You can find March 2021’s list of cyber attacks and data breaches here.
The cyber security industry was rocked in February after a ransomware attack against the Cloud service provider Accellion.
Dozens of organisations that used the software reported incidents in one of the worst months we’ve ever recorded. We found 118 publicly recorded incidents, of which 43 were ransomware attacks.
It’s not the news we were expecting having recently reported that organisations had turned the tide on ransomware attackers – but clearly fraudsters are doubling down on their efforts.
In total, we detected 2,323,326,953 breached records. You can find the full list below, with incidents affecting UK-based organisations listed in bold.
Meanwhile, you can find detailed breakdowns of some of the more notable incidents by subscribing to our Weekly Round-up or by visiting our blog (where we have a dedicated series on phishing scams).
Contents
Cyber attacks
- Foxtons estate agency leaked customers’ financial records (16,000)
- Oxford University COVID-19 laboratory hacked by cyber gang (unknown)
- Npower shuts down mobile app following data breach (unknown)
- Victor Central School District closed to in-person classes due to malware attack (unknown)
- French town of Houilles paralyzed by malware (unknown)
- Israeli company Raychat sees entire database leaked, destroyed (267 million)
- US-based car dealership DriveSure leaks customer data (3 million)
- Tech firm Wind River Systems suffers cyber attack (unknown)
- Baldwin Wallace University, OH, hit by cyber attack (unknown)
- Brazilian energy firm Copel hit by cyber attack (unknown)
- Oklahoma Tourist Recreation Department investigates potential data security incident (unknown)
- Security firm Stormshield discloses data breach, theft of source code (unknown)
- Nevada Health Centers notifying patients after email breach (unknown)
- Security breach at Charles J. Hilton and Associates affects UMPC patients (36,086)
- SitePoint, an Australian learn-to-code publishing website, hacked (unknown)
- Germany’s Netcom Kassel Gesellschaft für Telekommunikation mbH hit by attackers (unknown)
- Hackers try to contaminate Florida town’s water supply through computer breach (unknown)
- KeepChange foils bitcoin theft but loses user data in security breach (unknown)
- Threat actors dump Somerset ISD student personal and health information (unknown)
- Syracuse University email hack compromises personal info of current, former and prospective students (9,800)
- Bannock County, Idaho discloses security breach from last year (unknown)
- ECU Worldwide chief confirms IT systems are down after ‘cyber incident’ (unknown)
- Brazilian phone providers Vivo and Claro leak customer data (102.8 million)
- Malaysian voters’ personal information exposed in database leak (10 million)
- Netherlands Organization for Scientific Research suffers cyber attack (unknown)
- Lithuanian car-sharing service CityBee leaks users’ data online (110,000)
- Simon Fraser University warns staff, students, alumni of security incident (200,000)
- Hogeschool van Amsterdam and the University of Amsterdam hit in cyber attack (unknown)
- Minnesota school district employees falls for phishing attack (677)
- Bénéteau boat company suffers cyber attack (unknown)
- Kroger reports data breach affecting pharmacy records, associate HR data (unknown)
- AZ-based Watermark Retirement Communities says cyber intrusion affected residents’ data (208)
- Sequoia Capital breached in phishing attack (unknown)
- Police investigate racist hack that disrupted Ben Franklin High students’ virtual field trip (unknown)
- Colonial Park Realty Co t/a Enders notifies customers of data breach (unknown)
- Ministry of Finance suffers cyber attack (unknown)
- Ukraine says Russian hackers attacked state document system (unknown)
- MI-based Covenant HealthCare reports data breach through employee emails (40,000)
- French transport company Montélimar targeted by a cyber attack (unknown)
- Patient data at OH-based Fisher-Titus Medical Center compromised (unknown)
- Dutch housing corporation Stadgenoot hacked (30,000)
- Websites of American colleges have been hacked or otherwise compromised by essay mills (unknown)
- Summit Behavioral Healthcare in Tennessee reports breach (unknown)
- MA-based Home for the Little Wanderers starts notifying people of breach (unknown)
- Georgia’s DeKalb County School District working on cyber security after reports of hacking (unknown)
- Zee5, an Indian streaming platform, leaks users’ data online (9 million)
- T-Mobile discloses data breach after SIM swapping attacks (unknown)
- User accounts of unnamed French hospital agents for sale on dark web (50,000)
- Indian police exam database breached (500,000)
Ransomware
- Hacker blackmails pirate IPTV services, threatens to send user data to police (unknown)
- Brazil’s Eletronuclear administrative network suffers ransomware attack (unknown)
- Belgium’s Sacred Heart Hospital hit by ransomware (unknown)
- Ransomware attack targets Ness IT company in Israel, US, India (unknown)
- Video game developer CD Projekt Red refuses to pay ransom (unknown)
