Home Businesses Data Breaches 2020
Data Breaches 2020 Listing

Data Breaches 2020

by Olivia Johnson

In 2020, date leaks, also known as”data breaches”, have now become a term that we hear about in the news more often than ever before. What is a data breach, exactly, and why are these becoming common? Data breaches are a growing cybersecurity concern for both businesses and individuals alike.


What is a data breach?

A data breach exposes a person’s or a company’s confidential information. It’s generally either performed by a cyberattack, ransomware, malware, or unintentional exposures. The data breach may result in identity theft and/or exposure of business trade secrets which results in a violation of industry/federal government compliance mandates.


What are the different types of data breaches?

Depending on the source, there are several different ways of describing types of data breaches. Here are 4 common types:

Cyber attacks – this is when hackers use various techniques to get unauthorized access to information that should be secure. 

Loss or theft of devices – If a laptop, smartphone, USB drive or other data storage devices gets stolen, lost or not disposed of properly and ends up in the wrong hands, this is a data breach.

Employee theft – This can happen when employees, especially those about to move on from their position, deliberately get access to protected data with malicious intent.

General human errors – Mistakes can happen to anyone, and some people accidentally send protected data to the wrong person, or upload it over public networks or compromise the servers where the data is stored.





A data breach exposes a person’s or a company’s confidential information. It’s generally either performed by a cyberattack, ransomware, malware, or unintentional exposures. The data breach may result in identity theft and/or exposure of business trade secrets which results in a violation of industry/federal government compliance mandates.

The following is a running list of data breaches in 2020.

Note: This page is updated continuously of the major data breaches reported in 2020. All data is provided from public resources. LogMeOnce provides the most comprehensive data breach news alerts and data breach statistics. 

Landry’s, Inc. – (Unknown Number of Records)

Exposed on January 2, 2020 – Landry’s, Inc., a Houston-based restaurant, steakhouse, and hospitality company has disclosed a point-of-sale malware attack that collected payment card data from swiped cards on an order-entry system at its bars and restaurants.

Alomere Health – (49351 Records)

Exposed on January 7, 2020 – Minnesota-based hospital Alomere Health notified patients of a data breach affecting the personal and medical information of 49,351 individuals after unauthorized access gained to two employee email accounts. Compromised data include patient names, addresses, dates of birth, medical record numbers, health insurance information and diagnosis and treatment details information. A limited number of patients also had their SSN and driver’s license numbers exposed. 

Amazon Web Services S3 – (Unknown Records)

Exposed on January 14, 2020 – Thousands of British Passports left exposed on open cloud of Amazon Web Services. Exposed data included thousands of scans of passports, tax documents, job applications, proof of address, background checks, expense forms, scanned contracts complete with signatures, salary information, emails and more. The files contained a wide range of personally identifiable information, including names, addresses, phone numbers, dates of birth, gender, national insurance number.

LimeLeads – (49,000,000 Records)

