1 | Hacking Chart | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|
2 | Publicized | Target | Alleged Source/Motive | Method | Harm | Notes | Link | Link | Link | Link |
3 | 2/10/2012 | CIA | Anonymous | DDoS | Site was inaccessible | Hackers hit CIA, UN Web sites | ||||
4 | 2/10/2012 | Mexican Mining Chamber, also known as "Camimex" | Anonymous, citing alleged exploitative labor conditions and business practices. | unknown | hackers claim to have stolen e-mails | Hackers hit CIA, UN Web sites | ||||
5 | 2/10/2012 | UN | Casi | unknown | hackers posted purported vulnerabilities to Pastebin | Hackers hit CIA, UN Web sites | ||||
6 | 2/9/2012 | Foxconn, equipment maker for Apple | Swagg Security to protest alleged poor treatment of workers that have led to suicides and deaths | unknown | Usernames and passwords of employees released on the Web. | Apple supplier Foxconn hit by hackers | ||||
7 | 2/8/2012 | Syrian President Bashar al Assad | Anonymous, amid Syria's increasingly harsh crackdown against civilian protesters. | unknown | Hackers broke into the Syrian Ministry of Presidential Affairs and leaked e-mails, including one revealing Assad's prep for Barbara Walters interview in which he denied reports of civilian massacres. | Taking on Syria, Anonymous breaks into Assad's server | ||||
8 | 2/8/2012 | Symantec | Hackers believed affiliated with Anonymous | unknown | Hackers stole source code from Symantec in 2006 and released it this week on the Web after allegedly trying to extort $50,000 from Symantec. | Hackers release source code for Symantec's PCAnywhere | Hackers wanted $50,000 to keep Symantec source code private | |||
9 | 2/8/2012 | West Virginia Chiefs of Police Association | CabinCr3W, citing alleged police brutality | unknown | Hackers posted home addresses, home phone numbers and cellphone numbers of current and retired police chiefs from an old Web site | CBSNews: Hackers post W.Va. police officers' personal info | CharlestonGazette: Hackers group posts police chiefs' information online | |||
10 | 2/7/2012 | Oakland police and other city officials | Anonymous for protest crackdowns and arrests, budget cutting and school, park, and library closings | unknown | Personal information of city officials posted publicly. | Anonymous targets Oakland city officials | SFChronicle: Anonymous posts Oakland officials’ information | |||
11 | 2/3/2012 | Puckett & Faraj law firm | Anonymous to protest alleged court corruption and in support of Bradley Manning. | unknown | Anonymous hacked into the Web site of defense lawyers for a U.S. Marine accused of leading a civilian massacre in Iraq. | RT.com: Anonymous reveals Haditha massacre emails | Anonymous hacks lawyers for Marine accused of Iraq massacre | |||
12 | 2/3/2012 | FBI, Scotland Yard | Anonymous | unknown | Hackers eavesdropped on conference call officials held to discuss the hackers and then released recording of the call on the Web. | Anonymous: We snooped an FBI cybercrime call | ||||
13 | 2/3/2012 | Texas police | Anonymous, allegedly over a cop being investigated for child porn. | unknown | Hackers published the names, addresses and other information of more than 700 officers in Texas after compromising the Texas Police Association's Web site. allegedly over a cop being investigated for child porn | WFAA.com: Hackers publish names, addresses of hundreds of Texas police officers | ||||
14 | 2/3/2012 | Salt Lake City police | Anonymous attacked a Salt Lake City police Web site to protest an anti-graffiti bill. | unknown | Hackers gained access this week to sensitive data, including citizen complaints about drug crimes, including phone numbers, addresses and other personal information. | HuffPo: Law enforcement websites under attack by hackers | ||||
15 | 2/3/2012 | Boston police | Anonymous, in response to Occupy Boston police brutality | unknown | Defaced the Web site. | Anonymous Smashes Boston Police Department’s Website | ||||
16 | 2/3/2012 | Greece's Justice Ministry | Anonymous protesting against Greece's bailout by the EU and the IMF, which led to austerity measures. | unknown | unclear | Reuters: Anonymous Attacks Greece's Justice Ministry To Protest EU, IMF Bailout | ||||
17 | 2/2/2012 | VeriSign | unknown | unknown | Hackers broke into corporate servers and stole information in several attacks in 2010, the company revealed in an SEC filing in October 2011. The company did not say what data was stolen. | Key Internet operator VeriSign hit by hackers | Hackers stole data from VeriSign in 2010 | |||
18 | 1/27/2012 | Copyrightalliance.org | Anonymous targeted sites supportive of ACTA. | unknown | Site was inaccessible | |||||
