You can find December 2020’s list of cyber attacks and data breaches here.
We recorded 103 cyber security incidents in November, which accounted for 586,771,602 leaked records.
The majority of those came from a credential-stuffing attack targeting Spotify and a data leak at the messaging app GO SMS Pro, which you can learn more about below.
Here is our complete list of November’s cyber attacks and data breaches. As usual, incidents affecting UK organisations are in bold.
Contents
Cyber attacks
- Hackers selling data of British motorists on the dark web (21,000)
- Campari Group discloses malware attack (unknown)
- Saarbrücken Airport in Germany under cyber attack (unknown)
- Kingston Health Sciences Centre investigating security incident (unknown)
- Indian pharmaceutical giant Lupin reports cyber security breach (unknown)
- Club Fitness says it was hit by cyber criminals (unknown)
- Brazil’s Superior Court of Justice suffers cyber attack (unknown)
- Val-de-Marne: Alfortville town hall paralyzed by a computer attack (unknown)
- University of Vermont Medical Center hit by cyber attack (unknown)
- Indian internet grocer Bigbasket data stolen in cyber attack (unknown)
- Italy’s Municipality of Gaiba suffers cyber attack (unknown)
- Newcastle Grammar School, Australia, targeted by cyber criminals (unknown)
- Hackers grab sensitive data from Philippines’ Land Transportation Office (unknown)
- France’s City of Bondy (Seine-Saint-Denis) responds to cyber attack (unknown)
- Hacker shares Pluto TV accounts for free on forum (3.2 million)
- Canada’s City of Saint John hit by ‘significant’ cyber attack (unknown)
- Cold storage giant Americold hit by cyber attack (unknown)
- Phishing attack on NC-based Alamance Skin Center leaves patient data unrecoverable (100,000)
- Mercy Iowa City notifies those affected after phishing scam (92,795)
- Crypto trading platform Liquid hacked (unknown)
- Students at TX-based Sherman ISD break into school systems (unknown)
- Massachusetts-based Mansfield public schools hit by DDoS (unknown)
- Nitro PDF vulnerability gives criminals access to New Zealanders’ email addresses, passwords (2.6 million)
- Mitsubishi Electric suffers ‘massive’ cyber attack (8,653)
- LSU Health New Orleans Health Care Services Division says employees’ email was compromised (unknown)
- Kuurne Municipal Services down due to cryptomining attack (unknown)
- Ouest-France publishing group targeted by cyber attackers (unknown)
- Spotify accounts compromised in credential-stuffing attack (300 million)
- Production company Banijay hit by cyber attack (unknown)
- Event-discovery application Peatix discloses security incident (unknown)
- US Fertility says it has suffered malware attack (unknown)
- Canon confirms August cyber attack (unknown)
- Networking equipment vendor Belden discloses data breach (unknown)
- Car rental firm Unidas (LCAM3) says it has been hacked (unknown)
- Cyble, Inc suffers cyber attack (unknown)
- Colorado mental health services provider AspenPointe reveals cyber attack (295,617)
- McLeod Health notifying patients after employee’s email is compromised (unknown)

Ransomware
- Flagship Group hit by ransomware after falling for phishing scam (unknown)
- Manchester United Football Club hit by cyber attack, no data loss recorded (0)
- Cyber attackers hit Italian city of Ravenna (unknown)
- Saskatchewan Polytechnic hit in suspected ransomware attack (unknown)
- Capcom says thousands affected in ransomware attack (350,000)
- Advanced Urgent Care of the Florida Keys notifies patients of ransomware attack (58,823)
- E-commerce platform X-Cart hit by ransomware (unknown)
- Compal, the second-largest laptop manufacturer in the world, hit by ransomware (unknown)
- Jekyll Island Authority notifies those affected by ransomware attack (7,000)
- French pharma company Bailly Creat hit by ransomware (unknown)
- Nexia Australia and New Zealand says no data was stolen in ransomware attack (unknown)
- France-based Umanis hit by ransomware (unknown)
- Northampton Public Library, PA, working to recover from ransomware attack (unknown)
- Ransomware forces web hosting provider Managed.com to take servers offline (unknown)
- Quebec’s largest agricultural company, Sollio Groupe coopératif, hit by ransomware (unknown)
- Munich GWG housing association the victim of a ransomware attack (unknown)
- Ransomware attack cripples, GA-based Oglethorpe County school system (unknown)
- French newspaper Paris-Normandy hit by ransomware (unknown)
- Archdiocese of St. Louis websites down after ransomware attack (unknown)
- GoDaddy employees used in attacks on multiple cryptocurrency services (unknown)
- South Koran retail giant E-Land closes nearly half of stores due to ransomware attack (unknown)
- NY-based Four Winds Hospital reveals September ransomware attack (unknown)
- Australian firm Law in Order hit by ransomware (unknown)
- Pakistan International Airlines embroiled in ransomware attack (unknown)
- Baltimore County schools suffers ransomware attack (unknown)
- Danish news agency Ritzau rejects ransom demand after hacker attack (unknown)
- Spring Independent School District in Houston hit by ransomware (unknown)
- Finistère Habitat under ransomware attack (unknown)
- Haute-Ariège Community of Communes suffers ransomware attack (unknown)

