The Weeks in Cyber Security and Data Privacy: 18 – 31 December 2023

Welcome to a new year! Following our Christmas break, we’re rounding up two weeks’ worth of the biggest and most interesting news stories.

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks.

We’ll also soon publish our 2023 review of publicly disclosed incidents and records known to be breached across the year, as well as our quarterly report, so keep an eye on our blog.


Publicly disclosed data breaches and cyber attacks: in the spotlight

Unprotected Real Estate Wealth Network database exposes more than 1.5 billion records

The security researcher Jeremiah Fowler discovered an unprotected database exposing more than 1.5 billion records containing property ownership data related to millions of people. The logging records indicated that the files belonged to the New York-based company Real Estate Wealth Network. Fowler contacted the company, which secured the database.

According to Fowler, the exposed data included information on property owners, sellers, investors, internal user logging data, and more. The property owners allegedly included numerous celebrities, whose street address; purchase price and date; mortgage company; mortgage loan amount; tax ID numbers; taxes owed, paid or due; and other information was available.

Data breached: 1,523,776,691 records.

TuneFab exposes more than 151 million records via misconfigured database

TuneFab – a platform that converts music from popular streaming platforms, including Spotify, Apple Music, YouTube and Audible, to other formats – has exposed more than 151 million data records, including users’ IP addresses, user area, user IDs, emails and device information.

The security researcher Bob Diachenko identified the leak in September and contacted TuneFab, which fixed the misconfiguration within 24 hours.

Data breached: >151,000,000 records.

Dori Media Group allegedly had more than 100 TB of data exfiltrated

The MalekTeam Group claims to have destroyed more than 100 TB of data from Dori Media Group, an international group of media companies in Israel, Switzerland, Argentina, Spain and Singapore. The group is threatening to leak the exfiltrated data.

Data breached: >100 TB.


Publicly disclosed data breaches and cyber attacks: full list

The past two weeks, we’ve found 2,038,302,060 records known to be compromised, and 796 organisations suffering a newly disclosed incident. 710 of them are known to have had data exfiltrated, exposed or breached. Only 5 definitely haven’t had data breached.

We’ve also found 50 organisations providing a significant update on a previously disclosed incident.