Exposed on January 1, 2020 – A hacker is selling database of 49 million business contacts stolen from company LimeLeads, a  San Francisco based B2B Lead generator company. It is noticed that data was stolen due to insecure database of the company. Stolen data include full name, title, user email, employer/company name, company address, city, state, ZIP, phone number, website URL, company total revenue, and the company’s estimated number of employees.
PlanetsDrugsDirect – (Unknown Records)
Exposed on January 15th, 2020 – Canadian online pharmacy PlanetDrugsDirect notified its customers of a data security incident that might have exposed their names, addresses, e-mail addresses, phone numbers, medical information including prescription(s), and payment information.
Mitsubishi Electric Corp – (Unknown Records)
Exposed on January 20th, 2020 – A massive cyber-attack targeted Mitsubishi Electric Corp resulting in information compromise through email exchanges pertaining to government agencies and other business partners.
Greenville Water – (500,000 Records)
Exposed on January 27th, 2020 – An international cyber attack affected online payments of half a million residents having  water supplier “ Greenville Water Supply” based in South Carolina.
SexPanther – (11,000 Records)
Exposed on January 24th, 2020 – Arizona based adult site SexPanther exposed identity information of 11,000 models and sex workers containing names, home address, date of birth, bio metrics, driving license, social security numbers on an unprotected Amazon Web Services (AWS) storage bucket.
The Royal Yachting Association – (Unknown Records)
Exposed on January 24th, 2020 – An unauthorized access has stolen data from The Royal Yachting Association (RYA) . Stolen information from RYA 2015 members database included  names, email addresses and hashed passwords”.
Oman United Insurance Company SAOG – (Unknown Records)
Exposed on January 1st, 2020 – Oman United Insurance Company SAOG is attacked by ransomware on 1st January 2020 resulted in infecting some of the data. Fortunately company recovered the data lost during attack.
Florida Library – (600 Records)
Exposed on January 9th, 2020 – Florida Library affected by cyber attack resulted in  taking down 600 staff and public access computers at Volusia County Public Library (VCPL) branches from Daytona Beach, Florida. It was notified that devices were tried to be encrypted during the cyber attack.
Munson Healthcare group – (Unknown Records)
Exposed on January 16th, 2020 – The northern-Michigan based Munson Healthcare group notified hacking of Protected Health Information. The exposed information included email id, names, dates of birth, patient financial account numbers, driver’s license numbers and Social Security number, insurance information along with treatment and diagnostic information.
Microsoft – (Unknown Records)
Exposed on January 23rd, 2020Microsoft misconfigured five Elasticsearch servers last December where each data set contained 250 million customer support logs of interaction.This exposed information resulted in leakage of email addresses, contract numbers, payment information and some other PII information.
Perth Mint – (1480 Records)
Exposed on January 31st, 2020 – Data breach at Perth Mint has compromised the details of its visitors. The stolen information included contact details of 1480 people who filled out feedback surveys at the West Australian government-owned mint’s depository. These surveys were including email addresses, visitor names, home addresses and telephone numbers.
Social Captain  – (Unknown Records)
Exposed on February 1st, 2020 – Social Captain which is a startup that helped Instagram users to increase followers has mistakenly exposed thousands of Instagram accounts and passwords. Data was stored in unencrypted plaintext format in the company’s source code.
Yarra Trams  – (Unknown Records)
Exposed on February 3rd, 2020 – The personal email addresses of 91 people have been exposed by Yarra Trams by mistake. Information was shared with a large number of other public members.
Bouygues Construction   – (Unknown Records)
Exposed on February 3rd, 2020 – A massive ransomware attack hit Bouygues Group’s construction subsidiary resulted in stealing of 200 GB of data.
Fondren Orthopedic Group   – (30,049 Records)
Exposed on February 4th, 2020 – Fondren Orthopedic Group notified to its patients that a malware attack may have damaged the medical information of 30,049 patients.  Exposed data included names, addresses, telephone numbers, diagnosis and treatment information and health insurance information of patients.
St. Louis Community College – (5,127 Records)
Exposed on February 5th, 2020 – Phishing campaign in St. Louis Community College resulted in the exposure of names, student ID numbers, dates of birth, addresses, home phone numbers, cell phone numbers, and college, Social Security numbers and personal email addresses for 5,127 people.
Joker’s Stash – (461,976 Records)
Exposed on February 7th, 2020Fresh database of 461,976 payment card records currently on sale on Joker’s Stash which is a popular underground cardshop in the dark web has been listed. Stolen information include exposed card numbers, expiration dates, CVV/CVC codes and, in this case, some additional information such as cardholders’ full name, as well as their emails, phone numbers and addresses.
Israeli Netanyahu’s party – (65,000,000 Records)
Exposed on February 9th, 2020Elector voting management app exposed the Israel’s entire voter registry wide open for days. The affected data included personal details such as addresses and ID numbers for around 6.5 million Israelis, including Netanyahu and other top politicians.
Enrichment Systems, Inc  – (Unknown Records)
Exposed on February 10th, 2020An unauthorized access to California-based preschool education provider Enrichment Systems, Inc (EES) resulted in data breach. Affected information includes “name, address, Social Security number, financial information, health insurance information, student education records, as well as medical history and treatment information of parents and students.
The Estée Lauder Companies Inc.  – (440,000,000 Records)
Exposed on February 11th, 2020The Estée Lauder Companies Inc. exposed more than 440 million records to public accidentally after failing to password-protect a corporate database. The exposed information include emails, references to reports and internal documents, and IP addresses ports, pathways and storage information.
Rutter’s convenience stores .  – (Unknown Records)
Exposed on February 14th, 2020 -Rutter’s convenience stores suffered with POS data breach. Issue was discovered by the company in December 2019. This malware was used for tracking the data that include card number, card expiry, cvv.
South-central Iowa medical system – (7,500 Records)
Exposed on February 17th, 2020 -Personal information is leaked for approximately 7500 patients during a data breach in Monroe County Hospital & Clinics. This unauthorized access resulted in stealing of patients’ full names, dates of birth, addresses, insurance information and clinical information (such as the reason for a visit) and SSN for some of the patients.