Data breaches
- Abertay University investigators find ‘deleted’ personal details on USB sticks (75,000)
- Criminals read bank balance and demanded the lot, reveals Scotland’s Dundee and Angus College(unknown)
- Basingstoke Hospital leaks staff data (1,000)
- Sophos notifying customers after database misconfiguration (unknown)
- Lloyds Pharmacy sent patient data to woman in the post(unknown)
- NHS Highland breaches data of diabetes patients (284)
- ‘Human error’ blamed for personal data breaches at Sheffield Council (unknown)
- Disabled children’s names revealed in Bristol City Council email (487)
- Floor coverings distributor Headlam Group discloses data breach (unknown)
- Folksam data breach leaks Swedes personal info to Google, Facebook (1 million)
- Columbus City Schools in Ohio discloses data breach (unknown)
- Configuration snafu at GrowDiaries exposes marijuana growers’ passwords (3.4 million)
- Ukrainian Ombudsperson’s Office investigating breach of soldiers’ data (500)
- Deloitte’s ‘Test your Hacker IQ’ site exposes users’ info (unknown)
- Lawrence General Hospital in Massachusetts notifying patients of data breach (unknown)
- Hard drives and documents with personal health info left behind during MLHU move (unknown)
- Prestige Software leak exposes personal data of hotel guests (10 million)
- Animal Jam kids’ virtual world hit by data breach (46 million)
- Vertafore ‘data event’ affects millions of Texans (27.7 million)
- Philippines COVID-19 track and trace app leaks citizens’ data (unknown)
- Contractor mistakenly removed data from Hong Kong’s Queen Mary Hospital (442)
- Cloud Clusters Inc. exposes millions of records (63 million)
- Delaware public health body announces data breach incident involving COVID-19 results (10,000)
- California-based TronicsXchange exposed ID cards and fingerprint scans (2.6 million)
- Android messaging app GO SMS Pro exposed private photos and files (100 million)
- Christian faith app Pray.com leaks users’ personal data (10 million)
- Coast2coastloans.com databases found online (unknown)
- Illinois Valley Community College notifies those affected by security incident (160,000)
- Albert Einstein Hospital in Brazil breaches data of COVID-19 patients (16 million)
- Koninklijke Nederlandsche Wielren Unie reports a data breach of legacy database (90,000)
Financial information
- Nottinghamshire-based Sandicliffe car dealership suffers data breach (unknown)
- Customer payment details stolen in malware attack on JM Bullion (unknown)
- The Wash Tub notifying customers of a year-long payment card breach (unknown)
- Nearly $20 million stolen from the DeFi protocol Pickle Finance (unknown)

Malicious insiders and miscellaneous incidents
- Hackers send offensive, sexual messages to Chicago suburban school districts (unknown)
- ‘Beyond troubling’ emails sent from hacked teacher’s account (1)
- South African firm Absa accuses employee of leaking customer data (unknown)
In other news…
- Don’t pay ransom on the promise your data will be deleted, because it won’t be
- Almost 11 million patients impacted by Blackbaud incident – and still counting
- Ticketmaster fined £1.25 million after customers’ payment card details breached
- Consumer watchdog hacks a Tesla to prove dangers of wirelessly connected cars
No Responses