Organisation nameSectorLocationData exfiltrated?Known records breached
Real Estate Wealth Network
Source 1; source 2
(New)
Real estateUSAUnknown1,523,776,691
TuneFab
Source
(New)
SoftwareHong KongUnknown>151,000,000
Dori Media Group
Source
(New)
MediaIsraelYes>100 TB
Rosvodokanal
Source
(New)
UtilitiesRussiaYes50 TB breached; 1.5 TB exfiltrated
Comcast Cable Communications, LLC (Xfinity)
Source 1; source 2
(New)
TelecomsUSAYes35,879,455
Tecnoquadri Srl
Source
(New)
ManufacturingItalyYes33,000,000
Asia Insurance Co.
Source 1; source 2
(New)
InsuranceIranYes26,000,000
Snappfood
Source 1; source 2
(New)
SoftwareIranYes>20,000,000
Alborz Insurance Company
Source 1; source 2
(New)
InsuranceIranYes19,500,000
Dana Insurance
Source 1; source 2
(New)
InsuranceIranYes15,500,000
Razi Insurance Company
Source 1; source 2
(New)
InsuranceIranYes11,000,000
Atieh Insurance
Source 1; source 2
(New)
InsuranceIranYes11,000,000
Moallem Insurance Co.
Source 1; source 2
(New)
InsuranceIranYes10,000,000
Saman Insurance
Source 1; source 2
(New)
InsuranceIranYes9,800,000
Day Insurance
Source 1; source 2
(New)
InsuranceIranYes8,700,000
Novin Insurance
Source 1; source 2
(New)
InsuranceIranYes7,400,000
Kowsar Insurance
Source 1; source 2
(New)
InsuranceIranYes7,000,000
IranMoein Insurance Company
Source 1; source 2
(New)
InsuranceIranYes6,100,000
Sina Insurance
Source 1; source 2
(New)
InsuranceIranYes6,000,000
Karafarin Insurance Company
Source 1; source 2
(New)
InsuranceIranYes5,000,000
Mihan Insurance
Source 1; source 2
(New)
InsuranceIranYes5,000,000
INTEGRIS Health
Source 1; source 2
(New)
HealthcareUSAYes4,674,000
St Vincent’s Health Australia
Source 1; source 2
(New)
HealthcareAustraliaYes>3,000,000
Ohio Lottery
Source 1; source 2
(New)
LeisureUSAYes>3,000,000
Arman Insurance
Source 1; source 2
(New)
InsuranceIranYes3,000,000
Bharat Sanchar Nigam Limited
Source
(New)
TelecomsIndiaYes2,900,000
MA Insurance Company
Source 1; source 2
(New)
InsuranceIranYes2,800,000
Parsian Insurance
Source 1; source 2
(New)
InsuranceIranYes2,700,000
ESO
Source
(New)
SoftwareUSAYes2,700,000
CIE Automotive
Source
(New)
ManufacturingSpainYes2.6 TB
Yale New Haven Health
Source
(New)
HealthcareUSAYes1,930,870
Sarmad Insurance
Source 1; source 2
(New)
InsuranceIranYes1,8000,000
Taavon Insurance
Source 1; source 2
(New)
InsuranceIranYes1,600,000
Tejarat Insurance
Source 1; source 2
(New)
InsuranceIranYes1,500,000
Xeinadin Group
Source
(New)
FinanceUKYes1.5 TB
LoanCare (Fidelity National Financial)
Source
(New)
FinanceUSAYes1,316,938
Insomniac Games (Sony)
Source 1; source 2
(Update)
SoftwareUSAYes1,300,000
United Network for Organ Sharing
Source 1; source 2
(New)
HealthcareUKUnknown1,200,000
Unknown organisation(s)
Source
(New)
UnknownUnknownYes1,169,843
Israel Electric Corporation
Source
(New)
UtilitiesIsraelYes1 TB
Corewell Health
Source
(New)
HealthcareUSAYes1,000,000
Ateam Inc.
Source 1; source 2
(New)
SoftwareJapanUnknown  935,779
Transformative Healthcare (Fallon Ambulance Service)
Source
(New)
HealthcareUSAYes911,757
Ubisoft
Source 1; source 2
(New)
SoftwareFranceYes900 GB
BITMAIN
Source
(New)
BlockchainChinaYes812,000
ASA Holidays
Source
(New)
LeisureSingaporeYes736 GB
GDI Integrated Facility Services
Source
(New)
Professional servicesCanadaYes700 GB
Goyzer
Source
(New)
SoftwareUAEUnknown690,000
Orrick, Herrington & Sutcliffe LLP
Source
(Update)
LegalUSAYes637,620
Smulders
Source
(New)
ConstructionBelgiumYes>600 GB
The Webb Law Firm
Source
(New)
LegalUSAYes578 GB
WKW.automotive
Source
(New)
ManufacturingGermanyYes575 GB
Auto Handel Puławy
Source
(New)
RetailPolandYes>505,000
American Alarm and Communications, Inc.
Source 1; source 2
(New)
Professional servicesUSAYes504 GB
PC Market
