Advisory: Notable
Breaches
First Published 2004
Last Updated: OCT
2019
2019
Texas 22
towns breached, via the same MSP using Connectwise -NYT,
CRN
Baltimore
ransomware (2nd breach of the year: $18.2 million loss and counting) -sun
Louisiana
governor
declared state-wide cybersecurity emergency
Yahoo breach class action settled: $88 million ($50m
3 billion victims, $35m lawyers, $2.5m others)
Capital One 106 million acct -stmt
| usatoday
Citrix
data breach by IRIDIUM, lateral movement not id'ed -cbr
Lake City, Florida
gov paid $460,000 ransomware June 27
Riviera Beach, Florida
gov paid $600,000 ransomware June 19
Georgia Tech
exposes info 1.3 million -BC
Albany NY
hit by ransomware -TU
-cnet
Baltimore 911
System first of 2 breaches same year
LinkedIn
60 million records of scraped data 229 GB
WhatsApp
spying incident: exposed phones to Israeli Spyware -Forbes
FaceBook
0.54 billion records found unsecured hosted on AWS
US Customs
and Border Protection network breached (biometric data &
licence plates) -Atlantic
First American Title Insurance
Instagram
14 million profiles in unsecured db
Dropbox
71m pwds, leak of 2.2 billion records -wired
Mountberb Ltd 100m user profiles & bets @unsecured
ElasticSearch instance
Evite,
MindJolt, Wanelo... Gnosticplayers stole 1b user records
from 44 cos, Rel round 1-5
2018
Marriott
500m users -kroll
wp
forbes
FaceBook breach: single sign-on
exploitable by anyone
T-Mobile
Atlanta
$51,000 ransom | gov spent $2.7
million recovery (partial), still years of data destroyed
BMO
& Simplii
(100k cust)
Orbitz
Under Armour
Aadhaar,
India 1.1b records
Exactis
340m records accessible by general public
2017
Defense Integrated Data Center (S Korea)
Deloitte email
breach DoD DHS
DoS USPS
Erie County Medical Center
Equifax
$600m fine in 2019
Grozio Chirurgija
Heathrow Airport
Taringa!
Uber
DLA
Piper
2016
21st Century Oncology
Apple Health Medicaid
Central Coast Credit Union
Philippines Commission on
Elections
Cox Communications
Democratic
Nat Committee DNC
DHS
EyeWire
Friend Finder Networks
Gyft
Inuvik hospital
KM.RU
Nival Networks
Ofcom
Rosen
Hotels
Taobao
TaxSlayer.com
UC Berkeley
U of Central
Florida
Verizon Communications
Weebly
2015
Anthem $16m
HIPAA fine 79m records
Ashley Madison
Australian
Immigration Department
Bailey's Inc.
British Airways
CareFirst BlueCross Blue Shield -Md
CVS
Excellus BlueCross
BlueShield
Experian T-Mobile US
Hilton
Hotels
Hyatt Hotels
Internal Revenue Service
Landry's, Inc.
Medical Informatics Engineering
Natural Grocers
US Office of Personnel Management OPM
Premera
Scottrade
Slack
Starwood
Hotels incl Westin & Sheraton
Twitch.tv
UCLA Medical
Ctr, Santa Monica
VTech
Walmart
Wendy's
Xat.com
AT&T Mx call ctr (280k cust)
2014
AOL
Community Health Sys
Domino's Pizza (France)
eBay
European Central Bank
Gmail
Home Depot
JP Morgan
Chase
Korea Credit Bureau
LexisNexis
MacRumors.com
Mandarin
Oriental Hotels
Michaels
Mozilla
NASDAQ
Neiman Marcus
New York Taxis
Sony Pictures
Supervalu
Target Corporation
Trump Hotels
Uber
U of
Maryland, College Park
UPS
Yahoo
2013
Adobe Systems
Advocate Medical Group
Apple
Central Hudson Gas
& Electric
Citigroup
Crescent Health Inc., Walgreens
Drupal
Dun & Bradstreet
Evernote
Facebook
Florida dept of Juvenile Justice
Kirkwood Community College
Kroll Background America
Living
Social
Nintendo
OVH
Scribd
SnapChat
South Africa police
TerraCom & YourTel
Tumblr
Twitter
Ubisoft
Ubuntu
Vodafone
Washington State court
system
Yahoo
Yahoo Japan
2012
Apple, Inc./BlueToad
Barnes & Noble
~Bedford/St.