19 | 1/21/2012 | Web hoster DreamHost | unknown | unknown | DreamHost warns customers that hackers may have stolen FTP passwords. | Web-hosting service DreamHost warns users of password hack | ||||
20 | 1/19/2012 | DOJ, FBI, MPAA, Universal Music, others | Anonymous hit sites supporting SOPA/PIPA and the arrest of MegaUpload founder Kim Dotcom. | DDOS | Sites were temporarily inaccessible. | DOJ, FBI, entertainment industry sites attacked after piracy arrests | What hath #OpMegaUpload wrought? | |||
21 | 1/17/2012 | Tel Aviv bourse, Israeli banks, El Al Airlines | unknown, but | likely DDoS | Sites were temporarily offline | The move followed OxOmar, a member of Group-XP,reportedly breaking into Israeli sports Web site ONE, and releasing the credit card and personal data of cardholders. | Israel rattled as hackers hit bourse, banks, El Al | Middle East cyberwar hits Israeli banks, stock exchange, airline | ||
22 | 1/15/2012 | Zappos | unknown | unknown | Zappos warned customers that someone gained access to a server and may have stolen e-mail addresses, billing and shipping addresses, phone numbers, the last four digits of their credit card numbers, and scrambled passwords. | Zappos customer data accessed in security breach | ||||
23 | 12/25/2011 | Stratfor | LulzSec, AntiSec | unknown | 860,000 e-mail addresses, 75,000 unencrypted credit card numbers stolen and later released publicly | Anonymous claims hack on security think tank | Hackers release credit card, other data from Stratfor breach | |||
24 | 8/24/2011 | AllianceForBiz.com | unknown | unknown | Names, e-mail addresses, and passwords for 20,000, including U.S. government employees, posted publicly. | EWeek:Hacker Exposes US Government Staff Log-ins | ||||
25 | 8/22/2011 | Danish government | Unidentified hacker says move is protest against government using public funds to process records and then charging public to access them. | unknown | Hacker posts online 1 million records from a government-maintained database of businesses. | PCWorld: Hackers Post 1M Danish Government Business Records to Net | ||||
26 | 8/22/2011 | Libyan domain name registry | unknown | unknown | Hackers deface home page for nic.ly registry to display a rebel flag and the message "bye bye Gaddafi" as well as February 17, which was the start of recent protests | Action comes as rebels seize large parts of Tripoli | The Register:Rebel hackers seize Libyan domain name registry | |||
27 | 8/22/2011 | Nokia | pr0tect0r AKA mrNRG | unknown | Nokia developer Web site hacked, user data exposed including e-mail addresses. | WSJ:Nokia Suspends Forum After Data Breach | ZDNetUK: Nokia hack reveals developer details | |||
28 | 8/19/2011 | Vanguard Defense Industries | AntiSec | unknown | Hackers release a gigabyte of private information from government contractor | AntiSec hackers target Vanguard Defense | ||||
29 | 8/17/2011 | BART police | unknown, probably in retaliation for BART shutting of cell service before a planned protest | unknown | A database belonging to the BART Police Officers Association was posted online today, complete with full names, e-mail addresses, home addresses, and passwords. | Second BART-related data breach since BART turned off cell service before a planned protest August 11. | Hackers break into BART police union Web site | |||
30 | 8/14/2011 | BART | Anonymous, DJ Mash. BART attacked after SF subway system cuts cell service ahead of planned protest of police violence. | SQL injection | Information of 2,400, possibly more, myBART.org users released, including name, e-mail address, password, as well as the address and phone number of some. Web site of CaliforniaAvoid.org defaced too. | Anonymous defaces BART site, leaks user data | S.F. subway muzzles cell service during protest | |||
31 | 8/10/2011 | Hong Kong stock exchange | unknown | unknown | Hackers broke into news site of Hong Kong stock exchange, where corporate filings are published, forcing the suspension of trading for seven companies. | WSJ: Hong Kong Exchanges Suspect Malicious Hacking Caused Website Problems | Hong Kong stock exchange halts trading after hack attack | |||
32 | 8/9/2011 | BlackBerry maker Research In Motion (RIM) | Team Poison | unknown | RIM's BlackBerry blog was hacked in retaliation for RIM offering to assist London police in combating rioters, many of whom are using BlackBerrys to organize | RIM blog hacked in warning over London unrest | ||||
33 | 8/8/2011 | government of Syria | Anonymous | unknown | Home page of the Syrian Ministry of Defense site defaced with Anonymous logo and a call for the downfall of President Bashar al-Assad. | Anonymous takes over Syrian government site | ||||