Source
(New)
RetailUzbekistanYes>500,000
Omid Insurance Company
Source 1; source 2
(New)
InsuranceIranYes500,000
Electrical Connections
Source
(New)
ManufacturingAustraliaYes465 GB
The Retina Group of Washington
Source
(New)
HealthcareUSAYes455,935
PriceSmart
Source 1; source 2
(New)
RetailUSAYes420 GB
Bay Orthopedic & Rehabilitation Supply Co. Inc.
Source
(New)
ManufacturingUSAYes>400 GB
Hafez Insurance Co.
Source 1; source 2
(New)
InsuranceIranYes400,000
Unknown Malaysian organisation(s)
Source
(New)
UnknownMalaysiaYes335,000
Di Martino Group
Source
(New)
TransportItalyYes320 GB
Charisma Life Insurance Co.
Source 1; source 2
(New)
InsuranceIranYes300,000
Coop Sverige
Source 1; source 2; source 3
(New)
RetailSwedenYes257 GB
GAV Systems Group
Source
(New)
IT servicesIsraelYes>250,000
NIDEC GPM Group
Source
(New)
ManufacturingGermanyYes246 GB
Quaker Windows & Doors
Source
(New)
RetailUSAYes233 GB
PBS Systems
Source
(New)
SoftwareCanadaYes202 GB
Universidad Quindío
Source 1; source 2
(Update)
EducationColumbiaYes200,000
Bunker Hill Community College
Source
(New)
EducationUSAYes195,588
United Nations Security Council
Source
(New)
DefenceUSAYes188,000
Blink Mobility (Blink Charging)
Source
(New)
TransportUSAUnknown181,000
Tridon Australia
Source
(New)
RetailAustraliaYes175 GB
Hunter Buildings
Source
(New)
ConstructionUSAYes166 GB
Bachoco
Source
(New)
ManufacturingMexicoYes130 GB
HealthEC, LLC and MD Value Care
Source
(New)
IT services and healthcareUSAYes112,005
Navigation Financial Group
Source
(New)
FinanceUSAYes111 GB
National Nail
Source
(New)
ManufacturingUSAYes111 GB
DBM Group
Source
(New)
Professional servicesUSAYes110 GB
Staffing service company contracted to the Ministry of Economy, Trade and Industry
Source
(New)
Professional services and publicJapanYes110,000
Chuze Fitness
Source
(New)
LeisureUSAYes>100,000
Banco Promerica de la República Dominicana
Source 1; source 2
(New)
FinanceDominican RepublicYes>100 GB
Nissan Australia
Source 1; source 2
(Update)
RetailAustraliaYes100 GB
Yakult Australia Pty. Ltd.
Source 1; source 2
(New)
ManufacturingAustraliaYes95.19 GB
Bladen County Public Library
Source
(New)
PublicUSAYes85 GB
National Amusements
Source
(New)
LeisureUSAYes82,128
Enstar Group Limited
Source 1; source 2
(Update)
InsuranceUSAYes71,301
Kimco Staffing Services, Inc.
Source
(New)
Professional servicesUSAYes69,687
Vi Living
Source
(New)
HealthcareUSAYes61,425
Rockford Gastroenterology Associates
Source
(New)
HealthcareUSAYes56 GB
FranConnect
Source
(New)
SoftwareUSAYes56,000
Larlyn Property Management Ltd.
Source
(New)
Real estateCanadaYes54 GB
ACE Air Cargo
Source
(New)
TransportUSAYes52.6 GB
Universidad de La Punta
Source
(New)
EducationArgentinaYes47,562 (95,123 lines; probably half repeated)
Unfallkasse Thüringen
Source
(New)
InsuranceGermanyYes45 GB
Protektor24.ru
Source
(New)
RetailRussiaYes38,694
Richmont Graduate University
Source
(New)
EducationUSAYes37 GB
CBIZ KA
Source 1; source 2; source 3
(Update)
HealthcareUSAYes36,295
La Red Health Center
Source
(New)
HealthcareUSAYes35,602
Kinetic Leasing, Inc.
Source
(New)
FinanceUSAYes33.96 GB
ZONE SOFT
Source
(New)
SoftwarePortugalYes32 GB
Eye Physicians of Central Florida
Source 1; source 2
(Update)
HealthcareUSAYes31,189
Intervent Ltd
Source
(New)
RetailFinlandYes>30,537
Ultra Intelligence & Communications
Source
(New)
DefenceUSAYes30 GB
SmartTeck Next Ltd
Source
(New)
RetailUKYes29,000
University of Innsbruck
Source
(New)
EducationAustriaYes23,000
St. Lucie County Tax Collector’s Office
Source
(New)
PublicUSAYes22,403
Clay County Social Services and Next Chapter Technology (CaseWorks)
Source 1; source 2
(New)
Public and softwareUSAYes22,005
Estes Express Lines
Source
