Home Businesses Data Breaches 2020
Data Breaches 2020 Listing

Data Breaches 2020

by Olivia Johnson

In 2020, date leaks, also known as”data breaches”, have now become a term that we hear about in the news more often than ever before. What is a data breach, exactly, and why are these becoming common? Data breaches are a growing cybersecurity concern for both businesses and individuals alike.


What is a data breach?

A data breach exposes a person’s or a company’s confidential information. It’s generally either performed by a cyberattack, ransomware, malware, or unintentional exposures. The data breach may result in identity theft and/or exposure of business trade secrets which results in a violation of industry/federal government compliance mandates.


What are the different types of data breaches?

Depending on the source, there are several different ways of describing types of data breaches. Here are 4 common types:

Cyber attacks – this is when hackers use various techniques to get unauthorized access to information that should be secure. 

Loss or theft of devices – If a laptop, smartphone, USB drive or other data storage devices gets stolen, lost or not disposed of properly and ends up in the wrong hands, this is a data breach.

Employee theft – This can happen when employees, especially those about to move on from their position, deliberately get access to protected data with malicious intent.

General human errors – Mistakes can happen to anyone, and some people accidentally send protected data to the wrong person, or upload it over public networks or compromise the servers where the data is stored.





A data breach exposes a person’s or a company’s confidential information. It’s generally either performed by a cyberattack, ransomware, malware, or unintentional exposures. The data breach may result in identity theft and/or exposure of business trade secrets which results in a violation of industry/federal government compliance mandates.

The following is a running list of data breaches in 2020.

Note: This page is updated continuously of the major data breaches reported in 2020. All data is provided from public resources. LogMeOnce provides the most comprehensive data breach news alerts and data breach statistics. 

Landry’s, Inc. – (Unknown Number of Records)

Exposed on January 2, 2020 – Landry’s, Inc., a Houston-based restaurant, steakhouse, and hospitality company has disclosed a point-of-sale malware attack that collected payment card data from swiped cards on an order-entry system at its bars and restaurants.

Alomere Health – (49351 Records)

Exposed on January 7, 2020 – Minnesota-based hospital Alomere Health notified patients of a data breach affecting the personal and medical information of 49,351 individuals after unauthorized access gained to two employee email accounts. Compromised data include patient names, addresses, dates of birth, medical record numbers, health insurance information and diagnosis and treatment details information. A limited number of patients also had their SSN and driver’s license numbers exposed. 

Amazon Web Services S3 – (Unknown Records)

Exposed on January 14, 2020 – Thousands of British Passports left exposed on open cloud of Amazon Web Services. Exposed data included thousands of scans of passports, tax documents, job applications, proof of address, background checks, expense forms, scanned contracts complete with signatures, salary information, emails and more. The files contained a wide range of personally identifiable information, including names, addresses, phone numbers, dates of birth, gender, national insurance number.

LimeLeads – (49,000,000 Records)

