for giving the list.
Is there also such a list with OT (Operational Technology) hacks?
How many companies suffered from machinery being highjacked or out out of order?
Great article and shows that no one is safe from a cyber attack!