34 | 8/6/2011 | more than 70 U.S. law enforcement agencies and police association in Italy | AntiSec | unknown | 10GB of personal information, private e-mails, passwords, training files, data from informants, Social Security numbers and stolen credit card information | AntiSec hackers post stolen police data as revenge for arrests | ||||
35 | 8/5/2011 | Citigroup Japan | unknown | A source said the scheme was perpetrated by a third-party vendor that had been given access to Citi's internal systems. | Personal information of 92,408 Citigroup credit card customers in Japan was stolen and sold to third parties, the bank said. | It's the second data breach for Citi in three months. | WSJ: Citigroup Hit by Data Theft in Japan | |||
36 | 8/2/2011 | 72 public and private organizations in 14 countries | McAfee report does not speculate, but there's a pattern in the targets -- which do not include China but do include political non-profits, a pro-democracy organization, the World Anti-doping Agency, and the International Olympic Committee and Olympic committees in three countries, which were targeted right before and after the 2008 Olympic Games in Beijing. | targeted phishing attacks with e-mail exploit that installed a back door | National secrets, classified government data, source code, bug databases, email archives, details for new oil and gas field auctions, legal contracts, SCADA configurations and more. | Vanity Fair Exclusive: Operation Shady rat—Unprecedented Cyber-espionage Campaign | Global cyber-espionage operation uncovered | |||
37 | 7/26/2011 | South Korea's Cyworld social network site and Nate portal and search engine | unknown | unknown | SK Communications, which runs Cyworld and Nate, says names, phone numbers, e-mail addresses, resident registration numbers and passwords of 35 million people were exposed after hacking attack. | SK Communications says malicious code used in attack appeared to have originated in China. | KoreaHerald: 35m Cyworld, Nate users’ information hacked | Breach reportedly exposes data of 35 million South Koreans | ||
38 | 7/22/2011 | Italian Police's National Center for Computer Crime and the Protection of Critical Infrastructure | AntiSec | unknown | Hackers claim to have stolen more than 8 GB of internal data that was allegedly seized during police investigations, including information on the Ministry of Transport in Egypt, Ministry of Defense in Australia, Russian companies and U.S. Justice Department. They threatened to publish it online. | Computerworld: Anonymous hacks Italy's cybercrime police | ||||
39 | 7/21/2011 | NATO | Anonymous | unknown | Hackers claim to have 1 GB of data and released several files as proof. they threatened to release more. | Anonymous claims to have breached NATO security | Anonymous still accessing, downloading NATO data | |||
40 | 7/18/2011 | Lada Gaga's Web site | SwagSec | unknown | Server breached June 27 and names and e-mail addresses of thousands of Gaga fans were stolen. | The hackers claimed to have stolen information on fans from Web sites of Amy Winehouse and Justin Bieber earlier. | The Guardian: Lady Gaga's website hacked by SwagSec cyber attackers | TNW: SwagSec releases personal information from 51,000 Justin | ||
41 | 7/18/2011 | News Corp. sites, The Sun and News International | LulzSec | unknown | Hackers redirected The Sun home page to fake story about death of News Corp. owner Rupert Murdoch, and then later to LulzSec's Twitter feed, as well as redirected a News International's page with a statement on the hack to the LulzSec Twitter feed. They also released phone numbers of News Corp. employees and an e-mail address and password for former Sun editor Rebekah Brooks, who is embroiled in the mobile phone voice mail hacking scandal at News of the World. | Earlier in the day, a former News of the World journalist-turned whistleblower was found dead. | Hackers target Murdoch newspaper Web site | Guardian: News of the World phone-hacking whistleblower found dead | ||
42 | 7/12/2011 | Monsanto | Anonymous | unknown | hackers claim to have crippled Web servers and sites, and released names, e-mail and regular addresses of 2,500 employees | A day later, Monsanto says its servers were attacked a month earlier and that only 10 percent of the people in the data dump work for the company. | Anonymous targets Monsanto, oil firms | Monsanto confirms Anonymous hacking attack | ||
43 | 7/12/2011 | Toshiba | V0iD | unknown | Toshiba America confirmed to CNET that a product registration server was hacked and data (name, phone number, data of birth, address, e-mail address and password) for 681 customers was released. | The Hacker News: Toshiba Database hacked and User accounts leaked | ||||
