Data Breach Today

MAY 2, 2025

The nearly $600 million fine stems from TikTok's storage of European user data on servers in China and failure to disclose data transfers to China from July 2020 through November 2022. Irish DPC Imposes a Fine for GDPR Violations TikTok must pay 530 million euros to the Irish data regulator for non-compliance with European privacy law.

GDPR 182

GDPR Compliance Privacy 182

Data Breach Today

MAY 15, 2025

Financially Strapped Cloud Services Firm Settles Suit From 2020 Patient Data Hack A financially strapped cloud services vendor that experienced a 2020 ransomware attack affecting dozens of healthcare sector clients and hundreds of thousands of patients has agreed to a $1.9

Data breaches 147

Data breaches Cloud Ransomware 147

Security Affairs

APRIL 16, 2025

Conduent suffered another security breach in 2020 by the Maze ransomware gang, which stole corporate data. The company holds cyber insurance and informed federal authorities. The company did not disclose technical details about the attack, but experts believe it was the victim of a ransomware attack.

Data breaches 287

Data breaches Government Business Services Personal data 287

Security Affairs

NOVEMBER 5, 2024

Mandiant reported that many stolen credentials dated back to 2020. This led to extensive data theft, with the attackers later attempting to extort victims and sell stolen data on criminal forums. In September, the popular cyber journalist Brian Krebs linked Mr. Moucka to crime-focused chat communities known as “The Com.”

Unstructured data 312

Unstructured data Cloud Sales Security 312

Data Breach Today

NOVEMBER 20, 2024

LA County Clinic Delayed Access to Patient's Medical Records During Pandemic Federal regulators have fined a Los Angeles county mental health clinic $100,000 for failure to provide a patient with timely access to her requested health records during the COVID-19 pandemic. The case is the U.S.

Access 246

Access Government 246

Security Affairs

NOVEMBER 18, 2024

In December 2020, T-Mobile disclosed a data breach that exposed customers’ network information (CPNI). In March 2020, threat actors gained access to T-Mobile customers and employee personal info. Below is the list of previous incidents suffered by T-Mobile: In August 2021, a security breach impacted 54 million customers.

Data breaches 291

Data breaches Communications Artificial Intelligence Government 291

Security Affairs

NOVEMBER 18, 2024

Privacy Shield framework in 2020. Privacy Shield in 2020, Meta continued transferring data under a framework that was deemed insufficient to protect European citizens from U.S. The company faced allegations of improperly transferring sensitive data about European drivers to the U.S. Billion ($1.4 After the invalidation of the EU-U.S.

GDPR 329

GDPR Security Compliance Data Privacy 329

Security Affairs

OCTOBER 23, 2024

“According to the SEC’s orders, Unisys, Avaya, and Check Point learned in 2020, and Mimecast learned in 2021, that the threat actor likely behind the SolarWinds Orion hack had accessed their systems without authorization, but each negligently minimized its cybersecurity incident in its public disclosures.”

Cybersecurity 295

Cybersecurity Risk Access Government 295

Security Affairs

JANUARY 12, 2022

CVE-2020-5902 F5 Big-IP CVE-2020-14882 Oracle WebLogic CVE-2021-26855 Microsoft Exchange (Note: this vulnerability is frequently observed used in conjunction with CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065). Some of the hacking campaigns that were publicly attributed to Russian state-sponsored APT actors by U.S.

Cybersecurity 361

Cybersecurity Risk Government Phishing 361

Security Affairs

NOVEMBER 26, 2024

It was previously known as JDA Software before rebranding to Blue Yonder in 2020 and was acquired by Panasonic Corporation in 2021 to strengthen its AI-driven supply chain solutions. The company has more than 6,000 employees and over 3,000 customers across 76 countries.

Ransomware 299

Ransomware Retail Manufacturing Cloud 299

Security Affairs

OCTOBER 1, 2024

CVE-2020-15415 is an OS command injection vulnerability in DrayTek Multiple Vigor Routers. Since the second half of 2022, a variant of the Mirai bot , tracked as V3G4, targeted IoT devices by exploiting tens of flaws, including CVE-2020-15415. CVE-2019-0344 is a deserialization of untrusted data vulnerability.

Cloud 326

Cloud IT IoT Cybersecurity 326

WIRED Threat Level

APRIL 28, 2023

In May 2020, the US Department of Justice noticed Russian hackers in its network but did not realize the significance of what it had found for six months.

IT 353

IT Security 353

Security Affairs

SEPTEMBER 19, 2024

CVE-2020-14644 vulnerability (CVSS score of 9.8) CVE-2020-0618 vulnerability (CVSS score of 7.8) is a remote code execution issue in the Oracle JDeveloper product of Oracle Fusion Middleware (component: ADF Faces). Successful attacks of this vulnerability can result in the takeover of Oracle JDeveloper. The flaw affects 12.2.1.3.0

IT 339

IT Cybersecurity Access Security 339

Security Affairs

FEBRUARY 16, 2024

Cisco addressed the flaw in May 2020. The vulnerability CVE-2024-21410 is a bypass vulnerability that can be exploited by an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both.

IT 350

IT Cybersecurity Authentication Risk 350

Data Breach Today

JULY 26, 2024

The botnet campaign pushed out the PlugX remote access Trojan that has infected 3,000 machines in France since 2020. National Police Probe Botnet Campaign That Infected 3,000 Machines The French government has launched an investigation into a suspected Chinese espionage campaign that infected thousands of networks in France.

