Welcome to our May 2022 review of data breaches and cyber attacks. We identified 77 security incidents during the month, resulting in 49,782,129 compromised records.
You can find the full list of data breaches below, with incidents affecting UK organisations listed in bold.
Cyber attacks
- State Bar of Georgia investigating cyber attack (unknown)
- US Department of Defense tricked into paying $23.5 million to phishing actor (unknown)
- NFT marketplace OpenSea Discord server hacked (unknown)
- WellDyneRx provides notice of data privacy notice (unknown)
- North Alabama Bone & Joint Clinic investigating suspicious activity (unknown)
- Quantum Imaging & Therapeutic Associates notification (unknown)
- Pharmacy retail giant Dis-Chem becomes the latest South African cyber attack victim (3,687,881)
- DEA investigating breach of law enforcement data portal (unknown)
- Cameron County Elections Office reports security breach (unknown)
- Mission School District suffers IT breach, phishing emails being sent from teachers’ accounts (unknown)
- Parker-Hannifin discloses security incident affecting employee health plan data (unknown)
- Schneck Medical Center notifying patients about data security incident (unknown)
- Elgin data breach ‘devastating’ for victims at risk of identity theft (330)
- Ohio’s Shaker Heights City School District discloses hacking incident (3,725)
- Philadelphia government hit by cyber criminals (unknown)
- Hackers claim to have personal details of millions of Malaysians (22.5 million)
- Behavioral Health Partners of Metrowest hit by cyber attackers (11,288)
- Allwell Behavioral Health Services leaked on dark web (unknown)
- Washington Local School District in Toledo, Ohio hit by cyber attack (unknown)
- Arnprior Regional Health says it has been the target of a cyber attack (unknown)
- Trust Stamp, a facial recognition company, had dozens of peoples’ data exposed in breach (unknown)
- Texas Department of Transportation discloses security incident (7,000)
- General Motors discloses security incident (unknown)
- Washington University School of Medicine in St. Louis has reported yet another data security incident (unknown)
- Data breach at Toronto health network possibly exposed patient information (unknown)
- Hacker steals database of hundreds of Verizon employees (unknown)
- Ambulance billing service Comstar in Massachusetts notifying people following a data security breach (unknown)
- Cooper University Health Care in NJ notifying those affected by security incident (unknown)
- California’s Alameda Health System discloses security breach (90,000)
- NPM users’ credentials stolen in the April OAuth token attack (100,000)
- Calgary charity hit by data breach says it responded appropriately despite client concerns (unknown)
- Australian pension provider Spirit Super caught out by phishing attack (50,000)
- Australia’s National Disability Insurance Scheme breached (unknown)
Ransomware
- American Dental Association fears ransomware infection (unknown)
- Lockbit ransomware attack cripples parts of German library service (unknown)
- Opus Interactive hit by ransomware (unknown)
- Omnicell reveals ransomware incident in SEC filing (unknown)
- Refuah Health Center “recently discovered” a breach that was listed on the dark web in June, 2021 (unknown)
- Vicksburg-Warren School District sends notifications for 2021 ransomware attack (unknown)
- Mercyhurst University in Pennsylvania hit by ransomware (unknown)
- Christus Health ransomware incident involved theft of sensitive patient and employee data (unknown)
- Ransomware groups claims to have acquired patient files from Atlanta Perinatal Associates (unknown)
- Battelle for Kids ransomware attack compromised records of Chicago Public School students, employees (560,000)
- Quincy facing one of the ‘worst cyber attacks’ to ever hit the community (unknown)
- Greenland hit by cyber attack, finds its health service crippled (unknown)
- Fort Sumner Municipal Schools in New Mexico and Washington Local Schools in Ohio hit by ransomware (unknown)
- Cyberattack against Regina Public Schools likely ransomware (unknown)
- Martin University discloses ransomware incident (unknown)
- Somerset County, NJ hit by a ransomware attack (unknown)
Data breaches
- University of Essex data breach being taken “very seriously” (400)
- Cornwall Council accidentally publish data of schoolchildren (5)
- Central Bedfordshire Council leaked special educational needs students’ personal details (unknown)
- Hard drives, equipment containing personal information stolen from L&I in Tukwila (unknown)
- COVID-19 patient sues Health P.E.I. for privacy breach at hospital (unknown)
- Investigation launched after South African police alleged to have dumped sensitive data (unknown)
- Breast cancer support organisation leaks data despite multiple notifications (350,000)
- Illuminate Education data breach affects more than 500 New York schools (1 million)
- Data breach detected on New Zealand AA Traveller website (unknown)
- Personal details of SuperVPN, GeckoVPN users leaked on Telegram (21 million)
- Ontario Cannabis Store confirms data leak (unknown)
- Boca Raton attorney allegedly leaked clients’ confidential files (96)
- Social media app Yik Yak exposed users’ precise locations (unknown)
- Stevens & Lee data breach affects financial institution’s client data (23,066)
- Cincinnati inadvertently posted employees’ personal data online (2,000)
- Israeli Ministry illegally shared biometric images of millions with unknown agency (unknown)
- Bayonne Police Sergeant charged with unauthorised use of law enforcement database (unknown)
- Robbers attack Nigerian Population Commission office, steal birth certificates (unknown)
- Potential privacy breach after documents stolen from abandoned Auckland police station (unknown)
Financial information
- NB65 hackers reportedly stole credit card data of QIWI clients (unknown)
- Fei protocol suffers an extensive security breach (unknown)
- South Australian public servants now involved in payroll data breach (13,088)
- The Calcasieu Parish School Board has been the victim of a cyber fraud incident (unknown)
Malicious insiders and miscellaneous incidents
- Far-right France website probed after ‘leak’ of Muslim personal data (unknown)
- Anonymous leak 82GB of police emails against Australia’s offshore detention (285,365)
- IKEA Canada confirms data breach involving employee (95,000)
- Citizens’ data stolen from Eindhoven police cadet’s car (unknown)
- Hacked data reveals classified documents from China’s Uyghur (2,884)
In other news…