Welcome to a new year! Following our Christmas break, we’re rounding up two weeks’ worth of the biggest and most interesting news stories.
At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks.
We’ll also soon publish our 2023 review of publicly disclosed incidents and records known to be breached across the year, as well as our quarterly report, so keep an eye on our blog.
Publicly disclosed data breaches and cyber attacks: in the spotlight
Unprotected Real Estate Wealth Network database exposes more than 1.5 billion records
The security researcher Jeremiah Fowler discovered an unprotected database exposing more than 1.5 billion records containing property ownership data related to millions of people. The logging records indicated that the files belonged to the New York-based company Real Estate Wealth Network. Fowler contacted the company, which secured the database.
According to Fowler, the exposed data included information on property owners, sellers, investors, internal user logging data, and more. The property owners allegedly included numerous celebrities, whose street address; purchase price and date; mortgage company; mortgage loan amount; tax ID numbers; taxes owed, paid or due; and other information was available.
Data breached: 1,523,776,691 records.
TuneFab exposes more than 151 million records via misconfigured database
TuneFab – a platform that converts music from popular streaming platforms, including Spotify, Apple Music, YouTube and Audible, to other formats – has exposed more than 151 million data records, including users’ IP addresses, user area, user IDs, emails and device information.
The security researcher Bob Diachenko identified the leak in September and contacted TuneFab, which fixed the misconfiguration within 24 hours.
Data breached: >151,000,000 records.
Dori Media Group allegedly had more than 100 TB of data exfiltrated
The MalekTeam Group claims to have destroyed more than 100 TB of data from Dori Media Group, an international group of media companies in Israel, Switzerland, Argentina, Spain and Singapore. The group is threatening to leak the exfiltrated data.
Data breached: >100 TB.
Publicly disclosed data breaches and cyber attacks: full list
The past two weeks, we’ve found 2,038,302,060 records known to be compromised, and 797 organisations suffering a newly disclosed incident. 711 of them are known to have had data exfiltrated, exposed or breached. Only 5 definitely haven’t had data breached.
We’ve also found 50 organisations providing a significant update on a previously disclosed incident.
| Organisation name | Sector | Location | Data exfiltrated? | Known records breached |
| Real Estate Wealth Network Source 1; source 2 (New) |
Real estate | USA | Unknown | 1,523,776,691 |
| TuneFab Source (New) |
Software | Hong Kong | Unknown | >151,000,000 |
| Dori Media Group Source (New) |
Media | Israel | Yes | >100 TB |
| Rosvodokanal Source (New) |
Utilities | Russia | Yes | 50 TB breached; 1.5 TB exfiltrated |
| Comcast Cable Communications, LLC (Xfinity) Source 1; source 2 (New) |
Telecoms | USA | Yes | 35,879,455 |
| Tecnoquadri Srl Source (New) |
Manufacturing | Italy | Yes | 33,000,000 |
| Asia Insurance Co. Source 1; source 2 (New) |
Insurance | Iran | Yes | 26,000,000 |
| Snappfood Source 1; source 2 (New) |
Software | Iran | Yes | >20,000,000 |
| Alborz Insurance Company Source 1; source 2 (New) |
Insurance | Iran | Yes | 19,500,000 |
| Dana Insurance Source 1; source 2 (New) |
Insurance | Iran | Yes | 15,500,000 |
| Razi Insurance Company Source 1; source 2 (New) |
Insurance | Iran | Yes | 11,000,000 |
| Atieh Insurance Source 1; source 2 (New) |
Insurance | Iran | Yes | 11,000,000 |
| Moallem Insurance Co. Source 1; source 2 (New) |
Insurance | Iran | Yes | 10,000,000 |
| Saman Insurance Source 1; source 2 (New) |
Insurance | Iran | Yes | 9,800,000 |
| Day Insurance Source 1; source 2 (New) |
Insurance | Iran | Yes | 8,700,000 |
| Novin Insurance Source 1; source 2 (New) |
Insurance | Iran | Yes | 7,400,000 |
| Kowsar Insurance Source 1; source 2 (New) |
Insurance | Iran | Yes | 7,000,000 |
| IranMoein Insurance Company Source 1; source 2 (New) |
Insurance | Iran | Yes | 6,100,000 |
| Sina Insurance Source 1; source 2 (New) |
Insurance | Iran | Yes | 6,000,000 |
