You can find June 2021’s list of data breaches and cyber attacks here.
For the second month in a row, ransomware has dominated our list of data breaches and cyber attacks. Of the 128 publicly disclosed incidents that we discovered in May, more than 40% of them were ransomware attacks.
But, of course, the nature of ransomware attacks makes it hard for organisations to determine how many records were affected. That partially explains why May’s total of 115,861,330 breached records is comparatively low.
By contrast, we disclosed 1 billion breached records in April, and almost 4 billion in the first four months of the year.
As always, you can find the full list of incidents below, with those affecting UK organisations listed in bold.
Contents
Cyber attacks
- Edinburgh mental health clinic in probe after client information accessed in scam(unknown)
- Iranian Hackers Hit H&M Israel (unknown)
- South Africa’s VirginActive goes offline after cyber attack (unknown)
- B.C. student loan website down after being taken over by hackers (unknown)
- Unidentified cyber attackers force Alaska Court System to disconnect from Internet (unknown)
- Colis Privé reports a cyber attack is causing disruption in operations (unknown)
- San Diego-based Scripps Health hit By cyber attack (unknown)
- SmileDirectClub says cyber security incident could cost millions (unknown)
- Hackers break into Spanish start-up delivery firm Glovo (unknown)
- Faxton St. Luke’s Healthcare says patient data was accessed by unauthorised person (17,655)
- Belgium’s parliament and universities hit by cyber attack (unknown)
- Orthopedic Associates of Dutchess County notifies patients of breach (331,376)
- CaptureRx issues notice after discovering security incident (1,919,938)
- SEIU 775 Benefits Group discloses security incident (140,000)
- Brevard School Board breach potentially affected staff and students (10,000)
- Timberland Regional Library takes action after learning of data security incident (unknown)
- Massive hack exposes emails from Chicago mayoral officials (unknown)
- United Overseas Bank employee allegedly fell prey to scam (1,166)
- French shoe manufacturer Veja hacked (unknown)
- American Family Insurance to notify those affected by unemployment benefits fraud (283,734)
- Noblr Reciprocal Exchange to notify consumers affected by insurance fraud (97,633)
- Decades of personal data was stolen from Australian National University (unknown)
- Cyber attack targets the municipality of Konya in central Turkey (1 million)
- Anson, North Carolina, experiences cyber attack (unknown)
- Turkish crypto exchange BtcTurk reveals 2018 security incident (500,000)
- Pi Network implicated in personal data leak (unknown)
- Health Plan of San Joaquin notifying patients of email hack last year (420,433)
- Cyber attack targeting Alaska’s state health department website disrupts some online services (unknown)
- Czech national library reports outage due to cyber attack (unknown)
- Daihatsu Diesel Company hit by a cyber attack (unknown)
- Database belonging to Indonesia’s BPJS Kesehatan being sold online (100,000)
- University of Franche-Comté hit by phishing scam (unknown)
- Grenoble-Alpes Métropole and the City of Grenoble in DDoS attack (0)
- Beech Acres Parenting Center says email accounts were hacked (unknown)
- Japanese dating app Omiai hit by cyber criminals (1.7 million)
- Siegfried pharmaceutical suffers malware infection (unknown)
- French property maintenance firm ISERBA Group discloses cyber attack (unknown)
- Marietta City Schools email systems were hacked (unknown)
- Japanese Ministry loses thousands of email addresses in data breach (76,000)
- Canada Post informs 44 large business customers of data breach (950,000)
- Japanese government agencies suffer data breaches after Fujitsu hack (unknown)
- German clothes retailer Waschbär hit by malware (unknown)
- Student accessed and disrupted Pinellas County school computer system (unknown)
- Hoboken Radiology reveals breach of imaging server that began in 2019 (unknown)
If you find yourself facing a cyber security disaster, IT Governance is here to help. Our Cyber Incident Response service provides the help you need to deal with the threat, as our experts guide you through the recovery process.
They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.
