August 2022 has been a lesson in being careful with whom you provide sensitive information. In a month that saw the former US president accused of misappropriating classified government documents, there were also a spate of malicious insiders compromising their employer’s systems.
Meanwhile, the bastion of password security, LastPass, announced that its systems had been breached – although the organisation is confident that customers’ details remain secure.
In total, we identified 112 publicly disclosed security incidents in August, resulting in 97,456,345 compromised records.
You can find the full list of incidents below, broken into their respective categories.
Cyber attacks
- Hackers stole passwords after accessing Wiseasy payment terminals (140,000)
- Puerto Rico’s Ticketera says it was hacked (unknown)
- Brazil’s Rede Top supermarkets discloses cyber attack (unknown)
- Tribunal de Justiça do Distrito Federal e dos Territórios website hacked (unknown)
- Anonymous source leaks 4TB of Cellebrite data after cyber attack (unknown)
- Healthback Holdings hit by cyber attack (21,114)
- Non-profit Centerstone reveals security incident (unknown)
- Twilio hacked by phishing campaign targeting (unknown)
- Kashmir University reveals that student data was found online (1 million)
- Warsaw Municipal Police reports cyber attack (unknown)
- The Bulgarian Food Safety Agency targeted by cyber attack (unknown)
- CISCO got hit… and immediately took control of the story (3,176)
- Finland’s parliament hit with cyberattack following US move to admit the country to NATO (unknown)
- Hacker offers to sell data of users of Shanghai’s COVID app (48.5 million)
- Conifer Revenue Cycle Solutions says unauthorised actor broke into its systems (unknown)
- National Petroleum, Natural Gas and Biofuels Agency‘s website down in cyber attack (unknown)
- Câmara Municipal de Teresina website offline after a reported cyber attack (unknown)
- Waterloo Region District School Board confirms ‘student information was accessed’ during cyber incident (unknown)
- AT&T denies connection to database of SSNs, says it may be tied to credit agency breach (28.5 million)
- Lee County Emergency Medical Services notifies past customers of third-party security breach (unknown)
- Anonymous poop gifting site hacked, customers exposed (unknown)
- Cyber attack on the Presidency of Moldova compromised servers (unknown)
- Personal details of Peruvian Congress and parliamentarians leaked on internet, used for phishing attempts (unknown)
- Chile’s Empresa Nacional Del Petroleo spared from financial losses in BEC attack by alert bank (unknown)
- Atlantic Dialysis Management Services notifies patients of data security incident (unknown)
- SFERRA Fine Linens notifying individuals of security incident (unknown)
- Rio’s City Hall systems suffered a cyber attack (unknown)
- Puerto Rico’s Office of Legislative Services suffered a cyber attack (unknown)
- Colorado’s Fremont County experiences cyber attack (unknown)
- Columbia River Mental Health Services issues preliminary media notice of a breach (unknown)
- North Dakota Workforce Safety & Insurance hit by cyber attack (182)
- California Department of Corrections and Rehabilitation discloses security incident (unknown)
- Evangelical Christian non-profit Liberty Counsel hacked (unknown)
- Plex warns users to reset passwords after security breach (unknown)
- Whitman-Hanson school officials investigating data security breach (unknown)
- LastPass reveals that its systems were compromised (unknown)
- San Diego American Indian Health Center suffers security incident (27,367)
- BSA Hospice of the Southwest and Family Medicine Centers hit in cyber attack (272,000)
- Database of Bolivian Postal Service offered for sale on dark web (unknown)
- Montenegro reports massive Russian cyberattack against government (unknown)
- New Hampshire Lottery website experiences cyber attack (unknown)
- India’s Akasa Air suffers cyber attack (unknown)
- Judicial Poder of Quintana Roo reported a ransomware attack (unknown)
- Edfinancial and OSLA student loan account registration info hacked in Nelnet breach (2,501,324)
- CorrectHealth notifies employees of historic breach (54,066)
- Accusoft Corporation announces security incident (unknown)
- Brasseler USA confirms unauthorised access to systems (unknown)
- Calcium Products, Inc. confirms security incident (unknown)
- Friedrich Air Conditioning, LLC announces security breach (unknown)
- Gibson Overseas, Inc. announces security breach (unknown)
- The Country Club at Woodfield, Inc. victim of a cyber attack (unknown)
- Berkshire Partners LLC announces data breach (unknown)
- United HealthCare Services, Inc. announces security incident (unknown)
- MJH Life Sciences confirms recent security breach (unknown)
