With this new project I am going to track the biggest data breaches of 2021 extracted from my cyber attack timelines, into an interactive graph with the ability to pinch and zoom the data in the chart area.
The size of the bubble (and the value of the Y-axis) measures the extension of the data breach. In order to make the chart more readable, the scale for both values is logarithmic. The balloon text on each bubble provides additional data about the breach, whose details are also available in the summary table after the chart.
No need to repeat that the data is available from public sources such as blogs and news sites, and please support my work, sharing the content, and of course follow @paulsparrows on Twitter and LinkedIn for the latest updates.
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
67
15/09/2021
-
-
Anonymois
Epik
Hacktivist collective Anonymous claims to have obtained gigabytes of data from Epik, which provides domain name, hosting, and DNS services for a variety of clients.
Unknown
M Professional scientific and technical activities
H
US
Anonymous, Epik
66
14/08/2021
-
-
John Brinns
T-Mobile
T-Mobile investigates a data breach after a threat actor claims to have hacked T-Mobile's servers and stolen databases containing the personal data of approximately 50 million customers.
Unknown
J Information and communication
CC
US
T-Mobile, John Brinns
65
13/08/2021
Mid-June 2021
29/06/2021
REvil
University Medical Center
1.3 million people are affected in a cyberattack on Las Vegas-based University Medical Center.
Malware
Q Human health and social work activities
CC
US
University Medical Center, REvil, ransomware
64
14/08/2021
-
-
John Brinns
T-Mobile
T-Mobile investigates a data breach after a threat actor claims to have hacked T-Mobile's servers and stolen databases containing the personal data of approximately 50 million customers.
Unknown
J Information and communication
CC
US
T-Mobile, John Brinns
63
08/08/2021
Between 2018 and 2019
-
aw_cards
Single individuals
Researchers from Cyble discover a threat actor promotes AllWorld Cards, a new criminal carding marketplace by releasing one million credit cards stolen between 2018 and 2019 on hacking forums.
Unknown
K Financial and insurance activities
CC
>1
aw_cards, AllWorld Cards
62
14/07/2021
-
-
?
Instituto Nacional Electoral (INE)
91 million records from the Instituto Nacional Electoral (INE) are leaked in the dark web.
Unknown
O Public administration and defence, compulsory social security
CC
MX
Instituto Nacional Electoral, INE
61
09/07/2021
25/12/2020
-
?
Professional Business Systems, Inc. d/b/a Practicefirst Medical Management Solutions and PBS Medcode Corp.
Practicefirst Medical Management Solutions and PBS Medcode recently notified 1.2 million patients that their data was accessed and stolen from its network, ahead of a ransomware attack deployed on Dec. 25, 2020.
Malware
M Professional scientific and technical activities
CC
US
Professional Business Systems, Inc., Practicefirst Medical Management Solutions, PBS Medcode Corp., ransomware
60
09/07/2021
Between 28/05/2021 and 04/06/2021
04/06/2021
Cuba Ransomware
Forefront Dermatology
Forefront Dermatology issues a press release about a ransomware attack that began in May. 2.4M patients and employees data is compromised.
Malware
Q Human health and social work activities
CC
US
Forefront Dermatology, ransomware, Cuba
59
01/07/2021
-
28/06/2021
1945VN?
Tamil Nadu's Public Distribution System (PDS)
5.2 million citizens from the Public Distribution System (PDS) of the state of Tamil Nadu have their data on sale.
Unknown
O Public administration and defence, compulsory social security
CC
IN
Tamil Nadu, Public Distribution System, PDS
58
27/06/2021
22/06/2021
22/06/2021
?
Linkedin
A new posting with 700 million LinkedIn records appears on RaidForums, a popular hacker forum
Unknown
S Other service activities
CC
>1
Linkedin
57
12/06/2021
During May 2021
12/06/2021
Mastiff
Multiple organizations in the Italian healthcare sector
A forum on the DeepWeb publishes a post selling COVID-19 vaccination data of 7.4 Million Italians.
Undisclosed vulnerabilities
O Public administration and defence, compulsory social security
CC
IT
COVID-19, Mastiff
56
11/06/2021
-
-
?
Volkswagen USA
Volkswagen and Audi are hit by a data breach that exposed the contact information and, in some cases, personal details of 3 million customers or shoppers. The data was stolen from an outside company that worked with the automaker.