MGM Resorts– (10,600,000 Records)
Exposed on February 20th, 2020An unauthorized access to one of the MGM Resorts’s cloud servers affected the information of possibly 10.6 million guests. Exposed data included full names, home addresses, phone numbers, emails, and dates of birth, posted to a hacking forum.
Ministère de l’Éducation et de l’Enseignement supérieur – (360,000 Records)
Exposed on February 24th, 2020A malicious attack in Ministère de l’Éducation et de l’Enseignement supérieur lead to breach of atleast 360,000 educators in Quebec Province. Exposed information include Social Insurance Number, last name, first name, date of birth of teachers who completed a contract of 20 days or more.
Decathlon – (123,000,000 Records)
Exposed on February 25th, 2020French sporting retail giant Decathlon has accidentally exposed the user data via a misconfigured. Exposed data contain the information from Decathlon’s UK and Spanish business. Leaked information include customer and employee information, possibly employee usernames, unencrypted passwords and personally identifiable information (PII) including social security numbers, full names, addresses, mobile phone numbers, email addresses, addresses and birth dates.
Britain’s Financial Conduct Authority – (Unknown Records)
Exposed on February 25th, 2020Britain’s Financial Conduct Authority (FCA) has accidentally leaked the private information, including the names and some contact details of people who had made complaints against the watchdog in 2018 and 2019, on its website.
Slickwraps – (850,000 Records)
Exposed on February 25th, 2020Slickwraps, a Kansas-based mobile device case retailer affected with an unauthorized access. The leaked information included names, email addresses, physical addresses, phone numbers, and purchase histories of the customers. Company stated that only the data entered as “Guest” wasn’t exposed.
Transavia – (80,000 Records)
Exposed on February 25th, 2020Dutch low-cost airline Transavia notified that as many as 80,000 Transavia passengers’ data was exposed following a cyber-attack. The exposed data contained passengers’ full names, their date of birth, luggage reservations, and whether or not they required assistance at the airport, such as a wheelchair.
Company Clearview AI – (3,000,000,000 Records)
Exposed on February 27th, 2020Hackers stole entire client data list from the facial recognition company Clearview AI by gaining unauthorized access to its customers list.
LINCOLN COUNTY – (Unknown Records)
Exposed on February 28th, 2020Personal information of some of the Lincoln County Schools workers’ has been exposed in a phishing scam by some unauthorized third party. This breach exposed names and social security numbers of a couple of school employees.
RailWorks Corporation – (Unknown Records)
Exposed on February 28th, 2020RailWorks Corporation notified a ransomware attack that led to the exposure of PII of current and former employees, their beneficiaries and dependents, as well as that of independent contractors.
Straffic – (49,000,000 Records)
Exposed on February 28th, 2020An Israeli marketing firm exposed 49 million user’s data from an unprotected web server. The information exposed was customer’s email IDs.
Walgreens – (Unknown Records)
Exposed on March 1st, 2020Official mobile app Walgreens leaked exposed details such as first and last name, prescription details, store number, and shipping addresses, where available of some of its users. Some database bug lead to this breach.
UK railway stations – (10,000 Records)
Exposed on March 2nd, 2020About 10,000 email ids of people who used free wi-fi at UK railway stations have been exposed online. The data was leaked from unsecured Amazon web services storage.
J. Crew – (Unknown Records)
Exposed on March 3rd, 2020An unauthorized third-party accessed J.Crew and obtained personal information. Impacted information include the last four digits of payment card numbers, expiration dates, card types and billing addresses as well as order numbers, shipping confirmation numbers and shipment status. accounts nearly a year ago. 
J. Crew – (2,66,000 Records)
Exposed on March 5th, 2020A data breach has occurred at Trident Crypto Fund , where hacker decrypted and published the data of around 1,20,000 passwords. Exposed data is said to have included email addresses, cell phone numbers, encrypted passwords, and IP addresses.
Princess Cruises and Holland America Line – (Unknown Records)
Exposed on March 5th, 2020An unauthorized party access to the email accounts of employees working for Princess Cruises and Holland America Line — both divisions of Carnival Corporation & plc , resulted in the leaking of names, Social Security numbers, passport numbers, national identity card numbers, credit card and financial account information and health information. 
T-Mobile – (Unknown Records)
Exposed on March 5th, 2020A malicious cyber attack targeted its email vendors resulting in unauthorized access to employees email ids. Exposed data included customer names phone numbers, addresses, account numbers, rate plans and features, and billing information.
Carnival Corporation & plc – (Unknown Records)
Exposed on March 5th, 2020An unauthorized party gained access to the employees’ email accounts working for Princess Cruises and Holland America Line — both divisions of Carnival Corporation & plc
Affected data include names, Social Security numbers, passport numbers, national identity card numbers, credit card and financial account information and health information.
Virgin Media – (900,000 Records)
Exposed on March 6th, 2020Unauthorized persons breached to incorrectly configured database that was used to store marketing information. Exposed information include names, home and email addresses, phone numbers and in some cases birth dates.
Orsegups Participações – (Unknown Records)
Exposed on March 6th, 2020The data exposed due to configuration failure on a server of Orsegups Participações leading to the revealing of series of tax documents, showing contract values and staff information of clients. Affected data is including the clients’ full names, social security numbers, addresses and telephone numbers.
Open Exchange Rates – (Unknown Records)
Exposed on March 16th, 2020A disclosed data breach in Open Exchange Rates resulted in exposing of name, email addresses, encrypted/hashed passwords, IP addresses, App IDs
European Union – (Unknown Records)
Exposed on March 16th, 2020A database hosted on Amazon Web Services accidentally left open and hence resulted in leaking of customer names, email addresses, shipping addresses, purchases and the last four digits of credit card numbers.
Blisk browser – (2,900,000 Records)
Exposed on March 17th, 2020The web-development browser Blisk suffered a data leaking of over 2.9 million records through an open Elasticsearch database that was left open. The exposed information also include a ca.gov email address, IP addresses and user agent details.
Rogers Communications – (Unknown Records)
Exposed on March 19th, 2020Customer names, addresses, account numbers, email addresses and telephone numbers were accidentally exposed by third party vendor which handles promotional offer fulfillment for Rogers Communications, Canadian telecom provider.
