In June of 2021, we only uncovered 9,780,931 records that had been compromised due to security events that were made public.
Don’t let that low total fool you, though; it’s based on 106 separate instances, which is about par for the course in a given year.
It’s only that, in most situations, the penetrated organization didn’t disclose how much data was compromised, either because it didn’t know or because it wasn’t required to. The number of security incidents for the year as of the end of June is 729, and the number of compromised records stands at 3,947,030,094.
The full list of incidents is provided below, as usual, with those affecting UK-based organizations highlighted.
Cyber attacks
- Furniture Village discloses cyber attack (unknown)
- Police investigate ‘serious cyber attack’ at Brechin school (1,800)
- 20/20 Eye Care Network and Hearing Care Network notify health plan members of security incident (3,253,822)
- Data security breach at North Dakota’s Ralph Engelstad Arena (318)
- Montanta’s Glacier Medical Associates reports data security breach (unknown)
- New York’s M.T.A. breached by criminal hackers (unknown)
- Tokyo Games organizers hit by data breach and info leak (170)
- Michigan’s WMed warns employees and beneficiaries of phishing incident (2,474)
- Apache Pizza announce data breach associated with details of delivery customers (unknown)
- Des Moines Area Community College investigation potential security incident (unknown)
- Northwestern Illinois Area Agency on Aging notifying clients of breach (unknown)
- German mail order firm Pearl taken online shop offline after cyber attack (unknown)
- US truck and military vehicle maker Navistar discloses security incident (unknown)
- New York City Law Department hit by cyber attack (unknown)
- Michigan Fitness Foundation notice concerning email hack (unknown)
- Hackers steal wealth of data from game giant EA (unknown)
- Camaïeu retailer and municipality of Pont-Saint-Esprit suffer security incidents (unknown)
- Ohio-based Five Rivers Health Centers notified patients after phishing incident (155,748)
- McDonald’s hit by data breach, customer personal data exposed in South Korea, Taiwan (unknown)
- Menominee Casino Resort temporarily closes after cyber attack (unknown)
- South Korean shipping company HMM says its email systems affected by virus (unknown)
- Stillwater Medical Center officials investigating electronic security breach (unknown)
- UMass Lowell closed due to cyber security incident (unknown)
- Mississippi’s George County School District suffered a cyber security attack (unknown)
- Cruise operator Carnival discloses personal data breach (unknown)
- Coastal Medical Group notifies patients of security incident (unknown)
- Hackers steal data from CIUSSS de l’Est de Montréal (2,300)
- New York man pleads guilty to illegally accessing hundreds of Snapchat accounts (300)
- Criminal hacker claims to have breached The Woodruff Institute (unknown)
- Danish construction goods retailer Bauhaus suffers cyber attack (unknown)
- WorkForce West Virginia notifies residents of security incident (unknown)
- Brazilian medical Fleury hit by cyber attack (unknown)
- Crooks leak accounts from Pakistani music streaming site Patari (257,000)
- Westfield clerk, major battle over spyware installed on city hall computers (unknown)
- Vulgar messages appear as Bridgewater Schools’ websites hacked (unknown)
- The Institute of Planning and Development of the Capital The City of Prague suffers malware attack (unknown)
- Data from Argentina’s Municipality of San Pedro stolen in cyber attack (12,566)
- City Hall of Águas Lindas de Goiás suffers cyber attack (unknown)
- Austrian dairy SalzburgMilch in cyber security incident (unknown)
- Israeli organisation AcadeME suffers security incident (280,000)
- Attack on Hospital do Divino Espírito Santo impacting notification of COVID-19 test results (unknown)
- Physicians Dialysis provides notification of data security incident (unknown)
- Hackers use zero-day to mass-wipe My Book Live devices (unknown)
- Peoples Community Health Clinic notifying patients after discovering compromise of employee email account (unknown)
- Cyber attack at New York’s Massena Central School under investigation (unknown)
Ransomware
- Tunbridge Wells: Skinners’ Kent schools closed after cyber attack (unknown)
- Investigation sparked after Northampton college hit by hackers (unknown)
- Gateley suffers data breach following ‘cyber security incident’ (unknown)
- The Salvation Army hit by ransomware attack (unknown)
