| 1 | 10/04/2017 | Janitor | Sierra Tel | The Bricker Bot takes down the Zyxel HN-51 Modem belonging to Sierra Tel, a Californian ISP. | Malware | Industry: ISP | CC | US |
| 2 | 11/04/2017 | ? | eConcordia | Concordia’s online course systems, eConcordia and KnowledgeOne, are hacked, 9000 users are compromised. | Account Hijacking | Education | CC | US |
| 3 | 16/04/2017 | ? | McAfee Linkedin Page | The LinkedIn page for McAfee is hijacked by a single person or an unknown number of individuals allegedly affiliated with the OurMine collective. | Account Hijacking | Industry: Computer Software | CC | US |
| 4 | 16/04/2017 | ? | Westminster College | Westminster College in Missouri reveals the details of a breach discovered on March 26 after a phishing scam duped a staffer into sending off W-2 statements. | Account Hijacking | Education | CC | US |
| 5 | 18/04/2017 | ? | Northrop Grumman | Northrop Grumman admits one of its internal portals was broken into, exposing employees' sensitive tax records to W-2 Scams. | Account Hijacking | Industry: Aerospace and Defense | CC | US |
| 6 | 18/04/2017 | ? | Retina-X FlexiSpy | Motherboard obtains the data of 130,000 customers of the two mobile surveillance software firms Retina-X and FlexiSpy | Unknown | Industry: Software | CC | US |
| 7 | 20/04/2017 | ? | Android users | Researchers from Trend Micro discover MilkyDoor, an alleged successor of the infamous malware DressCode. | Malware | Single Individuals | CC | >1 |
| 8 | 20/04/2017 | ? | Fashion Fantasy Game | A 2016 data breach leaves Fashion Fantasy Game, an online game and social network for fashion lovers, with millions of user account credentials being leaked on the web. | Unknown | Social Network | CC | US |
| 9 | 21/04/2017 | APT10 and Tonto team | South Korea | FireEye claims Chinese hackers are trying to break into South Korea's military to halt the deployment of an anti-ballistic weapons system in the country. | Targeted Attack | Military | CW | KP |
| 10 | 21/04/2017 | ? | Atlantic Digestive Specialists | Atlantic Digestive Specialists notify patients of ransomware incident | Malware | Healthcare | CC | US |
| 11 | 21/04/2017 | ? | Cleveland Metropolitan School District | Cleveland Metropolitan School District discloses phishing-related incident | Account Hijacking | Education | CC | US |
| 12 | 21/04/2017 | ? | Iowa Veterans Home | Iowa Veterans Home warns nearly 3,000 of data breach after phishing incident | Account Hijacking | Government | CC | US |
| 13 | 22/04/2017 | ? | Alison Brie | Fappening 2.0 continues: this time Alison Brie is targeted and has some nude images leaked online. | Unknown | Single Individual | CC | US |
| 14 | 22/04/2017 | ? | Yapizon | Yapizon, a South Korean Bitcoin exchange suffers a massive data breach when hackers steal 3,800 Bitcoin (US$5 million) which is 37% of user funds. | Unknown | Bitcoin Exchange | CC | KR |
| 15 | 23/04/2017 | Zhengquan Zhang | KCG Holdings | The FBI arrests Zhengquan Zhang, a 31-year-old IT engineer, accused of installing malware on his employer's servers to steal proprietary source. | Malware | Industry: Financial Services | CC | US |
| 16 | 23/04/2017 | Ayyildiz Tim | North Mundham Primary in Chichester | Police are investigating after “malicious” messages are left on a school website by Turkish nationalists in an apparent hacking attempt. | Defacement | Education | CC | UK |
| 17 | 24/04/2017 | APT28 AKA Fancy Bear | Danish Armed Forces | Denmark’s security service, Politiets Efterretningstjeneste’s (PET) Centre for Cyber Security says in its report that Danish armed forces personnel have their emails hacked over the last two years. The hack has been attributed to ‘Fancy Bear'. | Targeted Attack | Military | CE | DK |
| 18 | 24/04/2017 | ? | 7 Southeast Asian Nations | An anti-cybercrime operation by Interpol and investigators from seven southeast Asian nations reveal nearly 9,000 malware-laden servers and hundreds of compromised websites in the ASEAN region. | Malware | >1 | CC | >1 |
| 19 | 24/04/2017 | ? | HipChat | HipChat is hacked over the weekend due to a vulnerability in a third-party library. The incident affects a server in the HipChat Cloud web tier, and for a small number of instances (less than 0.05 percent), there's evidence messages and content in rooms may have been accessed. | Vulnerability in a third-party library | Industry: Software | CC | US |
| 20 | 24/04/2017 | ? | City of Newark | A ransomware attack hits some municipal computers in New Jersey's most populous city, Newark. | Malware | Government | CC | US |
| 21 | 24/04/2017 | ? | Greenway Health | Greenway Health is the victim of a ransomware attack | Malware | Healthcare | CC | US |
| 22 | 25/04/2017 | ? | Chipotle | Chipotle, the global fast-food chain specialising in Mexican dishes, urges its US customers to check for suspicious activity on their bank statements after "unauthorised" activity on its payment processing systems has led to fears the company has been hacked. | PoS Malware | Industry: Restaurant | CC | US |
| 23 | 25/04/2017 | APT28 AKA Fancy Bear | Two German think tanks with ties to Christian Democratic Union (CDU) and Social Democratic Party (SPD). | Trend Micro reveals that Kremlin-linked Fancy Bear hackers targeted two German think tanks with ties to Angela Merkel's ruling coalition parties Christian Democratic Union (CDU) and Social Democratic Party (SPD). | Targeted Attack | Org: Political Party | CE | DE |
| 24 | 25/04/2017 | APT28 AKA Fancy Bear | Emmanuel Macron | The same reports reveals that French presidential candidate Emmanuel Macron was targeted by APT28. | Targeted Attack | Single Individual | CE | FR |
