In November, we discovered 81 publicly disclosed cyber security incidents, accounting for 223,615,390 breached records.
With one month left in 2021, the annual total running total of compromised records is to just shy of 5 billion.
Keep an eye out for our end-of-year report in the next few weeks, where we’ll break down the findings of these lists – or subscribe to our Weekly Round-up to get the latest news sent straight to your inbox.
In the meantime, you can find the full list of security incidents below, with those affecting UK organisations listed in bold.
Contents
Cyber attacks
- Labour Party discloses cyber attack, members’ data stolen (unknown)
- Hackers leak Kent school files in ‘highly sophisticated’ cyber attack (unknown)
- Angling Direct website hit by cyber attack (unknown)
- The Martin County Tax Collector suffers cyber attack (unknown)
- National University of Singapore Society members’ data stolen (1,355)
- Domaining.com reports security incident (unknown)
- Cyber attack knocks Ohio County Library computers offline (unknown)
- Jukin Media hacked and data dumped (unknown)
- JEV Plastic Surgery & Medical Aesthetics notifies patients of malware incident (unknown)
- Cyber attack hits multiple Greek shipping firms (unknown)
- Black Shadow hackers leak medical records of Israeli patients (290,000)
- US defence fcontractor Electronic Warfare Associates discloses security incident (unknown)
- Desert Pain Institute notifies individuals of data security incident (unknown)
- Healthcare tech services company QRS discovers cyber attack (319,788)
- New York Psychotherapy and Counseling Center discloses security incident (unknown)
- Queensland water supplier Sunwater targeted by hackers (unknown)
- Robinhood security breach exposes data on users (7 million)
- Hackers nab personal data from Eastern Health and Labrador-Grenfell Health regions (unknown)
- Waikato DHB warned a cyber attack ‘catastrophic for patient safety’ (unknown)
- Southern Ohio Medical Center hit by cyber attack (unknown)
- HPE says hackers breached Aruba Central using stolen access key (unknown)
- Rideau Valley Health Centre service disrupted due to ‘cyber security incident’ (unknown)
- Turkish firm MNG Kargo hacked (unknown)
- Customers of RedDoorz hotel booking site leaked in Singapore’s largest security incident (5.9 million)
- Indonesia probe police hack in latest cyber breach (28,000)
- California Pizza Kitchen spills employees’ Social Security numbers (100,000)
- Iran’s Mahan Air says it has foiled a cyber attack (unknown)
- Danish wind turbine giant Vestas confirms data breach (unknown)
- Astoria notifying consumers after breach earlier this year (940,000)
- Personal data of Singapore’s S&R shopping members compromised in cyber attack (22,000)
- Bureau Veritas hit by cyberattack on cyber security system (unknown)
- Headwaters Health Care Center confirms cyber security incident (unknown)
- Panasonic discloses four-months-long security incident (unknown)
- IKEA battling reply-chain phishing attack (unknown)
- Conveyance firm Simplify hit by cyber attack (unknown)
- Cyber attack turns off the taps at Barcelona’s Damm brewery (unknown)
- MCH Group warns of possible data breach after criminal cyber attack (unknown)
- MediaMarkt victim of international cyber attack (unknown)
- DNA Diagnostics Center notifying those affected by security incident (2 million)
If you find yourself facing a cyber security disaster, IT Governance is here to help. Our Cyber Incident Response service provides the help you need to deal with the threat, as our experts guide you through the recovery process.
They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.
Ransomware
- Community Medical Centers, Inc. hit by ransomware (656,047)
- Las Vegas Cancer Center suffers ransomware attack (3,000)
- Lister fertility clinic patients and other medical practices compromised by ransomware attack on third-party vendor (1,700)
- Episcopal Retirement Services suffered two ransomware attacks in a one-month period (4,133)
- Spotswood Public Schools notifying those impacted by a ransomware incident (424)
- Beaverhead County High School in Montana hit by ransomware (unknown)
- Supernus Pharmaceuticals targeted in ransomware incident (unknown)
- Several Quad-Cities municipalities have fallen victim to cyber attacks (unknown)
- Swire Pacific Offshore reports cyber attack (unknown)
- Ransomware attack shuts down Lewis & Clark Community College (unknown)
- Centara Hotels & Resorts hit within ten minutes after recovering from first ransomware attack (unknown)
- Ottawa’s French public school board paid hackers a ransom following ransomware attack (unknown)
- Medsurant Health discloses ransomware incident, but not yet notifying patients (45,000)
Data breaches
- Doctor is sued after terminal diagnosis of mum is sent to stranger’s email (1)
- Patient records destroyed after data breach at former care home (unknown)
- Dorset Council suspected data breach to be investigated (unknown)
- Urban Resource Institute in New York City finally discloses data breach (16,003)
- Brittany Ferries admits that leaks caused by routine website update (unknown)
- Popular adult cam chat exposed users’ data (200 million)
- GoDaddy security breach exposed WordPress data of users (1.2 million)
- More web hosting servers hit by data leak (unknown)
- Alberta Health says privacy breach possible on province’s vaccine passport website (12)
- Kentucky Energy and Environment Cabinet announces data security breach (unknown)
- Bay Village school district accidentally releases students’ personal info (unknown)
- Sonoma County residents exposed during data breach (1,300)
- Data breach at New Mexico healthcare business impacts state residents (62,000)
- Maxim Healthcare Group reports data breach (unknown)
- Data breach at US healthcare provider Viverant PT (6,500)
- Data breach hits upmarket retailer S&R (22,000)
Financial information
- Widely-used DeFi protocol bZx loses $55 million in cyber attack (unknown)
- Evanston Township High School defrauded of $48,570 in hack (1,139)
- Hackers plant card-stealing malware on website that sells baron and duke titles (unknown)
- Costco discloses data breach after finding card skimmer at one of its stores (unknown)
Malicious insiders and miscellaneous incidents
- Sky routers exposed to takeover attacks for 17 months (6 million)
- Former UK doctor sentenced for unauthorized access to computer material (2,000)
- Box of medical records ends up on Gastonia man’s doorstep (unknown)
- Activists leak 600 hours of mostly Dallas police helicopter footage (unknown)
- Personal records found tossed on floor at Old Pulaski Middle School (unknown)
- Little Rock officer arrested for ‘unauthorized access’ of personal information (unknown)
- Huntington Hospital discloses insider criminal breach after law enforcement lifts delay on notice (unknown)
In other news…
- Are monetary penalties really a deterrent to data protection violations if few companies actually pay up?
- INTERPOL-led operation takes down prolific cyber crime ring
- Congress mulls ban on big ransom payouts unless victims get official say-so