| Karafarin Insurance Company Source 1; source 2 (New) |
Insurance | Iran | Yes | 5,000,000 |
| Mihan Insurance Source 1; source 2 (New) |
Insurance | Iran | Yes | 5,000,000 |
| INTEGRIS Health Source 1; source 2 (New) |
Healthcare | USA | Yes | 4,674,000 |
| St Vincent’s Health Australia Source 1; source 2 (New) |
Healthcare | Australia | Yes | >3,000,000 |
| Ohio Lottery Source 1; source 2 (New) |
Leisure | USA | Yes | >3,000,000 |
| Arman Insurance Source 1; source 2 (New) |
Insurance | Iran | Yes | 3,000,000 |
| Bharat Sanchar Nigam Limited Source (New) |
Telecoms | India | Yes | 2,900,000 |
| MA Insurance Company Source 1; source 2 (New) |
Insurance | Iran | Yes | 2,800,000 |
| Parsian Insurance Source 1; source 2 (New) |
Insurance | Iran | Yes | 2,700,000 |
| ESO Source (New) |
Software | USA | Yes | 2,700,000 |
| CIE Automotive Source (New) |
Manufacturing | Spain | Yes | 2.6 TB |
| Yale New Haven Health Source (New) |
Healthcare | USA | Yes | 1,930,870 |
| Sarmad Insurance Source 1; source 2 (New) |
Insurance | Iran | Yes | 1,8000,000 |
| Taavon Insurance Source 1; source 2 (New) |
Insurance | Iran | Yes | 1,600,000 |
| Tejarat Insurance Source 1; source 2 (New) |
Insurance | Iran | Yes | 1,500,000 |
| Xeinadin Group Source (New) |
Finance | UK | Yes | 1.5 TB |
| LoanCare (Fidelity National Financial) Source (New) |
Finance | USA | Yes | 1,316,938 |
| Insomniac Games (Sony) Source 1; source 2 (Update) |
Software | USA | Yes | 1,300,000 |
| United Network for Organ Sharing Source 1; source 2 (New) |
Healthcare | UK | Unknown | 1,200,000 |
| Unknown organisation(s) Source (New) |
Unknown | Unknown | Yes | 1,169,843 |
| Israel Electric Corporation Source (New) |
Utilities | Israel | Yes | 1 TB |
| Corewell Health Source (New) |
Healthcare | USA | Yes | 1,000,000 |
| Ateam Inc. Source 1; source 2 (New) |
Software | Japan | Unknown | 935,779 |
| Transformative Healthcare (Fallon Ambulance Service) Source (New) |
Healthcare | USA | Yes | 911,757 |
| Ubisoft Source 1; source 2 (New) |
Software | France | Yes | 900 GB |
| BITMAIN Source (New) |
Blockchain | China | Yes | 812,000 |
| ASA Holidays Source (New) |
Leisure | Singapore | Yes | 736 GB |
| GDI Integrated Facility Services Source (New) |
Professional services | Canada | Yes | 700 GB |
| Goyzer Source (New) |
Software | UAE | Unknown | 690,000 |
| Orrick, Herrington & Sutcliffe LLP Source (Update) |
Legal | USA | Yes | 637,620 |
| Smulders Source (New) |
Construction | Belgium | Yes | >600 GB |
| The Webb Law Firm Source (New) |
Legal | USA | Yes | 578 GB |
| WKW.automotive Source (New) |
Manufacturing | Germany | Yes | 575 GB |
| Auto Handel Puławy Source (New) |
Retail | Poland | Yes | >505,000 |
| American Alarm and Communications, Inc. Source 1; source 2 (New) |
Professional services | USA | Yes | 504 GB |
| PC Market Source (New) |
Retail | Uzbekistan | Yes | >500,000 |
| Omid Insurance Company Source 1; source 2 (New) |
Insurance | Iran | Yes | 500,000 |
| Electrical Connections Source (New) |
Manufacturing | Australia | Yes | 465 GB |
| The Retina Group of Washington Source (New) |
Healthcare | USA | Yes | 455,935 |
| PriceSmart Source 1; source 2 (New) |
Retail | USA | Yes | 420 GB |
| Bay Orthopedic & Rehabilitation Supply Co. Inc. Source (New) |
Manufacturing | USA | Yes | >400 GB |
| Hafez Insurance Co. Source 1; source 2 (New) |
Insurance | Iran | Yes | 400,000 |
| Unknown Malaysian organisation(s) Source (New) |
Unknown | Malaysia | Yes | 335,000 |
| Di Martino Group Source (New) |
Transport | Italy | Yes | 320 GB |
| Charisma Life Insurance Co. Source 1; source 2 (New) |
Insurance | Iran | Yes | 300,000 |
| Coop Sverige Source 1; source 2; source 3 (New) |
Retail | Sweden | Yes | 257 GB |
| GAV Systems Group Source (New) |
IT services | Israel | Yes | >250,000 |
| NIDEC GPM Group Source (New) |
Manufacturing | Germany | Yes | 246 GB |
| Quaker Windows & Doors Source (New) |
Retail | USA | Yes | 233 GB |
| PBS Systems Source (New) |
Software | Canada | Yes | 202 GB |
| Universidad Quindío Source 1; source 2 (Update) |
Education | Columbia | Yes | 200,000 |
| Bunker Hill Community College Source (New) |
Education | USA | Yes | 195,588 |
| United Nations Security Council Source (New) |
Defence | USA | Yes | 188,000 |
