Welcome to our latest monthly review of data breaches and cyber attacks. We discovered 80 security incidents in April, resulting in 14,329,785 compromised records.
You can find the full list of data breaches below, with incidents affecting UK organisations listed in bold.
Cyber attacks
- The Works forced to close shops after cyber attack (unknown)
- British Army’s online recruitment portal has been offline for more than a month following a data breach (100)
- Connecticut’s Bradley Airport website hit by DDoS (unknown)
- Cyber attack on the Russian Federal Air Transport Agency wipes 65TB of data (unknown)
- Anonymous claims it hacked Russian Orthodox Church (57,500)
- China accused of hacking Ukraine days before Russian invasion (unknown)
- Vietnamese bank accounts targeted by phishing attackers (unknown)
- Hackers breach MailChimp’s internal tools to target crypto customers (unknown)
- Taylor Regional Hospital in Kentucky notifies patients of breach (190,209)
- Indiana’s Alacrity Solutions Group says it was breached (54,674)
- SuperCare Health notifies patients of security incident (318,379)
- Weatherford, TX school district, falls victim to spoofing attack (1,254)
- Whitefish School District notifies victims after employee fell for social engineering scam (1,663)
- Wellstar Health System says its email system was compromised (unknown)
- Ballad Health says an employee’s email account was breached (unknown)
- EMC National Life Insurance discloses security incident (unknown)
- Bernards Township School District says its systems were compromised (unknown)
- Finland government hit by cyber attack (unknown)
- Black River Falls School District closed after cyber attack (unknown)
- Newman Regional Health notifies patients after long-running breach of employee email accounts (52,224)
- Spanish football federation reports data stolen by criminal hackers (unknown)
- Contra Costa County employee email accounts hacked (unknown)
- McDonald’s informing Costa Rica customers about security incident (unknown)
- GitHub: Attacker breached dozens of orgs using stolen OAuth tokens (unknown)
- Russian state hackers hit Ukraine with new malware variants (unknown)
- Unified Government of Wyandotte County and Kansas City hit by cyber attack (unknown)
- Sunwing president apologises to stranded passengers, says outage result of cyber attack (unknown)
- Pro-Iran hackers target Israel Airports Authority website with DDoS (unknown)
- Scott County, Iowa discloses data security incident after email breach (unknown)
- Illinois Gastroenterology Group is providing notification of breach first discovered year (unknown)
- Center for Life Management breach impacted mental health clients (unknown)
- Illuminate Education breach that affected NYC schools spreads to other districts (1,700)
- New York dental insurer HealthPlex reports phishing incident (76,262)
- Bored Ape Yacht Club Instagram hacked, NFTs stolen (unknown)
- Tenet-owned hospitals around the country that were hacked (unknown)
- ARcare in Arkansas discloses malware attack (unknown)
- Cloudflare detects one of the largest DDoS attacks on record (unknown)
- International Data Corporation says someone breached its systems (unknown)
- TransNational Bankcard discovers network breach (unknown)
- Capital Region Medical Center discovers unauthorised access (unknown)
- Youth Consultation Services crippled by cyber attack (unknown)
- Syracuse University says unauthorised person stole sensitive data (unknown)
- Worcester County discovers a breach of the county government email account (3,000)
- Phishing scam targets Colorado’s Valley View Hospital (20,000)
- LA County Department of Mental Health compromised by phishing attack (unknown)
Ransomware
- Tague Family Practice patient records stolen and leaked (unknown)
- Ransomware causes chaos in Costa Rica government systems (unknown)
- Partnership HealthPlan of California hit by ransomware (850,000)
- Snap-on hit by ransomware (unknown)
- The GHT Coeur Grand Est. Hospitals and Health Care group discloses ransomware (unknown)
- Smile Brands discloses a ransomware incident (2,592,494)
- Deutsche Windtechnik hit by ransomware (unknown)
- American Dental Association hit by new Black Basta ransomware (unknown)
- Austin Peay State University resumes after ransomware cyber attack (unknown)
- Current, former Lakota Local Schools students possibly impacted by third-party data breach (unknown)
- California-based Davis Instruments hit by ransomware (unknown)
- Florida International University suffers ransomware attack (unknown)
- Jon-Don struck by ransomware (unknown)
- Purported Elgin County data posted online by ransomware group (unknown)
Data breaches
- Home Office’s visa service apologises for email address data breach (170)
- Smartmatic admits ‘data leak’ but not related to 2022 polls (unknown)
- Honda’s keyless access bug could let thieves remotely unlock and start vehicles (unknown)
- Aerospace firm Parker-Hannifin discloses breach in regulatory filing (unknown)
- Texas Department of Insurance reveals data leak (1.8 million)
- SummaCare says system vulnerability breached customer data (1,100)
- Amid data leak of devotees from Meenakshi temple, admin claims technical glitch (unknown)
- MetroHealth patients affected by data breach (1,700)
- Canada’s University Life Sciences students facing mass data breach (unknown)
- Hetzner lost customer data and gave €20 as compensation (unknown)
- MS Teams users at Army Futures Command potentially exposed private info (unknown)
- PlanMember Securities Corporation discloses data breach (unknown)
Financial information
- Fake Trezor data breach emails used to steal cryptocurrency wallets (106,856)
- Emma Sleep Company admits checkout Magecart attack (unknown)
- Courier company Mailpac Group Limited reports credit card data breach (unknown)
- Maplesoft announces malware attack on its online store (unknown)
- CMG Financial says hackers stole payment card info (unknown)
- Russian payments company QIWI hacked (unknown)
Malicious insiders and miscellaneous incidents
- Two staff fired for patient privacy breaches at Campbellford Memorial Hospital (500)
- Food delivery service Yandex blames insiders for data leak (unknown)
- Block confirms Cash App breach after former employee accessed customer data (8.2 million)
- Deaconess Health employee viewed women’s personal, medical data without cause (unknown)