Tupperware – (Unknown Records)
Exposed on March 20th, 2020Malicious code was hidden by hackers at the checkout page of tupperware.com resulting in collecting customer payment information.
University of Utah – (Unknown Records)
Exposed on March 23rd, 2020An unauthorized access to some employees email accounts of University of Utah leading to the exposure of some patient information, such as names, dates of birth, medical record numbers, and clinical information about received care
GE and Canon – (Unknown Records)
Exposed on March 24th, 2020GE and Canon suffered with phishing attach by an unauthorized third party leading to the exposure of Direct deposit forms, driver’s licenses, birth certificates, passports, marriage certificates, medical child support orders, tax withholding forms applications for benefits such as retirement or severance and these documents may have contained Social Security numbers, banks account numbers, birth dates, names, addresses and drivers’ licenses among other information contained in relevant forms.
OZARK ORTHOPEDICS – (15,240 Records)
Exposed on March 30th, 2020Data is breached at OZARK ORTHOPEDICS, PA resulted in affecting 15240 patients. Exposed information include patient names and treatment information, diagnosis information, prescription information, medication information, health insurance information, Medicare/Medicaid identification numbers, social security numbers, and/or financial account information.
Marriott International – (5,200,000 Records)
Exposed on March 31st, 2020An unauthorized party access stole login credentials of one of the app used by Marriott International resulted in leaking of names, mailing addresses, email addresses, phone numbers, loyalty account numbers and point balances, employers, genders, birthdays (day and month only), airline loyalty program information, and hotel preferences such as room and language selections.
Telegram – (42,000,000 Records)
Exposed on March 31st, 2020A third party version of a popular messaging app Telegram leaked online information of 42 million records due to misconfigured cloud. Exposed information is account IDs, phone numbers, names and hashes along with secret keys.
Origin unknown– (4,900,000 Records)
Exposed on April 1st, 2020Data corresponding to over 4.9 million of citizens from the country of Georgia, both living and dead has been posted by a member of hacking forum. Compromised information includes names, birth dates, home addresses, ID numbers and mobile phone numbers.
Key Ring– (14,000,000 Records)
Exposed on April 2nd, 2020Key Ring’s misconfigured Amazon Web Services S3 bucket resulted in exposing of 14 million Users of the App. Compromised information include payment, driving license, government IDs, credit card, NRA Club membership and medical card information.
Berkine– (Unknown Records)
Exposed on April 6th, 2020Berkine is cyber attacked by Maze ransomware. Breached data include information related to budgets, organizational strategies, production quantities, and similar sensitive data.
Wolfe & Associates – (Unknown Records)
Exposed on April 6th, 2020A California Property Management Company belongs to Wolfe & Associates is compromised with data breach. Compromised information include rental applications having customer names, date of birth, SSN, home address and driving license number.
Email.it – (600,000 Records)
Exposed on April 7th, 2020The Email.it is hacked by A No Name hacker and the stolen data is placed in dark web for sale. As per hacker’s claim stolen information include plaintext passwords of the databases, security questions, email content, and email attachments for more than 600,000 users who signed up and used the service between 2007 to 2020.
Saint Francis Ministries – (Unknown Records)
Exposed on April 13th, 2020Saint Francis Ministries, Kansas based non-profit organization suffered by an unauthorized party attack. Exposed information includes social security numbers, birth dates, driver’s licenses and state IDs, bank and financial account numbers, payment card numbers, treatment and diagnosis information, prescription information, provider names, medical record numbers and patient IDs, Medicare and Medicaid numbers, health insurance information, treatment cost information, and credentials (usernames and passwords).
Webkinz – (23,000,000 Records)
Exposed on April 20th, 2020Massive data breach at children’s website Webkinz resulted in exposure of 23 million user login credentials. Although just the User names are visible and passwords are still encrypted as per Webkinz tweet.
Michigan State University – (Unknown Records)
Exposed on May 28th, 2020Michigan State University is breached by an unknown ransomware. Stolen information mainly include passport information, date of birth, names, address etc.
Advanced Info Service – (1,300,000 Records)
Exposed on May 28th, 2020Unknown hackers have stolen the data for 1.3 million civil servants approximately at the Education and Culture Ministry. Leaked information include full names, citizenship identification numbers (NIK), Family Card numbers, home addresses, mother’s names, father’s names, marital status, birthplace and date and other personal information.
The Education and Culture Ministry – (8,000,000,000 Records)
Exposed on May 28th, 2020More than 8 billion real-time Internet records of users of Thailand’s largest cell network, Advanced Info Service (AIS), were leaked due to a misconfigured Elasticsearch database. The affected information included a combination of NetFlow data and DNS query logs.
Minted – (5,000,000 Records)
Exposed on May 28th, 2020Minted, a US-based marketplace has disclosed a data breach after a hacker sold a database on darkweb. Exposed information include mailing addresses and phone numbers, user names , email ids , Telephone number, billing address, shipping address, date of birth and hashed passwords.
New Mexico County Government – (Unknown Records)
Exposed on May 28th, 2020The ransomware attack against Rio Arriba County encrypted network servers, electronic files, and databases. The damage extent is under investigation.
Government data of Taiwanese – (29,000,000 Records)
Exposed on May 29th, 2020Government data of Taiwanese citizens is leaked and recovered from dark web. Exposed information includes full name, full address, ID, gender, date of birth, and other info.
The Kentucky Education & Workforce Development Cabinet – (Unknown Records)
Exposed on May 29th, 2020The Kentucky Education & Workforce Development Cabinet (EWDC) suffered with a data leak in its Unemployment Insurance Portal, as a result insurance claimants could view the identity verification documents of other claimants.
JRD website – (2,700 Records)
Exposed on June 1st, 2020 – Details for roughly 2,700 users registered on the JRD website left exposed on an Amazon Web Services S3 bucket owned by their own company. Data that could have been exposed in the case someone found and downloaded the backup includes details such as: Full name,Business address,Business email address,Business phone number,Company URL,Nature of business,Encrypted password (hashed),IP address,Newsletter subscription preferences.
