Welcome to our September 2022 list of data breaches and cyber attacks. Compared to August, it was a comparatively quiet month, as we identified 88 publicly disclosed security incidents and 35,566,046 compromised records.
As always, you can find the full list below – although, perhaps for the last time, they are broken down into their respective categories. That’s because we’re looking for ways to improve the way we deliver this data.
Cyber attacks
- Tulsa Tech hit by security incident (unknown)
- Indonesian and Malaysian restaurants hacked by DESORDEN (425,644)
- Samsung says customer data stolen in security incident (unknown)
- Yandex Taxi systems breached in bizarre cyber attack that caused massive traffic jam (unknown)
- Criminal hackers breached Overby-Seawell Company (unknown)
- Orange Cyberdefense investigating claims of compromise (unknown)
- Franklin College hack by malware (5,900)
- Data from Chile’s COVID-19 tracking platform of a mining company compromised (9,200)
- Student arrested for hacking Sri Lankan Examinations Dept website (270,000)
- Kansas school district pulls messaging app after security breach (unknown)
- Uber responding to “cybersecurity incident” (unknown)
- Starbucks Singapore has been hit by a security incident (330,000)
- Revolut caught out by phishing scam (50,144)
- Six UK schools hit by cyberattack on multi-academy trust (unknown)
- Wolfe Clinic notifies patients of Eye Care Leaders security incident (542,776)
- Guacamaya Group leaks emails from Chile’s Joint Chiefs of Staff (unknown)
- Everest Group sells access to Argentina’s Ministry of Economy (unknown)
- Hackers steal South Carolina fire department’s pay checks (6)
- Website of Virginia’s Hampton Public Library website hacked, redirects to adult retail store (unknown)
- Australian telecoms giant Optus hit by cyber attack (unknown)
- M.C. Dean reports security breach after unauthorised party had access to the company’s systems for six months (unknown)
- Berry, Dunn, McNeil & Parker reports breach following compromised employee email account
- San Francisco 49ers reports security breach involving Social Security numbers (20,930)
- CBC Group files official notice of security incident (unknown)
- SF Fire Credit Union reports security breach (unknown)
- Radiant Logistics says unauthorised actor breached its systems (unknown)
- The Physicians’ Spine and Rehabilitation Specialists of Georgia hit by security incident (unknown)
- Medical Associates of the Lehigh Valley reports security incident (75,628)
- Henderson & Walton Women’s Center says employee’s email account was hacked (34,306)
- U-Haul says two passwords were compromised in security breach (unknown)
- Genesis Health Care reports security breach (unknown)
- Legacy Supply Chain Services confirms cyber attack (11,972)
- Wilson’s Gun Shop says hacker broke into its systems (13,522)
- City Furniture of Massachusetts files security notice (unknown)
- DaVita Inc confirms that health data was leaked in cyber attack (unknown)
- Lubbock Heart & Surgical Hospital says it was hacked (23,379)
- Platinum Performance suffers security breach following phishing attack (unknown)
- Radiology Ltd suffers security incident (unknown)
- One Medical embroiled in security breach (unknown)
- Cash Express hit by cyber attack (unknown)
- Northern Trust Corporation reports breach affecting clients’ financial account numbers (unknown)
- Internet outage in Tucson area was due to cyber attack (unknown)
- Diodes Incorporated confirms security breach (unknown)
- Apex Capital Corp hit in cyber attack (unknown)
- FMC Services suffers cyber attack (unknown)
- Indian firm Swachhta City Platforms hit by criminal hackers (16,457,744)
- Hacker breaches Fast Company systems to send offensive Apple News notifications (unknown)
- The Coeur Group notifies patients of security breach (2,020)
- Brazil’s Mimoso do Sul reports cyber attack (unknown)
- Eight Shangri-La hotels in Asia hit by security breach (290,000)
- Mexico confirms hack of military records, president’s health information (unknown)
Ransomware
- Costa Rica’s Junta De Proteccion Social hit by ransomware (unknown)
- Former students and staff at Savannah College of Art and Design affected by security incident (unknown)
- Ransomware attack takes down L.A. Unified school district (unknown)
- Brazil’s National Fund for Educational Development struck with ransomware (unknown)
- Ourique Municipality targeted by ransomware attack (unknown)
- Fruit supplier Lacalera victim of ransomware attack (unknown)
- Bardstown confirms ransomware hack (unknown)
- OakBend Medical Center hit by ransomware (unknown)
- Alegria Family Services hit in ransomware attack (unknown)
- Buenos Aires legislature announces ransomware attack (unknown)
- Empress EMS in New York says it was struck by ransomware (318,558)
- Suffolk County struggles to recover from BlackCat ransomware attack (unknown)
- NYSARC Columbia County Chapter discloses ransomware incident (unknown)
- Bosnia and Herzegovina investigating alleged ransomware attack on parliament (unknown)
- Tift Regional Medical Center victim of ransomware attack (unknown)
- Sierra College investigating scope of latest ransomware incident (unknown)
- Denver suburb won’t negotiate with ransomware gang that closed city hall (unknown)
- New York Racing Association hit by ransomware (unknown)
- TIC International Corporation suffers ransomware attack (unknown)
- Malaysian Telecom RedOne hit by DESORDEN ransomware (unknown)
- Aoyuan Healthy Life Group hit by ransomware group (unknown)
- Ministry of Foreign Affairs of Guatemala victim of cyber attack (unknown)
- Chilean Judiciary hit in massive ransomware campaign (unknown)
- Electricity Company of Ghana systems hacked with ransomware (unknown)
- Thailand’s THE ICON GROUP hacked by ransomware group (264,128)
Data breaches
- IRS mistakenly posts taxpayers’ data online thanks to human coding error (120,000)
- NHS Orkney apologises after data breach (69)
- Ringgold School District student data was leaked via email (unknown)
- Morgan Stanley to pay $35 million fee for ‘astonishing’ customer data disposal practices (15 million)
- Yukon education department accidentally leaks student data (unknown)
- Email blunder sees Norfolk school send details of vulnerable children to all pupils (unknown)
- Data breach at Canadian Border Agency contractor (1.38 million)
Malicious insiders and miscellaneous incidents
- Sensitive data belonging to Loyal Order officials found by a member of the public on street (unknown)
- Ocean City therapist used patients’ credit cards for psychic readings
- InterContinental Hotels Group confirms cyber attack by ‘vindictive’ couple (unknown)
- Health worker photographed patient credit cards and went shopping with them (120)