Martin's
Blizzard Entertainment
California dept Child Support Services
Dropbox
Emory Healthcare
Formspring
Gamigo
Global Payments
Greek gov
Iranian banks (Saderat, Eghtesad
Novin, and Saman)
KT Corporation
LinkedIn, eHarmony,
Last.fm
Massive usbiz hack incl 7-Eleven & Nasdaq
US Medicaid
Militarysingles.com
New York State
Electric & Gas
Office of the Texas Attorney
General
Rambler.ru
South Carolina gov
Syrian gov (Syria Files)
TD Bank
Yahoo! Voices
Zappos
2011
Accendo Insurance Co.
Bethesda Game Studios
China
Software Developer Network
CN gaming sites (Duowan, 7K7K, 178.com)
Citigroup
Countrywide Financial Corp
Eisenhower Medical Center
Health Net — IBM
Honda Canada
Massachusetts Gov
Memorial
Healthcare Sys
Morgan
Stanley Smith Barney
Nemours Foundation
Nexon Korea Corp
NHS
Oregon
Department of Transportation
Restaurant
Depot
RSA
SecurID
(EMC) 2FA
San
Francisco Public Utilities Commission
Sega
Sony
Online Entertainment
Sony Pictures
Sony PlayStation Network
Southern California Medical-Legal Consultants
Spartanburg
Regional Healthcare System
State of
Texas
Steam
Stratfor
Sutter Medical Center
Tianya Club
Tricare
U of Wisconsin–Milwaukee
US Army
US law enforcement (70 different
agencies)
Washington
Post
Writerspace.com
2010
Ankle & Foot Center of Tampa Bay, Inc.
AT&T
Betfair
Colorado gov
Educational
Credit Management Corporation
Embassy Cables
Emergency Healthcare Physicians, Ltd.
Federal Reserve
Bank of Cleveland
Gawker
JP Morgan
Chase
Lincoln Medical &
Mental Health Center
New York City Health
& Hospitals Corp.
Ohio State University
Puerto Rico
Department of Health
Seacoast Radiology, PA
South Shore Hospital, Massachusetts
Triple-S Salud, Inc.
US Army
(classified Iraq War docs)
US gov
(US diplomatic cables)
Yale University
2009 Affinity Health Plan, Inc.
AvMed, Inc.
BlueCross
BlueShield of Tennessee
CheckFree Corporation
Health Net
Heartland
Network Solutions
RockYou!
UC Berkeley
U.S. Department
of Defense
Nat
Archives & Records Adm (US mil vet)
National Guard
of the United States
Virginia Department of
Health
Virginia Prescription
Monitoring Program
2008 AT&T
Auction.co.kr
The Bank of New York
Mellon
Data Processors Intl: MC Visa Disc AX
GS Caltex
Jefferson County,
West Virginia
Ministry of Education
(Chile)
Norwegian Tax
Administration
RBS Worldpay
Service
Personnel and Veterans Agency (UK)
Stanford University
Starbucks
UK Home
Office
UK
Ministry of Defence
U of Miami
U of Utah
Hospital & Clinics
2007 City and Hackney Teaching
Primary Care Trust
Compass Bank
Dai Nippon Printing
UK Driving Standards Agency
Fidelity National Information Services
Gap Inc.
Hannaford Brothers
Supermarket Chain
Monster.com
TD Ameritrade
Texas Lottery
TK / TJ Maxx
UK
Revenue & Customs
2006 AOL
Countrywide Financial Corp
Hewlett
Packard
KDDI
T-Mobile, Deutsche Telecom
U.S.
Department of Veteran Affairs
2005 Ameritrade
Automatic Data Processing
CardSystems Solutions: MC Visa Disc AX
Citigroup
Bank of America
DSW Inc.
2004
AOL
|