List of data breaches and cyber attacks in January 2018

The first list of 2018 is by no means a short one. In fact, this is one of the longest lists that I’ve ever put together. Thankfully, the total number of leaked records is far lower than previous months. Yay?

I count this month’s total to be 7,073,069. If I have missed anything, please do let me know.

The list is likely to grow over the next few days – so be sure to come back daily and check. If you’d like a more regular update of breaches and cyber attacks, I strongly suggest subscribing to our Daily Sentinel.

Cyber attacks & ransomware

Official phpBB Download Links Were Compromised Yesterday

Allscripts Acknowledges Ransomware Attack, Says Impact is “Limited”

Metrolinx claims computers hit by North Korean cyberattack

Idaho school works to recover data weeks after cyberattack

City of Farmington recovering after SamSam ransomware attack

A second Indiana hospital reports ransomware attack

Student hacks into school’s computer system

Emotet malware compromised Rockingham County Schools servers after employees opened phishing emails

Hospital pays $55,000 ransom; no patient data stolen

Blackwallet hacked: Report

Anonymous Hacks Italian Speed Camera Database

Two Hong Kong travel agencies apologise as hackers demand payment for stolen customer data

Data breaches

Ontario Progressive Conservative Party database hacked

University of Baltimore adds safeguards to student data long left exposed

San Diego County Office of Education notifies component school districts of breach of employee retirement contribution data

Dr. Zachary E. Adkins DDS, LLC notifies patients of stolen hard drive

Kris Kobach’s Office Leaks Last 4 Social Security Digits of Nearly Every Kansas Lawmaker

Westminster Ingleside King Farm Presbyterian Retirement Communities Notifies 5,228 Residents of Data Security Incident

Email gaffe by Coventry University staff exposed 1,930 students’ details

Major data breach at University of Windsor law school

Police probing Bell Canada data breach; up to 100,000 customers affected

Data of over 220,000 organ pledgers leaked online

Withybush Hospital bosses apologize, launch investigation into insider snooping into patient records

MDE says Tupelo schools impacted by data breach

Private info for hundreds of Kansas voters exposed by Florida

Corovan Corporation & Employer Leasing notifying 1,500 California residents of data breach

Top 500 Legal Firms Have Over a Million of Their Credentials Leaked on the Dark Web

Dark family secrets: Anonymous letter uncovers child welfare records

ICO investigates Age UK after two data breaches

Florida Department of State notifies 945 of breach involving the last four digits of their SSN

Mississippi student data accessed in testing-vendor breach

MailChimp Found Leaking Email Addresses

‘Professional’ hack on Norwegian health authority compromises data of three million patients

China’s cyber watchdog scolds Ant Financial over user privacy breach

Security flaw in virtual reality porn app SinVR exposes personal info of 20,000 users

Council in huge care data breach

Onco360 and CareMed Specialty Pharmacy Patients Notified of Data Security Incident

Oklahoma State University Center for Health Sciences notifying 280,000 Medicaid patients after hack

Hundreds left vulnerable to hackers after Johnson and Johnson data blunder

Dog-Walking App Exposed Home Addresses and Lockbox Codes

2,551 people affected by Guelph privacy breach

Framingham radiology lab loses medical records of 9,300 people

Florida officials: Hack exposed 30K Medicaid patients’ files

Financial information

Cryptocurrency exchange Coincheck loses ¥58 billion in hacking attack

Maserati-driving postal worker stole dozens of credit cards

Greenbay employees have bank accounts raided after unpatched server hacked

National Stores, Inc. notifies customers that malware may have compromised payment cards

OnePlus Disables Credit Card Processing After Customers Report Fraudulent Activity

Online Shop Can’t Determine Card Breach Severity Due To “Lack of Backups”

27,000 UnEncrypted Credit Cards left in shared Database by

Jason’s Deli suffers POS breach affecting 2 million customers


Infant Social Security numbers are for sale on the dark web

Reddit rolls out 2FA to all its users

Keylogger found on thousands of WordPress-based sites, stealing every keypress as you type

Jail for man who hacked 1000 student email accounts in search for sexually explicit images