Unknown
C Manufacturing
CC
US
Volkswagen USA, Audi
55
09/06/2021
Between 2018 and 2020
-
?
Multiple targets
Researchers from NordLocker uncover a 1.2-terabyte database of stolen data, lifted from 3.2 million Windows-based computers over the course of two years by an unknown, custom malware. The heisted info includes 6.6 million files and 26 million credentials, and 2 billion web login cookies – with 400 million of the latter still valid at the time of the database’s discovery.
Malware
Y Multiple Industries
CC
>1
NordLocker
54
04/06/2021
-
31/05/2021
?
New York Pizza
New York Pizza, one of the largest pizza restaurant chains in the Netherlands, discloses a security breach after a hacker tried to extort the company over the weekend.
Unknown
I Accommodation and food service activities
CC
NL
New York Pizza
53
24/05/2021
13/01/2021
During January 2021
?
DailyQuiz
The personal details of 13 million DailyQuiz users are leaked online after a hacker breached the quiz builder’s database and stole its content
Unknown
R Arts entertainment and recreation
CC
IL
DailyQuiz
52
22/05/2021
-
21/05/2021
?
BPJS Kesehatan? (the Indonesian Social Security Administrator for Health)
A newly registered member of the RaidForums forum posts what they claim is a database containing 200 million records of personal information for Indonesian people.
Unknown
O Public administration and defence, compulsory social security
CC
ID
BPJS Kesehatan, RaidForums
51
21/05/2021
-
28/04/2021
?
Omiai
Japan’s biggest dating app, Omiai, is hacked and personal data of 1.71 million users such as drivers’ licenses, insurance cards, and passports is accessed by threat actors.
Unknown
R Arts entertainment and recreation
CC
JP
Omiai
50
19/05/2021
-
24/02/2021
?
Air India
Air India disclosed a data breach after personal information belonging to roughly 4.5 million of its customers was leaked two months following the hack of Passenger Service System provider SITA in February 2021.
Unknown
H Transportation and storage
CC
IN
Air India, SITA
49
10/05/2021
-
-
?
Municipality of Konya
A cyberattack steals info of one million in Turkey’s municipality of Konya
Unknown
O Public administration and defence, compulsory social security
CC
TR
Konya
48
26/04/2021
-
22/04/2021
Pompompurin
N/A
Hacker dumps sensitive household records of 250M Americans
Unknown
L Real estate activities
CC
US
Pompompurin
47
25/04/2021
During November 2020
08/11/2020
ShinyHunters
BigBasket
ShinyHunters leakes approximately 20 million BigBasket user records containing personal information and hashed passwords on a popular hacking forum.
Unknown
G Wholesale and retail trade
CC
IN
ShinyHunters, BigBasket
46
18/04/2021
-
-
?
Domino's Pizza India
A threat actor is claiming to have stolen the personal data of over a million customers of Domino's Pizza India
Unknown
I Accommodation and food service activities
CC
IN
Domino's Pizza India
45
12/04/2021
During March 2021
-
?
ParkMobile
Someone is selling account information for 21 million customers of ParkMobile, a mobile parking app that’s popular in North America.
Vulnerability
N Administrative and support service activities
CC
US
ParkMobile
44
11/04/2021
-
-
?
Upstox
Indian stock trading firm Upstox reveals to users that it has suffered a serious security breach that may have seen unauthorised criminal access to millions of customers’ personal information.
Misconfiguration
K Financial and insurance activities
CC
IN
43
10/04/2021
-
-
Multiple breaches
Clubhouse
Personal data of 1.3 million Clubhouse users leaked online
Vulnerability
S Other service activities
CC
>1
Clubhouse
42
06/04/2021
-
06/04/2021
Multiple breaches
Linkedin
Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof
Unknown
S Other service activities
CC
>1
Linkedin
41
30/03/3021
-
During February 2021
?
MobiKwik
Private information of nearly 100 million users of the Indian mobile payments startup MobiKwik is leaked in the dark web
Misconfiguration
K Financial and insurance activities
CC
US
MobiKwik
40
25/03/2021
-
25/03/2021
?
RDC
RDC, a Dutch company that provides garage and maintenance services to Dutch car owners, confirms a data breach after the personal and vehicle details of 7.5 millions of Dutch car owners are posted for sale on a well-known cybercrime forum.