Exposed on January 1, 2020 – A hacker is selling database of 49 million business contacts stolen from company LimeLeads, a  San Francisco based B2B Lead generator company. It is noticed that data was stolen due to insecure database of the company. Stolen data include full name, title, user email, employer/company name, company address, city, state, ZIP, phone number, website URL, company total revenue, and the company’s estimated number of employees.
PlanetsDrugsDirect – (Unknown Records)
Exposed on January 15th, 2020 – Canadian online pharmacy PlanetDrugsDirect notified its customers of a data security incident that might have exposed their names, addresses, e-mail addresses, phone numbers, medical information including prescription(s), and payment information.
Mitsubishi Electric Corp – (Unknown Records)
Exposed on January 20th, 2020 – A massive cyber-attack targeted Mitsubishi Electric Corp resulting in information compromise through email exchanges pertaining to government agencies and other business partners.
Greenville Water – (500,000 Records)
Exposed on January 27th, 2020 – An international cyber attack affected online payments of half a million residents having  water supplier “ Greenville Water Supply” based in South Carolina.
SexPanther – (11,000 Records)
Exposed on January 24th, 2020 – Arizona based adult site SexPanther exposed identity information of 11,000 models and sex workers containing names, home address, date of birth, bio metrics, driving license, social security numbers on an unprotected Amazon Web Services (AWS) storage bucket.
The Royal Yachting Association – (Unknown Records)
Exposed on January 24th, 2020 – An unauthorized access has stolen data from The Royal Yachting Association (RYA) . Stolen information from RYA 2015 members database included  names, email addresses and hashed passwords”.
Oman United Insurance Company SAOG – (Unknown Records)
Exposed on January 1st, 2020 – Oman United Insurance Company SAOG is attacked by ransomware on 1st January 2020 resulted in infecting some of the data. Fortunately company recovered the data lost during attack.
Florida Library – (600 Records)
Exposed on January 9th, 2020 – Florida Library affected by cyber attack resulted in  taking down 600 staff and public access computers at Volusia County Public Library (VCPL) branches from Daytona Beach, Florida. It was notified that devices were tried to be encrypted during the cyber attack.
Munson Healthcare group – (Unknown Records)
Exposed on January 16th, 2020 – The northern-Michigan based Munson Healthcare group notified hacking of Protected Health Information. The exposed information included email id, names, dates of birth, patient financial account numbers, driver’s license numbers and Social Security number, insurance information along with treatment and diagnostic information.
Microsoft – (Unknown Records)
Exposed on January 23rd, 2020Microsoft misconfigured five Elasticsearch servers last December where each data set contained 250 million customer support logs of interaction.This exposed information resulted in leakage of email addresses, contract numbers, payment information and some other PII information.
Perth Mint – (1480 Records)
Exposed on January 31st, 2020 – Data breach at Perth Mint has compromised the details of its visitors. The stolen information included contact details of 1480 people who filled out feedback surveys at the West Australian government-owned mint’s depository. These surveys were including email addresses, visitor names, home addresses and telephone numbers.
Social Captain  – (Unknown Records)
Exposed on February 1st, 2020 – Social Captain which is a startup that helped Instagram users to increase followers has mistakenly exposed thousands of Instagram accounts and passwords. Data was stored in unencrypted plaintext format in the company’s source code.
Yarra Trams  – (Unknown Records)
Exposed on February 3rd, 2020 – The personal email addresses of 91 people have been exposed by Yarra Trams by mistake. Information was shared with a large number of other public members.
Bouygues Construction   – (Unknown Records)
Exposed on February 3rd, 2020 – A massive ransomware attack hit Bouygues Group’s construction subsidiary resulted in stealing of 200 GB of data.
Fondren Orthopedic Group   – (30,049 Records)
Exposed on February 4th, 2020 – Fondren Orthopedic Group notified to its patients that a malware attack may have damaged the medical information of 30,049 patients.  Exposed data included names, addresses, telephone numbers, diagnosis and treatment information and health insurance information of patients.
St. Louis Community College – (5,127 Records)
Exposed on February 5th, 2020 – Phishing campaign in St. Louis Community College resulted in the exposure of names, student ID numbers, dates of birth, addresses, home phone numbers, cell phone numbers, and college, Social Security numbers and personal email addresses for 5,127 people.
Joker’s Stash – (461,976 Records)
Exposed on February 7th, 2020Fresh database of 461,976 payment card records currently on sale on Joker’s Stash which is a popular underground cardshop in the dark web has been listed. Stolen information include exposed card numbers, expiration dates, CVV/CVC codes and, in this case, some additional information such as cardholders’ full name, as well as their emails, phone numbers and addresses.
