PhishProtection.com “Phishing Watchdog” Is A Timeline of All Major Phishing Attacks Reported As They Breakout
An Updated Feed of All Significant Phishing Attacks
This is a comprehensive and frequently updated resource page that lists all the significant Phishing Attacks as they are discovered and happen online. Each attack is summarized here with links to further information about each attack. The list below is updated instantly with threat details as soon as the attack is verified to be authentic.
27th July 2021 | Target: UC San Diego Health | Reported Here
UC San Diego Health, the academic health system of the University of California, San Diego, has disclosed a data breach after the compromise of some employees’ email accounts.
UC San Diego Health is one of the nation’s best hospitals, being repeatedly ranked as the best health care system in San Diego, according to the 2021-2022 U.S. News & World Report survey.
19th July 2021 | Target: Saudi Aramco | Reported Here
Saudi Aramco, the world’s largest oil producer, confirmed on Wednesday that some of its company files had been leaked via a contractor, after a cyber extortionist claimed to have seized troves of its data last month and demanded a $50 million ransom from the company.
Aramco said in a statement that it had “recently become aware of the indirect release of a limited amount of company data which was held by third-party contractors.” The oil company did not name the supplier or explain how the data were compromised.
18th July 2021 | Target: Campbell Conroy & O’Neil | Reported Here
Campbell Conroy & & O’Neil, P.C. (Campbell), a United States law firm counseling lots ofFortune 500 as well as Global 500 companies, has actually divulged an information violation complying with a February 2021 ransomware strike.
Campbell’s client list consists of top-level companies from different market markets, consisting of auto, aeronautics, power, insurance policy, pharmaceutical, retail, friendliness, as well as transport.
16th July 2021 | Target: Moldova’s Court | Reported Here
Moldova’s “Court of Audit” has suffered a cyber attack that has led to the destruction of public databases and agency audits.
The Moldovan Court of Accounts is a government authority that conducts audits of public financial resources and government agencies to comply with international standards.
15th July 2021 | Target: Comparis | Reported Here
Leading Swiss price comparison platform Comparis has notified customers of a data breach following a ransomware attack that hit and took down its entire network last week.
Comparis is one of the most popular Swiss websites with more than 80 million visits every year and the largest Swiss online marketplace for property and cars.
12th July 2021 | Target: Nepal Telecom | Reported Here
Nepal Telecom has been subjected to a terrible “cyber attack” from China. Chinese hackers have attacked Nepal Telecom and stolen the call details of all Nepali users.
By hacking the Oracle Glass Fish Server used by the telecom company, the Chinese hackers have stolen all the call details of Nepalis.
12th July 2021 | Target: Guess | Reported Here
American fashion brand Guess was hit by a ransomware attack, now the company is disclosing a data breach and is notifying affected customers.
The attack was likely carried out by the DarkSide ransomware gang that in April listed Guess on their data leak site claiming to have stolen over 200 GB of files.
10th July 2021 | Target: Mint Mobile | Reported Here
Carrier Mint Mobile has revealed it was the victim of a data breach, one which allowed a number of customer phone numbers to be ported out to another carrier, along with possible access to subscriber data.
An email sent on Saturday to affected customers by Mint Mobile discloses there was a breach of the carrier’s systems. The breach, which occurred between June 8 and June 10, reveals a “very small number of Mint Mobile subscribers’ phone numbers were affected by the incident.
9th July 2021 | Target: Forefront Dermatology | Reported Here
Forefront Dermatology S.C, a Wisconsin-based dermatology practice with affiliated offices in 21 states plus Washington, D.C., is notifying 2.4 million patients, employees and clinicians of a recent hacking incident. The incident apparently involved a ransomware strain known as “Cuba.”
8th July 2021 | Target: Morgan Stanley | Reported Here
Morgan Stanley suffered a data breach that exposed sensitive customer data, and it became the latest known casualty of hackers exploiting a series of now-patched vulnerabilities in Accellion FTA, a widely used third-party file-transfer service.
The data obtained included names, addresses dates of birth, social security numbers, and affiliated corporate company names, Morgan Stanley said in a letter first reported by Bleeping Computer. A third-party service called Guidehouse, which provides account maintenance services to the financial services company, was in possession of the data at the time.