(New)
TransportUSAYes21,184
Bellin Health
Source 1; source 2
(New)
HealthcareUSAYes20,790
Scafos
Source
(New)
RetailDenmarkYes20,543
Ramailo
Source 1; source 2
(New)
SoftwareNepalYes>20,000
International Electronic Machines Corporation
Source
(New)
TransportUSAYes16 GB
AEON Philippines
Source
(New)
FinancePhilippinesYes>15.77 GB
ZOLL Medical Corporation
Source
(New)
ManufacturingUSAYes15,276
Karanganyar Regency
Source
(New)
PublicIndonesiaYes13,000
Bell Group
Source
(New)
Professional servicesUKYes9 GB
TTM Technologies
Source
(New)
ManufacturingUSAYes7,333
Citrin Cooperman
Source
(New)
Professional servicesUSAYes7,018
Mallinstal
Source
(New)
RetailRomaniaYes5,000
Universidad Nacional de Córdoba
Source
(New)
EducationArgentinaYes4,972
Rush System for Health
Source
(New)
HealthcareUSAYes4,961
Exactech
Source 1; source 2
(Update)
ManufacturingUSAYes4,230
ABNB Federal Credit Union
Source
(New)
FinanceUSAYes3,800
HORNE, Cal-Maine Foods, Inc. and Citizens National Bank
Source
(New)
Professional services, manufacturing and financeUSAYes3,538
Mountain Dermatology Specialists, PC
Source 1; source 2
(New)
HealthcareUSAYes2,705
College of the Canyons
Source
(New)
EducationUSAYes>2,400
Kenya Airways
Source
(New)
TransportKenyaYes2.12 GB
Helsinki and Uusimaa Hospital District
Source 1; source 2
(Update)
HealthcareFinlandYes“a few thousand”
EasyPark
Source 1; source 2
(New)
SoftwareEurope, including UKYes“thousands”
Garr Silpe, P.C.
Source
(New)
LegalUSAYes1,933
City Facilities Management (US) LLC
Source
(New)
Professional servicesUSAYes1,854
RevSpring and Waystar
Source
(New)
IT services and softwareUSANo1,706
BlueCross BlueShield of Tennessee
Source
(New)
InsuranceUSAYes1,665
Donald W. Wyatt Detention Facility
Source
(New)
PublicUSAYes1,454
Brunswick Corporation
Source
(New)
ManufacturingUSAYes1,400
Noteboom Law Firm
Source 1; source 2
(New)
LegalUSAYes1,297
Kirksey Architecture
Source 1; source 2
(New)
ConstructionUSAYes1,292
McCarthy Fingar LLP
Source
(New)
LegalUSAYes1,216
Spudnik Equipment Company LLC
Source
(New)
ManufacturingUSAYes1,164
Instron
Source
(New)
ManufacturingUSAYes1,059
Bauer Built
Source 1; source 2
(New)
ManufacturingUSAYes1,005
Servicio Nacional de Pesca y Acuicultura
Source
(New)
PublicChileYes1,004
Tungaloy-NTK America, Inc.
Source 1; source 2
(Update)
ManufacturingUSAYes912
Gobierno de la Provincia de Jujuy
Source
(New)
PublicArgentinaYes844 MB
Cumberland Advisors
Source
(New)
FinanceUSAYes805
HEICO
Source
(New)
ManufacturingUSAYes632
AccessDx Lab
Source
(New)
HealthcareUSAYes535
360 Physical Therapy
Source
(New)
HealthcareUSAYes520
CACI International Inc
Source
(New)
IT servicesUSAYes520
Cardiothoracic & Vascular Surgeons, PA
Source 1; source 2; source 3
(New)
HealthcareUSAYes500
The Pennsylvania School for the Deaf
Source
(New)
EducationUSAYes489
Ascentia Real Estate Holding Company, LLC
Source 1; source 2; source 3
(New)
Real estateUSAYes270
Blackstone Valley Community Health Care
Source
(New)
HealthcareUSAYes>116
Sabah State Government
Source 1; source 2
(New)
PublicMalaysiaYes109
Gnome Landscapes & Design
Source
(New)
Professional servicesUSAYes39
The Rowley Agency, LLC
Source
(New)
InsuranceUSAYes3
Ronald & Elizabeth Brent
Source
(New)
FinanceUSAYes2
One Albania, Eagle Mobile Sh.a and Air Albania
Source 1; source 2; source 3; source 4
(New)
Telecoms and transportAlbaniaYesUnknown
IPSEN LOGISTICS GmbH
Source
(New)
TransportAlgeriaYesUnknown
Bolsa de Cereales de Entre Ríos
Source
(New)
AgricultureArgentinaYesUnknown
CSM Ciencia al Servicio del Movimiento
Source
(New)
TransportArgentinaYesUnknown
Life Saving Victoria
Source
(New)
CharityAustraliaYesUnknown
Sterling Homes
Source
(New)
ConstructionAustraliaYesUnknown
Woollahra Libraries
