A total of 45 breaches were found and analysed resulting in 21,048,388 leaked accounts containing a total of 26 different data types. The breaches found publicly and freely available included Clear Voice Surveys, Nova Poshta, RenewBuy, Seat and My Canada Payday. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

A Spanish car company founded in the 1950s has recently suffered a data breach. At the moment, it doesn’t seem like the company has made a statement about the breach. A CSV file is in circulation on the clearnet, containing almost 700K unique accounts along with a reasonable amount of personal information. How much data do you need to buy a car these days? Well, it seems like a lot.

A hack in 2019 of a global payment processor offering an exclusive service for German card holders resulted in the user data being dumped online. In the past several years, there have been a couple of data breaches regarding this company.

A member of the team has noticed some interesting data regarding several large banks. We can't tell whether this is from source or threat actors have hacked 3rd party payment providers. However, large files containing personal information of users from specific banks are being exposed. For instance, last week a file containing 100K unique accounts along with a wide set of datatypes was posted online; claimed to be clients of a popular American credit card provider.

You may have heard, the ransomware gang Clop has been pretty busy recently. Their current campaign has compromised two huge non-profit educational institutions using a bug in the “MOVEit” platform. This compromise gave them intel, access, or personally identifiable information on over 5 million educators. Even though a lot of victims will not pay off threat actors, a ransomware recovery company estimates they will make $75-$100 million.

VULNERABILITY CHAT

The Military in America has been experiencing data leaks for some time now, unusually not because of high-level hackers using methods such as social engineering or zero-day exploits. It's good old-fashioned human error. The domain used by the American military is .mil, which is obviously secured and has all the bells and whistles regarding the security of data (we hope). Where the user error comes into play is when they make a very minor spelling mistake with the domain and miss the 'i' - .ml goes to the Mali Military...

Of course, while using a military email account, there will be block lists that pop up explaining that you are sending your email outside of the military system. But for those at home, maybe employees using personal email accounts to send to their Military accounts, reports of this have happened. Lucky for the US, a Dutch business has control over the .ml domain; he’s contracted by the US and he's collected a whopping 117,000 rogue emails this year.

INFORMATION PRIVACY HEADLINES

The California Privacy Protection Agency (CPPA) has announced a new consumer complaint system is live allowing residents and non-residents to lodge both sworn and unsworn complaints detailing possible violations.