6th July 2021 | Target: Gettr | Reported Here
Hackers were able to scrape the email addresses and other data of more than 90,000 GETTR users.
On Tuesday, a user of a notorious hacking forum posted a database that they claimed was a scrape of all users of GETTR, the new social media platform launched last week by Trump’s former spokesman Jason Miller, who pitched it as an alternative to “cancel culture.” The data seen by Motherboard includes email addresses, usernames, status, and location.
5th July 2021 | Target: Practicefirst | Reported Here
Practicefirst, an Amherst, New York-based medical management services provider, on July 1 reported to federal regulators a breach that occurred late last year.
The company’s breach notification statement appears to indicate that the firm paid a ransom in exchange for promises that the attackers would destroy and not further disclose files stolen in the incident.
2nd July 2021 | Target: Pacific Market Research (PMR) | Reported Here
Sensitive information on over 16,000 workers may have been exposed in a ransomware attack on a Renton market research company’s data system.
Pacific Market Research (PMR) “recently notified” the Washington state Department of Labor and Industries, one of its clients, about the May 22 attack, according to a Thursday L&I news release.
An unauthorized party accessed PMR’s network and encrypted their servers during the attack, affecting an L&I file with sensitive information, according to the release.
2nd July 2021 | Target: Arthur J. Gallagher (AJG) | Reported Here
Arthur J. Gallagher (AJG), a US-based global insurance brokerage and risk management firm, is mailing breach notification letters to potentially impacted individuals following a ransomware attack that hit its systems in late September.
“Working with the cybersecurity and forensic specialists to determine what may have happened and what information may have been affected, we determined that an unknown party accessed or acquired data contained within certain segments of our network between June 3, 2020 and September 26, 2020,” AJG said.
2nd July 2021 | Target: Kaseya | Reported Here
In a statement late Friday evening, Kaseya CEO Fred Voccola confirmed that the company’s Incident Response team caught wind of the attack mid-day and immediately shut down their SaaS servers as a precautionary measure, despite not having received any reports of compromise from any SaaS or hosted customers.
“[We] immediately notified our on-premises customers via email, in-product notices, and phone to shut down their VSA servers to prevent them from being compromised. We then followed our established incident response process to determine the scope of the incident and the extent that our customers were affected,” Voccola said.
29th June 2021 | Target: Microsoft | Reported Here
Microsoft has actually once more been efficiently struck by a dependency hijacking assault.
Previously, as initially reported by BleepingComputer, a scientist had morally hacked over 35 significant technology companies, consisting of Microsoft, by manipulating a weak point called “dependency confusion.”
This month, one more scientist discovered an npm interior dependency being made use of by an open-source task.
25th June 2021 | Target: Technisanc | Reported Here
Kochi-based cybersecurity and big data startup, Technisanct, has disclosed ‘serious data breach’ in a trading platform in India. Information of over 3.4 million customers were compromised, according to a statement from the cybersecurity startup. Personal Identifiable Information (PII) which includes name, customer ID, contact number, email ID, trade login ID, branch ID, city and country were leaked. The security breach was identified by Technisanct’s digital risk monitoring tool ‘Integrite’.
The data of the customers has been kept for sale on a data-sharing platform for 8 of their credits. The information was published on June 15 and the incident was reported to CERT by Technisanct.
23rd June 2021 | Target: Fleury Medical Diagnostics | Reported Here
This week, Brazilian healthcare giant Grupo Fleury suffered a ransomware attack. Business operations were impaired up to the point that systems had to be shut down, leaving patients unable to book appointments for labs and other medical examinations online.
On the 22nd of June, the Grupo Fleury website began displaying a warning message, alerting to the fact that its systems were suffering an attack, but that the company was doing its best to remediate the damage. The message also stated that “the causes of this unavailability originated from the attempted external attack on [their] systems, which are having operations re-established with all the resources and technical efforts for the rapid standardization of services.”
20th June 2021 | Target: Fertility Clinic | Reported Here
A Georgia-based fertility clinic has disclosed a knowledge breach after recordsdata containing delicate affected person data have been stolen throughout a ransomware assault.