Ransomware
- Doncaster-based One Call Insurance hit by ransomware (unknown)
- Ransomware attack on Swiss Cloud Computing AG (6,500)
- Wolfe Eye Clinic victim of Lorenz threat actors (unknown)
- One of the US’s largest pipelines shuts down to contain cyber security breach (unknown)
- J. Spargo & Associates Inc. registration database breached in ransomware attack (unknown)
- Resort Municipality of Whistler in Canada hit by ransomware (unknown)
- Ransomware attack on Midwest Transplant Network (17,000)
- Melbourne-based Schepisi Communications suffers ransomware, DDoS attack (unknown)
- Boutin transport company victim of a cyber attack (unknown)
- Avaddon threat attackers demand ransom from NSW Labor (unknown)
- Ransomware attack on French environmental centre resulted in data loss (unknown)
- Cluj County Council’s website was hacked (unknown)
- French firm Albioma hit by ransomware (unknown)
- Ransomware attack against MedNetwoRX causes weeks of delays (unknown)
- ATC Transportation discloses ransomware attack (unknown)
- IT services of the Oviedo City Council knocked out (unknown)
- Ransomware attack impacts City of Tulsa (unknown)
- Cyber attack knocks out Rensselaer Polytechnic Institute computer systems (unknown)
- Norwegian software firm Volue ASA hit by Ryuk ransomware (unknown)
- Japanese manufacturer Yamabiko targeted by Babuk ransomware (unknown)
- Indiana’s Logansport Community School Corp hit by ransomware (unknown)
- Ransomware attack on Centennial School District in Oregon (unknown)
- Negotiations fail, threat actors dump more data from Metropolitan Police D.C. (unknown)
- Criminal hackers attack Ehrmann, demand millions in ransom (unknown)
- Criminal hackers attack Energy Hamburg Radio (unknown)
- Chemical distribution company Brenntag paid a $4.4 million ransom (unknown)
- Toshiba unit hacked by DarkSide ransomware gang (unknown)
- Irish health service shut down amid ransomware attack (unknown)
- Brazil media company Rede Bahia suffers a ransomware attack (unknown)
- Apex America hit by Sodinokibi ransomware (unknown)
- Gary, Indiana targeted by ransomware attack (unknown)
- Darkside threat actors attempted to extort Möbelstadt Sommerlad (unknown)
- Cyber insurance giant AXA hit by ransomware attack after saying it would stop covering ransom payments (unknown)
- Threat actors dump patient-related files allegedly from Eduro Healthcare (unknown)
- Cyber security incident causes disruption and some delays at Ardagh Group (unknown)
- Utility Trailer Manufacturing targeted by ransomware (unknown)
- New Zealand health service hit by cyber attack (unknown)
- Visalia Unified School District in California hit by ransomware (unknown)
- Rockland Public Schools in Massachusetts reports ransomware attack (unknown)
- Betenbough Homes target of Sodinokibi threat actors (unknown)
- Wisconsin’s Tigerton School District hit by ransomware (unknown)
- Toyota’s Mississippi plant suffers ransomware attack (unknown)
- California’s Sierra College victim of ransomware incident (unknown)
- Insurance firm Stelliant Group in suspected ransomware attack (unknown)
- Phoenix chiropractic practice offline after ransomware attack (unknown)
- Oklahoma’s Harper County Community Hospital targeted with ransomware (unknown)
- Headphone and speaker maker Bose discloses ransomware attack (unknown)
- Eastern Hancock schools fall victim to ransomware attack (unknown)
- Volunteer Service Abroad targeted by ‘sophisticated’ ransomware attack (unknown)
- Municipality of Porto Sant’Elpidio publicly quiet after ransomware attack and partial dump of files (1,000)
- Massachusetts’ Sturdy Hospital pays ransom after patient information is stolen (unknown)
- Australia’s BLK Sport reveals DarkSide attack (unknown)
- California’s Azusa Police reveals ransomware attack (unknown)
Data breaches
- NHS vaccination website leaks people’s medical data (unknown)
- Liverpool Women’s Hospital lost boxes of private patient data while conducting study without approval (unknown)
- Online vendor working for the Veterans Administration exposes sensitive data (200,000)
- Sensitive court documents from the Office of the Solicitor General of the Philippines leaked online (345,000)
- Thousands of Amazon employees had unauthorised access to private seller data (unknown)
- Peloton’s leaky API let anyone grab rider’s private account data (3 million)
- Rochester Community Technical College releases student info in data breach (5,392)
- Yukon government employees may have been affected by a recent privacy breach (400)
- Hard drives still missing after Concord data breach (70,000)
- Two Salesforce incidents reportedly shut down online vaccination reservation systems (unknown)
- Student health insurance carrier Guard.me suffers a data breach (unknown)
- New Zealand police admit privacy breach after gun licence applicants copied into same email (40)
- Wyoming health director, tech officer quit after data leak (164,000)
- FastTrack Reflex Recruitment snafu exposes CVs and ID documents (20,000)
- Android users’ data exposed via misconfigured Cloud services (100 million)
- Dutch-based Riagg Rijnmond Foundation left patient data in basement (unknown)
- Zocdoc says ‘programming errors’ exposed access to patients’ data (7,600)
- US soldiers accidentally leak nuclear secrets via study apps (unknown)
Financial information
- Herff Jones data breach leaves students’ bank information compromised (unknown)
- Georgia’s College Park leaders ‘stunned’ one of their own busted for ID theft (11)
- Air India discovers historic data breach dating back to 2012 (4.5 million)
- CEFCO in alleged data theft after customer data turns up online (unknown)
- Klarna battles data breach with reports of leaked user info (9,500)
Malicious insiders and miscellaneous incidents
- Records stolen from Indian Sector 23 government school (unknown)
- Medical worker charged with ID theft of patients (39)
- University of Florida Health Shands notifies patients of privacy breach (1,562)
- Alexandria nursing assistant charged with identity theft (6)
- Toronto plastic surgeon’s licence suspended over social media posts, surveillance of patients without consent (unknown)
- Former Wenatchee Valley Medical Group physician charged with Confluence Health computer intrusion (unknown)
- Las Cruces behavioural health counsellor accused of Medicaid fraud, identity theft (unknown)
In other news…
- Houston man sentenced to 10 years in prison for massive credit card fraud scheme
- Judge lets novel claim stand in UHS patient data breach lawsuit
- Mercy University Hospital secures court injunction against ransomware hackers
- Secret chats show how cyber gang became a ransomware powerhouse
thanx for sharing this blog. we will look forward for more updates.
Thank you for these. Really have “enjoyed” reading them. 🙂