Haryana Government – (Unknown Records)
Exposed on June 1st, 2020Highly confidential and sensitive information of Haryana residents gathered by the state government was compromised in recent data breach by unauthorized access. The compromised data including names, family details, Aadhar number, bank account numbers and phone numbers of lakhs of residents of the state.
8Belts – (100,000 Records)
Exposed on June 2nd, 20208Belts is a data exposed as it was hosted on misconfigured Amazon Web Services resulted in exposure of identity numbers, full names, email IDs, and contact information and other identity thefts.
ST Engineering – (Unknown)
Exposed on June 2nd, 2020Maze ransomware is claiming to steal information from ST Engineering, which is one of the leading engineering groups worldwide, it specializes in the aerospace, electronics, land systems, and marine sectors. Exposed information includes the company’s cyber insurance documents, various contract calculations worksheets, NASA give review rules, and much more.”
Unknown Origin – (Unknown Records)
Exposed on June 3rd, 2020More than 1 lakh scanned copies of Indians’ national IDs, including Aadhaar, PAN card and passport, have been put on dark web for sale. Personal information especially financial information over phone, e-mail or SMS has been leaked from this.
The San Francisco Employees’ Retirement System – (74,000 Records)
Exposed on June 3rd, 2020The San Francisco Employees’ Retirement System (SFERS) has suffered a data breach after an unauthorized person gained accessed to database containing the information of 74,000 members. The leaked information for all members includes a member’s name, address, date of birth, beneficiary information, IRS Form 1099R information (excluding SSN), the direct deposit bank account routing numbers, login name and security questions and answers.
US Nuclear Missile Sub-Contractor – (Unknown Records)
Exposed on June 3rd, 2020 –  US Nuclear Missile Sub-Contractor hit by cyber attack resulting in swiping off confidential information. The file appears to contain sensitive data including company emails, payroll, and personal information.
Chartered Professional Accountants of Canada – (329,000 Records)
Exposed on June 4th, 2020 –  Cyber attack against the Chartered Professional Accountants of Canada (CPA) by unauthorized third parties exposed the information of 329,000 members and stakeholders. Exposed information includes names, addresses, email addresses, employer names, passwords and full credit card numbers.
The City of Austin – (Unknown Records)
Exposed on June 4th, 2020 –  The City of Austin’s websites was hacked by anonymous hackers in protest against the Austin Police Department making it to go offline.
Nintendo – (160,000 Records)
Exposed on June 6th, 2020Nintendo, a Japanese video game company suffered with major data breach of 160,000 accounts. Compromised information includes date of birth, and email addresses.
Enel Group – (Unknown Records)
Exposed on June 7th, 2020European energy company giant Enel Group attacked by a ransomware that impacted its internal network. However Company did not find any evidence where personally identifiable information was impacted.
Korean credit card data – (900,000 Records)
Exposed on June 8th, 2020Over 900,000 details of credit cards held by South Koreans were leaked and traded on overseas online black markets. The exposed information included the card numbers, expiration dates and validation codes, a three-digit security code on the back of cards. No passwords have been leaked.
Magellan Health Inc – (Unknown Records)
Exposed on June 12th, 2020Magellan Health Inc was attacked by a ransomware where it is suspected that the customer information such as physical addresses and health insurance account details may have been leaked.
Claire’s – (Unknown Records)
Exposed on June 15th, 2020The Claire’s online store and that of its sister brand Icing have been compromised by Megacart attackers with payment card skimmers.
Foodora – (727,000 Records)
Exposed on June 15th, 2020Delivery Hero confirmed data breach of its brand Foodora which is done in 14 countries affecting 727,000 accounts – names, addresses, phone numbers and hashed passwords. It also contains latitude and longitude coordinates to six decimal points, which is accurate to within just a few inches.
Dating Apps – (2,500,000 Records)
Exposed on June 15th, 2020Close to 2.5 million records of data from a different specialized dating app, including 3somes, Cougary, Gay Daddy Bear, Xpal, BBW Dating, Casualx, SugarD, Herpes Dating, and GHunt is publicly accessible through Amazon Web Services “buckets.” The exposed data included limited “personally identifying information,” like real names, birthdays, or email addresses, sexually explicit photos and audio recordings.
Italian sales agents – (36,000 Records)
Exposed on June 16th, 2020An unsecured Amazon Simple Storage Service (S3) bucket is uncovered that contains more than 36,000 documents, including scans of national IDs, credit cards, and health insurance cards. The database also contains sales representative enrollment contracts that include personally identifiable information such as full names, addresses, tax identification numbers, and signatures of mostly Italian citizens.
Cognizant – (Unknown Records)
Exposed on June 17th, 2020IT services Company Cognizant suffered with the ransomware attack by Maze. Stolen information include sensitive personal information such as SSN, Tax IDs, financial information, and driver’s licenses, and passports.
Indonesian COVID-19 patients – (230,000 Records)
Exposed on June 21st, 2020The information of more than 230,000+ patients’ is being sold in one of the dark webs. The leaked dump includes name, address, present address, telephone number, citizenship, diagnosis date, result, result date, and many more.
MMO Game – (1,300,000 Records)
Exposed on June 22nd, 2020More than 1.3 million records of Popular MMO game have been stolen and being sold on dark web forums. Exposed information is User Name, Passwords, Email Address, Phone numbers and IP Addresses belonging to Stalker Online Player.
Law enforcement agencies and fusion centers – (1,000,000 Records)
Exposed on June 22nd, 2020More than 10 years worth of files belonging to over 200 police departments, US law enforcement agencies and fusion centers have been published online. The stolen data contains more than one million files, such as scanned documents, videos, emails, audio files, and more.
Indiabulls Group – (19,000 Records)
Exposed on June 22nd, 2020The CLOP Ransomware operators claimed recently to have breached Indiabulls. The leaked information include documents like a voucher, a letter, and four spreadsheets related to the Indiabulls Pharmaceuticals and Indiabulls Housing Finance Limited subsidiaries.
Frost & Sullivan – (Unknown Records)
Exposed on June 24th, 2020Business consulting firm Frost & Sullivan is breached after data from an unsecured backup folder exposed on the Internet was sold on a hacker forum. The customer database includes information such as the client name, the company contact, email address, whether they are confidential, and other non-sensitive data. On the other hand, the exposed employee database had more sensitive information such as login names, first and last names, email addresses, and hashed passwords.