Unknown
N Administrative and support service activities
CC
NL
RDC
39
25/03/2021
-
26/01/2021
?
Astoria Company LLC
30M records from Astoria Company LLC, a Lead Generation company are leaked in the Darkweb.
Misconfiguration
N Administrative and support service activities
CC
US
Astoria Company LLC
38
22/03/2021
During 2020
-
?
Elector Software Ltd
Hackers expose online personal details of 6.5 million Israeli voters, less than 24 hours before the country goes to the polls in the fourth election in the last two years, allegedly stolen from the Elector app.
Unknown
M Professional scientific and technical activities
H
IL
Elector Software Ltd
37
04/03/2021
-
24/02/2021
?
SITA
Passenger data from multiple airlines around the world is compromised after hackers breached servers belonging to SITA.
Unknown
M Professional scientific and technical activities
CC
CH
SITA
36
04/03/2021
-
-
?
Adecco Group
A user on a popular hacking forum purportedly sells the stolen credentials from 6 South American countries for the Swiss-based Adecco Group.
Misconfiguration
N Administrative and support service activities
CC
>1
Adecco Group
35
01/03/2021
During August 2020
21/02/2021
?
Ticketcounter
Ticketcounter suffers a data breach after a user database containing 1.9 million unique email addresses is stolen from an unsecured staging server.
Misconfiguration
R Arts entertainment and recreation
CC
NL
Ticketcounter
34
27/02/2021
-
Last week of February 2021
?
Zee5
Zee5, an Indian OTT platform with over 150 million users has a part of its userbase’s data (9 million records) leaked (again.)
Unknown
J Information and communication
CC
IN
Zee5
33
26/02/2021
-
-
?
SuperVPN, GeckoVPN, ChatVPN
The data of 21 million users from 3 popular Android VPNs are leaked on a forum.
Misconfiguration
M Professional scientific and technical activities
CC
PK
SuperVPN, GeckoVPN, ChatVPN
32
20/02/2021
14/02/2021
18/02/2021
?
Cashalo
Fintech platform Cashalo is hit with a data breach and the data of 3.3 million users are on sale in the dark web.
Unknown
V Fintech
CC
PH
Cashalo
31
19/02/2021
-
-
?
1.4 million French Twitter users
The data of 1.4 million French Twitter users are on sale in the underground market.
Unknown
X Individual
CC
FR
Twitter
30
11/02/2021
-
-
?
Vivo, Claro
Brazil's National Data Protection Authority (ANPD) starts an investigation for the exposure of data relating to more than 102 million mobile phone lines from two mobile operators, Vivo (57,2 million)and Claro (45,6 million).
Unknown
J Information and communication
CC
BR
ANPD, Vivo, Claro
29
11/02/2021
-
06/02/2021
?
10 million Malaysian voters
Personal data of 10 million Malaysian voters is leaked online.
Unknown
Z Unknown
CC
MY
Malaysia
28
03/02/2021
21/01/2021
31/01/2021
?
EscortReviews.com
EscortReviews.com, an online community promoting female escorts and reviews of their services suffers a data breach after a hacker downloaded the site's database.
vBulletin vulnerability
R Arts entertainment and recreation
CC
US
EscortReviews.com, vBulletin
27
03/02/2021
-
26/01/2021
?
Oxfam Australia
Oxfam Australia investigates a suspected data breach after a threat actor claimed to be selling their database on a hacker forum.
Unknown
U Activities of extraterritorial organizations and bodies
CC
AU
Oxfam Australia
26
02/02/2021
-
-
Singularity0x01
Multiple targets
About 3.27 billion stolen account logins are posted to the RaidForums English-language cybercrime community in a ‘COMB’ collection.
>1
Y Multiple Industries
CC
>1
COMB
25
02/02/2021
Red Rabbit Team
Airtel
A hacker group, dubbed 'Red Rabbit Team' leaks the personal details of 2.5 million Airtel customers.
Unknown
J Information and communication
CC
IN
Airtel
24
01/02/2021
-
19/12/2020
?
DriveSure
Over three million customers of DriveSure, a US car company have had their details compromised after a cyber-criminal posted them to a dark web forum
Unknown
N Administrative and support service activities
CC
US
DriveSure
23
31/01/2021
-
-
?
Raychat
Raychat, a popular Iranian business and social messenger, exposes its entire database (267M+ accounts w/ names, emails, passwords, metadata, encrypted chats etc.), which is then destroyed by a bot attack.
