date
victim
Summary
Terrible player
business impact
Source link
May 1, 2023
T-Mobile discloses second data breach since early 2023.
Unknown
This incident affected 836 T-Mobile customers and it is believed that threat actors gained access to their sensitive personal information.
May 2, 2023
Child mental health therapist bright line
Brightline data breach affects 783K children’s mental health patients
Clop Ransomware
Children’s mental health provider Brightline is warning patients that it suffered a data breach that affected 783,606 people. A ransomware gang has allegedly stolen data using a zero-day vulnerability in its secure file sharing platform Fortra GoAnywhere MFT.
Brightline Children’s Healthcare Provider Data Breach Incident
May 8, 2023
Cyber security company Dragos
The cyber security company Dragos discloses a cyber security incident, an extortion attempt
Not delivered
The hackers gained access to the company’s SharePoint cloud service and contract management system and gained access by compromising the personal email address of a new sales employee before their start date. They then used their personal information to impersonate a Dragos employee and perform initial steps in the employee onboarding process. After breaching Dragos’ SharePoint cloud platform, the attackers downloaded “general usage data” and accessed 25 Intel reports that were normally only available to customers.
May 9, 2023
Food distribution giant Cisco
Food distribution giant Sysco warns of data breach after cyber attack
Unknown
The data breach affected 126,243 people whose names and other personal identifiers were exposed along with social security numbers. The investigation determined that the threat actor extracted certain company data, including data related to business operations, customers, employees and personal data. The Company believes that the employee data stolen from its systems during the breach is a combination of the following: Personal information provided to Sysco for payroll purposes, including name, social security number, account numbers or similar information.
May 10, 2023
Seoul National University Hospital (SNUH)
North Korean hackers broke into a major hospital in Seoul to steal data
Kimsuky’s hacking group (probably)
The cyber attack exposed the data of 831,000 people, most of them sick and 17,000 of the affected people were current and former employees.
May 11, 2023
American technology company and subsidiary of Siemens Brightly software
Clearly warns against SchoolDude data breach exposing credentials
Unknown
This security incident affected an account on Brightly Software’s SchoolDude app (schooldude.com), an online platform used by educational institutions to perform and track maintenance work orders, because the incident involved an unauthorized actor obtaining certain account information from SchoolDude’s user database. The company believed the threat actors stole customer account information, including names, email addresses, account passwords, phone numbers (when available), and school district names.
May 12, 2023
The car location data of 2 million customers was apparently exposed over ten years
Human error (misconfiguration of the cloud environment)
A data breach allegedly exposed the car location details of 2,150,000 customers over ten years. The incident exposed information of customers who used the company’s T-Connect G-Link, G-Link Lite or G-BOOK services between January 2, 2012 and April 17, 2023.
May 12, 2023
Discord reveals data breach after support agent hacked
Unknown
In this attack, the account of a third-party support agent was compromised. The breach exposed the agent’s support ticket queue, which contained user email addresses, messages exchanged with Discord support, and any attachments sent as part of tickets.
May 12, 2023
Latvian airline accidentally discloses passenger information to others due to ‘technical error’
Technical error
Due to a technical error, the booking details of some of its passengers were revealed to other AirBaltic passengers. The information disclosed may have included passengers’ full names, dates of birth, email addresses, etc.
May 12, 2023
Luxottica confirms data breach for 2021 after information on 70 million leaks online
An unknown hacking group using the title Sin (GOD) on the Viper forums
Threat actors leaked previously stolen data containing 305 million rows (records), 74.4 million unique email addresses, and 2.6 million unique domain addresses.
May 16, 2023
US Department of Transportation (USDOT)
The data of 237,000 US government employees was apparently breached
Unknown
The personal information of 237,000 current and former federal government employees was exposed in a data breach at the US Department of Transportation (USDOT).
May 19, 2023
The M&S Pension Scheme and the Diageo Pension Scheme
M&S and Diageo pension schemes hit by Capita cyber attack
Unknown
Capita has warned the pension schemes of Marks and Spencer, Diageo, Unilever and Rothesay that their members’ personal data was stolen by hackers during a cyber attack at the UK outsourcing provider.
May 22, 2023
Apria Healthcare claims 2 million people affected by IT security breach
Unknown
Personal and financial data describing nearly 1.9 million patients and employees of Apria Healthcare may have been accessed by criminals who broke into the company’s networks over several months in 2019 and 2021.
May 22, 2023
Mazars Group was allegedly hacked by BlackCat cyber crooks
The BlackCat group is a traitor
Russian-linked ransomware syndicate ALPHV/BlackCat claims to have stolen sensitive data from Mazars Group. A post on the gang’s dark web blog says cybercriminals accessed over 700GB of data, including contracts, financial records and other sensitive information.
May 22, 2023
The car supplier Gentex
Gentex confirms data breach by Dunghill ransomware gang
Dunghill ransomware gang
The ransomware gang released 5 TB of sensitive corporate data, reportedly including emails, customer documents and personal data of about 10,000 Gentex employees, such as social security numbers.
May 23, 2023
scheming
Zivame data breach: 1.5 million users’ personal information on sale for $500
Unknown
Hackers have put personal details of 1.5 million users of e-commerce retailer Zivame, mostly women, up for sale online for just $500 in cryptocurrency.
The details include personal information such as names, email, phone numbers and customer addresses.
May 23, 2023
Harvard Pilgrim
Harvard Pilgrim says customer information was compromised in a cyber attack
Unknown
The company said information was taken from Harvard Pilgrim’s systems from March 28 to April 3, including names, addresses, social security numbers, taxpayer identification numbers, and medical and history information.
May 24, 2023
Edor Worthing Council
Edor and Worthing council contractor in a data breach
Unknown
The personal information of about 100 people could have been leaked in the data breach.
May 24, 2023
NT patient health
Thousands of identifiable NT patient health files sent to overseas software vendor in government data breach
human mistake
The Northern Territory government breached the privacy of thousands of public health patients by sending de-identified medical records to a software provider with offices in Europe, South America and China.
May 26, 2023
Report: ‘Massive’ Tesla leak reveals data breaches, thousands of safety complaints
a whistleblower
According to Germany’s Handelsblatt, Tesla failed to adequately protect data from customers, employees and business partners and received thousands of customer complaints regarding the automaker’s driver assistance system. A whistleblower leaked 100 gigabytes of confidential data including tables containing more than 100,000 names of former and current employees. The data also allegedly contains the social security number of Tesla CEO Elon Musk, along with private email addresses, phone numbers, employee salaries, customer bank details and confidential production details.