Cano Health – (Unknown Records)
Exposed on June 24th, 2020A Healthcare company found that breach occurred to its employees’ email ids leading in accessing the personal information of the patients. Compromised information includes patient name, date of birth, contact information, healthcare information, insurance information, social security information, government identification number and financial account numbers.
Oneclass – (Unknown Records)
Exposed on June 25th, 2020An unsecured database belonging remote learning platform OneClass has exposed information linked with over a million students in North America who use the platform to access study guides and educational assistance. Exposed information included full names, email addresses (some masked), schools and universities attended, phone numbers, school and university course enrollment details and details of OneClass account.
Preen.Me – (250,000 Records)
Exposed on June 25th, 2020Personal information of more than 100,000 social media influencers and more than 250,000 social media users have been compromised in a breach at social media marketing firm Preen.Me Leaked information include email IDs, names, social media links, phone number and home addresses.
IndiaMART – (40,000 Records)
Exposed on June 25th, 2020A breach at IndiaMART has leaked the sensitive data of over 40,000 suppliers added to India Mart marketplace. Each record was said to consist of sensitive information including suppliers’ user IDs, full names, addresses, email addresses, and phone numbers.
Emergency distress messages – (Unknown Records)
Exposed on June 26th, 2020The emergency distress messages of thousands of domestic violence victims have been exposed due to misconfiguration of a back-end AWS Bucket by a Developer. The exposed information includes Victim’s Full name, home address, their circumstances, abuser’s full name, and personal details.
Twitter – (Unknown Records)
Exposed on June 29th, 2020Twitter suffered a data breach due to a bug in its platform resulting in the possible stealing and gaining access of the User Data. The compromised information may have included email addresses, telephone numbers, and the last four digits of clients’ credit card numbers.
Maine State Police – (Unknown Records)
Exposed on June 29th, 2020Maine State Police suffered with Data breach on 20th June 2020 resulting in the leak of database information like crime information and situational awareness bulletins. Expected exposed information is full name and date of birth of people under investigation by other law enforcement agencies.
Limeroad – (1,290, 000 Records)
Exposed on July 1st, 2020 – Indian e-commerce app Limeroad suffered with a breach of 1.29 million shoppers details which are put on sale on dark web. Exposed information includes the full names of users, their phone numbers and email ids.
CNY Works career center – (56,000 Records)
Exposed on July 2nd, 2020 – Personal information of 56,000 clients has been breached at CNY Works career center resulted in expose of personal data for financial gain.
BMW – (384,319 Records)
Exposed on July 2nd, 2020UK BMW customer database of 384,319 is sold on dark web. The exposed information included initials and last names, emails, addresses, vehicle numbers, dealer names, among other information.
Bicycle Sharing Company – (Unknown Records)
Exposed on July 6th, 2020 –  Bicycle Sharing Company in Texas was hacked, resulting in exposing credit card information, names and addresses.
Online Stores – (Unknown Records)
Exposed on July 7th, 2020 – 184000 cards have been stolen from online e-commerce portals by the Keeper Hackers resulted in leaking of customer’s payment details and their names and other PII information.
MongoDB – (229,000 Records)
Exposed on July 10th, 2020 – NoSQL databases like MongoDB is hacked with notes from approximately 22900 MongoDB databases revealing the Victim’s general data.
Savings Bank Argenta – (Unknown Records)
Exposed on July 13th, 2020 – Two ATMs of Antwerp-based savings bank Argenta have fallen victim to Jackpotting Attacks. This is done by installing a malicious software and/or hardware on an ATM that forces the machine to spew out all of its cash on demand.
Benefit Recovery Specialists Inc. – (275,000 Records)
Exposed on July 13th, 2020 – Houston-based billing and debt collection vendor Benefit Recovery Specialists Inc. is suffered with data breach affecting 275,000 individuals. Information that may have been compromised includes name, date of birth, date of service, provider name, policy identification number, procedure code, and/or diagnosis code, BRSI says. For a small number of individuals, Social Security number may also have been exposed the statement adds.
Wattpad – (270,000,000 Records)
Exposed on July 14th, 2020 – 270 million records have been stolen from Wattpad database. Compromised information includes user names, names, hashed passwords, email addresses, and general geographic location.
Citrix Systems, Inc – (Unknown Records)
Exposed on July 14th, 2020 – Data is hacked from Citrix Systems, Inc. Exposed information shared on Twitter includes Full names, Phone numbers, Email addresses, Company name, Physical address details
Bhinneka– (1,262,300 Records)
Exposed on July 15th, 2020 – Data for 1,262,300 accounts have been breached from an Indonesian store Bhinneka’s database. Exposed information includes Unique IDs,Full names,Email addresses, Gender,Contact numbers,Passwords,Address details,Date of Births(DOBs),Social media IDs,Log details such as the last login information,Classification of whether the user is an admin or a staff member which also hints that the database may include employee details.
Hong Kong Catholic Church – (Unknown Records)
Exposed on July 15th, 2020 – Hong Kong Catholic Church is hacked by China government’s hackers. So far hacked information is not shared.
MyCastingFile.com – (260,000 Records)
Exposed on July 16th, 2020 – Private data for more than 260,000 individuals from New Orleans-based MyCastingFile.com is exposed due to unsecured database on Google Cloud. Compromised Personally identifiable information (PII) made publicly available via the leak included names, physical addresses, email addresses, phone numbers, work histories, dates of birth, height and weight, ethnicity, and physical features of interest to potential employers — such as hair color and length.
Orange Company – (Unknown Records)
Exposed on July 16th, 2020 – Orange suffered a ransomware attack exposing the data of twenty of their enterprise customers.
Dreamfii HK Limited – (20,000,000 Records)
Exposed on July 16th, 2020 – Hong Kong based VPN Company is suffered with the data breach with more than 20 million users logs. Compromised information includes plain text passwords, IP addresses, timestamps of user connections, session tokens, information of the device, and OS being used along with geographical information in the form of tags. 
E-learning Platform – (1,000,000 Records)
Exposed on July 16th, 2020 – H
Dreamfii HK Limited – (20,000,000 Records)