44 | 7/11/2011 | Booz Allen Hamilton | AntiSec | unknown | Hackers claimed to have compromised a server and released internal data, including about 90,000 military e-mail addresses. | A day later Booz Allen Hamilton confirmed that an "illegal attack" had taken place | Hackers claim they exposed Booz Allen Hamilton data | Anonymous targets Monsanto, oil firms | ||
45 | 7/8/2011 | Turkey | Anonymous | unknown | hackers claim to have taken 74 government sites offline and released data from 100 Turkish government domains | Anonymous boasts takedown of 74 Turkish government sites | ||||
46 | 7/8/2011 | Moody's | Portuguese hackers | unknown | hackers deface credit rating agency's site a day after Moody's downgraded Portugal's sovereign-debt rating to junk status | The Register: Portuguese hackers strike back at Moody's downgrade | ||||
47 | 7/8/2011 | U.S. government contractor IRC Federal | AntiSec | unknown | corporate e-mails, passwords and other information released | The Hacker News: Anonymous Hacks FBI Contractors IRC Federal | ||||
48 | 7/8/2011 | German Federal Police | n0-N4m3 Cr3w | unknown | The hackers compromised a server used by the country's customs service and posted location coordinates, license plate and telephone numbers, police usernames and passwords, and a GPS application in response to government communications interception. | SCMagazine: German police hacked, suspect tracking data stolen | ||||
49 | 7/8/2011 | Chile's Ministry of Education | AntiSec | DDoS | site offline | Invisible Nandu: Chile Ministry of Education - MINEDUC is Attacked | ||||
50 | 7/8/2011 | finance site Kiplinger | unknown | unknown | customer contact information, e-mail addresses, passwords and some encrypted credit card numbers were accessed by an unauthorized third party in attack discovered June 25 | Kiplinger FAQ | ||||
51 | 7/7/2011 | Florida election department | Abhaxas | unknown | hacker exposes more data after Florida officials downplay data dump from early July | ZeroPaid:Abhaxas Hacks Florida’s Voting System Again | ||||
52 | 7/6/2011 | Energy Department's Pacific Northwest and Jefferson National Labs | unknown | unknown | PNNL says no data was compromised, JNL says it stopped attack quickly and that it does not handle classified data | 'Sophisticated' attack targets two Energy Dept. labs | ||||
53 | 7/5/2011 | Sony Music Ireland | unknown | unknown | fake stories posted on sonymusic.ie | Sophos: Hackers plant bogus celebrity stories on Sony Music Ireland website | ||||
54 | 7/4/2011 | Apple | AntiSec | exploited security flaw in the software Apple used | 26 admin usernames and passwords for an Apple server exposed | Hackers target Apple server | WSJ:Computer-Hacking Group Targets Apple In Latest Attack | |||
55 | 7/4/2011 | Fox News Twitter account | unknown | unknown | The Fox News Twitter feed was used to publish false reports that President Obama had been killed. | Twitter says Fox News had identified the "offsite vector that led to the compromise." | Fox News reports Twitter hack to Secret Service | |||
56 | 7/2/2011 | Florida election department | Abhaxas | unknown | poll worker data exposed | Florida Department of State spokesperson Chris Cate says "Florida’s Division of Elections was not hacked, nor was the Florida Voter Registration System. The info obtained and released was taken from a county that had put together the data for the purpose of training their poll workers. No sensitive information was stolen." | MiamiHerald: Did hacker get 'inside details' of Florida voting systems? | |||
57 | 6/30/2011 | Arizona Fraternal Order of Police, Fraternal Order of Police in Mesa, Tucson | AntiSec | unknown | 8 Web sites defaced, documents released including passwords and e-mail addresses of 1,200 officers, some financial data of specific officers and personal e-mails | third installment of Arizona police data | Arizona lawmen hit a third time by hackers | |||
58 | 6/29/2011 | Arizona Department of Public Safety | AntiSec | unknown | hackers release second dump of data, including more personal data on specific officers | data dump follows original release on June 23 | NYTimes: Hackers Release More Data From Arizona Police | |||
59 | 6/29/2011 | Al-Qaeda | unknown | unknown | hackers shut down al-Qaeda's Internet communications, halting the flow of videos and statements online | NBC News: Hacker attack cripples al-Qaida web communications | ||||
60 | 6/28/2011 | Orlando, Florida | Anonymous, to protest of arrest of Food not Bombs volunteers for giving out food in public without a permit | DDoS, e-mail "bombs" and black fax | Orlandofloridaguide.com was down temporarily | BBC: Hacker group Anonymous declares war on Orlando, Florida | ||||