Israeli Netanyahu’s party – (65,000,000 Records)
Exposed on February 9th, 2020Elector voting management app exposed the Israel’s entire voter registry wide open for days. The affected data included personal details such as addresses and ID numbers for around 6.5 million Israelis, including Netanyahu and other top politicians.
Enrichment Systems, Inc  – (Unknown Records)
Exposed on February 10th, 2020An unauthorized access to California-based preschool education provider Enrichment Systems, Inc (EES) resulted in data breach. Affected information includes “name, address, Social Security number, financial information, health insurance information, student education records, as well as medical history and treatment information of parents and students.
The Estée Lauder Companies Inc.  – (440,000,000 Records)
Exposed on February 11th, 2020The Estée Lauder Companies Inc. exposed more than 440 million records to public accidentally after failing to password-protect a corporate database. The exposed information include emails, references to reports and internal documents, and IP addresses ports, pathways and storage information.
Rutter’s convenience stores .  – (Unknown Records)
Exposed on February 14th, 2020 -Rutter’s convenience stores suffered with POS data breach. Issue was discovered by the company in December 2019. This malware was used for tracking the data that include card number, card expiry, cvv.
South-central Iowa medical system – (7,500 Records)
Exposed on February 17th, 2020 -Personal information is leaked for approximately 7500 patients during a data breach in Monroe County Hospital & Clinics. This unauthorized access resulted in stealing of patients’ full names, dates of birth, addresses, insurance information and clinical information (such as the reason for a visit) and SSN for some of the patients.
MGM Resorts– (10,600,000 Records)
Exposed on February 20th, 2020An unauthorized access to one of the MGM Resorts’s cloud servers affected the information of possibly 10.6 million guests. Exposed data included full names, home addresses, phone numbers, emails, and dates of birth, posted to a hacking forum.
Ministère de l’Éducation et de l’Enseignement supérieur – (360,000 Records)
Exposed on February 24th, 2020A malicious attack in Ministère de l’Éducation et de l’Enseignement supérieur lead to breach of atleast 360,000 educators in Quebec Province. Exposed information include Social Insurance Number, last name, first name, date of birth of teachers who completed a contract of 20 days or more.
Decathlon – (123,000,000 Records)
Exposed on February 25th, 2020French sporting retail giant Decathlon has accidentally exposed the user data via a misconfigured. Exposed data contain the information from Decathlon’s UK and Spanish business. Leaked information include customer and employee information, possibly employee usernames, unencrypted passwords and personally identifiable information (PII) including social security numbers, full names, addresses, mobile phone numbers, email addresses, addresses and birth dates.
Britain’s Financial Conduct Authority – (Unknown Records)
Exposed on February 25th, 2020Britain’s Financial Conduct Authority (FCA) has accidentally leaked the private information, including the names and some contact details of people who had made complaints against the watchdog in 2018 and 2019, on its website.
Slickwraps – (850,000 Records)
Exposed on February 25th, 2020Slickwraps, a Kansas-based mobile device case retailer affected with an unauthorized access. The leaked information included names, email addresses, physical addresses, phone numbers, and purchase histories of the customers. Company stated that only the data entered as “Guest” wasn’t exposed.
Transavia – (80,000 Records)
Exposed on February 25th, 2020Dutch low-cost airline Transavia notified that as many as 80,000 Transavia passengers’ data was exposed following a cyber-attack. The exposed data contained passengers’ full names, their date of birth, luggage reservations, and whether or not they required assistance at the airport, such as a wheelchair.
Company Clearview AI – (3,000,000,000 Records)
Exposed on February 27th, 2020Hackers stole entire client data list from the facial recognition company Clearview AI by gaining unauthorized access to its customers list.
LINCOLN COUNTY – (Unknown Records)
Exposed on February 28th, 2020Personal information of some of the Lincoln County Schools workers’ has been exposed in a phishing scam by some unauthorized third party. This breach exposed names and social security numbers of a couple of school employees.
RailWorks Corporation – (Unknown Records)
Exposed on February 28th, 2020RailWorks Corporation notified a ransomware attack that led to the exposure of PII of current and former employees, their beneficiaries and dependents, as well as that of independent contractors.
Straffic – (49,000,000 Records)
Exposed on February 28th, 2020An Israeli marketing firm exposed 49 million user’s data from an unprotected web server. The information exposed was customer’s email IDs.
Walgreens – (Unknown Records)