| Blink Mobility (Blink Charging) Source (New) |
Transport | USA | Unknown | 181,000 |
| Tridon Australia Source (New) |
Retail | Australia | Yes | 175 GB |
| Hunter Buildings Source (New) |
Construction | USA | Yes | 166 GB |
| Bachoco Source (New) |
Manufacturing | Mexico | Yes | 130 GB |
| HealthEC, LLC and MD Value Care Source (New) |
IT services and healthcare | USA | Yes | 112,005 |
| Navigation Financial Group Source (New) |
Finance | USA | Yes | 111 GB |
| National Nail Source (New) |
Manufacturing | USA | Yes | 111 GB |
| DBM Group Source (New) |
Professional services | USA | Yes | 110 GB |
| Staffing service company contracted to the Ministry of Economy, Trade and Industry Source (New) |
Professional services and public | Japan | Yes | 110,000 |
| Chuze Fitness Source (New) |
Leisure | USA | Yes | >100,000 |
| Banco Promerica de la República Dominicana Source 1; source 2 (New) |
Finance | Dominican Republic | Yes | >100 GB |
| Nissan Australia Source 1; source 2 (Update) |
Retail | Australia | Yes | 100 GB |
| Yakult Australia Pty. Ltd. Source 1; source 2 (New) |
Manufacturing | Australia | Yes | 95.19 GB |
| Bladen County Public Library Source (New) |
Public | USA | Yes | 85 GB |
| National Amusements Source (New) |
Leisure | USA | Yes | 82,128 |
| Enstar Group Limited Source 1; source 2 (Update) |
Insurance | USA | Yes | 71,301 |
| Kimco Staffing Services, Inc. Source (New) |
Professional services | USA | Yes | 69,687 |
| Vi Living Source (New) |
Healthcare | USA | Yes | 61,425 |
| Rockford Gastroenterology Associates Source (New) |
Healthcare | USA | Yes | 56 GB |
| FranConnect Source (New) |
Software | USA | Yes | 56,000 |
| Larlyn Property Management Ltd. Source (New) |
Real estate | Canada | Yes | 54 GB |
| ACE Air Cargo Source (New) |
Transport | USA | Yes | 52.6 GB |
| Universidad de La Punta Source (New) |
Education | Argentina | Yes | 47,562 (95,123 lines; probably half repeated) |
| Unfallkasse Thüringen Source (New) |
Insurance | Germany | Yes | 45 GB |
| Protektor24.ru Source (New) |
Retail | Russia | Yes | 38,694 |
| Richmont Graduate University Source (New) |
Education | USA | Yes | 37 GB |
| CBIZ KA Source 1; source 2; source 3 (Update) |
Healthcare | USA | Yes | 36,295 |
| La Red Health Center Source (New) |
Healthcare | USA | Yes | 35,602 |
| Kinetic Leasing, Inc. Source (New) |
Finance | USA | Yes | 33.96 GB |
| ZONE SOFT Source (New) |
Software | Portugal | Yes | 32 GB |
| Eye Physicians of Central Florida Source 1; source 2 (Update) |
Healthcare | USA | Yes | 31,189 |
| Intervent Ltd Source (New) |
Retail | Finland | Yes | >30,537 |
| Ultra Intelligence & Communications Source (New) |
Defence | USA | Yes | 30 GB |
| SmartTeck Next Ltd Source (New) |
Retail | UK | Yes | 29,000 |
| University of Innsbruck Source (New) |
Education | Austria | Yes | 23,000 |
| St. Lucie County Tax Collector’s Office Source (New) |
Public | USA | Yes | 22,403 |
| Clay County Social Services and Next Chapter Technology (CaseWorks) Source 1; source 2 (New) |
Public and software | USA | Yes | 22,005 |
| Estes Express Lines Source (New) |
Transport | USA | Yes | 21,184 |
| Bellin Health Source 1; source 2 (New) |
Healthcare | USA | Yes | 20,790 |
| Scafos Source (New) |
Retail | Denmark | Yes | 20,543 |
| Ramailo Source 1; source 2 (New) |
Software | Nepal | Yes | >20,000 |
| International Electronic Machines Corporation Source (New) |
Transport | USA | Yes | 16 GB |
| AEON Philippines Source (New) |
Finance | Philippines | Yes | >15.77 GB |
| ZOLL Medical Corporation Source (New) |
Manufacturing | USA | Yes | 15,276 |
| Karanganyar Regency Source (New) |
Public | Indonesia | Yes | 13,000 |
| Bell Group Source (New) |
Professional services | UK | Yes | 9 GB |
| TTM Technologies Source (New) |
Manufacturing | USA | Yes | 7,333 |
| Citrin Cooperman Source (New) |
Professional services | USA | Yes | 7,018 |
| Mallinstal Source (New) |
Retail | Romania | Yes | 5,000 |
| Universidad Nacional de Córdoba Source (New) |
Education | Argentina | Yes | 4,972 |
| Rush System for Health Source (New) |
Healthcare | USA | Yes | 4,961 |
| Exactech Source 1; source 2 (Update) |
Manufacturing | USA | Yes | 4,230 |
| ABNB Federal Credit Union Source (New) |
Finance | USA | Yes | 3,800 |
