List of data breaches and cyber attacks in February 2022 – 5.1 million records breached

The cyber security industry, much like the rest of the world, is on edge. Our figures for this month are comparatively low – with 83 data breaches and cyber attacks accounting for 5,127,241 breached records – but there is a sense that we are on the brink of something.

In the final days of February, there were a flurry of security incidents related, either directly or indirectly, to the Ukraine conflict. First, Russia targeted banks and government departments, then Ukraine hit back, attacking the Moscow stock exchange.

The EU has responded to calls for help from Ukraine, and has set up a cyber rapid-response team comprised of 12 volunteers, who will help cyber attack victims. The hacking group Anonymous has been more aggressive, launching attacks across Europe to give Vladimir Putin “a sip of his own bitter medicine”.

In the midst of all this, organisations across Europe have reported delays as a result of alleged state-sponsored attacks – including Toyota’s Japanese plants and a kettle manufacturer in the Isle of Man.

You can find out more about the cyber security implications of the Ukraine by registering for our special presentation hosted by IT Governance’s founder and executive chairman, Alan Calder. It will take place on Thursday, 3 March at 3pm, and you can register for on our website.

Meanwhile, you can find the full list of cyber attacks and data breaches for February 2022 below. As usual, incidents affecting UK-based organisations are listed in bold.

---

---

Cyber attacks

• Criminals phish SEPA, with £42m unaccounted for (unknown)
• Isle of Man kettle-parts firm hit by cyber attack (unknown)
• Oiltanking Deutschland GmbH & Co. KG operating with limited service after cyber attack (unknown)
• Morley Companies, Inc. discloses security incident (521,046)
• Professional Personnel Service, Inc says it was struck with malware (42,866)
• North Korea hacked him, so he took down its Internet (unknown)
• News Corp says it was hacked; believed to be linked to China (unknown)
• A security breach at Hong Kong online shopping platform HKTV (unknown)
• Cyber attack brings down Vodafone Portugal mobile (unknown)
• Memorial Hermann patients’ data accessed in security breach (6,000)
• One year after it started, LendUs discloses that they had a breach (unknown)
• Harbour Plaza Hotel customers warned over data leak (1.2 million)
• Cyber attack disrupts Slovenia’s top TV station (unknown)
• Croatian phone carrier A1 Hrvatska discloses data breach (200,000)
• Comprehensive Health Services discloses breach (94,449)
• Jackson County Hospital District notifying patients of data breach (unknown)
• National Math and Science Initiative notifies those affected by data security incident (191,255)
• Williamsville CSD reveals cyber security breach (unknown)
• Bible Fellowship Church Homes notifies residents of data security incident (unknown)
• Charlotte Radiology notifies patients of December security incident (unknown)
• Boston law firm Taylor, Ganson & Perrin notifies clients of breach (unknown)
• Logan Health Medical Center notifying patients of security incident (213,554)
• Douglas C. Morrow, OD notifies patients of data security incident (unknown)
• Ukrainian websites struck by DDoS attacks as Russia launches invasion (unknown)
• Cookware distribution giant Meyer discloses data breach (unknown)
• CVS Pharmacy discloses security incident (6,221)
• Ethos Technologies targeted in ‘sophisticated’ cyber attack (13,300)
• South Shore Hospital Corporation says it was hit by criminal hackers (115,000)
• Service Employees International Union confirms cyber attack (230,487)
• Accutech Systems Corporation discloses 2021 cyber attack (39,500)
• Hackers sell backdoors into a $2 billion non-profit, a Californian hospital, and Michigan government (unknown)
• Suspect accused of hacking Hawaii bank (unknown)
• Dubai-based Gems Education hit by cyber attack (unknown)
• Creative Services, Inc hit by cyber criminals (164,673)
• Law firm Advantage Title & Escrow suffers security incident (unknown)
• Priority Health faces ongoing security issue (unknown)
• Pekin Insurance suffers breach after password gaffe (10,872)
• Thybar Corporation suffers cyber attack (unknown)
• Manhattan School of Music breached in cyber attack (6,500)
• Alliance Physical Therapy Group compromised in security incident (unknown)
• Cross Timbers Health Clinics suffers security incident (unknown)
• Bridgestone investigating possible information security breach (unknown)
• Toyota to halt operations at all Japan plants due to cyber attack (unknown)
• Aon hit by cyber attack (unknown)
• Satellite giant Viasat probes suspected broadband cyberattack amid Russia fears (unknown)
• Moscow stock exchange downed by cyber attack (unknown)