Source
(New)
PublicAustraliaYesUnknown
Eagers Automotive Limited
Source 1; source 2; source 3
(New)
RetailAustraliaYesUnknown
SEACRET Australia (via Signature-IT)
Source 1; source 2
(Update)
RetailAustraliaYesUnknown
Richmond Windsor Taxis
Source
(New)
TransportAustraliaYesUnknown
Belarusian Telegraph Agency
Source 1; source 2
(New)
MediaBelarusYesUnknown
Prefeitura Municipal de Itabira
Source
(New)
PublicBrazilYesUnknown
Ontario Pork
Source
(New)
AgriculturalCanadaYesUnknown
CatalX CTS Ltd.
Source
(New)
CryptoCanadaYesUnknown
Owen Quilty Professional Corporation
Source
(New)
FinanceCanadaYesUnknown
Socadis
Source
(New)
ManufacturingCanadaYesUnknown
Enbridge Gas
Source
(New)
UtilitiesCanadaYesUnknown
Zurcher Odio & Raven
Source
(New)
LegalCosta RicaYesUnknown
CONTIMADE
Source
(New)
ManufacturingCzech RepublicYesUnknown
Concept Data A/S
Source
(New)
SoftwareDenmarkYesUnknown
CETEC Ingénierie
Source
(New)
ConstructionFranceYesUnknown
ESEPAC
Source
(New)
EducationFranceYesUnknown
CURVER (via Signature-IT)
Source 1; source 2
(Update)
ManufacturingFranceYesUnknown
Tecnifibre
Source
(New)
ManufacturingFranceYesUnknown
DYWIDAG
Source
(New)
ConstructionGermanyYesUnknown
International School of Management
Source
(New)
EducationGermanyYesUnknown
Katholische Hospital-vereinigung Ostwestfalen
Source 1; source 2
(New)
HealthcareGermanyYesUnknown
BKF Fleuren
Source
(New)
ManufacturingGermanyYesUnknown
GRAF (via Signature-IT)
Source 1; source 2
(Update)
ManufacturingGermanyYesUnknown
PARAT Technology GmbH + Co. KG
Source
(New)
ManufacturingGermanyYesUnknown
Schoepe Display GmbH
Source
(New)
Professional servicesGermanyYesUnknown
BlueBrixx
Source 1; source 2
(New)
RetailGermanyYesUnknown
443 online merchants
Source
(New)
UnknownGreece, Albania, Belgium, Bosnia and Herzegovina, Colombia, Croatia, Finland, Germany, Georgia, Hungary, Moldova, Netherlands, Poland, Romania, Spain, UK and USAYesUnknown
Neutronics Manufacturing Company
Source
(New)
ManufacturingIndiaYesUnknown
Shri Lakshmi Agro Foods Private Limited
Source
(New)
ManufacturingIndiaYesUnknown
Nearly 70% of Iran’s gas stations
Source
(New)
EnergyIranYesUnknown
Colleran Accountants
Source
(New)
FinanceIrelandYesUnknown
Levana Protocol
Source 1; source 2
(New)
BlockchainIsraelYesUnknown
Navitas Petroleum
Source
(New)
EnergyIsraelYesUnknown
RESERVED Israel, Carter’s | Oshkosh Israel, Toyota Israel, Carolina Lemke Israel, Toys R Us Israel, Brother Israel, ERCO LTD, Super-Pharm, Bconnect Technologies, SodaStream, BERMAD Israel, Lumenis, Zoko Enterprises, ICL Industrial Products, Maytronics, PALRAM Industries, TEFEN Flow and Dosing Technologies Ltd., TELDOR Cables & Systems Ltd., NaanDan (Rivulus), Scope Metals Group, Biopet ltd, Shefa Online, Techno-Rezef, Radware, MAX-Security Solutions Ltd., Israel Innovation Authority, Israel Securities Authority, The Academic College of Tel-Aviv–Yaffo, GS1 Israel, Udi Dagan Insurance Agency and Allot Ltd.
(All via Signature-IT)
Source 1; source 2; source 3
(Update)
Retail, manufacturing, transport, IT services, professional services, public, education, non-profit, insurance and telecomsIsraelYesUnknown
Telcoin
Source
(New)
BlockchainJapanYesUnknown
Abdali Hospital
Source 1; source 2
(New)
HealthcareJordanYesUnknown
Kaunas University of Technology
Source 1; source 2
(New)
EducationLithuaniaYesUnknown
LCGB
Source
(New)
Professional servicesLuxembourgYesUnknown
Consultores e Investigadores en Administración S.C.
Source
(New)
FinanceMexicoYesUnknown
Transportes Castores
Source
(New)
TransportMexicoYesUnknown
Walkro
Source
(New)
AgriculturalNetherlandsYesUnknown
Succes Schoonmaak
Source
(New)
Professional servicesNetherlandsYesUnknown
University of Ilorin
Source