| HORNE, Cal-Maine Foods, Inc. and Citizens National Bank Source (New) |
Professional services, manufacturing and finance | USA | Yes | 3,538 |
| Mountain Dermatology Specialists, PC Source 1; source 2 (New) |
Healthcare | USA | Yes | 2,705 |
| College of the Canyons Source (New) |
Education | USA | Yes | >2,400 |
| Kenya Airways Source (New) |
Transport | Kenya | Yes | 2.12 GB |
| Helsinki and Uusimaa Hospital District Source 1; source 2 (Update) |
Healthcare | Finland | Yes | “a few thousand” |
| EasyPark Source 1; source 2 (New) |
Software | Europe, including UK | Yes | “thousands” |
| Garr Silpe, P.C. Source (New) |
Legal | USA | Yes | 1,933 |
| City Facilities Management (US) LLC Source (New) |
Professional services | USA | Yes | 1,854 |
| RevSpring and Waystar Source (New) |
IT services and software | USA | No | 1,706 |
| BlueCross BlueShield of Tennessee Source (New) |
Insurance | USA | Yes | 1,665 |
| Donald W. Wyatt Detention Facility Source (New) |
Public | USA | Yes | 1,454 |
| Brunswick Corporation Source (New) |
Manufacturing | USA | Yes | 1,400 |
| Noteboom Law Firm Source 1; source 2 (New) |
Legal | USA | Yes | 1,297 |
| Kirksey Architecture Source 1; source 2 (New) |
Construction | USA | Yes | 1,292 |
| McCarthy Fingar LLP Source (New) |
Legal | USA | Yes | 1,216 |
| Spudnik Equipment Company LLC Source (New) |
Manufacturing | USA | Yes | 1,164 |
| Instron Source (New) |
Manufacturing | USA | Yes | 1,059 |
| Bauer Built Source 1; source 2 (New) |
Manufacturing | USA | Yes | 1,005 |
| Servicio Nacional de Pesca y Acuicultura Source (New) |
Public | Chile | Yes | 1,004 |
| Tungaloy-NTK America, Inc. Source 1; source 2 (Update) |
Manufacturing | USA | Yes | 912 |
| Gobierno de la Provincia de Jujuy Source (New) |
Public | Argentina | Yes | 844 MB |
| Cumberland Advisors Source (New) |
Finance | USA | Yes | 805 |
| HEICO Source (New) |
Manufacturing | USA | Yes | 632 |
| AccessDx Lab Source (New) |
Healthcare | USA | Yes | 535 |
| 360 Physical Therapy Source (New) |
Healthcare | USA | Yes | 520 |
| CACI International Inc Source (New) |
IT services | USA | Yes | 520 |
| Cardiothoracic & Vascular Surgeons, PA Source 1; source 2; source 3 (New) |
Healthcare | USA | Yes | 500 |
| The Pennsylvania School for the Deaf Source (New) |
Education | USA | Yes | 489 |
| Ascentia Real Estate Holding Company, LLC Source 1; source 2; source 3 (New) |
Real estate | USA | Yes | 270 |
| Blackstone Valley Community Health Care Source (New) |
Healthcare | USA | Yes | >116 |
| Sabah State Government Source 1; source 2 (New) |
Public | Malaysia | Yes | 109 |
| Gnome Landscapes & Design Source (New) |
Professional services | USA | Yes | 39 |
| The Rowley Agency, LLC Source (New) |
Insurance | USA | Yes | 3 |
| Ronald & Elizabeth Brent Source (New) |
Finance | USA | Yes | 2 |
| One Albania, Eagle Mobile Sh.a and Air Albania Source 1; source 2; source 3; source 4 (New) |
Telecoms and transport | Albania | Yes | Unknown |
| IPSEN LOGISTICS GmbH Source (New) |
Transport | Algeria | Yes | Unknown |
| Bolsa de Cereales de Entre Ríos Source (New) |
Agriculture | Argentina | Yes | Unknown |
| CSM Ciencia al Servicio del Movimiento Source (New) |
Transport | Argentina | Yes | Unknown |
| Life Saving Victoria Source (New) |
Charity | Australia | Yes | Unknown |
| Sterling Homes Source (New) |
Construction | Australia | Yes | Unknown |
| Woollahra Libraries Source (New) |
Public | Australia | Yes | Unknown |
| Eagers Automotive Limited Source 1; source 2; source 3 (New) |
Retail | Australia | Yes | Unknown |
| SEACRET Australia (via Signature-IT) Source 1; source 2 (Update) |
Retail | Australia | Yes | Unknown |
| Richmond Windsor Taxis Source (New) |
Transport | Australia | Yes | Unknown |
| Belarusian Telegraph Agency Source 1; source 2 (New) |
Media | Belarus | Yes | Unknown |
| Prefeitura Municipal de Itabira Source (New) |
Public | Brazil | Yes | Unknown |
| Ontario Pork Source (New) |
Agricultural | Canada | Yes | Unknown |
| CatalX CTS Ltd. Source (New) |
Crypto | Canada | Yes | Unknown |
| Owen Quilty Professional Corporation Source (New) |
Finance | Canada | Yes | Unknown |
| Socadis Source (New) |
Manufacturing | Canada | Yes | Unknown |
| Enbridge Gas Source (New) |
Utilities | Canada | Yes | Unknown |