Exposed on March 1st, 2020Official mobile app Walgreens leaked exposed details such as first and last name, prescription details, store number, and shipping addresses, where available of some of its users. Some database bug lead to this breach.
UK railway stations – (10,000 Records)
Exposed on March 2nd, 2020About 10,000 email ids of people who used free wi-fi at UK railway stations have been exposed online. The data was leaked from unsecured Amazon web services storage.
J. Crew – (Unknown Records)
Exposed on March 3rd, 2020An unauthorized third-party accessed J.Crew and obtained personal information. Impacted information include the last four digits of payment card numbers, expiration dates, card types and billing addresses as well as order numbers, shipping confirmation numbers and shipment status. accounts nearly a year ago. 
J. Crew – (2,66,000 Records)
Exposed on March 5th, 2020A data breach has occurred at Trident Crypto Fund , where hacker decrypted and published the data of around 1,20,000 passwords. Exposed data is said to have included email addresses, cell phone numbers, encrypted passwords, and IP addresses.
Princess Cruises and Holland America Line – (Unknown Records)
Exposed on March 5th, 2020An unauthorized party access to the email accounts of employees working for Princess Cruises and Holland America Line — both divisions of Carnival Corporation & plc , resulted in the leaking of names, Social Security numbers, passport numbers, national identity card numbers, credit card and financial account information and health information. 
T-Mobile – (Unknown Records)
Exposed on March 5th, 2020A malicious cyber attack targeted its email vendors resulting in unauthorized access to employees email ids. Exposed data included customer names phone numbers, addresses, account numbers, rate plans and features, and billing information.
Carnival Corporation & plc – (Unknown Records)
Exposed on March 5th, 2020An unauthorized party gained access to the employees’ email accounts working for Princess Cruises and Holland America Line — both divisions of Carnival Corporation & plc
Affected data include names, Social Security numbers, passport numbers, national identity card numbers, credit card and financial account information and health information.
Virgin Media – (900,000 Records)
Exposed on March 6th, 2020Unauthorized persons breached to incorrectly configured database that was used to store marketing information. Exposed information include names, home and email addresses, phone numbers and in some cases birth dates.
Orsegups Participações – (Unknown Records)
Exposed on March 6th, 2020The data exposed due to configuration failure on a server of Orsegups Participações leading to the revealing of series of tax documents, showing contract values and staff information of clients. Affected data is including the clients’ full names, social security numbers, addresses and telephone numbers.
Open Exchange Rates – (Unknown Records)
Exposed on March 16th, 2020A disclosed data breach in Open Exchange Rates resulted in exposing of name, email addresses, encrypted/hashed passwords, IP addresses, App IDs
European Union – (Unknown Records)
Exposed on March 16th, 2020A database hosted on Amazon Web Services accidentally left open and hence resulted in leaking of customer names, email addresses, shipping addresses, purchases and the last four digits of credit card numbers.
Blisk browser – (2,900,000 Records)
Exposed on March 17th, 2020The web-development browser Blisk suffered a data leaking of over 2.9 million records through an open Elasticsearch database that was left open. The exposed information also include a ca.gov email address, IP addresses and user agent details.
Rogers Communications – (Unknown Records)
Exposed on March 19th, 2020Customer names, addresses, account numbers, email addresses and telephone numbers were accidentally exposed by third party vendor which handles promotional offer fulfillment for Rogers Communications, Canadian telecom provider.
Tupperware – (Unknown Records)
Exposed on March 20th, 2020Malicious code was hidden by hackers at the checkout page of tupperware.com resulting in collecting customer payment information.
University of Utah – (Unknown Records)
Exposed on March 23rd, 2020An unauthorized access to some employees email accounts of University of Utah leading to the exposure of some patient information, such as names, dates of birth, medical record numbers, and clinical information about received care
GE and Canon – (Unknown Records)
Exposed on March 24th, 2020GE and Canon suffered with phishing attach by an unauthorized third party leading to the exposure of Direct deposit forms, driver’s licenses, birth certificates, passports, marriage certificates, medical child support orders, tax withholding forms applications for benefits such as retirement or severance and these documents may have contained Social Security numbers, banks account numbers, birth dates, names, addresses and drivers’ licenses among other information contained in relevant forms.
OZARK ORTHOPEDICS – (15,240 Records)
Exposed on March 30th, 2020Data is breached at OZARK ORTHOPEDICS, PA resulted in affecting 15240 patients. Exposed information include patient names and treatment information, diagnosis information, prescription information, medication information, health insurance information, Medicare/Medicaid identification numbers, social security numbers, and/or financial account information.
