Catalog of May 2022 Cyber Attacks and Data Breaches – 49.8 million records breached

Cyber attacks

• State Bar of Georgia investigating cyber attack (unknown)
• US Department of Defense tricked into paying $23.5 million to phishing actor (unknown)
• NFT marketplace OpenSea Discord server hacked (unknown)
• WellDyneRx provides notice of data privacy notice (unknown)
• North Alabama Bone & Joint Clinic investigating suspicious activity (unknown)
• Quantum Imaging & Therapeutic Associates notification (unknown)
• Pharmacy retail giant Dis-Chem becomes the latest South African cyber attack victim (3,687,881)
• DEA investigating breach of law enforcement data portal (unknown)
• Cameron County Elections Office reports security breach (unknown)
• Mission School District suffers IT breach, phishing emails being sent from teachers’ accounts (unknown)
• Parker-Hannifin discloses security incident affecting employee health plan data (unknown)
• Schneck Medical Center notifying patients about data security incident (unknown)
• Elgin data breach ‘devastating’ for victims at risk of identity theft (330)
• Ohio’s Shaker Heights City School District discloses hacking incident (3,725)
• Philadelphia government hit by cyber criminals (unknown)
• Hackers claim to have personal details of millions of Malaysians (22.5 million)
• Behavioral Health Partners of Metrowest hit by cyber attackers (11,288)
• Allwell Behavioral Health Services leaked on dark web (unknown)
• Washington Local School District in Toledo, Ohio hit by cyber attack (unknown)
• Arnprior Regional Health says it has been the target of a cyber attack (unknown)
• Trust Stamp, a facial recognition company, had dozens of peoples’ data exposed in breach (unknown)
• Texas Department of Transportation discloses security incident (7,000)
• General Motors discloses security incident (unknown)
• Washington University School of Medicine in St. Louis has reported yet another data security incident (unknown)
• Data breach at Toronto health network possibly exposed patient information (unknown)
• Hacker steals database of hundreds of Verizon employees (unknown)
• Ambulance billing service Comstar in Massachusetts notifying people following a data security breach (unknown)
• Cooper University Health Care in NJ notifying those affected by security incident (unknown)
• California’s Alameda Health System discloses security breach (90,000)
• NPM users’ credentials stolen in the April OAuth token attack (100,000)
• Calgary charity hit by data breach says it responded appropriately despite client concerns (unknown)
• Australian pension provider Spirit Super caught out by phishing attack (50,000)
• Australia’s National Disability Insurance Scheme breached (unknown)

Ransomware

• American Dental Association fears ransomware infection (unknown)
• Lockbit ransomware attack cripples parts of German library service (unknown)
• Opus Interactive hit by ransomware (unknown)
• Omnicell reveals ransomware incident in SEC filing (unknown)
• Refuah Health Center “recently discovered” a breach that was listed on the dark web in June, 2021 (unknown)
• Vicksburg-Warren School District sends notifications for 2021 ransomware attack (unknown)
• Mercyhurst University in Pennsylvania hit by ransomware (unknown)
• Christus Health ransomware incident involved theft of sensitive patient and employee data (unknown)
• Ransomware groups claims to have acquired patient files from Atlanta Perinatal Associates (unknown)
• Battelle for Kids ransomware attack compromised records of Chicago Public School students, employees (560,000)
• Quincy facing one of the ‘worst cyber attacks’ to ever hit the community (unknown)
• Greenland hit by cyber attack, finds its health service crippled (unknown)
• Fort Sumner Municipal Schools in New Mexico and Washington Local Schools in Ohio hit by ransomware (unknown)
• Cyberattack against Regina Public Schools likely ransomware (unknown)
• Martin University discloses ransomware incident (unknown)
• Somerset County, NJ hit by a ransomware attack (unknown)

Data breaches

• University of Essex data breach being taken “very seriously” (400)
• Cornwall Council accidentally publish data of schoolchildren (5)
• Central Bedfordshire Council leaked special educational needs students’ personal details (unknown)
• Hard drives, equipment containing personal information stolen from L&I in Tukwila (unknown)
• COVID-19 patient sues Health P.E.I. for privacy breach at hospital (unknown)
• Investigation launched after South African police alleged to have dumped sensitive data (unknown)
• Breast cancer support organisation leaks data despite multiple notifications (350,000)
• Illuminate Education data breach affects more than 500 New York schools (1 million)
• Data breach detected on New Zealand AA Traveller website (unknown)
• Personal details of SuperVPN, GeckoVPN users leaked on Telegram (21 million)
• Ontario Cannabis Store confirms data leak (unknown)
• Boca Raton attorney allegedly leaked clients’ confidential files (96)
• Social media app Yik Yak exposed users’ precise locations (unknown)
• Stevens & Lee data breach affects financial institution’s client data (23,066)
• Cincinnati inadvertently posted employees’ personal data online (2,000)
• Israeli Ministry illegally shared biometric images of millions with unknown agency (unknown)
• Bayonne Police Sergeant charged with unauthorised use of law enforcement database (unknown)
• Robbers attack Nigerian Population Commission office, steal birth certificates (unknown)
• Potential privacy breach after documents stolen from abandoned Auckland police station (unknown)

Financial information

• NB65 hackers reportedly stole credit card data of QIWI clients (unknown)
• Fei protocol suffers an extensive security breach (unknown)
• South Australian public servants now involved in payroll data breach (13,088)
• The Calcasieu Parish School Board has been the victim of a cyber fraud incident (unknown)

Malicious insiders and miscellaneous incidents

• Far-right France website probed after ‘leak’ of Muslim personal data (unknown)
• Anonymous leak 82GB of police emails against Australia’s offshore detention (285,365)
• IKEA Canada confirms data breach involving employee (95,000)
• Citizens’ data stolen from Eindhoven police cadet’s car (unknown)
• Hacked data reveals classified documents from China’s Uyghur (2,884)

In other news…

• Google fights doxxing with updated personal info removal policy
• Mozilla finds mental health apps fail ‘spectacularly’ at user security, data policies
• Conti ransomware shuts down operation, rebrands into smaller units
• GoodWill Ransomware demands food for the poor to decrypt locked files