| Zurcher Odio & Raven Source (New) |
Legal | Costa Rica | Yes | Unknown |
| CONTIMADE Source (New) |
Manufacturing | Czech Republic | Yes | Unknown |
| Concept Data A/S Source (New) |
Software | Denmark | Yes | Unknown |
| CETEC Ingénierie Source (New) |
Construction | France | Yes | Unknown |
| ESEPAC Source (New) |
Education | France | Yes | Unknown |
| CURVER (via Signature-IT) Source 1; source 2 (Update) |
Manufacturing | France | Yes | Unknown |
| Tecnifibre Source (New) |
Manufacturing | France | Yes | Unknown |
| DYWIDAG Source (New) |
Construction | Germany | Yes | Unknown |
| International School of Management Source (New) |
Education | Germany | Yes | Unknown |
| Katholische Hospital-vereinigung Ostwestfalen Source 1; source 2 (New) |
Healthcare | Germany | Yes | Unknown |
| BKF Fleuren Source (New) |
Manufacturing | Germany | Yes | Unknown |
| GRAF (via Signature-IT) Source 1; source 2 (Update) |
Manufacturing | Germany | Yes | Unknown |
| PARAT Technology GmbH + Co. KG Source (New) |
Manufacturing | Germany | Yes | Unknown |
| Schoepe Display GmbH Source (New) |
Professional services | Germany | Yes | Unknown |
| BlueBrixx Source 1; source 2 (New) |
Retail | Germany | Yes | Unknown |
| 443 online merchants Source (New) |
Unknown | Greece, Albania, Belgium, Bosnia and Herzegovina, Colombia, Croatia, Finland, Germany, Georgia, Hungary, Moldova, Netherlands, Poland, Romania, Spain, UK and USA | Yes | Unknown |
| Neutronics Manufacturing Company Source (New) |
Manufacturing | India | Yes | Unknown |
| Shri Lakshmi Agro Foods Private Limited Source (New) |
Manufacturing | India | Yes | Unknown |
| Nearly 70% of Iran’s gas stations Source (New) |
Energy | Iran | Yes | Unknown |
| Colleran Accountants Source (New) |
Finance | Ireland | Yes | Unknown |
| Levana Protocol Source 1; source 2 (New) |
Blockchain | Israel | Yes | Unknown |
| Navitas Petroleum Source (New) |
Energy | Israel | Yes | Unknown |
| RESERVED Israel, Carter’s | Oshkosh Israel, Toyota Israel, Carolina Lemke Israel, Toys R Us Israel, Brother Israel, ERCO LTD, Super-Pharm, Bconnect Technologies, SodaStream, BERMAD Israel, Lumenis, Zoko Enterprises, ICL Industrial Products, Maytronics, PALRAM Industries, TEFEN Flow and Dosing Technologies Ltd., TELDOR Cables & Systems Ltd., NaanDan (Rivulus), Scope Metals Group, Biopet ltd, Shefa Online, Techno-Rezef, Radware, MAX-Security Solutions Ltd., Israel Innovation Authority, Israel Securities Authority, The Academic College of Tel-Aviv–Yaffo, GS1 Israel, Udi Dagan Insurance Agency and Allot Ltd. (All via Signature-IT) Source 1; source 2; source 3 (Update) |
Retail, manufacturing, transport, IT services, professional services, public, education, non-profit, insurance and telecoms | Israel | Yes | Unknown |
| Telcoin Source (New) |
Blockchain | Japan | Yes | Unknown |
| Abdali Hospital Source 1; source 2 (New) |
Healthcare | Jordan | Yes | Unknown |
| Kaunas University of Technology Source 1; source 2 (New) |
Education | Lithuania | Yes | Unknown |
| LCGB Source (New) |
Professional services | Luxembourg | Yes | Unknown |
| Consultores e Investigadores en Administración S.C. Source (New) |
Finance | Mexico | Yes | Unknown |
| Transportes Castores Source (New) |
Transport | Mexico | Yes | Unknown |
| Walkro Source (New) |
Agricultural | Netherlands | Yes | Unknown |
| Succes Schoonmaak Source (New) |
Professional services | Netherlands | Yes | Unknown |
| University of Ilorin Source (New) |
Education | Nigeria | Yes | Unknown |
| Okada Manila Source 1; source 2 (Update) |
Hospitality | Philippines | Yes | Unknown |
| Zamfirescu Racoți Vasile & Partners Source (New) |
Legal | Romania | Yes | Unknown |
| Elektroprivreda Srbije Source 1; source 2 (New) |
Energy | Serbia | Yes | Unknown |
| DESign Group Source (New) |
Manufacturing | South Africa | Yes | Unknown |
| Avesco Rent SA Source (New) |
Manufacturing | Switzerland | Yes | Unknown |
| Brintons Source (New) |
Manufacturing | UK | Yes | Unknown |
| Denford Limited Source (New) |
Manufacturing | UK | Yes | Unknown |
| Golden Coast (Pollet Pool Group) Source (New) |
Manufacturing | UK | Yes | Unknown |
| Jon Richard Source (New) |
Retail | UK | Yes | Unknown |
| State Service of Maritime and River Transport of Ukraine Source (New) |