---

If you find yourself facing a cyber security disaster, IT Governance is here to help. Our Cyber Incident Response service provides the help you need to deal with the threat, as our experts guide you through the recovery process.

They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.

---

Ransomware

• KP Snacks hit by ransomware, causing supply delays (unknown)
• French IT service provider Syndicat Intercommunal d’Informatique hit by ransomware (unknown)
• Swissport ransomware attack leads to flight delays (unknown)
• Puma hit by data breach after Kronos ransomware attack (unknown)
• East Bay Community College data breached in ransomware attack (unknown)
• Ransomware group claims to have stolen data on patients from Jax Spine and Pain Centers (260,000)
• The Optionis data breach is worse than you can imagine (unknown)
• San Francisco 49ers confirm ransomware attack (unknown)
• Minimally Invasive Surgery of Hawaii notifies patients of ransomware incident (unknown)
• Kansas’ Hays School District hacked with ransomware (unknown)
• NZ technology company iTCO hacked in ransomware attack (unknown)
• Louisiana-based Spine Diagnostic & Pain Treatment patient files show up on ransomware site (unknown)
• Nvidia breached by attackers who seem shocked by hack-back (unknown)
• Canadian healthcare firm breached by two ransomware gangs (unknown)

Data breaches

• Data breach as Corby vaccine trial participants’ details inadvertently shared in email gaffe (unknown)
• NHS contractor PSL Print Management leaks patients’ sensitive data (unknown)
• User information and messages from the Whisper app exposed on the web (unknown)
• Securitas misconfiguration exposed airport employee info (1 million)
• Illinois Housing Development Authority addresses data breach (unknown)
• Georgia voter info posted online after breach of software company (unknown)
• Donation site for Ottawa truckers’ ‘Freedom Convoy’ protest exposed donors’ data (unknown)
• Military sexual misconduct settlement hit by privacy breach (40)
• Sensitive business addresses published in Australian COVID data breach (500,000)
• Chinese social media app Zheli pauses user registration over data leak claim (unknown)
• OKC Police rape kit info exposed in data breach of DNA contractor (unknown)
• Houston Health Department working to fix website ‘glitch’ that exposed patients’ COVID test results (10,000)
• Dallas IT worker erased police files by accident, report confirms (unknown)
• Confidential attorney discipline records published after data breach, State Bar of California says (260,000)

Financial information

• In second largest DeFi hack ever, Blockchain bridge loses $320M ether (unknown)
• Scammer steals $15K from Excluded Workers Fund (unknown)

Malicious insiders and miscellaneous incidents

• Cop appears at Hamilton Sheriff Court on trial over data protection breach (unknown)
• Nassau notifies workers their confidential personal data may have been breached by employees (209)
• North Shore University Hospital notifies patients of unauthorised access to personal information (7,614)
• Thai University Central Admission System hacked (23,000)
• Whistle-blower leaks sensitive data from Credit Suisse (18,000)
• Michigan Medicine notifies patients after discovering a snooping employee (269)

In other news…

• Inside Trickbot, Russia’s notorious ransomware gang
• A look at the new Sugar ransomware demanding low ransoms
• Elephant Beetle: Stealthy hacker group stole millions undetected
• Only 3% of consumers freeze credit after data breach
• Ukrainian cyber police recruit help fighting Russia