61 | 6/28/2011 | Zimbabwe, Brazil, Universal Music Group, Viacom, Mosman Municipal Council in Australia | AntiSec (Anonymous/LulzSec) | SQL injection in at least Mosman case | 380 megabytes of data released | Hackers: Here's Zimbabwe, Brazil, UMG, Viacom data | ||||
62 | 6/28/2011 | Gannett Government Media, publisher of Army Times, Defense News, etc. | unknown | unknown | subscriber names, user IDs, passwords, e-mail addresses, and if provided ZIP code, duty status, paygrade, and branch of service exposed | breach first announced June 7 in online notice, but e-mails to readers sent June 28 | LATimes: Army Times, Defense News, other Gannett government sites hacked; reader data accessed | |||
63 | 6/27/2011 | Tunisia | Anonymous, part of anti-government/corporate AntiSec campaign launched with LulzSec | unknown | Web site defaced | The Hacker News: Anonymous Takes Down Tunisian Government Site | ||||
64 | 6/24/2011 | PBS.org | Warv0x (AKA Kaihoe) | SQL injection | One area of a website was defaced and some PBS administrator user names and encrypted passwords were exposed, PBS.org confirms. | TheHackerNews:PBS & Writerspace Hacked Again | ||||
65 | 6/24/2011 | Former British Prime Minister Tony Blair | TeaMp0isoN says it targeted Blair over his support for the Iraq War | unknown | contents of his electronic address book, including contact data for members of Parliament | Hackers leak Former British PM Tony Blair data | ||||
66 | 6/24/2011 | Canadian supermarket chain T&T | unknown | unknown | Names, passwords and contact data of 58,000 people may have been exposed and Web site visitors may have been tricked into downloading malware earlier in the month. | CBCNews: Cyberattack hits T&T Supermarket | ||||
67 | 6/24/2011 | Brazil's Institute of Geography and Statistics | self-described Brazilian nationalist hacker FIREH4CK3R | unknown | Web site defaced | Message said: "There is no space for groups or ideology as LulzSec Anonymous in Brazil" | The Hacker News:IBGE hacked | |||
68 | 6/23/2011 | News International | unknown | DDoS | digital content publishing servers affected by attack for a couple of hours | The attack follows criticism by LulzSec over coverage of the arrest of hacker Ryan Cleary by Sun, which is published by News International. LulzSec denied responsibility for the attack. | The Guardian: Hackers attack News International servers | |||
69 | 6/23/2011 | NATO | unknown | unknown | subscribers to NATO's e-Bookshop service were urged to change their passwords after a possible compromise of usernames, passwords, addresses and e-mail addresses. | After NATO released a report singling out Anonymous' hacktivism as a cyber threat, the group warned NATO not to challenge it. | NATO investigating possible data breach | Anonymous warns NATO not to challenge it | ||
70 | 6/23/2011 | Arizona Department of Public Safety | LulzSec said it is leaking the data to protest "racial profiling anti-immigrant" policies of Arizona law enforcement, specifically SB1070, which makes it a crime to be in Arizona without documentation proving United States residency. Releases another batch of data on June 29. | unknown | publicly released hundreds of private intelligence bulletins, training manuals, personal e-mail correspondence, names, phone numbers, addresses and passwords belonging to Arizona law enforcement. | LulzSec releases Arizona law enforcement data | ||||
71 | 6/22/2011 | two Brazilian government sites | LulzSec | probably DDoS | Brasil.gov.br and Presidencia.gov.br offline temporarily | LulzSec takes down Brazil government sites | ||||
72 | 6/20/2011 | U.K.'s Serious Organized Crime Agency | LulzSec/Anonymous, in attempt to discredit and embarrass government agencies | distributed denial-of-service attack | site down | LulzSec, Anonymous announce hacking campaign | ||||
73 | 6/19/2011 | Infragard Connecticut | LulzSec | SQL injection | unconfirmed, but site was down | LulzSec takes credit on Twitter | ||||
74 | 6/19/2011 | Sony Pictures France | Idahc of Lebanon and Auth3ntiq of France | SQL injection | publicly leaked 70 out of 177,000 e-mails | Hackers claim 177K e-mails from Sony Pictures France | ||||
75 | 6/18/2011 | Sega | unknown | unknown | some Sega Pass member e-mail addresses, dates of birth, and encrypted passwords compromised. | LulzSec offered to help Sega "destroy" the culprits because they love Dreamcast | After Sega gets hacked, LulzSec offers to seek revenge | PSLS » News » PSN / PlayStation NetworkSega Pass Database Hacked, Account Information Compromised | ||