Public | Ukraine | Yes | Unknown |
| Fager-McGee Commercial Construction, Inc. Source (New) |
Construction | USA | Yes | Unknown |
| Integrated Geotechnical Solutions, Inc. Source (New) |
Construction | USA | Yes | Unknown |
| WELBRO Building Corporation Source (New) |
Construction | USA | Yes | Unknown |
| Thunder (thunder.gg) Source (New) |
Crypto | USA | Yes | Unknown |
| Milton Town School District Source 1; source 2 (New) |
Education | USA | Yes | Unknown |
| Armstrong Consultants Source (New) |
Engineering | USA | Yes | Unknown |
| JAE Oregon Source (New) |
Engineering | USA | Yes | Unknown |
| Recology Source 1; source 2 (New) |
Environmental | USA | Yes | Unknown |
| Colony Family Offices Source 1; source 2 (New) |
Finance | USA | Yes | Unknown |
| ML & CO Source (New) |
Finance | USA | Yes | Unknown |
| Sharonview Federal Credit Union Source 1; source 2 (New) |
Finance | USA | Yes | Unknown |
| The Middlefield Banking Company Source 1; source 2 (New) |
Finance | USA | Yes | Unknown |
| Fresno Surgical Hospital Source (New) |
Healthcare | USA | Yes | Unknown |
| Liberty Hospital Source (New) |
Healthcare | USA | Yes | Unknown |
| Meridian Behavioral Healthcare, Inc. Source 1; source 2 (New) |
Healthcare | USA | Yes | Unknown |
| NYBRA Plastic Surgery Source (New) |
Healthcare | USA | Yes | Unknown |
| OptumRx Source (New) |
Healthcare | USA | Yes | Unknown |
| ThedaCare Source (New) |
Healthcare | USA | Yes | Unknown |
| Valley Health System Source (New) |
Healthcare | USA | Yes | Unknown |
| Olde Towne Pet Resorts Source (New) |
Hospitality | USA | Yes | Unknown |
| Orchard Foods Source (New) |
Hospitality | USA | Yes | Unknown |
| Dentegra Insurance Company Source 1; source 2 (New) |
Insurance | USA | Yes | Unknown |
| DataNet Systems Corporation Source (New) |
IT services | USA | Yes | Unknown |
| Cullman County Courthouse Source 1; source 2 (New) |
Legal | USA | Yes | Unknown |
| Davis, Cedillo & Mendoza, Inc. Source (New) |
Legal | USA | Yes | Unknown |
| Kaufman Borgeest & Ryan LLP Source (New) |
Legal | USA | Yes | Unknown |
| Richard Harris Law Firm Source (New) |
Legal | USA | Yes | Unknown |
| Wolf Haldenstein Adler Freeman & Herz LLP Source (New) |
Legal | USA | Yes | Unknown |
| C.M. Paula Company Source (New) |
Manufacturing | USA | Yes | Unknown |
| Delphinus Engineering, Inc. Source (New) |
Manufacturing | USA | Yes | Unknown |
| Packaging Solutions, Inc. Source (New) |
Manufacturing | USA | Yes | Unknown |
| Panasonic Avionics Corporation Source (Update) |
Manufacturing | USA | Yes | Unknown |
| Peco Foods, Inc. Source (New) |
Manufacturing | USA | Yes | Unknown |
| Qorvo, Inc. Source (New) |
Manufacturing | USA | Yes | Unknown |
| Viking Therapeutics, Inc. Source 1; source 2 (New) |
Manufacturing | USA | Yes | Unknown |
| Vyera Pharmaceuticals, LLC Source (New) |
Manufacturing | USA | Yes | Unknown |
| Waldner’s Business Environments Source (New) |
Manufacturing | USA | Yes | Unknown |
| Whitlam Group Source (New) |
Manufacturing | USA | Yes | Unknown |
| Employ Milwaukee Source (New) |
Professional services | USA | Yes | Unknown |
| Unite Here Source (New) |
Professional services | USA | Yes | Unknown |
| Lake County Health Department and Community Health Center Source (New) |
Public | USA | Yes | Unknown |
| Pickens County, SC Source (New) |
Public | USA | Yes | Unknown |
| Security 1st Title Source (New) |
Real estate | USA | Yes | Unknown |
| RCSB Protein Data Bank Source (New) |
Research | USA | Yes | Unknown |
| Horizon Spa & Pool Parts, Inc. Source (New) |
Retail | USA | Yes | Unknown |
| La Jolla Group Source (New) |
Retail | USA | Yes | Unknown |
| Xerox Source (New) |
Retail | USA | Yes | Unknown |
| DOB Systems Source (New) |
Software | USA | Yes | Unknown |
| Mint Mobile Source (New) |
Telecoms | USA | Yes | Unknown |
| Oradell Animal Hospital Source (New) |
Veterinary | USA | Yes | Unknown |
| Ace Hardware Corporation, Berkshire eSupply, Iscar Metals and SpaceX (All via Signature-IT) Source 1; source 2 (Update) |
Retail and manufacturing | USA | Yes | Unknown |
| Binance Source (New) |
Crypto | Unknown | Yes | Unknown |
| Bundes-ministerium für Arbeit und Wirtschaft Source (New) |
Public | Austria | Unknown | Unknown |
| oesterreich.gv.at Source (New) |