Reproductive Biology Associates, LLC, (RBA) is a fertility clinic that recruits egg donors, retrieves eggs, and shops them for later use by recipients, together with these utilizing the MyEggBank service.
18th June 2021 | Target: Wegmans | Reported Here
Wegmans Food Markets were hit with a database breach that exposed customers’ information — name, address, email, birth date — but no social security numbers or financial information.
The Rochester, New York supermarket said in a press release that “a previously undiscovered configuration issue” led to two of its internal cloud databases being inadvertently left open to potential outside access. The company said it notified its customers that no financial information or social security numbers were involved since the company doesn’t collect or store that data.
17th June 2021 | Target: Carnival Cruise | Reported Here
Carnival Corp. said Thursday that a data breach in March might have exposed personal information about customers and employees on Carnival Cruise Line, Holland America Line and Princess Cruises.
In a letter to customers, the company indicated that outsiders might have gained access to Social Security numbers, passport numbers, dates of birth, addresses and health information of people.
17th June 2021 | Target: Cake Box | Reported Here
UK-based cake maker and retailer Cake Box Holdings Plc (CBOX.L) said on Thursday it had informed customers about a data breach in 2020 that might have compromised their personal information.
Shares of the company fell more than 8%. Cake Box said it had taken “appropriate steps to investigate the incident”.
16th June 2021 | Target: Gateley | Reported Here
Gateley, the UK-based legal and professional services group, has revealed that client data was accessed during a cyber-attack.
In a security alert published yesterday (June 16), the company said it took “some systems offline” after detecting unauthorized activity on its network.
It has since reestablished “core systems to enable us to continue to work and communicate with our clients, suppliers and intermediaries”.
15th June 2021 | Target: IKEA | Reported Here
Swedish furnishing conglomerate IKEA has been fined €1m ($1.2m) for illegally spying on its employees in France and storing their data.
The fine was ordered by a French court on Tuesday after a criminal probe launched in 2012 found that IKEA France had created an elaborate “spying system” to snoop on staff and on customers who had opened disputes.
IKEA, which has 29 stores in France, was found guilty of “receiving personal data by fraudulent means.”
14th June 2021 | Target: Stillwater Medical | Reported Here
The Stillwater Medical Center hospital system is responding to a major computer outage that briefly shut down emergency room operations Monday morning.
Staff discovered the incident Sunday, June 13, according to spokesperson Shyla Eggers. Ambulances were diverted to other hospitals from about midnight to 7 a.m. on Monday, she said.
12th June 2021 | Target: Audi, Volkswagen | Reported Here
Audi and Volkswagen have suffered a data breach affecting 3.3 million customers after a vendor exposed unsecured data on the Internet.
Volkswagen Group of America, Inc. (VWGoA) is the North American subsidiary of the German Volkswagen Group. It is responsible for US and Canadian operations for Volkswagen, Audi, Bentley, Bugatti, Lamborghini, and VW Credit, Inc.
12th June 2021 | Target: Intuit – TurboTax | Reported Here
Financial software company Intuit has notified TurboTax customers that attackers have accessed some of their personal and financial information after what appears to be a series of account takeover attacks.
In a breach notification letter sent to affected customers earlier this month, the company said it was not a “systemic Intuit data breach.”
11th June 2021 | Target: McDonald’s | Reported Here
McDonald’s Corp. said hackers stole some data from its systems in markets including the U.S., South Korea and Taiwan, in another example of cybercriminals infiltrating high-profile global companies.
The burger chain said Friday that it recently hired external consultants to investigate unauthorized activity on an internal security system, prompted by a specific incident in which the unauthorized access was cut off a week after it was identified, McDonald’s said. The investigators discovered that company data had been breached in markets including the U.S., South Korea and Taiwan, the company said.
10th June 2021 | Target: Edward Don | Reported Here
Edward Don, a foodservice company, was hit by a suspected ransomware attack that encrypted its network. The attack caused the company to shut down some of its operations to prevent the malware’s spread.
Owned and operated by the Don family since 1921, Edward Don and Company are one of the largest foodservice equipment and supplies distributors in the US. It sells such equipment as kitchen supplies, bar supplies, dinnerware, and flatware.