(New)
EducationNigeriaYesUnknown
Okada Manila
Source 1; source 2
(Update)
HospitalityPhilippinesYesUnknown
Zamfirescu Racoți Vasile & Partners
Source
(New)
LegalRomaniaYesUnknown
Elektroprivreda Srbije
Source 1; source 2
(New)
EnergySerbiaYesUnknown
DESign Group
Source
(New)
ManufacturingSouth AfricaYesUnknown
Avesco Rent SA
Source
(New)
ManufacturingSwitzerlandYesUnknown
Brintons
Source
(New)
ManufacturingUKYesUnknown
Denford Limited
Source
(New)
ManufacturingUKYesUnknown
Golden Coast (Pollet Pool Group)
Source
(New)
ManufacturingUKYesUnknown
Jon Richard
Source
(New)
RetailUKYesUnknown
State Service of Maritime and River Transport of Ukraine
Source
(New)
PublicUkraineYesUnknown
Fager-McGee Commercial Construction, Inc.
Source
(New)
ConstructionUSAYesUnknown
Integrated Geotechnical Solutions, Inc.
Source
(New)
ConstructionUSAYesUnknown
WELBRO Building Corporation
Source
(New)
ConstructionUSAYesUnknown
Thunder (thunder.gg)
Source
(New)
CryptoUSAYesUnknown
Milton Town School District
Source 1; source 2
(New)
EducationUSAYesUnknown
Armstrong Consultants
Source
(New)
EngineeringUSAYesUnknown
JAE Oregon
Source
(New)
EngineeringUSAYesUnknown
Recology
Source 1; source 2
(New)
EnvironmentalUSAYesUnknown
Colony Family Offices
Source 1; source 2
(New)
FinanceUSAYesUnknown
ML & CO
Source
(New)
FinanceUSAYesUnknown
Sharonview Federal Credit Union
Source 1; source 2
(New)
FinanceUSAYesUnknown
The Middlefield Banking Company
Source 1; source 2
(New)
FinanceUSAYesUnknown
Fresno Surgical Hospital
Source
(New)
HealthcareUSAYesUnknown
Liberty Hospital
Source
(New)
HealthcareUSAYesUnknown
Meridian Behavioral Healthcare, Inc.
Source 1; source 2
(New)
HealthcareUSAYesUnknown
NYBRA Plastic Surgery
Source
(New)
HealthcareUSAYesUnknown
OptumRx
Source
(New)
HealthcareUSAYesUnknown
ThedaCare
Source
(New)
HealthcareUSAYesUnknown
Valley Health System
Source
(New)
HealthcareUSAYesUnknown
Olde Towne Pet Resorts
Source
(New)
HospitalityUSAYesUnknown
Orchard Foods
Source
(New)
HospitalityUSAYesUnknown
Dentegra Insurance Company
Source 1; source 2
(New)
InsuranceUSAYesUnknown
DataNet Systems Corporation
Source
(New)
IT servicesUSAYesUnknown
Cullman County Courthouse
Source 1; source 2
(New)
LegalUSAYesUnknown
Davis, Cedillo & Mendoza, Inc.
Source
(New)
LegalUSAYesUnknown
Kaufman Borgeest & Ryan LLP
Source
(New)
LegalUSAYesUnknown
Richard Harris Law Firm
Source
(New)
LegalUSAYesUnknown
Wolf Haldenstein Adler Freeman & Herz LLP
Source
(New)
LegalUSAYesUnknown
C.M. Paula Company
Source
(New)
ManufacturingUSAYesUnknown
Delphinus Engineering, Inc.
Source
(New)
ManufacturingUSAYesUnknown
Packaging Solutions, Inc.
Source
(New)
ManufacturingUSAYesUnknown
Panasonic Avionics Corporation
Source
(Update)
ManufacturingUSAYesUnknown
Peco Foods, Inc.
Source
(New)
ManufacturingUSAYesUnknown
Qorvo, Inc.
Source
(New)
ManufacturingUSAYesUnknown
Viking Therapeutics, Inc.
Source 1; source 2
(New)
ManufacturingUSAYesUnknown
Vyera Pharmaceuticals, LLC
Source
(New)
ManufacturingUSAYesUnknown
Waldner’s Business Environments
Source
(New)
ManufacturingUSAYesUnknown
Whitlam Group
Source
(New)
ManufacturingUSAYesUnknown
Employ Milwaukee
Source
(New)
Professional servicesUSAYesUnknown
Unite Here
Source
(New)
Professional servicesUSAYesUnknown
Lake County Health Department and Community Health Center
Source
(New)
PublicUSAYesUnknown
Pickens County, SC
Source
(New)
PublicUSAYesUnknown
Security 1st Title
Source
(New)
Real estateUSAYesUnknown
RCSB Protein Data Bank
Source
(New)
ResearchUSAYesUnknown
Horizon Spa & Pool Parts, Inc.
Source
(New)
RetailUSAYesUnknown
La Jolla Group
Source
(New)
RetailUSAYesUnknown
Xerox
Source
(New)
RetailUSAYesUnknown
DOB Systems
Source
(New)
SoftwareUSAYesUnknown
Mint Mobile