Government 328

Government Access 328

Security Affairs

SEPTEMBER 6, 2024

The FBI, CISA, and NSA linked threat actors from Russia’s GRU Unit 29155 to global cyber operations since at least 2020. Since 2020, the unit has expanded into offensive cyber operations aimed at espionage, reputational harm, and data destruction. These operations include espionage, sabotage, and reputational damage.

Financial Services 353

Financial Services Government IoT Communications 353

Data Breach Today

OCTOBER 5, 2023

2020 Ransomware Incident Affected 13,000 Customers, Millions of Individuals Fundraising software powerhouse Blackbaud will pay $49.5 million to settle a multistate investigation into the company's data security practices and its response to a 2020 ransomware attack.

Ransomware 305

Ransomware Security IT 305

Security Affairs

OCTOBER 16, 2024

. “A search and seizure warrant and a preventive arrest warrant were served in the city of Belo Horizonte/MG against an investigated person suspected of being responsible for two publications selling Federal Police data, on May 22, 2020 and on February 22, 2022.

Data breaches 326

Data breaches Cybersecurity Risk IT 326

Krebs on Security

FEBRUARY 26, 2023

But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee. GoDaddy described the incident at the time in general terms as a social engineering attack, but one of its customers affected by that March 2020 breach actually spoke to one of the hackers involved.

Phishing 329

Phishing Passwords Authentication Security 329

Security Affairs

JUNE 27, 2024

Roundcube Webmail CVE-2020-13965 (CVSS score of 6.1) Roundcube addressed the flaw in June 2020, and PoC code was released shortly thereafter. is a code injection issue in the Jai-Ext open source project. The vulnerability was fixed in August 2022, however technical details and PoC were published a few weeks later. and 1.3.12.

IT 316

IT Cybersecurity Risk Security 316

Security Affairs

OCTOBER 5, 2023

“The document said the exploit worked for Android versions 9 to 11, which was released in 2020, and that it took advantage of a flaw in the “image rendering library.” In 2020 and 2021, WhatsApp fixed three vulnerabilities — CVE-2020-1890, CVE-2020-1910, and CVE-2021-24041— that all involved how the app processes images.

Marketing 356

Marketing Libraries Sales Government 356

Security Affairs

SEPTEMBER 21, 2023

The recently discovered Free Download Manager (FDM) supply chain attack, which distributed Linux malware, started back in 2020. The maintainers of Free Download Manager (FDM) confirmed that the recently discovered supply chain attack dates back to 2020. collect) that launches the /var/tmp/crond file every 10 minutes.”

Libraries 323

Libraries Passwords Access Security 323

Security Affairs

APRIL 13, 2022

According to the advisory published by Apache, the issue addressed by the organization is a critical flaw in Apache Struts linked to a previous OGNL Injection flaw ( CVE-2020-17530 ) that wasn’t properly fixed. “The fix issued for CVE-2020-17530 ( S2-061 ) was incomplete.

Security 363

Security Cybersecurity IT Information Security 363

Security Affairs

JUNE 17, 2024

Two men, Thomas Pavey (aka “Dopenugget”) and Raheim Hamilton (aka “Sydney” and “Zero Angel”), have been charged in federal court in Chicago for operating the dark web marketplace “ Empire Market ” from 2018 to 2020. currency on AlphaBay before starting Empire Market.

Marketing 334

Marketing Access IT Information Security 334

Data Breach Today

FEBRUARY 1, 2024

FTC Is Latest Agency to Rebuke Fundraising Firm for Lax Security in 2020 Attack The Federal Trade Commission is the latest regulatory agency taking action against fundraising and customer relationship management software provider Blackbaud in the aftermath of a 2020 ransomware incident that compromised the data of tens of thousands of clients and millions (..)

Ransomware 279

Ransomware Security 279

Security Affairs

SEPTEMBER 12, 2023

Below is the list of affected versions: Product Track Affected Versions Platform Acrobat DC Continuous 23.003.20284 and earlier versions Windows & macOS Acrobat Reader DC Continuous 23.003.20284 and earlier versions Windows & macOS      Acrobat 2020 Classic 2020           20.005.30516 (Mac) 20.005.30514 (Win)and earlier versions Windows & (..)

Security 341

Security Information Security IT 341

Security Affairs

MARCH 5, 2025

The group has been active since 2020, they use web shells for command execution and data theft. The group has been active since at least 2020, they use web shells for command execution and data theft.

Energy and Utilities 163

Energy and Utilities IT Cloud Passwords 163

Krebs on Security

DECEMBER 19, 2024

In early 2020, Exorn promoted a website called “ orndorks[.]com According to DomainTools, altugsara321@gmail.com was used in 2020 to register the domain name altugsara[.]com. co as one of their projects. That user, “ Exorn ,” has posts dating back to August 2018.

IT 246

IT Data breaches Cloud Passwords 246

Security Affairs

FEBRUARY 2, 2024

.” In June 2021, researchers from Avast warned of the rapid growth of the DirtyMoe botnet ( PurpleFox , Perkiler , and NuggetPhantom ), which passed from 10,000 infected systems in 2020 to more than 100,000 in the first half of 2021. Experts defined DirtyMoe as a complex malware that has been designed as a modular system.

Mining 347

Mining Passwords Government IT 347

Security Affairs

JULY 19, 2024

The LockBit ransomware operation has been active since January 2020, the group hit over 2,500 victims across 120 countries, including 1,800 in the U.S. “ Between 2020 and 2023, the duo targeted organizations worldwide. The group targeted individuals, businesses, hospitals, schools, and government agencies.

Ransomware 358

Ransomware Encryption Government Access 358