Misconfiguration
S Other service activities
CC
IR
Raychat
22
29/01/2021
Between November 2013 and 09/12/2020
09/12/2020
?
Florida Healthy Kids Corporation
Florida Healthy Kids Corporation posts a notice about an incident in their website attributed to Jelly Bean Communications Design
Unknown
Q Human health and social work activities
CC
US
Florida Healthy Kids Corporation
21
29/01/2021
Late December 2020
25/01/2021
?
Washington's State Auditor office
Washington's State Auditor Office suffers a data breach that exposes the personal information in 1.6 million employment claims after a threat actor exploited a vulnerability in a secure file transfer service from Accellion.
Vulnerability
O Public administration and defence, compulsory social security
ShinyHunters leaks the details of more than 2.28 million users registered on MeetMindful.com.
Cloud misconfiguration
S Other service activities
CC
US
ShinyHunters, MeetMindful
18
23/01/2021
-
-
?
Undisclosed French Travel Agency
An undisclosed French travel agency has its data leaked. 1.4 million records are exposed.
Unknown
R Arts entertainment and recreation
CC
FR
Undisclosed French Travel Agency
17
22/01/2021
-
-
?
Santander Mexico
A database belonging to Santander Mexico is put on sale on an underground market. 1 million records are leaked.
Unknown
K Financial and insurance activities
CC
MX
Santander
16
22/01/2021
-
-
?
BBVA Mexico
A database belonging to BBVA Mexico is put on sale on an underground market. 3 million records are leaked.
Unknown
K Financial and insurance activities
CC
MX
BBVA
15
22/01/2021
-
-
?
IMSS
A database belonging to IMSS, a Mexican marketing firm, is put on sale on an underground market. 42 million records are leaked.
Unknown
M Professional scientific and technical activities
CC
MX
IMSS
14
22/01/2021
-
-
?
Serasa
The personal information of 220 million users in Brazil, belonging to Serasa (an Experian company) is leaked in the dark web.
Unknown
K Financial and insurance activities
CC
BR
Serasa
13
22/01/2021
-
20/01/2021
ShinyHunters
Bonobos
Bonobos men's clothing store suffers a massive data breach exposing millions of customers' personal information after a 70GB cloud backup of their database is downloaded and shared.
Cloud misconfiguration
G Wholesale and retail trade
CC
US
Bonobos, ShinyHunters
12
22/01/2021
-
14/01/2021
?
MyFreeCams
A hacker is selling a database with login details for two million high-paying users of the MyFreeCams adult video streaming and chat service.
SQLi
R Arts entertainment and recreation
CC
US
MyFreeCams
11
20/01/2021
-
21/10/2020
?
Nitro PDF
A stolen database containing the email addresses, names, and passwords of more than 77 million records of Nitro PDF service users was leaked today for free.
Unknown
M Professional scientific and technical activities
CC
US
Nitro PDF
10
20/01/2021
-
-
ShinyHunters
Pixlr
ShinyHunters share a database that he claims was stolen from Pixlr while he breached the 123rf stock photo site. Pixlr and 123rf are both owned by the same company, Inmagine.
Cloud misconfiguration
S Other service activities
CC
US
ShinyHunters, Pixlr, 123rf, Inmagine
9
18/01/2021
-
-
?
Capital Economics
Researchers from Cyble discover a leak of 500K+ records of C-level people from Capital Economics on a Russian-speaking forum.
SQLi
M Professional scientific and technical activities
CC
US
Capital Economics, Cyble
8
15/01/2021
Between 10/10/2020 and 9/11/2020
20/11/2020
?
Hendrick Health System
Hendrick Health System notifies patients that some identifying information may have been compromised during a network security breach apparently due to a ransomware attack. 640,000 individuals are potentially affected.
Unknown
Q Human health and social work activities
CC
US
Hendrick Health System
7
14/01/2021
-
18/8/2020
?
Juspay
The data of 35 million users from Juspay goes on sales in the dark web
Cloud misconfiguration
K Financial and insurance activities
CC
IN
Juspay
6
14/01/2021
During 2020
-
?
Facebook
A threat actor publishes the phone numbers and account details for an estimated 533 million Facebook users —about a fifth of the entire social network’s user pool— on a publicly accessible cybercrime forum.