Source
(New)
TelecomsUSAYesUnknown
Oradell Animal Hospital
Source
(New)
VeterinaryUSAYesUnknown
Ace Hardware Corporation, Berkshire eSupply, Iscar Metals and SpaceX
(All via Signature-IT)
Source 1; source 2
(Update)
Retail and manufacturingUSAYesUnknown
Binance
Source
(New)
CryptoUnknownYesUnknown
Bundes-ministerium für Arbeit und Wirtschaft
Source
(New)
PublicAustriaUnknownUnknown
oesterreich.gv.at
Source
(New)
PublicAustriaUnknownUnknown
Österreichische Beteiligungs AG
Source
(New)
PublicAustriaUnknownUnknown
A1 Telekom Austria Group
Source
(New)
TelecomsAustriaUnknownUnknown
Balkan Investigative Reporting Network
Source
(New)
MediaBosnia and HerzegovinaUnknownUnknown
Kitco Metals Inc.
Source
(New)
FinanceCanadaUnknownUnknown
Special Jurisdiction for Peace
Source
(New)
LegalColumbiaUnknownUnknown
Zewail City of Science and Technology
Source
(New)
EducationEgyptUnknownUnknown
Kuvempu University
Source 1; source 2
(New)
EducationIndiaUnknownUnknown
HCLTech
Source 1; source 2
(New)
IT servicesIndiaUnknownUnknown
Madhya Pradesh’s e-Nagarpalika portal
Source
(New)
IT servicesIndiaUnknownUnknown
Bharatiya Janata Party
Source
(New)
PublicIndiaUnknownUnknown
BMW Kun Exclusive
Source
(New)
RetailIndiaUnknownUnknown
Automatic storage retrieval system at Western Railway’s Lower Parel workshop
Source
(New)
TransportIndiaUnknownUnknown
Fanavaran
Source
(New)
IT servicesIranUnknownUnknown
Azienda USL di Bologna
Source
(New)
HealthcareItalyUnknownUnknown
Petrojam Limited
Source
(New)
EnergyJamaicaUnknownUnknown
inwi
Source
(New)
TelecomsMoroccoUnknownUnknown
Hospital El Maestro
Source
(New)
HealthcarePuerto RicoUnknownUnknown
Evotor
Source
(New)
ManufacturingRussiaUnknownUnknown
Bitrix24
Source
(New)
SoftwareRussiaUnknownUnknown
Saudi Central Bank – SAMA
Source
(New)
FinanceSaudi ArabiaUnknownUnknown
Comtrade Group
Source
(New)
IT servicesSerbiaUnknownUnknown
YG Entertainment
Source
(New)
LeisureSouth KoreaUnknownUnknown
Rajamangala University of Technology Tawan-ok
Source
(New)
EducationThailandUnknownUnknown
The National Insurance Board of Trinidad and Tobago
Source
(New)
InsuranceTrinidad and TobagoUnknownUnknown
Trabzon Üniversitesi
Source
(New)
EducationTurkeyUnknownUnknown
United Arab Bank
Source
(New)
FinanceUAEUnknownUnknown
24 Media Studies
Source
(New)
MediaUAEUnknownUnknown
Darent Valley Hospital
Source
(New)
HealthcareUKUnknownUnknown
Travel South Yorkshire
Source
(New)
TransportUKUnknownUnknown
Blaine County School District
Source
(New)
EducationUSAUnknownUnknown
First American
Source
(New)
FinanceUSAUnknownUnknown
Anna Jaques Hospital
Source
(New)
HealthcareUSAUnknownUnknown
SiriusXM
Source
(New)
LeisureUSAUnknownUnknown
Tarrytown Expocare Pharmacy
Source
(New)
ManufacturingUSAUnknownUnknown
Michigan Department of Transportation (Charlevoix)
Source
(New)
PublicUSAUnknownUnknown
Washington County
Source
(New)
PublicUSAUnknownUnknown
Downfall (Steam Standalone)
Source
(New)
SoftwareUSAUnknownUnknown
Microsoft OneDrive
Source
(New)
SoftwareUSAUnknownUnknown
Pinterest
Source
(New)
SoftwareUSAUnknownUnknown
Twitch
Source
(New)
SoftwareUSAUnknownUnknown
Vietnam Electricity
Source
(New)
UtilitiesVietnamUnknownUnknown
More than 40 banks
Source
(New)
FinanceNorth America, South America, Europe and JapanUnknownUnknown
Rioat Apps (Clash Base Designer)
Source
(New)
SoftwareUnknownUnknownUnknown
Urban primary health centres in Bharathipuram, Old Washermenpet and Harinaraya-napuram
Source
(New)
HealthcareIndiaNoUnknown
Parliament of Albania
Source
(New)
PublicAlbaniaNo0
Ryanair
Source
(New)
TransportIrelandNo0
CHI Memorial
Source
(New)
HealthcareUSANo0
LNP Media Group
Source
(New)
MediaUSANo0
Small Press Distribution
Source 1; source 2
(New)
RetailUSANo0