Marriott International – (5,200,000 Records)
Exposed on March 31st, 2020An unauthorized party access stole login credentials of one of the app used by Marriott International resulted in leaking of names, mailing addresses, email addresses, phone numbers, loyalty account numbers and point balances, employers, genders, birthdays (day and month only), airline loyalty program information, and hotel preferences such as room and language selections.
Telegram – (42,000,000 Records)
Exposed on March 31st, 2020A third party version of a popular messaging app Telegram leaked online information of 42 million records due to misconfigured cloud. Exposed information is account IDs, phone numbers, names and hashes along with secret keys.
Origin unknown– (4,900,000 Records)
Exposed on April 1st, 2020Data corresponding to over 4.9 million of citizens from the country of Georgia, both living and dead has been posted by a member of hacking forum. Compromised information includes names, birth dates, home addresses, ID numbers and mobile phone numbers.
Key Ring– (14,000,000 Records)
Exposed on April 2nd, 2020Key Ring’s misconfigured Amazon Web Services S3 bucket resulted in exposing of 14 million Users of the App. Compromised information include payment, driving license, government IDs, credit card, NRA Club membership and medical card information.
Berkine– (Unknown Records)
Exposed on April 6th, 2020Berkine is cyber attacked by Maze ransomware. Breached data include information related to budgets, organizational strategies, production quantities, and similar sensitive data.
Wolfe & Associates – (Unknown Records)
Exposed on April 6th, 2020A California Property Management Company belongs to Wolfe & Associates is compromised with data breach. Compromised information include rental applications having customer names, date of birth, SSN, home address and driving license number.
Email.it – (600,000 Records)
Exposed on April 7th, 2020The Email.it is hacked by A No Name hacker and the stolen data is placed in dark web for sale. As per hacker’s claim stolen information include plaintext passwords of the databases, security questions, email content, and email attachments for more than 600,000 users who signed up and used the service between 2007 to 2020.
Saint Francis Ministries – (Unknown Records)
Exposed on April 13th, 2020Saint Francis Ministries, Kansas based non-profit organization suffered by an unauthorized party attack. Exposed information includes social security numbers, birth dates, driver’s licenses and state IDs, bank and financial account numbers, payment card numbers, treatment and diagnosis information, prescription information, provider names, medical record numbers and patient IDs, Medicare and Medicaid numbers, health insurance information, treatment cost information, and credentials (usernames and passwords).
Webkinz – (23,000,000 Records)
Exposed on April 20th, 2020Massive data breach at children’s website Webkinz resulted in exposure of 23 million user login credentials. Although just the User names are visible and passwords are still encrypted as per Webkinz tweet.
Michigan State University – (Unknown Records)
Exposed on May 28th, 2020Michigan State University is breached by an unknown ransomware. Stolen information mainly include passport information, date of birth, names, address etc.
Advanced Info Service – (1,300,000 Records)
Exposed on May 28th, 2020Unknown hackers have stolen the data for 1.3 million civil servants approximately at the Education and Culture Ministry. Leaked information include full names, citizenship identification numbers (NIK), Family Card numbers, home addresses, mother’s names, father’s names, marital status, birthplace and date and other personal information.
The Education and Culture Ministry – (8,000,000,000 Records)
Exposed on May 28th, 2020More than 8 billion real-time Internet records of users of Thailand’s largest cell network, Advanced Info Service (AIS), were leaked due to a misconfigured Elasticsearch database. The affected information included a combination of NetFlow data and DNS query logs.
Minted – (5,000,000 Records)
Exposed on May 28th, 2020Minted, a US-based marketplace has disclosed a data breach after a hacker sold a database on darkweb. Exposed information include mailing addresses and phone numbers, user names , email ids , Telephone number, billing address, shipping address, date of birth and hashed passwords.
New Mexico County Government – (Unknown Records)
Exposed on May 28th, 2020The ransomware attack against Rio Arriba County encrypted network servers, electronic files, and databases. The damage extent is under investigation.
Government data of Taiwanese – (29,000,000 Records)
Exposed on May 29th, 2020Government data of Taiwanese citizens is leaked and recovered from dark web. Exposed information includes full name, full address, ID, gender, date of birth, and other info.
The Kentucky Education & Workforce Development Cabinet – (Unknown Records)
Exposed on May 29th, 2020The Kentucky Education & Workforce Development Cabinet (EWDC) suffered with a data leak in its Unemployment Insurance Portal, as a result insurance claimants could view the identity verification documents of other claimants.