Unknown
J Information and communication
CC
US
Facebook
5
11/01/2021
During November 2020
-
ALTDOS
3BB
ALTDOS claims to have acquired 8 million records from 3BB a broadband service provider in Thailand.
Unknown
J Information and communication
CC
TH
ALTDOS, 3BB
4
10/01/2021
-
-
?
French individuals
5 million records (usernames and passwords) of French users are on sale on a black market.
Unknown
X Individual
CC
FR
France
3
10/01/2021
-
-
?
Vidéotron
A threat actor claims to have leaked about 1 million records stoken by the Canadian telco company Vidèotron
Account Takeover
J Information and communication
CC
FR
Vidéotron
2
04/01/2021
During 2020
During 2020
Multiple threat actors
Multiple game companies
A research from Kela reveals finds nearly 1 million compromised accounts pertaining to gaming clients and employees in the dark web, with 50% of them offered for sale.
Unknown
R Arts entertainment and recreation
CC
>1
Kela
1
03/01/2021
-
End of December 2020
?
200 million records of Chinese citizens
Researchers from Cyble discover a trove of more than 200 million records of Chinese citizens for sale on the dark web. The alleged leaks could be related to Gongan County, Weibo, and QQ.
Here’s the latest updates regarding breach at third-party provider exposes medical information of US healthcare patients on 6th July.
A data breach at a third-party provider has potentially exposed the private medical information of patients at Northwestern Memorial HealthCare (NMHC) providers.
Unknown actors gained unauthorized access to a database owned by Elekta, which provides a cloud-based platform that handles legally-required cancer reporting to the State of Illinois.
In a security advisory, the healthcare provider, based in Chicago, said that the attackers made a copy of the datasets, which include patient names, dates of birth, Social Security numbers, health insurance information, and medical record numbers.
The database also contained clinical information related to cancer treatment, including medical histories, physician names, dates of service, treatment plans, diagnoses, and/or prescription information.
Hi paolo! this is impressive to a beginner like me. I would like to know if you used any automated tools for data collection or did you compile them by hand.
Hi Paolo, Indeed very good work. Thanks for all the effort you put in and sharing the data! I am quoting and referencing your work. Could you please confirm that you are using ISO2A country code?
Uhm, interesting. It’s sad all this happened in just three months. Those are too many breaches. Security is still too weak, or malicious hackers are too strong. That’s not good.
Hi Paolo! Really great work on these data! I’m sure I will use your dynamic chart in my next presentations, obviously providing the source. Have a nice day!
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok
Here’s the latest updates regarding breach at third-party provider exposes medical information of US healthcare patients on 6th July.
A data breach at a third-party provider has potentially exposed the private medical information of patients at Northwestern Memorial HealthCare (NMHC) providers.
Unknown actors gained unauthorized access to a database owned by Elekta, which provides a cloud-based platform that handles legally-required cancer reporting to the State of Illinois.
In a security advisory, the healthcare provider, based in Chicago, said that the attackers made a copy of the datasets, which include patient names, dates of birth, Social Security numbers, health insurance information, and medical record numbers.
The database also contained clinical information related to cancer treatment, including medical histories, physician names, dates of service, treatment plans, diagnoses, and/or prescription information.
Hi paolo! this is impressive to a beginner like me.
I would like to know if you used any automated tools for data collection or did you compile them by hand.
For the moment the process is manual, but I have some plans for the future…
Hi Paolo, Indeed very good work. Thanks for all the effort you put in and sharing the data! I am quoting and referencing your work.
Could you please confirm that you are using ISO2A country code?
Thanks Sandhya. Yes I use the ISO2A country code, but there might be some corrections (for example I use UK instead of GB).
Uhm, interesting. It’s sad all this happened in just three months. Those are too many breaches. Security is still too weak, or malicious hackers are too strong. That’s not good.
Pingback: Veille Cyber N323 – 22 février 2021 |
Hi Paolo,
thanks for this article!
One mistake, the link (follow @paulsparrows on Twitter…) to your twitter profile is incorrect! 😉
Andrea,
thanks for letting me know!
Hi Paolo! Really great work on these data! I’m sure I will use your dynamic chart in my next presentations, obviously providing the source. Have a nice day!
Thanks Franco! Glad you appreciate my work, and most importantly find it useful… You will need a large slide, I predict a large chart…