Exposed on July 20th, 2020 – Approximately one million records containing the personal information of online students have been leaked after cloud misconfiguration by five e-learning platforms. The exposed information included full names, home and email addresses, ID numbers, phone numbers, dates of birth and course/school information.
Lorien Health Services – (Unknown Records)
Exposed on July 20th, 2020 –Lorien Health Services in Maryland announced a ransomware incident. Exposed information included residents’ names, Social Security numbers, dates of birth, addresses, and health diagnosis and treatment information.
Genealogy Software Maker – (Unknown Records)
Exposed on July 21st, 2020 – Tens of thousands of its users’ personal information is leaked online via a misconfigured cloud server, according to researchers. Among the details leaked to the public-facing internet were email addresses, geolocation data, IP addresses, system user IDs, support messages and technical details.
University of York – (Unknown Records)
Exposed on July 22nd, 2020 – The University of York launched an investigation after it had personal details of staff and students stolen by hackers. The university uses the Blackbaud system to record engagement with members of the university community, including alumni, staff and students and extended networks and supporters, it outlined. In terms of the data stolen, the University of York stated this may have included information such as date of birth, name and student number along with address, email address, phone number and professional details.
Instacart – (Unknown Records)
Exposed on July 23rd, 2020 – The personal information of Instacart customers is being sold on the dark web. The exposed information include names, the last four digits of credit card numbers, and order histories, and appears to have affected customers who used the grocery delivery service as recently as yesterday.
Railway Management Body – (Unknown  Records)
Exposed on July 23rd, 2020 – Spain’s State-Owned Railway Management Body hit by REvil ransomware. Exposed data includes high-speed hiring committee contracts, property records, field work reports, project action plans, documents about customers, contact information, correspondence records, and more.
Dave.com – (7,516,625 Records)
Exposed on July 26th, 2020 – Security breach occurred to Tech unicorn Dave affecting 7.5 milion users. Exposed information includes a wealth of information, such as real names, phone numbers, emails, birth dates, and home addresses
OnePlus – (Unknown  Records)
Exposed on July 27th, 2020 – Chinese smartphone maker OnePlus has recently exposed hundreds of customer email addresses while sending out a mass mailer for a research study to a select number of users.
Promo.com – (2,600,000 Records)
Exposed on July 27th, 2020 –Promo.com has suffered a database containing 22 million user records was leaked for free on a hacker forum. This data contains users names, email addresses, genders, geographic location, and for 2.6 million of the users, their hashed passwords.
The Idaho State Parks and Recreation, STEM Action Center and personal protective equipment – (Unknown Records)
Exposed on July 27th, 2020 –The Idaho State Parks and Recreation, STEM Action Center and personal protective equipment supply site were hacked. No sensitive data was compromised in either incident.
Walgreens – (70,000 Records)
Exposed on July 27th, 2020 – Prescription information and other data of 70,000 customers have been stolen from Walgreens stores during a breach occurred on 27th July.
M.J. Brunner Inc. – (Unknown Records)
Exposed on July 27th, 2020 – M.J. Brunner Inc. suffered with May Ransomware attack resulting in exposure of user names, emails and some physical addresses and phone numbers were nicked from the provider.
National Cardiovascular Partners – (Unknown Records)
Exposed on July 27th, 2020 – A ransomware attack to National Cardiovascular Partners occurred by gaining email access to one of its employees. Compromised information include patient information, including names, contact information, and a host of other sensitive data that varied by patient.
Dunzo – (Unknown Records)
Exposed on July 30th, 2020 – Hyperlocal delivery application Dunzo suffered with data breach. This unauthorized access and breach of the company’s database, included information like phone numbers, email addresses, the users’ last known location, phone type, and last login dates.
Gujarat Technological University – (24,000 Records)
Exposed on July 31st, 2020 – Personal data of 24,000 students who took the pre-test for an online exam at Gujarat Technical University was allegedly leaked or stolen and put up on the varsity’s website.
Athens ISD – (Unknown Records)
Exposed on July 31st, 2020 – A ransomware attack to Athens Independent School District occurred resulting in blocking the complete access to data including teacher communications, student schedules, grades, and assignments. There is no information stolen as such. Athens ISD Board of Trustees paid $50 k in order to release the access.
Havenly – (1,300,000 Records)
Exposed on August 1st, 2020 – Online interior design and home decoration site, Havenly suffered with data breach, where hacked data is published on a hacker forum for free. Compromised information includes user’s login name, full name, MD5 hashed password, email address, phone number, zip, and various other data related to the usage of the site.
Regis – (Unknown Records)
Exposed on August 3rd, 2020 – The ransomware attack against ASX-listed aged care operator Regis has led to the release of sensitive personal data. The exposed information is believed to include personal information relating to a small number of residents at Regis facilities as well as a staff member.
Zello– (Unknown Records)
Exposed on August 3rd, 2020 – Zello, push-to-talk app, has disclosed a data breach revealing user’s email addresses and hashed passwords after discovering unauthorized activity on their systems.
Kentucky’s unemployment system – (Unknown Records)
Exposed on August 3rd, 2020 – Kentucky’s unemployment system suffered with data breach, resulting exposure of information of other claimant’s former employer and health.
Beaumont Health – (6,000 Records)
Exposed on August 4th, 2020 – Email accounts of Michigan’s largest healthcare provider have been compromised in a cyber attack . Emails within the compromised accounts contained PHI that included names, dates of birth, diagnoses, diagnosis codes, procedure and treatment information, type of treatment provided, prescription information, patient account numbers, and medical record numbers.
Financial Technology Company – (21,000 Records)
Exposed on August 10th, 2020 – Sensitive data of more than 21000 students of an Indian Financial Technical Company is stolen and is on sale on dark web. Some of the information including their Aadhar cards, university IDs, photo and full signature, Name, phone, email, Aadhar Number, Date of Birth, Gender, Full Address, College, Course, Graduation Date, Friend’s name, Friends’ number,”.
Michigan State University – (2,600 Records)