JRD website – (2,700 Records)
Exposed on June 1st, 2020 – Details for roughly 2,700 users registered on the JRD website left exposed on an Amazon Web Services S3 bucket owned by their own company. Data that could have been exposed in the case someone found and downloaded the backup includes details such as: Full name,Business address,Business email address,Business phone number,Company URL,Nature of business,Encrypted password (hashed),IP address,Newsletter subscription preferences.
Haryana Government – (Unknown Records)
Exposed on June 1st, 2020Highly confidential and sensitive information of Haryana residents gathered by the state government was compromised in recent data breach by unauthorized access. The compromised data including names, family details, Aadhar number, bank account numbers and phone numbers of lakhs of residents of the state.
8Belts – (100,000 Records)
Exposed on June 2nd, 20208Belts is a data exposed as it was hosted on misconfigured Amazon Web Services resulted in exposure of identity numbers, full names, email IDs, and contact information and other identity thefts.
ST Engineering – (Unknown)
Exposed on June 2nd, 2020Maze ransomware is claiming to steal information from ST Engineering, which is one of the leading engineering groups worldwide, it specializes in the aerospace, electronics, land systems, and marine sectors. Exposed information includes the company’s cyber insurance documents, various contract calculations worksheets, NASA give review rules, and much more.”
Unknown Origin – (Unknown Records)
Exposed on June 3rd, 2020More than 1 lakh scanned copies of Indians’ national IDs, including Aadhaar, PAN card and passport, have been put on dark web for sale. Personal information especially financial information over phone, e-mail or SMS has been leaked from this.
The San Francisco Employees’ Retirement System – (74,000 Records)
Exposed on June 3rd, 2020The San Francisco Employees’ Retirement System (SFERS) has suffered a data breach after an unauthorized person gained accessed to database containing the information of 74,000 members. The leaked information for all members includes a member’s name, address, date of birth, beneficiary information, IRS Form 1099R information (excluding SSN), the direct deposit bank account routing numbers, login name and security questions and answers.
US Nuclear Missile Sub-Contractor – (Unknown Records)
Exposed on June 3rd, 2020 –  US Nuclear Missile Sub-Contractor hit by cyber attack resulting in swiping off confidential information. The file appears to contain sensitive data including company emails, payroll, and personal information.
Chartered Professional Accountants of Canada – (329,000 Records)
Exposed on June 4th, 2020 –  Cyber attack against the Chartered Professional Accountants of Canada (CPA) by unauthorized third parties exposed the information of 329,000 members and stakeholders. Exposed information includes names, addresses, email addresses, employer names, passwords and full credit card numbers.
The City of Austin – (Unknown Records)
Exposed on June 4th, 2020 –  The City of Austin’s websites was hacked by anonymous hackers in protest against the Austin Police Department making it to go offline.
Nintendo – (160,000 Records)
Exposed on June 6th, 2020Nintendo, a Japanese video game company suffered with major data breach of 160,000 accounts. Compromised information includes date of birth, and email addresses.
Enel Group – (Unknown Records)
Exposed on June 7th, 2020European energy company giant Enel Group attacked by a ransomware that impacted its internal network. However Company did not find any evidence where personally identifiable information was impacted.
Korean credit card data – (900,000 Records)
Exposed on June 8th, 2020Over 900,000 details of credit cards held by South Koreans were leaked and traded on overseas online black markets. The exposed information included the card numbers, expiration dates and validation codes, a three-digit security code on the back of cards. No passwords have been leaked.
Magellan Health Inc – (Unknown Records)
Exposed on June 12th, 2020Magellan Health Inc was attacked by a ransomware where it is suspected that the customer information such as physical addresses and health insurance account details may have been leaked.
Claire’s – (Unknown Records)
Exposed on June 15th, 2020The Claire’s online store and that of its sister brand Icing have been compromised by Megacart attackers with payment card skimmers.
Foodora – (727,000 Records)
Exposed on June 15th, 2020Delivery Hero confirmed data breach of its brand Foodora which is done in 14 countries affecting 727,000 accounts – names, addresses, phone numbers and hashed passwords. It also contains latitude and longitude coordinates to six decimal points, which is accurate to within just a few inches.
Dating Apps – (2,500,000 Records)
Exposed on June 15th, 2020Close to 2.5 million records of data from a different specialized dating app, including 3somes, Cougary, Gay Daddy Bear, Xpal, BBW Dating, Casualx, SugarD, Herpes Dating, and GHunt is publicly accessible through Amazon Web Services “buckets.” The exposed data included limited “personally identifying information,” like real names, birthdays, or email addresses, sexually explicit photos and audio recordings.