76 | 6/16/2011 | Germany's neo-Nazi National Democratic Party | n0-N4m3 Cr3w. Politically motivated to try to prevent NDP from gaining influence. | unknown | Hackers stole up to 400 names and home addresses of supporters of Germany’s neo-Nazi National Democratic Party (NDP) and published them on Google Maps. | SCMagazine: Hackers map locations of neo-Nazi party supporters | ||||
77 | 6/16/2011 | individuals | LulzSec | unknown | Released 62,000 e-mail addresses and passwords from unknown source. Accounts on Gmail, Yahoo, Facebook, Amazon and World of Warcraft appear to have been hacked. | This site, http://dazzlepod.com/lulzsec/, offers a search tool to see if an e-mail address is among those exposed. | LATimes:LulzSec discloses 62,000 email and password combinations that it may have hacked | http://dazzlepod.com/lulzsec/ | ||
78 | 6/16/2011 | U.S. Senate | unknown | unknown | Senate spokesperson says no sensitive data leaked. | Report: U.S. Senate site hacked again | Reuters: Hackers again break into Senate website | |||
79 | 6/16/2011 | Electronic Arts | unknown | unknown | System hosting BioWare Neverwinter Nights forum is breached and user names, encrypted passwords, e-mail addresses, mailing addresses, names, phone numbers, CD keys and birth dates may have been compromised. Some unencrypted passwords believed stolen. | Ars Technica: Bioware hacked | EA confirms customer data stolen | |||
80 | 6/15/2011 | CIA | LulzSec | unknown | site temporarily down | CIA Web site down; LulzSec claims responsibility | ||||
81 | 6/15/2011 | Payroll firm ADP | unknown | unknown | affects one of ADP's clients | Reuters: ADP says investigating data breach | ||||
82 | 6/13/2011 | Bethesda Softworks, a subsidiary of gaming company ZeniMax Media | LulzSec | unknown | source code and database passwords leaked | LulzSec targets video game maker ZeniMax Media | ||||
83 | 6/13/2011 | U.S. Senate | LulzSec, saying it doesn't like the U.S. government | unknown | published on the Web server's directory and file structure of the Senate site | Lulz hackers attack Senate site | ||||
84 | 6/13/2011 | Spanish National Police | Anonymous, in retaliation for the arrest of three people in Spain | unknown | site was inaccessible temporarily | Anonymous takes down Spanish police site | Spain says it has arrested Anonymous hackers | |||
85 | 6/11/2011 | International Monetary Fund | possibly a foreign entity | unknown | unclear | breach took place "over the last several months" | Reports: International Monetary Fund suffers network break-in | New York Times: I.M.F. Reports Cyberattack Led to ‘Very Major Breach’ | ||
86 | 6/9/2011 | Turkish government | Anonymous, in opposition to Internet filtering plan | unknown | site inaccessible temporarily | the move prompts the government to arrest 32 people | Turkey arrests 32 after Anonymous' Web attacks | |||
87 | 6/9/2011 | U.K.'s National Health Services | LulzSec | unknown | group warns NHS about hole in their Web site that exposed admin passwords. Lulzsec released redacted e-mail publicly but did not release the data. | LulzSec hackers--just having a laugh? | ||||
88 | 6/8/2011 | Sony Portugal | Idahc | Hacker claims to have found flaws including SQL injection, XSS (cross-site scripting) and iFrame injection. | customer e-mail addresses leaked | Sophos: Sony Portugal latest to fall to hackers | ||||
89 | 6/8/2011 | Sonisutoa/My Sony Club | unknown | Someone used spoofing to defraud Sony of shopping coupons worth points. | unclear | Attrition.org Timeline | ||||
90 | 6/8/2011 | Citigroup | unknown | unknown | Names, account numbers, and contact information, including e-mail addresses, were accessed during the breach, which affected about 360,000 customers. | Breach was discovered in May during routine monitoring May 10. | Report: Hackers accessed Citigroup customer data | Citigroup ups number of accounts breached in attack | ||
91 | 6/6/2011 | Sony Computer Entertainment Developer Network | LulzSec | unknown | Group says it stole 54MB of source code. | Hackers taunt Sony with more data leaks, hacks | ||||
92 | 6/6/2011 | Sony BMG | LulzSec | unknown | Group says it leaked internal network maps of Sony BMG. | Hackers taunt Sony with more data leaks, hacks | ||||
93 | 6/6/2011 | Sony Pictures Russia | unknown | SQL Injection | offline | Hackers taunt Sony with more data leaks, hacks | ||||
94 | 6/3/2011 | Sony Europe | Idahc | SQL Injection | User names, passwords, phone numbers and e-mails are leaked. | Hackers target Sony, Nintendo and FBI partner Web site | The Hacker News: Database at Application Store at Sony Europe Leaked! | |||
95 | 6/3/2011 | Acer Europe | Pakistan Cyber Army | unknown | Source code and user data of 40,000 people reportedly compromised. | The Hacker News: Acer Hacked | ||||