10th June 2021 | Target: CD Projekt | Reported Here
The CD Projekt Group, which owns Cyberpunk and Witcher developer CD Projekt Red, has warned that sensitive data — including that of its own employees — was likely exposed during a security breach earlier this year.
In a statement, the Polish developer said it has discovered new information about the breach, and now has reason to believe that some illegally gathered data is “currently being circulated on the internet.”
10th June 2021 | Target: Electronic Arts | Reported Here
Hackers have broken into gaming giant Electronic Arts, the publisher of Battlefield, FIFA, and The Sims, and stole a wealth of game source code and related internal tools, Motherboard has learned.
8th June 2021 | Target: ADATA | Reported Here
Leading Taiwan-based memory and storage manufacturer ADATA says a ransomware attack forced it to shut down systems after attacking its network in late May.
ADATA manufactures high-performance DRAM memory modules, NAND Flash memory cards, and other products, including mobile accessories, gaming products, electrical powertrains, and industrial solutions.
The company was ranked as the second largest manufacturer of DRAM memory and solid state drives (SSD). in 2018.
7th June 2021 | Target: ADATA | Reported Here
US truck and military vehicle manufacturer Navistar International Corp said on Monday that the company was targeted by a cyberattack.
In an 8-K US Securities and Exchange Commission filing published on Monday, Navistar said it became aware of a potential data breach last month, saying it received a claim that data had been stolen from its IT system. It’s unclear exactly what data was taken.
3rd June 2021 | Target: Fujifilm | Reported Here
Japanese multinational conglomerate Fujifilm has been forced to shut down parts of its global network after falling victim to a suspected ransomware attack.
The company, which is best known for its digital imaging products but also produces high-tech medical kit, including devices for rapid processing of COVID-19 tests, confirmed that its Tokyo headquarters was hit by a cyberattack on Tuesday evening.
2nd June 2021 | Target: Metropolitan Transportation Authority | Reported Here
The Metropolitan Transportation Authority, which operates New York City’s subway and bus systems, confirmed to Fox News on Wednesday that at least three of its 18 systems were hacked in April.
The MTA is critical infrastructure in a city that serves as a national and world financial center, among other roles New York plays in the economy.
1st June 2021 | Target: Spanish Ministry of Labor and Social Economy | Reported Here
The Ministry of Labor and Social Economy has suffered a new cyber attack. Just three months after the one suffered by the State Public Employment Service (SEPE), dependent on Labor. Through a brief message on Twitter, the Ministry of Labor has reported that it is being affected by a computer attack.
31st May 2021 | Target: Swedish Health Agency | Reported Here
The Swedish Public Health Agency shut down SmiNet, the country’s infectious disease database, on Thursday after it was the target of several hacking attempts.
SmiNet, which is also used to store electronic reports with statistics on COVID-19 infections, was closed on Thursday to investigate the attacks and came back online Friday night.
31st May 2021 | Target: JBS Food | Reported Here
Meat processor JBS has warned it could take the company some time to recover from an “organised cyber security attack” that has impacted servers in its Australian and North American operations.
The attack was first reported by industry news website Beefcentral, which quoted JBS Australia CEO Brent Eastwood saying that the full impact of the attack was still being assessed.
29th May 2021 | Target: Walmart | Reported Here
An ongoing domain name spoofing campaign is taking aim at retail giant Walmart and other big fish, with more than 540 malicious domains being used to harvest consumer information.
The scam domains are mimicking legitimate sites in name and appearance, in hopes of fooling visitors into entering their personal details, according to analysis from DomainTools. Aside from Walmart, other big-name lures are affiliated with the phishing campaign, spoofing Fortune 500 companies like McDonald’s, online dating sites and movie downloads. An unknown threat actor is behind it all, the firm said, displaying an obvious level of sophistication given the sheer scale of the effort.
27th May 2021 | Target: Canada Post | Reported Here
Canada Post said on Wednesday that a cyberattack and data breach on an electronic data interchange (EDI) supplier has compromised information from 44 of its large parcel business customers, affecting nearly 1 million recipients.
The attack on Ontario-based Commport Communications compromised the shipping manifest data of the customers. Canada Post, Canada’s government-run postal carrier, did not identify the customers.