List of data breaches and cyber attacks in October 2017 – 55 million records leaked

I’ve been kept busy this month – too busy for me to keep a close eye on the month’s data breaches and cyber attacks. But as I prepared this list, I realised how bad October has been.

A story I want to emphasise is the breach at a London-based plastic surgery firm. A well-known “hacking gang” stole photographs and a list of patients, and has threatened to release them. This is obviously worrying for the firm and its patients (which may include members of the royal family), and it demonstrates how little remorse some cyber criminals have.

So, numbers: by my count there were 55,488,818 leaked records in October. But, as always, let me know if I’ve missed anything.

Cyber attack & ransomware

Hacker Wants $50K From Hacker Forum or He’ll Share Stolen Database With the Feds

BadRabbit ransomware attacks multiple media outlets

FirstHealth Computer Network Threatened by Malware Virus

IFHS Investigates Cybersecurity Breach Of Clinic’s Computer System

Security breach reported at Ashland clinic

Forrester Announces Cybersecurity Incident Involving

Gaming Service Goes Down After Hacker Wipes Database and Holds It for Ransom

PornHub visitors hit with malware attack via poisoned ads

Data breach

Terror threat as unencrypted Heathrow Airport security files found dumped in the street

T-Mobile Alerted ‘A Few Hundred Customers’ Targeted By Hackers

 Catholic Charities’ server hacked, possibly as early as 2015

AZ Board of Education discloses FERPA incident, sends veiled threat to recipient of disclosed material?

Student information leaked from Creighton University Trio program

Patients of marijuana dispensary upset after personal information shared in email

Super-rich fear their financial details will be exposed following Bermuda cyber hack

Cosmetics Brand Tarte Exposed Personal Information About Nearly 2 Million Customers

Confidential child protection documents found ‘blowing around’ in a Leicester street

Carolina Oncology Specialists notifies 1,551 patients of possible breach

Computer file stolen in Oklahoma could put Spokane veterans at risk for identity theft

Austin Manual Therapy Associates patient data hacked

Action taken following major breach of personal health records at QEH

Data breach exposes millions of South Africans’ personal records

RiverMend Health notifies 1,300 after employee’s email account compromised

Chase Brexton Health Care notifies more than 16,000 patients after phishing incident

Thieves steal Bassett facility’s patient information

Data breach at Arden Hills-based Catholic financial services provider affects nearly 130K accounts

We Heart It says a data breach affected over 8 million accounts, included emails and passwords

Advanced Spine & Pain Center Notifies 8,362 Patients After Two Possibly Unrelated Incidents

Equifax: Umm, actually hackers stole records of 15.2 million Brits, not 400,000

Accenture left a huge trove of highly sensitive data on exposed servers

City of Calgary embroiled in privacy breach class-action lawsuit

Cabrillo College issues notice of data breach to 28,000 students

District investigating data breach at Palo Alto High School

Private data of more than 1,100 NFL players, agents exposed

Graton casino ‘data breach’ potentially reveals some patrons’ Social Security numbers

Hackers hit plastic surgery, threaten to release patient list and photographs

Financial information

Personal information possibly compromised for people paying fines, fees to Midland County

South Korean Gov’t Investigating Bithumb Security Breach, World’s Largest Cryptocurrency Exchange

Pizza Hut was hacked, company says

Hyatt Hotels Suffers 2nd Card Breach in 2 Years

Hackers steal $60 million from Taiwanese bank using bespoke malware

Sonic publicly confirms payment card breach at drive-in locations

Fighting back against cyber crime

Third Defendant Charged in iCloud “Celebgate” Scandal That Leaked Private Photos of Hollywood Stars


New attack works against all WPA2 WiFi networks: Android & Linux most vulnerable, but iOS and macOS too

T-Mobile Website Allowed Hackers to Access Your Account Data With Just Your Phone Number

Cybercriminals hijacked a government server to send sophisticated malware to U.S. companies

Hacker codenamed in honour of ‘Alf’ from Home and Away stole sensitive data about Australian military projects


  1. Pakiso Mphuthi 6th November 2017
  2. Pakiso Mphuthi 6th November 2017