Note: ‘New’/‘Update’ in the first column refers to whether this breach was first publicly disclosed this fortnight, or whether a significant update was released this fortnight. The updated data point is italicised in the table.


AI

New ISO 42001 standard on artificial intelligence management systems

ISO has published the world’s first AIMS (artificial intelligence management system) standard, ISO/IEC 42001:2023 – Information technology – Artificial intelligence – Management system. The Standard aims to help organisations derive value from AI safely and efficiently. UKAS (the UK’s national accreditation body) is inviting certification bodies to express an interest in certifying organisations against ISO 42001.

NIST seeks information to support response to Executive Order on AI

NIST has issued a request for information to help it meet its responsibilities under the recent Executive Order on Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. Responses will be accepted until 2 February.

OpenAI patches ChatGPT vulnerability

OpenAI has fixed a data exfiltration bug in ChatGPT, although Johann Rehberger, the researcher who discovered the vulnerability last April, says attackers can still exploit it under certain conditions. The fix is also yet to be implemented on the iOS mobile app, which remains at risk.

Enforcement

FBI develops ALPHV/BlackCat ransomware decryption tool

The US Justice Department has announced a disruption campaign against the prolific APLHV/BlackCat ransomware group, including a decryption tool developed by the FBI. The FBI has so far used the tool to help more than 500 ALPHV/BlackCat victims restore their systems, saving them approximately $68 million in potential ransom payouts.

FCC adopts updated data breach notification rules

The Federal Communications Commission has adopted an update to its 16-year-old data breach notification rules for telecoms, interconnected VoIP (Voice over Internet Protocol) and TRS (telecoms relay services) providers. Phone companies are now accountable for protecting sensitive customer information, and customers can protect themselves if their data is compromised.

INTERPOL Operation HAECHI IV disrupts international online financial crime operation

A multinational police operation in 34 countries, Operation HAECHI IV, blocked 82,112 suspicious bank accounts, seizing a combined $199 million in hard currency and $101 million in virtual assets, and made nearly 3,500 arrests.


Other news

Tallinn Mechanism established to bolster Ukraine’s cyber security

The foreign ministries of Canada, Denmark, Estonia, France, Germany, the Netherlands, Poland, Sweden, the UK and the USA have formalised the Tallinn Mechanism, which aims to coordinate and facilitate civilian cyber capacity building to help Ukraine uphold its fundamental right to self-defence in cyber space, and address longer-term cyber resilience needs.

CISA announces update to cyber threat information sharing

CISA has announced that it is modernising its approach to cyber threat information sharing. It has identified three key areas of progress, including launching threat intelligence enterprise services to simplify information sharing.

ICO updates BCR guidance

The ICO has updated its guide to using BCRs (binding corporate rules) to provide appropriate safeguards when making restricted transfers of personal data within multinational corporate groups. The updated guidance includes details about the new UK BCR Addendum.


Key dates

4 January 2024 – Google starts testing its Tracking Protection feature to block third-party cookies in Chrome

Google is testing a system designed to block third-party cookies by default in the Chrome browser, with the aim of phasing out third-party cookies for all users by the second half of the year. The test will affect 1% of Chrome’s global users, with participants selected randomly. Meanwhile, the latest update to Google Maps will store users’ location history locally on their devices rather than in the Cloud. Among other effects, this will make it harder for law enforcement authorities to access users’ locations with so-called “geofence warrants”.


That’s it for this round-up. We hope you found it useful.

We’ll be back next week with the biggest and most interesting news stories, all rounded up in one place.

In the meantime, if you missed it, check out our previous round-up. Alternatively, you can view our full archive.