- CiCi Enterprises LP announces security incident (unknown)
- Blume Global confirms breach after malware attack (unknown)
- Living Innovations reports breach stemming from phishing incident (unknown)
- Marymount Manhattan College reports breach following unauthorised access to the school’s network (unknown)
- Gaedeke Group says compromised email account led to security breach (unknown)
- Newcourse Communications announces security incident (47,000)
Ransomware
- Luxembourg energy companies struggling with alleged ransomware attack (unknown)
- Spanish National Research Cente recovering after ransomware attack (unknown)
- NHS 111 service vendor hit by cyberattack that sounds like ransomware incident (unknown)
- Leaked image shows ransomware attack hit Linn-Mar School District (unknown)
- More than 100 Dutch dental practices closed for days after suspected ransomware attack (unknown)
- German firm ista International takes systems offline in wake of ransomware attack (unknown)
- First Choice Community Health Care reports ransomware attack (101,541)
- German school Simon-Marius-Gymnasium hit by ransomware (unknown)
- WDB Holdings Co. Ltd confirms ransomware attack (unknown)
- Lockbit, Hive, and BlackCat attack automotive supplier in triple ransomware attack (unknown)
- South Staffordshire Water targeted by ransomware attack (unknown)
- Practice Resources, LLC notifies patients after ransomware attack (942,138)
- Methodist McKinny Hospital discloses ransomware intrusion (unknown)
- Argentina-based Aceitera General Dehezas discloses ransomware attack (unknown)
- Ransomware attack hits security giant Entrust (unknown)
- South Francilien Hospital Centre hit by ransomware (unknown)
- Onyx Technology alerts clients and patients of ransomware incident (unknown)
- Ransomware takes down Internet at Mansfield Independent School District (unknown)
- Moon Area School District investigating ransomware attack (unknown)
- Sierra College mostly recovered after ransomware attack (unknown)
- Turin hospital’s systems offline after being infected with ransomware (unknown)
- Dominican Republic’s Instituto Agrario Dominicano hit by ransomware (unknown)
- Chile’s SERNAC computer services hacked (unknown)
- EmergeOrtho notifying patients about ransomware incident (75,200)
- Major Cineplex and Major Development PCL hit by ransomware (unknown)
- Clark Patterson Lee reports data breach following “encryption” event (unknown)
- Semikron announces potential data breach following ransomware attack (unknown)
- Napa Valley College files report of ransomware attack (unknown)
- WECC Inc. d/b/a Watson Electrical announces ransomware attack (unknown)
Data breaches
- Zenith American Solutions breaches data after mailing error (31,146)
- Dorset hospital accidentally deletes patient images (5,000)
- Western Australia Health sorry over monkeypox data breach (47)
- St. Joseph’s Healthcare Hamilton contacting patients whose health records were faxed to wrong people (230)
- WestJet app data breach reveals other people’s personal information (unknown)
- Hjedd, an infamous Chinese adult content platform, has been exposing a treasure trove of user data online (14 million)
- Novant Health notifies patients about unauthorised disclosure of protected health information (1.3 million)
- W-2 wage information of Kent city employees ‘inadvertently disclosed’ (unknown)
- Civil servants’ personal info published online by government lawyers in ‘regrettable’ data leak (unknown)
- ‘Crisis’ for Utah prisoners as medical records glitch scrambles prescription info (unknown)
Financial information
- Crypto firm Nomad loses nearly $200 million in bridge hack (unknown)
- Solana and Slope confirm wallet security breach (8,000)
- Malaysian payment gateway platform iPay88 suffers data leak (unknown)
- Ypsilanti-area utility customers’ bank information exposed (2,00)
- Chester Upland schools victim of BEC scheme to the tune of $3 million (unknown)
Malicious insiders and miscellaneous incidents
- Chile’s South Metropolitan Prosecutor’s Office discloses malicious insider incident (unknown)
- Former UK health adviser found guilty of illegally accessing patient records (14)
- Full Logistic Services investigating attempted sabotage (unknown)
- FBI raids Florida man’s house after suspected theft of government documents (unknown)
- A former owner of a T-Mobile retail store charged with stealing employee credentials (unknown)
- Former officer from the Buckeye Police Department accused of misusing data (unknown)
- Former public utility employee pleads guilty to installing keyloggers on work computers (unknown)
- Former Twitter employee found guilty of acting as an agent of a foreign government and unlawfully sharing Twitter user information (unknown)