Incidents attributed to:

Unknown criminal operators

Related incidents

Credential stuffingResolvedOctober 6, 2023

23andMe credential-stuffing breach

Attackers used credentials reused from prior breaches to access 23andMe accounts, then leveraged the 'DNA Relatives' feature to scrape ancestry and genetic profile data on 6.9 million users from compromised relatives' connections.

Victim: 23andMe Holding Co.
Loss: $50.0M
Records: 6.9M

Data breachContainedMarch 16, 2023

Latitude Financial Services data breach

Australian consumer-credit lender Latitude Financial disclosed that attackers had exfiltrated 14 million records — including 7.9 million driver's licence numbers and 53,000 passport numbers — via credentials stolen from a service provider.

Victim: Latitude Financial Services
Loss: $50.0M
Records: 14.0M