3.6 million customers first name, last name email address postal address, postal code, city date of birth, department of birth phone number 150,000 IBANs

Victim: SFR

OtherUnknownNovember 23, 2024

Leak at Banque de France

employee identities, position, salary; customer identities, bank accounts, webmail history; strategic documents, financial reports

Victim: Banque de France

OtherUnknownNovember 22, 2024

Leak at Companie de Transport Strasbourgeoise

unknown

Victim: Companie de Transport Strasbourgeoise

OtherUnknownNovember 21, 2024

Leak at Chambres d'agriculture

Claimed data leak concerning Chambres d'agriculture.

Victim: Chambres d'agriculture

OtherUnknownNovember 19, 2024

Leak at Auchan

name, first name email address, postal address phone number family composition date of birth loyalty card number, kitty amount

Victim: Auchan

OtherUnknownNovember 19, 2024

Leak at Direct Assurance

name email address phone numbers IBAN

Victim: Direct Assurance

OtherUnknownNovember 19, 2024

Leak at Mediboard

750,000 patients: first and last name, date of birth and date of death, gender, phone number, attending physician, medical prescriptions, external identifier, care history

Victim: Mediboard

OtherUnknownNovember 18, 2024

Leak at Le Point

name email address phone number postal address date of birth

Victim: Le Point

OtherUnknownNovember 14, 2024

Leak at Huttopia

last name, first name email address

Victim: Huttopia

OtherUnknownNovember 13, 2024

Leak at Molotov

10 million people: email address, first and last name, date of birth

Victim: Molotov

OtherUnknownNovember 12, 2024

45,000 people last name, first name date of birth email address postal address phone number loyalty card number loyalty points discount vouchers order history receipts shopping list favourite purchases

Victim: Picard

OtherUnknownOctober 25, 2024

Leak at Free

5.1 million people last name, first name date of birth place of birth email address postal address IBAN subscriber identifier subscribed plan type subscription date active subscription or not

Victim: Free

OtherUnknownOctober 24, 2024

Leak at Ornikar

4.2 million people last name, first name date of birth email address postal address phone number

Victim: Ornikar

EspionageContainedOctober 4, 2024

Salt Typhoon US telecom espionage campaign (2024)

China-linked Salt Typhoon infiltrated at least nine U.S. telecom providers — Verizon, AT&T, T-Mobile, Spectrum, Lumen, Consolidated, Windstream — including the CALEA lawful-intercept systems used for court-authorised wiretaps. Metadata for over a million users was exposed; the U.S. Treasury sanctioned a linked PRC contractor.

Victim: U.S. telecommunications providers (Verizon, AT&T, T-Mobile, Spectrum, Lumen, Consolidated Communications, Windstream)

OtherUnknownSeptember 30, 2024

Leak at Meilleurtaux

first and last name, date of birth, country of birth, postal address, phone number, professional situation, family situation, income

Victim: Meilleurtaux

OtherUnknownSeptember 18, 2024

Leak at RED by SFR

Several tens of thousands of customers last name, first name email address postal address phone number IBAN plan type SIM card identifier smartphone identifier

Victim: RED by SFR

OtherUnknownSeptember 13, 2024

Leak at Assurance retraite

370,000 people name, first name address social security number approximate income amount

Victim: Assurance retraite (French pension fund)

OtherUnknownSeptember 12, 2024

Leak at Cybertek

first name, last name email address postal address phone number

Victim: Cybertek

OtherUnknownSeptember 10, 2024

Leak at Cultura

1.5 million people first name, last name email address postal address phone number order history

Victim: Cultura

OtherUnknownSeptember 7, 2024

Leak at Boulanger

A few hundred thousand people; surname, first name; email address; postal address; phone number

Victim: Boulanger

RansomwareContainedAugust 21, 2024

Halliburton RansomHub attack (2024)

RansomHub gained access to Halliburton's systems, prompting the oil-services giant to take infrastructure offline. The incident delayed invoicing and purchase orders, and Halliburton booked a $35 million loss in its SEC filings.

Victim: Halliburton
Loss: $35.0M

Data breachContainedAugust 13, 2024

Star Health insurance breach and senior-official extortion (India, 2024)

A hacker using the alias xenZen exposed personal and medical data on 31.2 million Star Health customers via Telegram bots, alongside 5.76 million claims records. The leak escalated into a public extortion drama implicating a senior Star Health official.