- North Carolina’s Chatham County data posted online after cyber incident (unknown)
- France’s Mutuelle Nationale des Hospitaliers hit by ransomware (unknown)
- Polling firm BVA hit with ransomware (unknown)
- Threat actors dump patient files from Texas-based Nocona General Hospital (1,760)
- British Columbia real estate agency sustains unusual ransomware attack (unknown)
- French vehicle manufacturer Trigano shuts down plant after ransomware infection (unknown)
- Belgian city Seraing targeted in suspected ransomware attack (unknown)
- NC’s Central Piedmont Community College impacted by ransomware attack (unknown)
- The Urological Clinic Munich Planegg falls victim to ransomware (unknown)
- Villefranche-sur-Saône hospital victim of a computer attack (unknown)
- Valdès Analysis Laboratory in Cagliari falls victim to ransomware (unknown)
- NM-based Rehoboth Mckinley Christian Health Care Services hit by ransomware (unknown)
- Capital Medical Center in Washington State suffers ransomware attack (unknown)
- Brazil’s Meddi Laboratório struck with ransomware (unknown)
- Southern Arkansas University hit by ransomware for second time in two years (unknown)
- Kayseri Organized Industrial Zone Directorate suffers ransomware attack (unknown)
- Hellenic Defense Systems hit by ransomware attackers (unknown)
- French standardisation org Afnor suffers ransomware attack (unknown)
- Underwriters Laboratories (UL) certification giant hit by ransomware (unknown)
- The city of Chalon-sur-Saône victim of a cyber attack (unknown)
- Finnish IT giant TietoEVRY hit with ransomware (unknown)
- Cuyahoga Metropolitan Housing Authority crippled by ransomware (unknown)
- Fears grow data hacked from Reserve Bank may be leaked by ransomware group (unknown)
- Transport for New South Wales confirms that data was stolen in Accellion breach (unknown)
- Bombardier issues statement on cyber security breach (unknown)
- Jones Day says vendor was responsible for cyber attack (unknown)
- Florida Studio Theatre recovering from ransomware attack (unknown)
- France’s Manutan Group addresses ransomware incident (unknown)
- Secondary school in Netherlands pays ransom after cyber attack criminals (unknown)
- Washington state residents affected by a breach involving Accellion (1.6 million)
- Serco says ‘no data compromised’ despite hack (0)
- France’s Dax hospital center targeted by a large-scale cyber attack (unknown)
- Singaporean telecoms company Singtel suffers cyber attack (unknown)
- Michigan State Police investigating cyber attack on Saginaw Township schools (unknown)
Data breaches
- NurseryCam discloses a data breach(unknown)
- Energy firm Enel leaks Brazilian customers’ personal data (300,000)
- Pakistani vehicle-for-hire and parcel delivery company Bykea leaked production server (400 million)
- American Internet giant Comcast exposed development database online (1.5 billion)
- Friendswood ISD students’ Social Security numbers mistakenly sent to school photographer (550)
- Vermont Department of Labor involved in tax form blunder (80,000)
- Wisconsin-based Shorewood School District leaks student data (unknown)
- Romania’s biggest real estate portal suffers major data breach (unknown)
- North Carolina’s SSA first sends confidential records to the wrong people, then refuses credit monitoring (unknown)
- Loophole in Indian government database puts party members’ data at risk (400,000)
- Jamaica’s immigration website, the Amber Group, exposed travellers’ data (unknown)
- School division apologizes for privacy breach at Winnipeg Adult Education Centre (400)
- Vulnerability discovered in cash-loaning application Cashalo (3.3 million)
- Personal and prescription information found on side of Florida road (unknown)
- HSE blunder exposes private information of people who received COVID-19 vaccine (unknown)
- Jamaica’s JamCOVID pulled offline after third security lapse exposed travellers’ data (unknown)
- Oxfam Australia investigates data breach after database sold online (1.7 million)
Financial information
- Scottish Borders council apologises for free school meals payment data breach (unknown)
- California DMV halts data transfers with third-party company after Automatic Funds Transfer Services security breach (unknown)
- Employee email at Jacobson Memorial Hospital & Care Center compromised (1,547)
- Ransomware gang hacks Ecuador’s largest private bank, Ministry of Finance (31,694,482)
- Volunteers of America Chesapeake & Carolinas says it was phished (unknown)
Malicious insiders and miscellaneous incidents
- NHS Lothian staff members were “inappropriately accessed” by a colleague (150)
- USAO Southern District of Iowa contractor provided criminal investigation data to a friend (unknown)
- Yandex suffers data breach after sysadmin sold access to user emails (5,000)
- Former Air Force contractor pleads guilty to taking classified information (unknown)
- Regulators investigating after major data leak at Dedalus France (491,840)
In other news…
- Google says it’s too easy for hackers to find new security flaws
- Poland’s Medical University of Silesia issued GDPR fine for omitted data breach notification
- Blockchain transactions confirm murky and interconnected ransomware scene
