Welcome to our September 2022 list of data breaches and cyber attacks. Compared to August, it was a comparatively quiet month, as we identified 88 publicly disclosed security incidents and 35,566,046 compromised records.

As always, you can find the full list below – although, perhaps for the last time, they are broken down into their respective categories. That’s because we’re looking for ways to improve the way we deliver this data.

Our blog has become the go-to source for monthly data breach statistics, and we’ve been producing this series for over seven years. The information has been cited in major publications, while we use it internally for both our quarterly reviews and annual infographics.

However, we’d like to know more about how our readers use this data, and what you’d like to see in this list in the future.

You can leave your comments and suggestions on our blog, or can start the conversation by getting in touch with us via LinkedIn or Twitter.

---

Contents

• Cyber attacks
• Ransomware
• Data breaches
• Malicious insiders and miscellaneous incidents

---

Cyber attacks

• Tulsa Tech hit by security incident (unknown)
• Indonesian and Malaysian restaurants hacked by DESORDEN (425,644)
• Samsung says customer data stolen in security incident (unknown)
• Yandex Taxi systems breached in bizarre cyber attack that caused massive traffic jam (unknown)
• Criminal hackers breached Overby-Seawell Company (unknown)
• Orange Cyberdefense investigating claims of compromise (unknown)
• Franklin College hack by malware (5,900)
• Data from Chile’s COVID-19 tracking platform of a mining company compromised (9,200)
• Student arrested for hacking Sri Lankan Examinations Dept website (270,000)
• Kansas school district pulls messaging app after security breach (unknown)
• Uber responding to “cybersecurity incident” (unknown)
• Starbucks Singapore has been hit by a security incident (330,000)
• Revolut caught out by phishing scam (50,144)
• Six UK schools hit by cyberattack on multi-academy trust (unknown)
• Wolfe Clinic notifies patients of Eye Care Leaders security incident (542,776)
• Guacamaya Group leaks emails from Chile’s Joint Chiefs of Staff (unknown)
• Everest Group sells access to Argentina’s Ministry of Economy (unknown)
• Hackers steal South Carolina fire department’s pay checks (6)
• Website of Virginia’s Hampton Public Library website hacked, redirects to adult retail store (unknown)
• Australian telecoms giant Optus hit by cyber attack (unknown)
• M.C. Dean reports security breach after unauthorised party had access to the company’s systems for six months (unknown)
• Berry, Dunn, McNeil & Parker reports breach following compromised employee email account
• San Francisco 49ers reports security breach involving Social Security numbers (20,930)
• CBC Group files official notice of security incident (unknown)
• SF Fire Credit Union reports security breach (unknown)
• Radiant Logistics says unauthorised actor breached its systems (unknown)
• The Physicians’ Spine and Rehabilitation Specialists of Georgia hit by security incident (unknown)
• Medical Associates of the Lehigh Valley reports security incident (75,628)
• Henderson & Walton Women’s Center says employee’s email account was hacked (34,306)
• U-Haul says two passwords were compromised in security breach (unknown)
• Genesis Health Care reports security breach (unknown)
• Legacy Supply Chain Services confirms cyber attack (11,972)
• Wilson’s Gun Shop says hacker broke into its systems (13,522)
• City Furniture of Massachusetts files security notice (unknown)
• DaVita Inc confirms that health data was leaked in cyber attack (unknown)
• Lubbock Heart & Surgical Hospital says it was hacked (23,379)
• Platinum Performance suffers security breach following phishing attack (unknown)
• Radiology Ltd suffers security incident (unknown)
• One Medical embroiled in security breach (unknown)
• Cash Express hit by cyber attack (unknown)
• Northern Trust Corporation reports breach affecting clients’ financial account numbers (unknown)
• Internet outage in Tucson area was due to cyber attack (unknown)
• Diodes Incorporated confirms security breach (unknown)
• Apex Capital Corp hit in cyber attack (unknown)
• FMC Services suffers cyber attack (unknown)
• Indian firm Swachhta City Platforms hit by criminal hackers (16,457,744)
• Hacker breaches Fast Company systems to send offensive Apple News notifications (unknown)
• The Coeur Group notifies patients of security breach (2,020)
• Brazil’s Mimoso do Sul reports cyber attack (unknown)
• Eight Shangri-La hotels in Asia hit by security breach (290,000)
• Mexico confirms hack of military records, president’s health information (unknown)

Ransomware

• Costa Rica’s Junta De Proteccion Social hit by ransomware (unknown)
• Former students and staff at Savannah College of Art and Design affected by security incident (unknown)
• Ransomware attack takes down L.A. Unified school district (unknown)
• Brazil’s National Fund for Educational Development struck with ransomware (unknown)
• Ourique Municipality targeted by ransomware attack (unknown)
• Fruit supplier Lacalera victim of ransomware attack (unknown)
• Bardstown confirms ransomware hack (unknown)
• OakBend Medical Center hit by ransomware (unknown)
• Alegria Family Services hit in ransomware attack (unknown)
• Buenos Aires legislature announces ransomware attack (unknown)
• Empress EMS in New York says it was struck by ransomware (318,558)
• Suffolk County struggles to recover from BlackCat ransomware attack (unknown)
• NYSARC Columbia County Chapter discloses ransomware incident (unknown)
• Bosnia and Herzegovina investigating alleged ransomware attack on parliament (unknown)
• Tift Regional Medical Center victim of ransomware attack (unknown)
• Sierra College investigating scope of latest ransomware incident (unknown)
• Denver suburb won’t negotiate with ransomware gang that closed city hall (unknown)
• New York Racing Association hit by ransomware (unknown)
• TIC International Corporation suffers ransomware attack (unknown)
• Malaysian Telecom RedOne hit by DESORDEN ransomware (unknown)
• Aoyuan Healthy Life Group hit by ransomware group (unknown)
• Ministry of Foreign Affairs of Guatemala victim of cyber attack (unknown)
• Chilean Judiciary hit in massive ransomware campaign (unknown)
• Electricity Company of Ghana systems hacked with ransomware (unknown)
• Thailand’s THE ICON GROUP hacked by ransomware group (264,128)

---

Data breaches

• IRS mistakenly posts taxpayers’ data online thanks to human coding error (120,000)
• NHS Orkney apologises after data breach (69)
• Ringgold School District student data was leaked via email (unknown)
• Morgan Stanley to pay $35 million fee for ‘astonishing’ customer data disposal practices (15 million)
• Yukon education department accidentally leaks student data (unknown)
• Email blunder sees Norfolk school send details of vulnerable children to all pupils (unknown)
• Data breach at Canadian Border Agency contractor (1.38 million)

Reference: https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-attacks-in-september-2022-35-6-million-records-breached