List of data breaches and cyber attacks in May 2018 – 17,273,571 records leaked

Remember when I said last month that “with the GDPR less than a month away I imagine future lists will be even longer thanks to the introduction of mandatory data breach notifications”?

Well, May’s list of incidents is very long, and the GDPR only came into effect at the end of the month.

If I were a cynic I might think that some breached organisations were seeking to keep their exposure to regulatory fines to a minimum by rushing to report historic incidents before the GDPR – and its enhanced penalty regime – applied. I’m not, though. I’m entirely guileless.

I count this month’s total number of breached records to be 17,273,571, which is actually quite low when compared with previous months.

As always, let me know if I’ve missed anything.

Cyber attack & ransomware

Town of Wasaga Beach recovering from ransomware attack, negotiating with hackers

Associates in Psychiatry and Psychology disclose ransomware incident

Allied Physicians of Michiana report SamSam attack

Manuel Delia’s Blog Cyber-Attacked By Ukrainian Hackers On A Scale ‘Rarely Seen On Other Maltese Websites’

Ransomware attack on Family Planning NSW

Police Dept Loses 10 Months of Work to Ransomware. Gets Infected a Second Time!

Hacker Shuts Down Copenhagen’s Public City Bikes System

Data breach

Privacy Commissioner says Avenue Living privacy breach poses a risk

HIT Hacked Again? More Than 3 500 Student Account Credentials Leaked

University of Vermont notifies community of hack of NetID portal

Jaguar Land Rover data leak reveals employee records, upcoming layoffs

Aultman data breach may have accessed patient information

County Clerk’s Office tossing personal, sensitive customer information in the trash

Insurance startup leaks sensitive customer health data

Coca-Cola Suffers Breach at the Hands of Former Employee

SimplyWell (Viverae) notifying Lincoln Electric System employees of of personal health info breach

Another data breach for SA – passwords and IDs exposed

Data Leak May Have Affected Patients at Muir Medical Group IPA

LifeBridge Health and LifeBridge Potomac Professionals Notify Patients of a Recent Security Incident

UT alerts some faculty, students of lost flash drive containing Social Security numbers

The University of Greenwich fined £120,000 by Information Commissioner for “serious” security breach

Teen phone monitoring app leaked thousands of user passwords

Two thousand, six hundred and ninety UB logins stolen in data breach

Hospital staff disciplined after Ed Sheeran data breach

Bloomfield Hills high schoolers hack database to give themselves better grades

LA Confidential: How Leaked Emergency Call Records Exposed LA County’s Abuse & Crisis Victims

Marines make changes after data of 164,000 people lost on Okinawa

Crown Prosecution Service fined £325,000 after losing victim interview videos

LifeBridge Health and LifeBridge Potomac Professionals Notify Patients of a Recent Security Incident

Ontario PC candidate resigns after private 407 freeway confirms ‘internal theft’ of data on 60,000 customers

CBC warns past, current staff personal data may be at risk after break-in, theft of computer

Hacker Publicly Posts Data Stolen From Government-Linked Cyberespionage Group

UT physician group improperly shared patient email addresses

More than 200,000 patients’ records were exposed on MedEvolve’s public FTP server – researcher

Huge new Facebook data leak exposed intimate details of 3m users

Irish Data Protection Commissioner investigating cyber attack that claimed player details from World Rugby

Notice of Unauthorized Access to Chili’s® Grill & Bar Guest Data

LaPorte & Associates notifies clients of laptop theft

Notice to Individuals Regarding Privacy Incident Involving Capitol Administrators, Inc.

Data breach affects nearly 900 patients from two San Francisco hospitals

Cerebral Palsy Research Foundation of Kansas notifying 8,300 clients after discovering data had been exposed for 10 months

Patients’ data released in Oswestry orthopaedic hospital breach

High school apologises over data breach of pupil information

Eye Care Surgery Center notifies 2,553 patients of laptop theft

Android App With 10 Million Downloads Left Users’ Photos and Audio Messages Exposed to Public

Data stolen in Sheffield Credit Union cyber attack

HIV Patient’s Records Leaked, UAMS Fires 3

Tencent-Backed Internet Giant Probes Massive User-Data Leak

MAXIMUS notifies 3,029 patients after Business Ink mailing error exposes PHI

Mass notification launched after inappropriate access to Winnipeg patient data

Financial information

BMO and CIBC-owned Simplii Financial reveal hacks of customer data

Hacker Steals $1.35 Million From Cryptocurrency Trading App Taylor

Aflac says agent emails were hacked, exposing personal information of clients

Bombas notifies consumers of breach going back to 2013

Notice of Data Breach at

Morinaga Milk fears leak of 120,000 online customers’ info

Malley’s Chocolates’ website hacked, 3,400 online customers’ card information breached

Email account of Northwest University’s CFO hacked; school out nearly $60,000

Australia’s Largest Bank Lost The Personal Financial Histories Of 12 Million Customers


Comcast website bug leaks Xfinity customer data

Remember your baby’s newborn pictures? They may still be online.

Fighting back

Grant West, aka “Courvoisier,” sentenced to 10 years and eight months

Shadowy Hackers Accidentally Reveal Two Zero-Days to Security Researchers


  1. H. Ellison 30th May 2018
  2. Ashish Ajani 31st May 2018
  3. Mori Alan 4th June 2018