Our inaugural list of data breaches and cyber attacks of 2022 should dispel any illusion that the cybersecurity landscape would suddenly improve that year.
Following is a comprehensive list of data breaches, with those involving UK institutions highlighted for ease of reference.
In January, we found 95 security incidents that exposed 65,984,648 records.
Cyber attacks
- Gloucester Council cyber attack linked to Russian hackers (unknown)
- Parents warned after scam emails at Liverpool secondary school (unknown)
- DatPiff data being sold online after password-cracking attack (7.5 million)
- New York Attorney General alerts companies to credential-stuffing cyber attacks (1.1 million)
- Jefferson Surgical Clinic notifies those affected by 2021 data breach (174,769)
- Singapore-based department store OG suffers security incident (unknown)
- Indonesian govt responds to massive data leak of medical records (6 million)
- Monroe Public Schools notifies those affected by malware attack (1,201)
- Data captured from Siriraj Hospital put up for sale on dark web (39 million)
- Visalia Unified School District notifying employees and students about security incident (35,000)
- Hackers raided Panasonic server for months, stealing personal data of job seekers (unknown)
- Memorial Health System notifies patients of malware incident (216,478)
- Canadian city of Brantford says its city hall has been breached (unknown)
- Cyber attack hits Ukrainian websites as Russia tensions mount (unknown)
- City of Tenino loses $280,309 to phishing email scam (unknown)
- Data stolen in attack at Arnprior Regional Health (unknown)
- Another hack on Lympo, lost 165.2 million LMT tokens (unknown)
- Red Cross discloses cyber attack affecting “highly vulnerable people” (515,000)
- Thousands of Indians’ Covid-19 related data leaked online (20,000)
- Anne Arundel Medical Center discloses phishing attack (unknown)
- Peachtree Orthopaedic Clinic reports breach to HHS (53,686)
- Sacramento County employee fell for phishing scam (2,096)
- Brazil’s Acesso Soluções de Pagamento suffers cyber attack (160,100)
- Patient info possibly disclosed in Spokane Health District phishing attack (1,000)
- Canada’s Foreign Affairs Ministry hacked (unknown)
- Pennsbury School District’s computer system breached (unknown)
- North Korean Internet downed by DDoS attacks (unknown)
- NHS Management discloses incident from last May (unknown)
- Nobel Foundation site hit by DDoS attack on award day (unknown)
- Mall retailer Spencer Gifts discloses cyber attack (unknown)
- True Health New Mexico says it was targeted by cyber attack (62,000)
- StarTek says it was hit by cyber attack (unknown)
- Taylor Regional Hospital phone lines still down after reported cyber attack (unknown)
Ransomware
- Tague Family Practice patient records stolen and leaked (unknown)
- Ransomware causes chaos in Costa Rica government systems (unknown)
- Partnership HealthPlan of California hit by ransomware (850,000)
- Snap-on hit by ransomware (unknown)
- The GHT Coeur Grand Est. Hospitals and Health Care group discloses ransomware (unknown)
- Smile Brands discloses a ransomware incident (2,592,494)
- Deutsche Windtechnik hit by ransomware (unknown)
- American Dental Association hit by new Black Basta ransomware (unknown)
- Austin Peay State University resumes after ransomware cyber attack (unknown)
- Current, former Lakota Local Schools students possibly impacted by third-party data breach (unknown)
- California-based Davis Instruments hit by ransomware (unknown)
- Florida International University suffers ransomware attack (unknown)
- Jon-Don struck by ransomware (unknown)
- Purported Elgin County data posted online by ransomware group (unknown)
Data breaches
- Home Office’s visa service apologises for email address data breach (170)
- Smartmatic admits ‘data leak’ but not related to 2022 polls (unknown)
- Honda’s keyless access bug could let thieves remotely unlock and start vehicles (unknown)
- Aerospace firm Parker-Hannifin discloses breach in regulatory filing (unknown)
- Texas Department of Insurance reveals data leak (1.8 million)
- SummaCare says system vulnerability breached customer data (1,100)
- Amid data leak of devotees from Meenakshi temple, admin claims technical glitch (unknown)
- MetroHealth patients affected by data breach (1,700)
- Canada’s University Life Sciences students facing mass data breach (unknown)
- Hetzner lost customer data and gave €20 as compensation (unknown)
- MS Teams users at Army Futures Command potentially exposed private info (unknown)
- PlanMember Securities Corporation discloses data breach (unknown)
Financial information
- Fake Trezor data breach emails used to steal cryptocurrency wallets (106,856)
- Emma Sleep Company admits checkout Magecart attack (unknown)
- Courier company Mailpac Group Limited reports credit card data breach (unknown)
- Maplesoft announces malware attack on its online store (unknown)
- CMG Financial says hackers stole payment card info (unknown)
- Russian payments company QIWI hacked (unknown)
Malicious insiders and miscellaneous incidents
- Two staff fired for patient privacy breaches at Campbellford Memorial Hospital (500)
- Food delivery service Yandex blames insiders for data leak (unknown)
- Block confirms Cash App breach after former employee accessed customer data (8.2 million)
- Deaconess Health employee viewed women’s personal, medical data without cause (unknown)