96 | 6/3/2011 | FBI partner Infragard Atlanta | LulzSec, in an attempt to embarrass the FBI and security firm government contractors | unknown | Site was hacked, defaced and 180 Infragard usernames and passwords were leaked. | Infragard member and Unveillance CEO claims LulzSec members tried to extort money and data from him after snooping on his e-mail and phone calls. | Hackers target Sony, Nintendo and FBI partner Web site | Exclusive: CEO says hackers tried to extort data, money | ||
97 | 6/3/2011 | Nintendo | LulzSec | unknown | benign server file leaked, no customer data | Hackers target Sony, Nintendo and FBI partner Web site | ||||
98 | 6/2/2011 | Sony Pictures | LulzSec | SQL Injection | Personally identifying information of 37,500 customers was exposed, including address, e-mail address, phone number, date of birth, password and user name. | Sony Pictures says 37,500 customer records exposed | Hackers steal more customer info from Sony servers | |||
99 | 6/2/2011 | Sony BMG Belgium | LulzSec | unknown | E-mail addresses, usernames, unencrypted passwords, internal release dates of records and sales reports breached. | Attrition.org Timeline | ||||
100 | 6/2/2011 | Sony BMG Netherlands | LulzSec | unknown | usernames and passwords leaked | Attrition.org Timeline | ||||
101 | 6/1/2011 | Northrop Grumman | Northrop Grumman shut down remote access to its network on May 26, but has not confirmed a security incident or connection to SecurID. | FOX EXCLUSIVE: Northrop Grumman May Have Been Hit by Cyberattack, Source Say | ||||||
102 | 6/1/2011 | hundreds of Gmail users | Google says attack originated in China and appeared designed to monitor communications of journalists, political activists and military personnel. | After stealing passwords with a phishing attack, perpetrators apparently used the passwords to change Gmail users' forwarding and delegation settings. | Attack was "disrupted" but it's unknown if any snooping was accomplished. | Yahoo and Hotmail accounts were targeted in similar attacks, according to Trend Micro. (Google had reported in early 2010 that Gmail accounts of human rights activists were spied on and that someone stole intellectual property in an APT attack on its network. More than 30 other companies were also targeted in such attacks. ) | Google 'disrupts' Gmail phishing scheme in China | Report: Targeted attacks aimed at Hotmail, Yahoo, Gmail | ||
103 | 5/31/2011 | L-3 Communications | unknown, espionage | Company said it had been actively targeted with penetration attacks leveraging information stolen from RSA. | Data could be valuable to foreign governments. | Report: Data stolen in RSA breach used to target defense contractor | Wired:Second Defense Contractor L-3 ‘Actively Targeted’ With RSA SecurID Hacks | |||
104 | 5/30/2011 | PBS.org | LulzSec in retaliation over Frontline Wikileaks program they considered biased | zero-day exploit in Movable Type 4 | Passwords were leaked and a fake news article was published on the page. | PBS, hacked, says Tupac is still alive | Sophos: PBS.org hacked | |||
105 | 5/28/2011 | Lockheed Martin | espionage | Source said attackers created duplicates of SecurID electronic keys. | Lockheed blocked the attack before any sensitive data could be exposed | Lockheed said it was replacing 45,000 SecurID tokens. | Lockheed Martin confirms it came under attack | China linked to new breaches tied to RSA | The New York Times: Stolen Data Is Tracked to Hacking at Lockheed | |
106 | 5/24/2011 | Sony Ericsson in Canada | Lebanese hacker Idahc | SQL injection | E-mails, passwords and names of thousands of users leaked. | Report: Sony Music Japan, Sony Ericsson hacked | The Hacker News: Sony Ericsson Got Hacked by Idahc | |||
107 | 5/23/2011 | Sony Music Japan | LulzSec | SQL injection | data leaked, but no sensitive customer data | Report: Sony Music Japan, Sony Ericsson hacked | The Hacker News: LulzSec leakSony's Japanese Websites Database | |||
108 | 5/22/2011 | Sony Music Greece | b4d_vipera | SQL injection | customer data leaked | Hack reportedly occurred May 5. | Report: Sony Music Greece, Indonesia hacked | The Hacker News:Sony BMG Greece Hack | ||
109 | 5/21/2011 | Sony Music Indonesia | k4L0ng666 | unknown | The Hacker News: Sony Music Indonesia Defaced by K4L0ng666 | |||||
110 | 5/20/2011 | Sony Thailand | unknown | fake page is designed to steal user data | log in data could be stolen | Sony Thailand site used for phishing | F-Secure: Phishing Site Found on a Sony Server | |||
111 | 5/20/2011 | Sony Japanese ISP subsidiary So-net | Someone broke into the network earlier in the week. | E-mail accounts were compromised and customer rewards points were stolen. | Sony subsidiary So-net reports data breach | |||||