Victim: Star Health and Allied Insurance
Loss: $30.0M
Records: 31.2M

Credential stuffingRansom paidJuly 12, 2024

AT&T Snowflake call-records breach

AT&T disclosed that attackers used credentials stolen by infostealers to authenticate into its Snowflake cloud-data-warehouse tenant — which lacked MFA — and exfiltrated call and text metadata covering nearly all 110 million AT&T wireless customers.

Victim: AT&T Communications
Loss: $200.0M
Records: 110.0M

RansomwareContainedJune 20, 2024

Indonesia PDNS Brain Cipher (LockBit 3.0) ransomware (2024)

Brain Cipher — a Lockbit 3.0–derived ransomware — encrypted Indonesia's Temporary National Data Center (PDNS), paralysing 282 government digital services from immigration to passport issuance for weeks. Attackers demanded $8M; the government refused. Brain Cipher subsequently released a decryptor free of charge, with an apology.

Victim: Pusat Data Nasional Sementara (PDNS), Indonesia

RansomwareRansom paidJune 18, 2024

CDK Global BlackSuit ransomware (2024)

BlackSuit operators encrypted CDK Global's dealer-management platform, knocking ~15,000 North American car dealerships offline for nearly two weeks. A second attack hit on day two of recovery. Industry losses estimated at over $1 billion; CDK reportedly paid a $25 million ransom.

Victim: CDK Global
Loss: $1.00B

RansomwareRansom paidJune 8, 2024

KADOKAWA / Niconico BlackSuit ransomware (2024)

Phishing access let BlackSuit (Russian-linked) encrypt KADOKAWA's infrastructure and the Niconico video-sharing platform, taking services offline for two months. KADOKAWA paid ~$2.9M in cryptocurrency — and BlackSuit leaked the stolen 1.5 TB anyway.

Victim: KADOKAWA Corporation
Loss: $2.9M
Records: 254.2K

Credential stuffingContainedMay 30, 2024

Snowflake customer-account credential-stuffing campaign (UNC5537, 2024)

A threat cluster tracked as UNC5537 / ShinyHunters used credentials harvested by infostealer malware to log into ~160 Snowflake customer tenants that lacked MFA. Victims included AT&T, Ticketmaster, Santander, LendingTree, Advance Auto Parts, Neiman Marcus, and Bausch Health. Ticketmaster alone exposed data for ~560 million users.

Victim: Snowflake customer tenants (~160 organisations: AT&T, Ticketmaster, Santander, LendingTree, Advance Auto Parts, Neiman Marcus, Bausch Health, et al.)
Records: 560.0M

OtherUnknownApril 28, 2024

Data leak at Ticketmaster

560 million people first name, last name email address postal address phone number transaction history order details banking information (last 4 digits of the saved card and expiry date)

Victim: Ticketmaster

OtherUnknownApril 15, 2024

Leak at Le Slip Français

1.5 million people: first name, last name, phone numbers, postal address, email address, order numbers

Victim: Le Slip Français

OtherUnknownMarch 8, 2024

Leak at France Travail

43 million people last name, first name social security number email address postal address phone number France Travail identifiers

Victim: France Travail

OtherUnknownMarch 1, 2024

Leak at LDLC

1.5 million people last name, first name email address postal address phone number

Victim: LDLC

RansomwareRansom paidFebruary 21, 2024

Change Healthcare ransomware (ALPHV/BlackCat)

ALPHV/BlackCat compromised Change Healthcare via Citrix portal lacking MFA, paralyzed U.S. prescription claims for weeks, and exfiltrated data on an estimated 100 million people.

Victim: Change Healthcare (UnitedHealth Group)
Loss: $2.87B
Records: 100.0M

OtherUnknownFebruary 6, 2024

Leak at Almerys, Viamedis

33 million people name, first name date of birth social security number name of health insurer policy subscribed

Victim: Almerys, Viamedis

RansomwareContainedJanuary 17, 2024

Schneider Electric Sustainability Business Cactus ransomware (2024)

Cactus ransomware operators hit Schneider Electric's Sustainability Business division, taking the Resource Advisor consulting platform offline and exfiltrating approximately 1.5 TB of data — including passport scans and signed NDAs from customers like Hilton, PepsiCo, and Walmart.

Victim: Schneider Electric — Sustainability Business division