Exposed on August 10th, 2020 – An unauthorized access to Michigan State University’s online store stole the credit card and other PII information. Exposed information during the incident is Customer names, addresses and credit card numbers of about 2,600 customers.
FHN Healthcare system – (Unknown Records)
Exposed on August 11th, 2020 – E
Beaumont Health – (6,000 Records)
Exposed on August 4th, 2020 – E
Beaumont Health – (6,000 Records)
Exposed on August 4th, 2020 – E
Beaumont Health – (6,000 Records)
Exposed on August 4th, 2020 – E
Beaumont Health – (6,000 Records)
Exposed on August 4th, 2020 – Freeport-based healthcare provider suffered with the data theft by an Unauthorized person leading to the sensitive information compromise. Information exposed in the data breach included some patients’ names, dates of birth, medical record or patient account numbers, health insurance information, and limited treatment and/or clinical information, such as provider names, diagnoses, and medication information. In some cases, patients’ health insurance information and/or Social Security numbers were also identified in the compromised email accounts.
Sans Institute – (28,000 Records)
Exposed on August 12th, 2020 – PII of 28,000 records of Sans Institute is compromised. Exposed information included files that contained some subset of email, first name, last name, work title, company name, industry, address, and country of residence.
Israeli Defense Industry – (Unknown Records)
Exposed on August 12th, 2020 – Israel suffered with cyber security attack resulted in stealing of classified data. Hacking group was linked to North Korea.
Canon – (Unknown Records)
Exposed on August 14th, 2020 – Canon suffered a cyber attack by an Unauthorized ransomware. Compromised information include videos. As such no financial information is leaked during this breach.
AI Company – (2,500,000 Records)
Exposed on August 17th, 2020 – Sensitive medical data and PII are exposed by an Artificial Intelligence company due to an unsecured server. The records included names, insurance records, medical diagnosis notes, and much more.
Ponca City Schools – (Unknown Records)
Exposed on August 18th, 2020 – Ponca City Public Schools hit with Ransomware attack resulting in the damage to external server.
Experian South Africa – (24,000,000 Records)
Exposed on August 19th, 2020 – The South African branch of consumer credit reporting agency Experian suffered with a data breach. Compromised information include only personal information but no financial information was leaked.
Freepik – (8,300,000 Records)
Exposed on August 21st, 2020 – Freepik company suffered with data breach. Exposed information included users’ email id and password.
RailYatri – (37,000,000 Records)
Exposed on August 24th, 2020 – Customer and corporate data of a corporate travel company is compromised by meow ransomware. Exposed information in the misconfiguration were users’ full names, age, gender, physical and email addresses, mobile phone numbers, booking details, GPS location and names/first and last four digits of payment cards.
Brookfield Residential – (Unknown Records)
Exposed on August 25th, 2020 – Darkside ransomware stole data from Brookfield Asset Management (brookfield.com). Compromised information include from corporate HR, Finance, Payroll, Administration, Business Plan, Commercial and many more departments
Sumitomo Forestry Co., Hitachi Chemical Co – (Unknown Records)
Exposed on August 26th, 2020 – Authentication data for Sumitomo Forestry Co., Hitachi Chemical Co. and 36 other Japanese companies is stolen and leaked by hackers.
Sendgrid – (Unknown Records)
Exposed on August 28th, 2020 – Email marketing company Sendgrid is hacked resulting in leak of large number of customer accounts passwords.
Utah Pathology Services – (112,000 Records)
Exposed on August 31st, 2020 – Utah Pathology Services suffered with an Unauthorized access resulting in exposure of patient information. Exposed information include Date of birth , Gender, Phone number, Mailing address, Email address, Insurance information including ID and group numbers and clinical and diagnostic information related to pathology services And, for a smaller percentage of patients, Social Security number.
NSW Government – (54,000 Records)
Exposed on August 31st, 2020 – Scan of 54,000 Australian Drivers’ license in an open amazon S3 bucket is exposed due to configuration. 
The Norwegian parliament – (Unknown Records)
Exposed on Sep 2nd, 2020 – Parliament suffered a cyber attack resulting in hacking of e-mail accounts of several elected members and employees.
The Australian Computer Emergency Response Team (AusCERT) – (1,000,000 Records)
Exposed on Sep 2nd, 2020 – Hackers breached the Department of Education, Skills, and Employment (DoE), and stole the personal details of more than one million students, teachers, and staff.
The Jewish Federation – (Unknown Records)
Exposed on Sep 3rd, 2020 – The Jewish Federation of Greater Washington hacked and drained $7.5 million from its endowment fund and funneled the money into international accounts.
Roper St. Francis Hospital – (6,000 Records)
Exposed on Sep 5th, 2020 – Hospital affected by a data breach that allowed attackers to steal the data of 6,000 patients that was medical records and other personal information stolen by an unknown attacker.
The Jewish Federation of Greater Washington – (6,000 Records)
Exposed on Sep 5th, 2020 – Hacker stole $7.5 million from the endowment funds of The Jewish Federation of Greater Washington, a non-profit from Maryland in the US.
Service NSW  – (186,000 Records)
Exposed on Sep 7th, 2020 – Personal information of 186,000 customers is stolen because of a cyber attack at Service NSW.  3.8 million documents were stolen from the email accounts.
K-Electric – (Unknown Records)
Exposed on Sep 9th, 2020 – K-Electric, the sole electricity provider has suffered a Netwalker ransomware attack that led to the disruption of billing and online services.
The Slovakian crypto exchange – (Unknown Records)
Exposed on Sep 9th, 2020 – Slovakia based cryptocurrency exchange suffered with a targeted hacking attack. Assets cryptocurrencies worth approximately $ 5.4 million were stolen.
Thai hospitals and companies – (Unknown Records)
Exposed on Sep 10th, 2020 – Hospitals and companies were hit by hackers who held their computer systems and data ransom, demanding payment to restore information.
US School System – (Unknown Records)
Exposed on Sep 10th, 2020 – Ransomware attack by cyber-criminal gang has successfully targeted Fairfax County Public Schools in Virginia and uploaded a zip file of data they claim was ex filtrated from the school system.
SoftServ – (Unknown Records)
Exposed on Sep 11th, 2020 –  Software developer and IT services provider suffered a ransomware attack that may have led to the theft of customers’ source code.
Staples – (Unknown Records)
Exposed on Sep 14th, 2020 –  Retail company Staples suffered with data breach, they informed to some of their customers that their data related to their orders has been accessed without authorization.
Department of Veteran Affairs – (46,000 Records)
Exposed on Sep 14th, 2020 –  Data Breach at US Department of Veteran Affairs Affected 46,000 Veterans by “unauthorized users” and took Veteran’s personal information.