112 | 5/17/2011 | PlayStation Network site | unknown | Sony takes site offline after a new exploit is discovered that allows hackers to change users' passwords with the data stolen during the PSN break-in. | It's unclear if anyone was able to use the exploit before the site was taken down. | Sony takes sites down after log-in exploit found | Nylevia: Warning All PSN Users: Accounts are still not safe | |||
113 | 5/15/2011 | UK ATM | LulzSec | unknown | "pointless" information on various ATMs | |||||
114 | 5/10/2011 | Fox Network's X Factor | LulzSec | unknown | internal Fox data exposed | |||||
115 | 5/7/2011 | Sony | unknown | unknown | Sony says it removed from a Web site names and partial addresses of 2,500 contestants from a 2001 sweepstakes that had been stolen by hackers and posted on a site. | Reuters: Sony removes data posted by hackers, delays PlayStation restart | ||||
116 | 5/7/2011 | Fox Network's X Factor | LulzSec | unknown | contestants' personal information exposed | |||||
117 | 5/2/2011 | Sony Online Entertainment | unknown | Unknown | Information for about 24.6 million customers, including names, addresses, e-mail addresses, gender, birth dates, phone numbers, log-in names, and hashed passwords may have been stolen. Also, credit and debit card numbers and expiration dates for about 12,700 non-U.S. customers from an "outdated" database and about 10,700 direct debit records listing bank account numbers of customers in Germany, Austria, the Netherlands, and Spain may have been stolen. | Sony Online Entertainment data may have been stolen | ||||
118 | 4/26/2011 | Sony PlayStation Network | Sony has hinted that Anonymous is behind the attack, but Anonymous denies that. | Sony has only said it was an "external intrusion" that took place between April 17 and 19. | Personal information of 77 million people, including customer names, addresses, e-mail addresses, birthdays, PlayStation Network and Qriocity passwords, user names, online handles and possibly credit cards were exposed. | Sony sites offline after Anonymous attack threats | Sony sued for PlayStation Network data breach | N.Y. attorney general subpoenas Sony | ||
119 | 4/6/2011 | Sony | Anonymous organized the attack in retaliation for Sony attempting to identify visitors to PlayStation 3 hacker George Hotz' blog site, as well as seeking data from his Twitter and YouTube accounts as part of a lawsuit. The case was later settled out of court. | Distributed Denial-of-Service (DDoS) | Sony, Sony Style and PlayStation sites inaccessible temporarily | Sony sites offline after Anonymous attack threats | ||||
120 | 4/1/2011 | e-mail marketing outsourcer Epsilon | unknown attacker. possible financial motive | unauthorized entry into Epsilon's e-mail system | More than 110 companies, including Citibank, Chase, Capital One, Walgreens, Target, Best Buy and Verizon, sent e-mails to millions of customers warning them that their e-mail addresses were exposed. Concern was that e-mails could be used for phishing of credit card and other data. | Who is Epsilon and why does it have my data? | Were you affected by Epsilon data breach? | Epsilon partner warned of phishing attacks months ago | ||
121 | 3/23/2011 | Comodo and several of its digital certificate resellers, including GlobalTrust in Italy | Anonymous, over alleged | Compromise of digital certificate registry authorities led to the theft of digital certificates that are used by sites to prove they are who they are legitimate. | If they had not been revoked the faked certificates could have been used to spoof sites like Google, Yahoo,Microsoft and Skype. | The attack highlights problem with Internet authentication infrastructure. | Google, Yahoo, Skype targeted in attack linked to Iran | Comodo hacker says he's protesting U.S. policy | Hackers exploit chink in Web's armor | |
122 | 3/17/2011 | RSA | unknown attacker, although China believed to be suspect. Motive is probably espionage | Advanced Persistent Threat (APT) targeted at individuals within an organization using social engineering. Malware hidden in an Excel spreadsheet exploited a zero-day (unpatched) Flash hole. | SecurID token deployments at financial, government and other sites were at risk. | Is related to at least two of three incidents at U.S. defense contractors (see below). | RSA: Cyberattack could put customers at risk | Attack on RSA used zero-day Flash exploit in Excel | What the RSA breach means for you (FAQ) | RSA to replace SecurID tokens following breaches |
123 | 2/11/2011 | HBGary Federal | Anonymous hacks Web site, Twitter and LinkedIn accounts of firm that was investigating its members | unknown | e-mails and other sensitive data leaked online | Anonymous hacks firm trying to investigate it |