Public | Austria | Unknown | Unknown |
| Österreichische Beteiligungs AG Source (New) |
Public | Austria | Unknown | Unknown |
| A1 Telekom Austria Group Source (New) |
Telecoms | Austria | Unknown | Unknown |
| Balkan Investigative Reporting Network Source (New) |
Media | Bosnia and Herzegovina | Unknown | Unknown |
| Kitco Metals Inc. Source (New) |
Finance | Canada | Unknown | Unknown |
| Special Jurisdiction for Peace Source (New) |
Legal | Columbia | Unknown | Unknown |
| Zewail City of Science and Technology Source (New) |
Education | Egypt | Unknown | Unknown |
| Kuvempu University Source 1; source 2 (New) |
Education | India | Unknown | Unknown |
| HCLTech Source 1; source 2 (New) |
IT services | India | Unknown | Unknown |
| Madhya Pradesh’s e-Nagarpalika portal Source (New) |
IT services | India | Unknown | Unknown |
| Bharatiya Janata Party Source (New) |
Public | India | Unknown | Unknown |
| BMW Kun Exclusive Source (New) |
Retail | India | Unknown | Unknown |
| Automatic storage retrieval system at Western Railway’s Lower Parel workshop Source (New) |
Transport | India | Unknown | Unknown |
| Fanavaran Source (New) |
IT services | Iran | Unknown | Unknown |
| Azienda USL di Bologna Source (New) |
Healthcare | Italy | Unknown | Unknown |
| Petrojam Limited Source (New) |
Energy | Jamaica | Unknown | Unknown |
| inwi Source (New) |
Telecoms | Morocco | Unknown | Unknown |
| Hospital El Maestro Source (New) |
Healthcare | Puerto Rico | Unknown | Unknown |
| Evotor Source (New) |
Manufacturing | Russia | Unknown | Unknown |
| Bitrix24 Source (New) |
Software | Russia | Unknown | Unknown |
| Saudi Central Bank – SAMA Source (New) |
Finance | Saudi Arabia | Unknown | Unknown |
| Comtrade Group Source (New) |
IT services | Serbia | Unknown | Unknown |
| YG Entertainment Source (New) |
Leisure | South Korea | Unknown | Unknown |
| Rajamangala University of Technology Tawan-ok Source (New) |
Education | Thailand | Unknown | Unknown |
| The National Insurance Board of Trinidad and Tobago Source (New) |
Insurance | Trinidad and Tobago | Unknown | Unknown |
| Trabzon Üniversitesi Source (New) |
Education | Turkey | Unknown | Unknown |
| United Arab Bank Source (New) |
Finance | UAE | Unknown | Unknown |
| 24 Media Studies Source (New) |
Media | UAE | Unknown | Unknown |
| Darent Valley Hospital Source (New) |
Healthcare | UK | Unknown | Unknown |
| Travel South Yorkshire Source (New) |
Transport | UK | Unknown | Unknown |
| Blaine County School District Source (New) |
Education | USA | Unknown | Unknown |
| First American Source (New) |
Finance | USA | Unknown | Unknown |
| Anna Jaques Hospital Source (New) |
Healthcare | USA | Unknown | Unknown |
| SiriusXM Source (New) |
Leisure | USA | Unknown | Unknown |
| Tarrytown Expocare Pharmacy Source (New) |
Manufacturing | USA | Unknown | Unknown |
| Michigan Department of Transportation (Charlevoix) Source (New) |
Public | USA | Unknown | Unknown |
| Washington County Source (New) |
Public | USA | Unknown | Unknown |
| Downfall (Steam Standalone) Source (New) |
Software | USA | Unknown | Unknown |
| Microsoft OneDrive Source (New) |
Software | USA | Unknown | Unknown |
| Pinterest Source (New) |
Software | USA | Unknown | Unknown |
| Twitch Source (New) |
Software | USA | Unknown | Unknown |
| Vietnam Electricity Source (New) |
Utilities | Vietnam | Unknown | Unknown |
| More than 40 banks Source (New) |
Finance | North America, South America, Europe and Japan | Unknown | Unknown |
| Rioat Apps (Clash Base Designer) Source (New) |
Software | Unknown | Unknown | Unknown |
| Urban primary health centres in Bharathipuram, Old Washermenpet and Harinaraya-napuram Source (New) |
Healthcare | India | No | Unknown |
| Parliament of Albania Source (New) |
Public | Albania | No | 0 |
| Ryanair Source (New) |
Transport | Ireland | No | 0 |
| CHI Memorial Source (New) |
Healthcare | USA | No | 0 |
| LNP Media Group Source (New) |
Media | USA | No | 0 |
| Small Press Distribution Source 1; source 2 (New) |
Retail | USA | No | 0 |
Note: ‘New’/‘Update’ in the first column refers to whether this breach was first publicly disclosed this fortnight, or whether a significant update was released this fortnight. The updated data point is italicised in the table.