Italian sales agents – (36,000 Records)
Exposed on June 16th, 2020An unsecured Amazon Simple Storage Service (S3) bucket is uncovered that contains more than 36,000 documents, including scans of national IDs, credit cards, and health insurance cards. The database also contains sales representative enrollment contracts that include personally identifiable information such as full names, addresses, tax identification numbers, and signatures of mostly Italian citizens.
Cognizant – (Unknown Records)
Exposed on June 17th, 2020IT services Company Cognizant suffered with the ransomware attack by Maze. Stolen information include sensitive personal information such as SSN, Tax IDs, financial information, and driver’s licenses, and passports.
Indonesian COVID-19 patients – (230,000 Records)
Exposed on June 21st, 2020The information of more than 230,000+ patients’ is being sold in one of the dark webs. The leaked dump includes name, address, present address, telephone number, citizenship, diagnosis date, result, result date, and many more.
MMO Game – (1,300,000 Records)
Exposed on June 22nd, 2020More than 1.3 million records of Popular MMO game have been stolen and being sold on dark web forums. Exposed information is User Name, Passwords, Email Address, Phone numbers and IP Addresses belonging to Stalker Online Player.
Law enforcement agencies and fusion centers – (1,000,000 Records)
Exposed on June 22nd, 2020More than 10 years worth of files belonging to over 200 police departments, US law enforcement agencies and fusion centers have been published online. The stolen data contains more than one million files, such as scanned documents, videos, emails, audio files, and more.
Indiabulls Group – (19,000 Records)
Exposed on June 22nd, 2020The CLOP Ransomware operators claimed recently to have breached Indiabulls. The leaked information include documents like a voucher, a letter, and four spreadsheets related to the Indiabulls Pharmaceuticals and Indiabulls Housing Finance Limited subsidiaries.
Frost & Sullivan – (Unknown Records)
Exposed on June 24th, 2020Business consulting firm Frost & Sullivan is breached after data from an unsecured backup folder exposed on the Internet was sold on a hacker forum. The customer database includes information such as the client name, the company contact, email address, whether they are confidential, and other non-sensitive data. On the other hand, the exposed employee database had more sensitive information such as login names, first and last names, email addresses, and hashed passwords.
Cano Health – (Unknown Records)
Exposed on June 24th, 2020A Healthcare company found that breach occurred to its employees’ email ids leading in accessing the personal information of the patients. Compromised information includes patient name, date of birth, contact information, healthcare information, insurance information, social security information, government identification number and financial account numbers.
Oneclass – (Unknown Records)
Exposed on June 25th, 2020An unsecured database belonging remote learning platform OneClass has exposed information linked with over a million students in North America who use the platform to access study guides and educational assistance. Exposed information included full names, email addresses (some masked), schools and universities attended, phone numbers, school and university course enrollment details and details of OneClass account.
Preen.Me – (250,000 Records)
Exposed on June 25th, 2020Personal information of more than 100,000 social media influencers and more than 250,000 social media users have been compromised in a breach at social media marketing firm Preen.Me Leaked information include email IDs, names, social media links, phone number and home addresses.
IndiaMART – (40,000 Records)
Exposed on June 25th, 2020A breach at IndiaMART has leaked the sensitive data of over 40,000 suppliers added to India Mart marketplace. Each record was said to consist of sensitive information including suppliers’ user IDs, full names, addresses, email addresses, and phone numbers.
Emergency distress messages – (Unknown Records)
Exposed on June 26th, 2020The emergency distress messages of thousands of domestic violence victims have been exposed due to misconfiguration of a back-end AWS Bucket by a Developer. The exposed information includes Victim’s Full name, home address, their circumstances, abuser’s full name, and personal details.
Twitter – (Unknown Records)
Exposed on June 29th, 2020Twitter suffered a data breach due to a bug in its platform resulting in the possible stealing and gaining access of the User Data. The compromised information may have included email addresses, telephone numbers, and the last four digits of clients’ credit card numbers.
Maine State Police – (Unknown Records)
Exposed on June 29th, 2020Maine State Police suffered with Data breach on 20th June 2020 resulting in the leak of database information like crime information and situational awareness bulletins. Expected exposed information is full name and date of birth of people under investigation by other law enforcement agencies