| 25 | 25/04/2017 | ? | R2Games | Online gaming company Reality Squared Games (R2Games) is hacked for the second time in two years and more than one million accounts are compromised. Leaked data includes usernames, passwords, email addresses, IP addresses, and other optional record fields, such as instant messenger IDs, birthday, and Facebook related details (ID, name, access token). | Unknown | Industry: Video Games | CC | CN |
| 26 | 25/04/2017 | ? | Multiple Japanese Businesses | Cybereason discovers ShadowWali, a backdoor used for targeted attacks, against Japanese businesses since at least 2015. | Targeted Attack | >1 | CE | JP |
| 27 | 25/04/2017 | ? | Blowout Cards | Blowout Cards issues a security alert to customers, warning that their payment card details may have been compromised after an attacker hacked its website and customers began reporting related card fraud. | Malware | Industry: E-Commerce | CC | US |
| 28 | 25/04/2017 | WauchulaGhost | 250 ISIS Twitter Accounts | WauchulaGhost defaces 250 ISIS Twitter accounts with adult content. | Defacement | Org: Terrorism | H | N/A |
| 29 | 26/04/2017 | ? | Android users | Check Point updates the damage report for the FalseGuide malware with five additional apps found containing the malware, estimating that 2 million Android users have unknowingly downloaded the malware. | Malware | Single Individuals | CC | >1 |
| 30 | 26/04/2017 | OilRig | 120 Israeli Targets | The Israeli Government reveals to have thwarted a major cyberattack against 120 targets. Israeli sources believe the attack has been launched by the Iran-linked OilRig APT group (aka Helix Kitten, NewsBeef ). | Targeted Attack | Government | CC | IL |
| 31 | 26/04/2017 | ? | Ciphr | customer data from encrypted phone company Ciphr is dumped online. | Unknown | Industry: Mobile HW and SW | CC | US |
| 32 | 26/04/2017 | ? | Virginia Sex Offender and Crimes Against Children Registry (SOR) | A malware infection affecting servers belonging to the Virginia State Police (VSP) shuts down the department's email system, along with its ability to update the Virginia Sex Offender and Crimes Against Children Registry (SOR). | Malware | Law Enforcement | CC | US |
| 33 | 26/04/2017 | ? | Pekin Community High School | A ransomware attack takes down Pekin Community High School. | Malware | Education | CC | US |
| 34 | 27/04/2017 | ? | >1 | Reuters reveals that unknown attackers have been exploiting CVE-2017-0199 against target in Ukraine and Australia. | Targeted Attack | >1 | CE | UA AU |
| 35 | 27/04/2017 | ? | OSX Users | Check Point reveals the details of OSX/Dok, a new malware affecting all versions of OSX, signed with a valid developer certificate (authenticated by Apple), the first major scale malware to target OSX users via a coordinated email phishing campaign. | Malware | Single Individuals | CC | >1 |
| 36 | 27/04/2017 | ? | NoTrove | RiskIQ reveals that a group known as NoTrove is driving massive amounts of traffic to survey pages, scams sites, and shady software download portals, so much so that one of the domains they used in their campaigns peaked at #517 in Amazon's Alexa traffic ranking. | Malvertising | Single Individuals | CC | >1 |
| 37 | 28/04/2017 | The Dark Overlord | Netflix | TheDarkOverlord leaks upcoming episode of Orange is the New Black after Netflix doesn’t pay extortion demand. The hack happened via a "production vendor". | Unknown | Industry: Entertainment | CC | US |
| 38 | 28/04/2017 | Evaldas Rimasauskas | Google and Facebook | Google and Facebook confirm that they fell victim to an alleged $100m (£77m) scam between 2013 and 2015. | Account Hijacking | Industry: Internet Services | CC | US |
| 39 | 28/04/2017 | ? | 20 UK Banks | Security researchers from IBM Security warn that a strain of banking Trojan, dubbed TrickBot, is escalating attacks against UK banks and financial institutions. The operators of the malware have launched five campaigns only on April. | Malware | Finance | CC | UK |
| 40 | 28/04/2017 | ? | Diamond Institute for Infertility and Menopause | Diamond Institute for Infertility and Menopause notifies patients of an incident involving their electronic health records server, maintained by an unnamed third party. The incident happened in February | Unknown | Healthcare | CC | US |
| 41 | 28/04/2017 | Tsar Team | Grozio Chirurgija | Cybercriminals steal personal records and photos of patients from the data system of a Lithuanian plastic surgery clinic and put them up for sale. | OpenCMS Vulnerability | Healthcare | CC | LT |
| 42 | 29/04/2017 | ? | Hill Country Memorial Hospital | Hill Country Memorial Hospital notifies patients after employee email accessed without authorization | Account Hijacking | Healthcare | CC | US |
| 43 | 29/04/2017 | ? | Greenwood County School District 50 | About 3,300 are affected by a security breach after the school discovers that an unauthorized user logged in to four Greenwood County School District 50 employees’ emails as well as current and former employees’ payroll accounts in January and February. | Account Hijacking | Education | CC | US |
| 44 | 30/04/2017 | ? | Some IBM flash drives | IBM detects that some USB flash drives containing the initialization tool shipped with several IBM Storwize systems contain a file that has been infected with malicious code and ask users to destroy them. | Malware | Industry: Hardware | CC | US |
| 45 | 30/04/2017 | ? | Unity 3D Forum | OurMine hackers deface the official domain of Unity 3D Forums leaving a deface page along with a note. | Defacement | Online Forum | CC | US |
