Date
Victim
Summary
Threat Actor
Business Impact
Source Link
May 01, 2024
Panda Restaurant Group
Panda Restaurant Group disclosed a data breach
Unknown
Panda Restaurant Group disclosed a data breach that occurred in March, resulting in the theft of personal information belonging to its associates. The incident did not, apparently, impact the company’s in-store systems, operations or guest experience.
May 01, 2024
Dropbox
Dropbox says hacker accessed passwords, authentication info during breach
Unknown
The hacker accessed information related to all users of Dropbox Sign, including account settings, names and emails and for some users, phone numbers, hashed passwords and authentication information like API keys, OAuth tokens and multi-factor authentication methods were also exposed.
May 06, 2024
MedStar Health
Nearly 184,000 MedStar Health patients’ personal data possibly breached
Unknown
MedStar Health said the personal information of about 184,000 people was likely hacked when an outsider accessed emails and files belonging to three employees. The emails and files included patients’ names, mailing address, dates of birth, dates of service, provider names and health insurance information.
May 06, 2024
NHS Dumfries and Galloway
Stolen children’s health records posted online in extortion bid
INC Ransom
Another batch of sensitive patient data stolen from NHS Dumfries and Galloway, part of the Scottish healthcare system, has been published by criminals demanding an extortion payment from the local health board. The ransomware group calling itself INC Ransom subsequently claimed to hold terabytes of data exfiltrated from the organisation, publishing some of this data samples on its extortion site as evidence.
May 06, 2024
UK Ministry of Defence
MoD data breach: UK armed forces’ personal details accessed in hack
Unknown
The personal information of an unknown number of serving UK military personnel has been accessed in a significant data breach. The hack targeted a payroll system used by the Ministry of Defence, which includes names and bank details of both current and some past armed forces members.
UK Ministry of Defence Data Breach
May 08, 2024
University System of Georgia
University System of Georgia Says 800,000 Impacted by MOVEit Hack
Clop Ransomware
University System of Georgia notified 800,000 individuals that their personal and financial information was compromised in the May 2023 MOVEit hack.
May 08, 2024
Dell
Dell warns of data breach, 49 million customers allegedly affected
A BreachForum user named Menelik
Dell warned customers of a data breach after a threat actor claimed to have stolen information for approximately 49 million customers as the computer maker began emailing data breach notifications to customers, stating that a Dell portal containing customer information related to purchases was breached.
May 13, 2024
City of Helsinki
Helsinki suffers data breach after hackers exploit unpatched flaw
Unknown
The City of Helsinki is investigating a data breach in its education division, which it discovered in late April 2024, impacting tens of thousands of students, guardians, and personnel as an unauthorised actor gained access to a network drive after exploiting a vulnerability in a remote access server.
May 14, 2024
Firstmac Limited
Largest non-bank lender in Australia warns of a data breach
New Embargo group
Firstmac Limited is warning customers that it suffered a data breach a day after the new Embargo cyber-extortion group leaked over 500 GB of data allegedly stolen from the firm. Embargo leaked all data they claimed to have stolen from Firstmac’s systems, including documents, source code, email addresses, phone numbers, and database backups.
May 16, 2024
The WebTPA Employer Services (WebTPA)
WebTPA data breach impacts 2.4 million insurance policyholders
Unknown
WebTPA data breach disclosed earlier this month is impacting close to 2.5 million individuals, the U.S. Department of Health and Human Services noted.
May 22, 2024
Northern Ireland police
Northern Ireland police faces £750k fine after exposing staff information
Human error
The United Kingdom’s Information Commissioner Office (ICO) intends to impose a fine of £750,000 ($954,000) on the Police Service of Northern Ireland (PSNI) for exposing the entire workforce’s personal details by mistakenly publishing a spreadsheet online.
May 24, 2024
Prescriptions management company Sav-Rx
Nearly 3 million affected by Sav-Rx data breach
Unknown
Nearly three million people had sensitive information leaked during an October cyber attack on the prescriptions management company Sav-Rx. In filings to regulators and a notice on its website, the company said names, addresses, eligibility data, insurance identification numbers and Social Security numbers were accessed when hackers breached their network on October 3.
May 24, 2024
Cencora
Cencora data breach exposes US patient information from 11 drug companies
Unknown
Some of the largest drug companies in the world have disclosed data breaches due to a February 2024 cyber attack at Cencora, whom they partner with for pharmaceutical and business services. The California Attorney General’s office published multiple data breach notification samples submitted in the past couple of days by some of the largest pharmaceutical firms in the United States, all attributing their data exposure to the February Cencora incident.
May 28, 2024
First American
First American December data breach impacts 44,000 people
Unknown
First American Financial Corporation revealed that a December cyber attack led to a breach impacting 44,000 individuals.
May 29, 2024
Cooler Master
Cooler Master hit by data breach exposing customer information
A threat actor by the alias ‘Ghostr’
Computer hardware manufacturer Cooler Master suffered a data breach after a threat actor breached the company’s website and claimed to steal the Fanzone member information of 500,000 customers.The threat actor who goes by the alias ‘Ghostr’ claimed to have stolen 103 GB of data from Cooler Master on May 18th, 2024.