- Scripps Health begins notifying those affected by ransomware attack (147,000)
- Steamship Authority hit by ransomware attack (unknown)
- Two UF Health Florida hospitals hit by ransomware (unknown)
- Dutch pizza chain discloses breach after hacker tries to extort company (unknown)
- Ransomware group hits one of India’s financial software powerhouses (unknown)
- Produits de Revêtement du Bâtiment hit by ransomware (unknown)
- Fujifilm refuses to pay ransomware demand, restores network from backups (unknown)
- Computer storage suplier ExaGrid ‘paid $2.6m ransomware demand’ (unknown)
- LineStar Integrity Services hit by cyber attackers (unknown)
- Taiwan Kadokawa notifies consumers while responding to ransomware attack (unknown)
- CA: Victor Valley Union High School District in suspected ransomware infection (unknown)
- Meat processor JBS paid $11 million in ransom to hackers (unknown)
- Computer memory maker ADATA hit by Ragnar Locker ransomware (unknown)
- Healthcare entities in Saudi Arabia, Illinois, and Mississippi fall prey to Xing Team (520,779)
- Brazil’s Macaé municipality hit by ransomware (unknown)
- Toronto-based Humber River Hospital hit by ransomware (unknown)
- Azusa, CA, police department data stolen in cyber attack (unknown)
- Reproductive Biology Associates and My Egg Bank notify patients of ransomware incident (38,538)
- Savannah hospital system experiences outage after ransomware attack (unknown)
- SP Sports Club reports ransomware attack (unknown)
- Japanese manufacturer Ito Yogyo Co hit by ransomware (unknown)
- Lucky Star Casino confirms ransomware attack (unknown)
- City of Liege, Belgium, hit by ransomware (unknown)
- HOYA Optical Labs of America notifying patients of ransomware incident (3,259)
- Frederick Public Schools in Oklahoma up and running after ransomware attack (unknown)
- Municipality of Cagliari services interrupted by cyber attack (unknown)
- Bordeaux-Gironde Chamber of Commerce & Industry hit by ransomware (unknown)
- German textile retail chain Gerry Weber hit by ransomware attackers (unknown)
- University Medical Center of Southern Nevada attacked by REvil threat actors (unknown)
- Bucks County behavioural health and substance abuse non-profit struck in cyber attack (unknown)
- Japan Airport Refueling Co. discloses ransomware incident (unknown)
Data breaches
- Boxes of patient medical records found in abandoned care home in Kent (unknown)
- UK’s Cake Box says customers informed about 2020 data breach (unknown)
- Top secret UK military documents found ‘in soggy heap’ at bus stop (unknown)
- Personal information released in Anchorage Police Department data leak (11,402)
- Australia’s National Disability Insurance Agency accidentally leaked private information to abusive father (unknown)
- Northwest Territories residents’ student loan information breached (11,000)
- Medical records from Georgia-based Hope Medical found along a road (unknown)
- NJ school worker accidentally leaked Social Security numbers of staff to public (300)
- Volkswagen says a vendor’s security lapse exposed 3.3 million drivers’ details (3.3 million)
- Thai government apologises for data leak, blames “temporary glitch” (unknown)
- Your pricey Peloton has another problem for you to sweat over (unknown)
- Wegmans notifies customers of database security breach (unknown)
- Pennsylvania-based Springfield Psychological provides notice of security incident (unknown)
- Ohio Medicaid providers’ data may have been exposed in data breach (334,690)
- Indian tech startup exposed Byju’s student data (unknown)
Financial information
Malicious insiders and miscellaneous incidents
- Hospital worker in Birmingham COVID ward used dead patient’s bank card to buy crisps, sweets and fizzy drinks (unknown)
- Former chiropractor found guilty of healthcare fraud charges (unknown)
- Mayo Clinic surgeon charged with invading patient privacy, accessing records improperly (unknown)
- Hay River health authority warns of potential privacy breach after break-in at local hospital (unknown)
- Aultman Health Foundation notifying patients of insider wrongdoing (7,300)
- Mounties suspected person leaking secrets had high-level computer access, search warrants show (unknown)
In other news…
- U.S. Justice Department announces seizure of domain names used in spear phishing campaign posing as U.S. Agency for International Development
- IBM gives school districts grants to harden security against ransomware attacks
- UK businesses in the South East get access to Police CyberAlarm
- HSE seeks order to help find who uploaded or downloaded files stolen in cyber attack