AI
New ISO 42001 standard on artificial intelligence management systems
ISO has published the world’s first AIMS (artificial intelligence management system) standard, ISO/IEC 42001:2023 – Information technology – Artificial intelligence – Management system. The Standard aims to help organisations derive value from AI safely and efficiently. UKAS (the UK’s national accreditation body) is inviting certification bodies to express an interest in certifying organisations against ISO 42001.
NIST seeks information to support response to Executive Order on AI
NIST has issued a request for information to help it meet its responsibilities under the recent Executive Order on Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. Responses will be accepted until 2 February.
OpenAI patches ChatGPT vulnerability
OpenAI has fixed a data exfiltration bug in ChatGPT, although Johann Rehberger, the researcher who discovered the vulnerability last April, says attackers can still exploit it under certain conditions. The fix is also yet to be implemented on the iOS mobile app, which remains at risk.
Enforcement
FBI develops ALPHV/BlackCat ransomware decryption tool
The US Justice Department has announced a disruption campaign against the prolific APLHV/BlackCat ransomware group, including a decryption tool developed by the FBI. The FBI has so far used the tool to help more than 500 ALPHV/BlackCat victims restore their systems, saving them approximately $68 million in potential ransom payouts.
FCC adopts updated data breach notification rules
The Federal Communications Commission has adopted an update to its 16-year-old data breach notification rules for telecoms, interconnected VoIP (Voice over Internet Protocol) and TRS (telecoms relay services) providers. Phone companies are now accountable for protecting sensitive customer information, and customers can protect themselves if their data is compromised.
INTERPOL Operation HAECHI IV disrupts international online financial crime operation
A multinational police operation in 34 countries, Operation HAECHI IV, blocked 82,112 suspicious bank accounts, seizing a combined $199 million in hard currency and $101 million in virtual assets, and made nearly 3,500 arrests.
Other news
Tallinn Mechanism established to bolster Ukraine’s cyber security
The foreign ministries of Canada, Denmark, Estonia, France, Germany, the Netherlands, Poland, Sweden, the UK and the USA have formalised the Tallinn Mechanism, which aims to coordinate and facilitate civilian cyber capacity building to help Ukraine uphold its fundamental right to self-defence in cyber space, and address longer-term cyber resilience needs.
CISA announces update to cyber threat information sharing
CISA has announced that it is modernising its approach to cyber threat information sharing. It has identified three key areas of progress, including launching threat intelligence enterprise services to simplify information sharing.
The ICO has updated its guide to using BCRs (binding corporate rules) to provide appropriate safeguards when making restricted transfers of personal data within multinational corporate groups. The updated guidance includes details about the new UK BCR Addendum.
Key dates
4 January 2024 – Google starts testing its Tracking Protection feature to block third-party cookies in Chrome
Google is testing a system designed to block third-party cookies by default in the Chrome browser, with the aim of phasing out third-party cookies for all users by the second half of the year. The test will affect 1% of Chrome’s global users, with participants selected randomly. Meanwhile, the latest update to Google Maps will store users’ location history locally on their devices rather than in the Cloud. Among other effects, this will make it harder for law enforcement authorities to access users’ locations with so-called “geofence warrants”.
That’s it for this round-up. We hope you found it useful.
We’ll be back next week with the biggest and most interesting news stories, all rounded up in one place.
In the meantime, if you missed it, check out our previous round-up. Alternatively, you can view our full archive.
The post The Weeks in Cyber Security and Data Privacy: 18 – 31 December 2023 appeared first on IT Governance UK Blog.
